Synced with the main template
This commit is contained in:
parent
b7f41a1baa
commit
3f91b8dd2a
|
@ -198,7 +198,7 @@ dnscrypt_ephemeral_keys = true
|
||||||
fallback_resolver = '91.239.100.100:53'
|
fallback_resolver = '91.239.100.100:53'
|
||||||
|
|
||||||
|
|
||||||
## Always use the fallback resolver before the system DNS settings
|
## Always use the fallback resolver before the system DNS settings.
|
||||||
|
|
||||||
ignore_system_dns = true
|
ignore_system_dns = true
|
||||||
|
|
||||||
|
@ -256,13 +256,17 @@ log_files_max_backups = 1
|
||||||
# Filters #
|
# Filters #
|
||||||
#########################
|
#########################
|
||||||
|
|
||||||
|
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
|
||||||
|
## configure dnscrypt-proxy to do any kind of filtering (including the filters
|
||||||
|
## below and blacklists).
|
||||||
|
## But you can still choose resolvers that do DNSSEC validation.
|
||||||
|
|
||||||
|
|
||||||
## Immediately respond to IPv6-related queries with an empty response
|
## Immediately respond to IPv6-related queries with an empty response
|
||||||
## This makes things faster when there is no IPv6 connectivity, but can
|
## This makes things faster when there is no IPv6 connectivity, but can
|
||||||
## also cause reliability issues with some stub resolvers.
|
## also cause reliability issues with some stub resolvers.
|
||||||
## Do not enable if you added a validating resolver such as dnsmasq in front
|
|
||||||
## of the proxy.
|
|
||||||
|
|
||||||
block_ipv6 = true
|
block_ipv6 = false
|
||||||
|
|
||||||
|
|
||||||
## Immediately respond to A and AAAA queries for host names without a domain name
|
## Immediately respond to A and AAAA queries for host names without a domain name
|
||||||
|
@ -270,6 +274,12 @@ block_ipv6 = true
|
||||||
block_unqualified = true
|
block_unqualified = true
|
||||||
|
|
||||||
|
|
||||||
|
## Immediately respond to queries for local zones instead of leaking them to
|
||||||
|
## upstream resolvers (always causing errors or timeouts).
|
||||||
|
|
||||||
|
block_undelegated = true
|
||||||
|
|
||||||
|
|
||||||
## TTL for synthetic responses sent when a request has been blocked (due to
|
## TTL for synthetic responses sent when a request has been blocked (due to
|
||||||
## IPv6 or blacklists).
|
## IPv6 or blacklists).
|
||||||
|
|
||||||
|
@ -382,7 +392,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[query_log]
|
[query_log]
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||||
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
|
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
|
||||||
|
|
||||||
# file = 'query.log'
|
# file = 'query.log'
|
||||||
|
@ -409,7 +419,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[nx_log]
|
[nx_log]
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||||
|
|
||||||
# file = 'nx.log'
|
# file = 'nx.log'
|
||||||
|
|
||||||
|
@ -439,7 +449,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[blacklist]
|
[blacklist]
|
||||||
|
|
||||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
|
||||||
|
|
||||||
blacklist_file = 'blacklist.txt'
|
blacklist_file = 'blacklist.txt'
|
||||||
|
|
||||||
|
@ -467,7 +477,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[ip_blacklist]
|
[ip_blacklist]
|
||||||
|
|
||||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
|
||||||
|
|
||||||
# blacklist_file = 'ip-blacklist.txt'
|
# blacklist_file = 'ip-blacklist.txt'
|
||||||
|
|
||||||
|
@ -495,7 +505,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[whitelist]
|
[whitelist]
|
||||||
|
|
||||||
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
|
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file)
|
||||||
|
|
||||||
# whitelist_file = 'whitelist.txt'
|
# whitelist_file = 'whitelist.txt'
|
||||||
|
|
||||||
|
@ -635,7 +645,7 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
||||||
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
|
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
|
||||||
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
|
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
|
||||||
##
|
##
|
||||||
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2``,
|
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
|
||||||
## and "example-server-2" via the relay whose relay DNS stamp
|
## and "example-server-2" via the relay whose relay DNS stamp
|
||||||
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
|
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
|
||||||
##
|
##
|
||||||
|
@ -673,4 +683,4 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
||||||
[static]
|
[static]
|
||||||
|
|
||||||
# [static.'myserver']
|
# [static.'myserver']
|
||||||
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
|
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
|
||||||
|
|
|
@ -200,7 +200,7 @@ cert_refresh_delay = 240
|
||||||
fallback_resolver = '9.9.9.9:53'
|
fallback_resolver = '9.9.9.9:53'
