diff --git a/binary/dnscrypt-proxy-arm b/binary/dnscrypt-proxy-arm index ee66e55..27f01f6 100755 Binary files a/binary/dnscrypt-proxy-arm and b/binary/dnscrypt-proxy-arm differ diff --git a/binary/dnscrypt-proxy-arm64 b/binary/dnscrypt-proxy-arm64 index 21cca6c..06abc7d 100755 Binary files a/binary/dnscrypt-proxy-arm64 and b/binary/dnscrypt-proxy-arm64 differ diff --git a/binary/dnscrypt-proxy-x86 b/binary/dnscrypt-proxy-x86 index 1ab3caf..7b4886c 100755 Binary files a/binary/dnscrypt-proxy-x86 and b/binary/dnscrypt-proxy-x86 differ diff --git a/binary/dnscrypt-proxy-x86_64 b/binary/dnscrypt-proxy-x86_64 index a7121c5..2cb0431 100755 Binary files a/binary/dnscrypt-proxy-x86_64 and b/binary/dnscrypt-proxy-x86_64 differ diff --git a/config/example-dnscrypt-proxy.toml b/config/example-dnscrypt-proxy.toml index 6827de1..c0a092b 100644 --- a/config/example-dnscrypt-proxy.toml +++ b/config/example-dnscrypt-proxy.toml @@ -68,8 +68,11 @@ require_nolog = true require_nofilter = true - -## Always use TCP to connect to upstream servers +## Always use TCP to connect to upstream servers. +## This can be can be useful if you need to route everything through Tor. +## Otherwise, leave this to `false`, as it doesn't improve security +## (dnscrypt-proxy will always encrypt everything even using UDP), and can +## only increase latency. force_tcp = false @@ -154,12 +157,21 @@ cert_refresh_delay = 240 fallback_resolver = '9.9.9.9:53' -## Never try to use the system DNS settings; unconditionally use the -## fallback resolver. +## Never let dnscrypt-proxy try to use the system DNS settings; +## unconditionally use the fallback resolver. ignore_system_dns = false +## Maximum time (in seconds) to wait for network connectivity before +## initializing the proxy. +## Useful if the proxy is automatically started at boot, and network +## connectivity is not guaranteed to be immediately available. +## Use 0 to disable. + +netprobe_timeout = 30 + + ## Automatic log files rotation # Maximum log files size in MB @@ -179,8 +191,9 @@ log_files_max_backups = 1 ## Immediately respond to IPv6-related queries with an empty response ## This makes things faster when there is no IPv6 connectivity, but can -## also cause reliability issues with some stub resolvers. In -## particular, enabling this on macOS is not recommended. +## also cause reliability issues with some stub resolvers. +## Do not enable if you added a validating resolver such as dnsmasq in front +## of the proxy. block_ipv6 = false @@ -238,9 +251,14 @@ cache_min_ttl = 600 cache_max_ttl = 86400 -## TTL for negatively cached entries +## Minimum TTL for negatively cached entries -cache_neg_ttl = 60 +cache_neg_min_ttl = 60 + + +## Maximum TTL for negatively cached entries + +cache_neg_max_ttl = 600 diff --git a/config/example-forwarding-rules.txt b/config/example-forwarding-rules.txt index 24cd586..177321c 100644 --- a/config/example-forwarding-rules.txt +++ b/config/example-forwarding-rules.txt @@ -3,10 +3,12 @@ ################################## ## This is used to route specific domain names to specific servers. -## The general format is: [, ...] -## Addresses can be IPv4 and IPv6, and include a non-standard port number. +## The general format is: +## [:port] [, [:port]...] +## IPv6 addresses can be specified by enclosing the address in square brackets. ## In order to enable this feature, the "forwarding_rules" property needs to -## be set to that file name in the main configuration file. +## be set to this file name inside the main configuration file. -example.com 9.9.9.9,8.8.8.8 +## Forward queries for example.com and *.example.com to 9.9.9.9 and 8.8.8.8 +# example.com 9.9.9.9,8.8.8.8