Synced with the main template
This commit is contained in:
parent
730794eaa6
commit
08f07cae9c
|
@ -21,10 +21,12 @@
|
||||||
## Servers from the "public-resolvers" source (see down below) can
|
## Servers from the "public-resolvers" source (see down below) can
|
||||||
## be viewed here: https://dnscrypt.info/public-servers
|
## be viewed here: https://dnscrypt.info/public-servers
|
||||||
##
|
##
|
||||||
## If this line is commented, all registered servers matching the require_* filters
|
## The proxy will automatically pick working servers from this list.
|
||||||
## will be used.
|
## Note that the require_* filters do NOT apply when using this setting.
|
||||||
|
##
|
||||||
|
## By default, this list is empty and all registered servers matching the
|
||||||
|
## require_* filters will be used instead.
|
||||||
##
|
##
|
||||||
## The proxy will automatically pick the fastest, working servers from the list.
|
|
||||||
## Remove the leading # first to enable this; lines starting with # are ignored.
|
## Remove the leading # first to enable this; lines starting with # are ignored.
|
||||||
|
|
||||||
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
|
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
|
||||||
|
@ -183,21 +185,23 @@ cert_refresh_delay = 240
|
||||||
# tls_cipher_suite = [52392, 49199]
|
# tls_cipher_suite = [52392, 49199]
|
||||||
|
|
||||||
|
|
||||||
## Fallback resolver
|
## Fallback resolvers
|
||||||
## This is a normal, non-encrypted DNS resolver, that will be only used
|
## These are normal, non-encrypted DNS resolvers, that will be only used
|
||||||
## for one-shot queries when retrieving the initial resolvers list, and
|
## for one-shot queries when retrieving the initial resolvers list, and
|
||||||
## only if the system DNS configuration doesn't work.
|
## only if the system DNS configuration doesn't work.
|
||||||
## No user application queries will ever be leaked through this resolver,
|
## No user application queries will ever be leaked through these resolvers,
|
||||||
## and it will not be used after IP addresses of resolvers URLs have been found.
|
## and they will not be used after IP addresses of resolvers URLs have been found.
|
||||||
## It will never be used if lists have already been cached, and if stamps
|
## They will never be used if lists have already been cached, and if stamps
|
||||||
## don't include host names without IP addresses.
|
## don't include host names without IP addresses.
|
||||||
## It will not be used if the configured system DNS works.
|
## They will not be used if the configured system DNS works.
|
||||||
## A resolver supporting DNSSEC is recommended.
|
## Resolvers supporting DNSSEC are recommended.
|
||||||
##
|
##
|
||||||
## People in China may need to use 114.114.114.114:53 here.
|
## People in China may need to use 114.114.114.114:53 here.
|
||||||
## Other popular options include 8.8.8.8 and 1.1.1.1.
|
## Other popular options include 8.8.8.8 and 1.1.1.1.
|
||||||
|
##
|
||||||
|
## If more than one resolver is specified, they will be tried in sequence.
|
||||||
|
|
||||||
fallback_resolver = '9.9.9.9:53'
|
fallback_resolvers = ['9.9.9.9:53', '8.8.8.8:53']
|
||||||
|
|
||||||
|
|
||||||
## Always use the fallback resolver before the system DNS settings.
|
## Always use the fallback resolver before the system DNS settings.
|
||||||
|
@ -237,8 +241,10 @@ netprobe_address = '9.9.9.9:53'
|
||||||
## These strings will be added as TXT records to queries.
|
## These strings will be added as TXT records to queries.
|
||||||
## Do not use, except on servers explicitly asking for extra data
|
## Do not use, except on servers explicitly asking for extra data
|
||||||
## to be present.
|
## to be present.
|
||||||
|
## encrypted-dns-server can be configured to use this for access control
|
||||||
|
## in the [access_control] section
|
||||||
|
|
||||||
# query_meta = ["key1:value1", "key2:value2", "key3:value3"]
|
# query_meta = ["key1:value1", "key2:value2", "token:MySecretToken"]
|
||||||
|
|
||||||
|
|
||||||
## Automatic log files rotation
|
## Automatic log files rotation
|
||||||
|
@ -261,7 +267,7 @@ log_files_max_backups = 1
|
||||||
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
|
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
|
||||||
## configure dnscrypt-proxy to do any kind of filtering (including the filters
|
## configure dnscrypt-proxy to do any kind of filtering (including the filters
|
||||||
## below and blacklists).
|
## below and blacklists).
|
||||||
## But you can still choose resolvers that do DNSSEC validation.
|
## You can still choose resolvers that do DNSSEC validation.
|
||||||
|
|
||||||
|
|
||||||
## Immediately respond to IPv6-related queries with an empty response
|
## Immediately respond to IPv6-related queries with an empty response
|
||||||
|
@ -293,9 +299,7 @@ reject_ttl = 600
|
||||||
# Route queries for specific domains to a dedicated set of servers #
|
# Route queries for specific domains to a dedicated set of servers #
|
||||||
##################################################################################
|
##################################################################################
