Synced with the main template

This commit is contained in:
quindecim 2019-12-19 11:10:10 -05:00
parent b7f41a1baa
commit 3f91b8dd2a
2 changed files with 41 additions and 20 deletions

View File

@ -198,7 +198,7 @@ dnscrypt_ephemeral_keys = true
fallback_resolver = '91.239.100.100:53' fallback_resolver = '91.239.100.100:53'
## Always use the fallback resolver before the system DNS settings ## Always use the fallback resolver before the system DNS settings.
ignore_system_dns = true ignore_system_dns = true
@ -256,13 +256,17 @@ log_files_max_backups = 1
# Filters # # Filters #
######################### #########################
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
## configure dnscrypt-proxy to do any kind of filtering (including the filters
## below and blacklists).
## But you can still choose resolvers that do DNSSEC validation.
## Immediately respond to IPv6-related queries with an empty response ## Immediately respond to IPv6-related queries with an empty response
## This makes things faster when there is no IPv6 connectivity, but can ## This makes things faster when there is no IPv6 connectivity, but can
## also cause reliability issues with some stub resolvers. ## also cause reliability issues with some stub resolvers.
## Do not enable if you added a validating resolver such as dnsmasq in front
## of the proxy.
block_ipv6 = true block_ipv6 = false
## Immediately respond to A and AAAA queries for host names without a domain name ## Immediately respond to A and AAAA queries for host names without a domain name
@ -270,6 +274,12 @@ block_ipv6 = true
block_unqualified = true block_unqualified = true
## Immediately respond to queries for local zones instead of leaking them to
## upstream resolvers (always causing errors or timeouts).
block_undelegated = true
## TTL for synthetic responses sent when a request has been blocked (due to ## TTL for synthetic responses sent when a request has been blocked (due to
## IPv6 or blacklists). ## IPv6 or blacklists).
@ -382,7 +392,7 @@ cache_neg_max_ttl = 600
[query_log] [query_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file) ## Path to the query log file (absolute, or relative to the same directory as the config file)
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0) ## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
# file = 'query.log' # file = 'query.log'
@ -409,7 +419,7 @@ cache_neg_max_ttl = 600
[nx_log] [nx_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file) ## Path to the query log file (absolute, or relative to the same directory as the config file)
# file = 'nx.log' # file = 'nx.log'
@ -439,7 +449,7 @@ cache_neg_max_ttl = 600
[blacklist] [blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
blacklist_file = 'blacklist.txt' blacklist_file = 'blacklist.txt'
@ -467,7 +477,7 @@ cache_neg_max_ttl = 600
[ip_blacklist] [ip_blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
# blacklist_file = 'ip-blacklist.txt' # blacklist_file = 'ip-blacklist.txt'
@ -495,7 +505,7 @@ cache_neg_max_ttl = 600
[whitelist] [whitelist]
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file) ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file)
# whitelist_file = 'whitelist.txt' # whitelist_file = 'whitelist.txt'
@ -635,7 +645,7 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
## A relay can be specified as a DNS Stamp (either a relay stamp, or a ## A relay can be specified as a DNS Stamp (either a relay stamp, or a
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name. ## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
## ##
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2``, ## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
## and "example-server-2" via the relay whose relay DNS stamp ## and "example-server-2" via the relay whose relay DNS stamp
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM". ## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
## ##

View File

@ -200,7 +200,7 @@ cert_refresh_delay = 240
fallback_resolver = '9.9.9.9:53' fallback_resolver = '9.9.9.9:53'
## Always use the fallback resolver before the system DNS settings ## Always use the fallback resolver before the system DNS settings.
ignore_system_dns = true ignore_system_dns = true
@ -258,11 +258,15 @@ log_files_max_backups = 1
# Filters # # Filters #
######################### #########################
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
## configure dnscrypt-proxy to do any kind of filtering (including the filters
## below and blacklists).
## But you can still choose resolvers that do DNSSEC validation.
## Immediately respond to IPv6-related queries with an empty response ## Immediately respond to IPv6-related queries with an empty response
## This makes things faster when there is no IPv6 connectivity, but can ## This makes things faster when there is no IPv6 connectivity, but can
## also cause reliability issues with some stub resolvers. ## also cause reliability issues with some stub resolvers.
## Do not enable if you added a validating resolver such as dnsmasq in front
## of the proxy.
block_ipv6 = false block_ipv6 = false
@ -272,6 +276,12 @@ block_ipv6 = false
block_unqualified = true block_unqualified = true
## Immediately respond to queries for local zones instead of leaking them to
## upstream resolvers (always causing errors or timeouts).
block_undelegated = true
## TTL for synthetic responses sent when a request has been blocked (due to ## TTL for synthetic responses sent when a request has been blocked (due to
## IPv6 or blacklists). ## IPv6 or blacklists).
@ -384,7 +394,7 @@ cache_neg_max_ttl = 600
[query_log] [query_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file) ## Path to the query log file (absolute, or relative to the same directory as the config file)
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0) ## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
# file = 'query.log' # file = 'query.log'
@ -411,7 +421,7 @@ cache_neg_max_ttl = 600
[nx_log] [nx_log]
## Path to the query log file (absolute, or relative to the same directory as the executable file) ## Path to the query log file (absolute, or relative to the same directory as the config file)
# file = 'nx.log' # file = 'nx.log'
@ -441,7 +451,7 @@ cache_neg_max_ttl = 600
[blacklist] [blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
# blacklist_file = 'blacklist.txt' # blacklist_file = 'blacklist.txt'
@ -469,7 +479,7 @@ cache_neg_max_ttl = 600
[ip_blacklist] [ip_blacklist]
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
# blacklist_file = 'ip-blacklist.txt' # blacklist_file = 'ip-blacklist.txt'
@ -497,7 +507,7 @@ cache_neg_max_ttl = 600
[whitelist] [whitelist]
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file) ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file)
# whitelist_file = 'whitelist.txt' # whitelist_file = 'whitelist.txt'
@ -637,7 +647,7 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
## A relay can be specified as a DNS Stamp (either a relay stamp, or a ## A relay can be specified as a DNS Stamp (either a relay stamp, or a
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name. ## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
## ##
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2``, ## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
## and "example-server-2" via the relay whose relay DNS stamp ## and "example-server-2" via the relay whose relay DNS stamp
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM". ## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
## ##
@ -664,3 +674,4 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
# [static.'myserver'] # [static.'myserver']
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg' # stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'