diff --git a/config/dnscrypt-proxy.toml b/config/dnscrypt-proxy.toml index 23ef4d6..f737c5f 100644 --- a/config/dnscrypt-proxy.toml +++ b/config/dnscrypt-proxy.toml @@ -21,10 +21,12 @@ ## Servers from the "public-resolvers" source (see down below) can ## be viewed here: https://dnscrypt.info/public-servers ## -## If this line is commented, all registered servers matching the require_* filters -## will be used. +## The proxy will automatically pick working servers from this list. +## Note that the require_* filters do NOT apply when using this setting. +## +## By default, this list is empty and all registered servers matching the +## require_* filters will be used instead. ## -## The proxy will automatically pick the fastest, working servers from the list. ## Remove the leading # first to enable this; lines starting with # are ignored. server_names = ['dnscrypt.nl-ns0', 'dnscrypt.eu-dk', 'dnscrypt.eu-nl', 'dnscrypt.one', 'dnscrypt.uk-ipv4', 'dnswarden-dc1', 'dnswarden-dc2', 'dnswarden-dc3', 'ffmuc.net', 'publicarray-au', 'publicarray-au2', 'scaleway-ams', 'scaleway-fr', 'v.dnscrypt.uk-ipv4'] @@ -261,7 +263,7 @@ log_files_max_backups = 1 ## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you ## configure dnscrypt-proxy to do any kind of filtering (including the filters ## below and blacklists). -## But you can still choose resolvers that do DNSSEC validation. +## You can still choose resolvers that do DNSSEC validation. ## Immediately respond to IPv6-related queries with an empty response @@ -391,7 +393,7 @@ cache_neg_max_ttl = 600 [query_log] ## Path to the query log file (absolute, or relative to the same directory as the config file) - ## On non-Windows systems, can be /dev/stdout to log to the standard output (and set log_files_max_size to 0) + ## On non-Windows systems, can be /dev/stdout to log to the standard output (also set log_files_max_size to 0) # file = 'query.log' @@ -529,8 +531,7 @@ cache_neg_max_ttl = 600 ## ## For example, the following rule in a blacklist file: ## *.youtube.* @time-to-sleep -## would block access to YouTube only during the days, and period of the days -## define by the 'time-to-sleep' schedule. +## would block access to YouTube during the times defined by the 'time-to-sleep' schedule. ## ## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00 ## {after= '9:00', before='18:00'} matches 9:00-18:00 @@ -571,7 +572,7 @@ cache_neg_max_ttl = 600 ## must include the prefixes. ## ## If the `urls` property is missing, cache files and valid signatures -## must be already present; This doesn't prevent these cache files from +## must already be present. This doesn't prevent these cache files from ## expiring after `refresh_delay` hours. [sources] @@ -649,13 +650,13 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield', "quad9-dnsc ## ## !!! THESE ARE JUST EXAMPLES !!! ## -## Review the list of available relays from the "relays.md` file, and, for each +## Review the list of available relays from the "relays.md" file, and, for each ## server you want to use, define the relays you want connections to go through. ## -## Carefully choose relays and servers so that the are run by different entities. +## Carefully choose relays and servers so that they are run by different entities. ## ## "server_name" can also be set to "*" to define a default route, but this is not -## recommended. if you do so, keep "server_names" short and distinct from relays. +## recommended. If you do so, keep "server_names" short and distinct from relays. routes = [ { server_name='dnscrypt.nl-ns0', via=['anon-dnscrypt.one', 'anon-scaleway-ams'] },