Synced with the main template
This commit is contained in:
parent
b7f41a1baa
commit
3f91b8dd2a
|
@ -198,7 +198,7 @@ dnscrypt_ephemeral_keys = true
|
|||
fallback_resolver = '91.239.100.100:53'
|
||||
|
||||
|
||||
## Always use the fallback resolver before the system DNS settings
|
||||
## Always use the fallback resolver before the system DNS settings.
|
||||
|
||||
ignore_system_dns = true
|
||||
|
||||
|
@ -256,13 +256,17 @@ log_files_max_backups = 1
|
|||
# Filters #
|
||||
#########################
|
||||
|
||||
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
|
||||
## configure dnscrypt-proxy to do any kind of filtering (including the filters
|
||||
## below and blacklists).
|
||||
## But you can still choose resolvers that do DNSSEC validation.
|
||||
|
||||
|
||||
## Immediately respond to IPv6-related queries with an empty response
|
||||
## This makes things faster when there is no IPv6 connectivity, but can
|
||||
## also cause reliability issues with some stub resolvers.
|
||||
## Do not enable if you added a validating resolver such as dnsmasq in front
|
||||
## of the proxy.
|
||||
|
||||
block_ipv6 = true
|
||||
block_ipv6 = false
|
||||
|
||||
|
||||
## Immediately respond to A and AAAA queries for host names without a domain name
|
||||
|
@ -270,6 +274,12 @@ block_ipv6 = true
|
|||
block_unqualified = true
|
||||
|
||||
|
||||
## Immediately respond to queries for local zones instead of leaking them to
|
||||
## upstream resolvers (always causing errors or timeouts).
|
||||
|
||||
block_undelegated = true
|
||||
|
||||
|
||||
## TTL for synthetic responses sent when a request has been blocked (due to
|
||||
## IPv6 or blacklists).
|
||||
|
||||
|
@ -382,7 +392,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[query_log]
|
||||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
|
||||
|
||||
# file = 'query.log'
|
||||
|
@ -409,7 +419,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[nx_log]
|
||||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||
|
||||
# file = 'nx.log'
|
||||
|
||||
|
@ -439,7 +449,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[blacklist]
|
||||
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
|
||||
|
||||
blacklist_file = 'blacklist.txt'
|
||||
|
||||
|
@ -467,7 +477,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[ip_blacklist]
|
||||
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
|
||||
|
||||
# blacklist_file = 'ip-blacklist.txt'
|
||||
|
||||
|
@ -495,7 +505,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[whitelist]
|
||||
|
||||
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file)
|
||||
|
||||
# whitelist_file = 'whitelist.txt'
|
||||
|
||||
|
@ -635,7 +645,7 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
|||
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
|
||||
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
|
||||
##
|
||||
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2``,
|
||||
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
|
||||
## and "example-server-2" via the relay whose relay DNS stamp
|
||||
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
|
||||
##
|
||||
|
@ -673,4 +683,4 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
|||
[static]
|
||||
|
||||
# [static.'myserver']
|
||||
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
|
||||
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
|
||||
|
|
|
@ -200,7 +200,7 @@ cert_refresh_delay = 240
|
|||
fallback_resolver = '9.9.9.9:53'
|
||||
|
||||
|
||||
## Always use the fallback resolver before the system DNS settings
|
||||
## Always use the fallback resolver before the system DNS settings.
|
||||
|
||||
ignore_system_dns = true
|
||||
|
||||
|
@ -258,11 +258,15 @@ log_files_max_backups = 1
|
|||
# Filters #
|
||||
#########################
|
||||
|
||||
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
|
||||
## configure dnscrypt-proxy to do any kind of filtering (including the filters
|
||||
## below and blacklists).
|
||||
## But you can still choose resolvers that do DNSSEC validation.
|
||||
|
||||
|
||||
## Immediately respond to IPv6-related queries with an empty response
|
||||
## This makes things faster when there is no IPv6 connectivity, but can
|
||||
## also cause reliability issues with some stub resolvers.
|
||||
## Do not enable if you added a validating resolver such as dnsmasq in front
|
||||
## of the proxy.
|
||||
|
||||
block_ipv6 = false
|
||||
|
||||
|
@ -272,6 +276,12 @@ block_ipv6 = false
|
|||
block_unqualified = true
|
||||
|
||||
|
||||
## Immediately respond to queries for local zones instead of leaking them to
|
||||
## upstream resolvers (always causing errors or timeouts).
|
||||
|
||||
block_undelegated = true
|
||||
|
||||
|
||||
## TTL for synthetic responses sent when a request has been blocked (due to
|
||||
## IPv6 or blacklists).
|
||||
|
||||
|
@ -384,7 +394,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[query_log]
|
||||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
|
||||
|
||||
# file = 'query.log'
|
||||
|
@ -411,7 +421,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[nx_log]
|
||||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||
|
||||
# file = 'nx.log'
|
||||
|
||||
|
@ -441,7 +451,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[blacklist]
|
||||
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
|
||||
|
||||
# blacklist_file = 'blacklist.txt'
|
||||
|
||||
|
@ -469,7 +479,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[ip_blacklist]
|
||||
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
|
||||
|
||||
# blacklist_file = 'ip-blacklist.txt'
|
||||
|
||||
|
@ -497,7 +507,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
[whitelist]
|
||||
|
||||
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
|
||||
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file)
|
||||
|
||||
# whitelist_file = 'whitelist.txt'
|
||||
|
||||
|
@ -637,7 +647,7 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
|||
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
|
||||
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
|
||||
##
|
||||
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2``,
|
||||
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
|
||||
## and "example-server-2" via the relay whose relay DNS stamp
|
||||
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
|
||||
##
|
||||
|
@ -664,3 +674,4 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
|||
|
||||
# [static.'myserver']
|
||||
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
|
||||
|
||||
|
|
Loading…
Reference in New Issue