|
||||||
|
|
||||||
## Example map entries (one entry per line):
|
## See the `example-forwarding-rules.txt` file for an example
|
||||||
## example.com 9.9.9.9
|
|
||||||
## example.net 9.9.9.9,8.8.8.8,1.1.1.1
|
|
||||||
|
|
||||||
# forwarding_rules = 'forwarding-rules.txt'
|
# forwarding_rules = 'forwarding-rules.txt'
|
||||||
|
|
||||||
|
@ -309,9 +313,7 @@ reject_ttl = 600
|
||||||
## In addition to acting as a HOSTS file, it can also return the IP address
|
## In addition to acting as a HOSTS file, it can also return the IP address
|
||||||
## of a different name. It will also do CNAME flattening.
|
## of a different name. It will also do CNAME flattening.
|
||||||
##
|
##
|
||||||
## Example map entries (one entry per line)
|
## See the `example-cloaking-rules.txt` file for an example
|
||||||
## example.com 10.1.1.1
|
|
||||||
## www.google.com forcesafesearch.google.com
|
|
||||||
|
|
||||||
# cloaking_rules = 'cloaking-rules.txt'
|
# cloaking_rules = 'cloaking-rules.txt'
|
||||||
|
|
||||||
|
@ -331,7 +333,7 @@ cache = true
|
||||||
|
|
||||||
## Cache size
|
## Cache size
|
||||||
|
|
||||||
cache_size = 1024
|
cache_size = 4096
|
||||||
|
|
||||||
|
|
||||||
## Minimum TTL for cached entries
|
## Minimum TTL for cached entries
|
||||||
|
@ -395,7 +397,7 @@ cache_neg_max_ttl = 600
|
||||||
[query_log]
|
[query_log]
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||||
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
|
## On non-Windows systems, can be /dev/stdout to log to the standard output (also set log_files_max_size to 0)
|
||||||
|
|
||||||
# file = 'query.log'
|
# file = 'query.log'
|
||||||
|
|
||||||
|
@ -533,8 +535,7 @@ cache_neg_max_ttl = 600
|
||||||
##
|
##
|
||||||
## For example, the following rule in a blacklist file:
|
## For example, the following rule in a blacklist file:
|
||||||
## *.youtube.* @time-to-sleep
|
## *.youtube.* @time-to-sleep
|
||||||
## would block access to YouTube only during the days, and period of the days
|
## would block access to YouTube during the times defined by the 'time-to-sleep' schedule.
|
||||||
## define by the 'time-to-sleep' schedule.
|
|
||||||
##
|
##
|
||||||
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
|
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
|
||||||
## {after= '9:00', before='18:00'} matches 9:00-18:00
|
## {after= '9:00', before='18:00'} matches 9:00-18:00
|
||||||
|
@ -575,7 +576,7 @@ cache_neg_max_ttl = 600
|
||||||
## must include the prefixes.
|
## must include the prefixes.
|
||||||
##
|
##
|
||||||
## If the `urls` property is missing, cache files and valid signatures
|
## If the `urls` property is missing, cache files and valid signatures
|
||||||
## must be already present; This doesn't prevent these cache files from
|
## must already be present. This doesn't prevent these cache files from
|
||||||
## expiring after `refresh_delay` hours.
|
## expiring after `refresh_delay` hours.
|
||||||
|
|
||||||
[sources]
|
[sources]
|
||||||
|
@ -615,7 +616,6 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#########################################
|
#########################################
|
||||||
# Servers with known bugs #
|
# Servers with known bugs #
|
||||||
#########################################
|
#########################################
|
||||||
|
@ -626,12 +626,27 @@ cache_neg_max_ttl = 600
|
||||||
# truncate reponses larger than questions as expected by the DNSCrypt protocol.
|
# truncate reponses larger than questions as expected by the DNSCrypt protocol.
|
||||||
# This prevents large responses from being received, and breaks relaying.
|
# This prevents large responses from being received, and breaks relaying.
|
||||||
# A workaround for the first issue will be applied to servers in list below.
|
# A workaround for the first issue will be applied to servers in list below.
|
||||||
|
# Quad9 appears to be dropping fragmented UDP queries, but only for some networks.
|
||||||
# Do not change that list until the bugs are fixed server-side.
|
# Do not change that list until the bugs are fixed server-side.
|
||||||
|
|
||||||
broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
################################
|
||||||
|
# TLS Client Authentication #
|
||||||
|
################################
|
||||||
|
|
||||||
|
# This is only useful if you are operating your own, private DoH server(s).
|
||||||
|
# (for DNSCrypt, see the `query_meta` feature instead)
|
||||||
|
|
||||||
|
[tls_client_auth]
|
||||||
|
|
||||||
|
# creds = [
|
||||||
|
# { server_name='myserver', client_cert='client.crt', client_key='client.key' }
|
||||||
|
# ]
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
################################
|
################################
|
||||||
# Anonymized DNS #
|
# Anonymized DNS #
|
||||||
|
@ -653,13 +668,13 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
||||||
##
|
##
|
||||||
## !!! THESE ARE JUST EXAMPLES !!!
|
## !!! THESE ARE JUST EXAMPLES !!!
|
||||||
##
|
##
|
||||||
## Review the list of available relays from the "relays.md` file, and, for each
|
## Review the list of available relays from the "relays.md" file, and, for each
|
||||||
## server you want to use, define the relays you want connections to go through.
|
## server you want to use, define the relays you want connections to go through.
|
||||||
##
|
##
|
||||||
## Carefully choose relays and servers so that the are run by different entities.
|
## Carefully choose relays and servers so that they are run by different entities.
|
||||||
##
|
##
|
||||||
## "server_name" can also be set to "*" to define a default route, but this is not
|
## "server_name" can also be set to "*" to define a default route, but this is not
|
||||||
## recommended. if you do so, keep "server_names" short and distinct from relays.
|
## recommended. If you do so, keep "server_names" short and distinct from relays.
|
||||||
|
|
||||||
# routes = [
|
# routes = [
|
||||||
# { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] },
|
# { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] },
|
||||||
|
|
Loading…
Reference in New Issue