|
||||||
|
|
||||||
|
|
||||||
## Always use the fallback resolver before the system DNS settings
|
## Always use the fallback resolver before the system DNS settings.
|
||||||
|
|
||||||
ignore_system_dns = true
|
ignore_system_dns = true
|
||||||
|
|
||||||
|
@ -258,11 +258,15 @@ log_files_max_backups = 1
|
||||||
# Filters #
|
# Filters #
|
||||||
#########################
|
#########################
|
||||||
|
|
||||||
|
## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
|
||||||
|
## configure dnscrypt-proxy to do any kind of filtering (including the filters
|
||||||
|
## below and blacklists).
|
||||||
|
## But you can still choose resolvers that do DNSSEC validation.
|
||||||
|
|
||||||
|
|
||||||
## Immediately respond to IPv6-related queries with an empty response
|
## Immediately respond to IPv6-related queries with an empty response
|
||||||
## This makes things faster when there is no IPv6 connectivity, but can
|
## This makes things faster when there is no IPv6 connectivity, but can
|
||||||
## also cause reliability issues with some stub resolvers.
|
## also cause reliability issues with some stub resolvers.
|
||||||
## Do not enable if you added a validating resolver such as dnsmasq in front
|
|
||||||
## of the proxy.
|
|
||||||
|
|
||||||
block_ipv6 = false
|
block_ipv6 = false
|
||||||
|
|
||||||
|
@ -272,6 +276,12 @@ block_ipv6 = false
|
||||||
block_unqualified = true
|
block_unqualified = true
|
||||||
|
|
||||||
|
|
||||||
|
## Immediately respond to queries for local zones instead of leaking them to
|
||||||
|
## upstream resolvers (always causing errors or timeouts).
|
||||||
|
|
||||||
|
block_undelegated = true
|
||||||
|
|
||||||
|
|
||||||
## TTL for synthetic responses sent when a request has been blocked (due to
|
## TTL for synthetic responses sent when a request has been blocked (due to
|
||||||
## IPv6 or blacklists).
|
## IPv6 or blacklists).
|
||||||
|
|
||||||
|
@ -384,7 +394,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[query_log]
|
[query_log]
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||||
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
|
## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
|
||||||
|
|
||||||
# file = 'query.log'
|
# file = 'query.log'
|
||||||
|
@ -411,7 +421,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[nx_log]
|
[nx_log]
|
||||||
|
|
||||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
## Path to the query log file (absolute, or relative to the same directory as the config file)
|
||||||
|
|
||||||
# file = 'nx.log'
|
# file = 'nx.log'
|
||||||
|
|
||||||
|
@ -441,7 +451,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[blacklist]
|
[blacklist]
|
||||||
|
|
||||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
|
||||||
|
|
||||||
# blacklist_file = 'blacklist.txt'
|
# blacklist_file = 'blacklist.txt'
|
||||||
|
|
||||||
|
@ -469,7 +479,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[ip_blacklist]
|
[ip_blacklist]
|
||||||
|
|
||||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
|
||||||
|
|
||||||
# blacklist_file = 'ip-blacklist.txt'
|
# blacklist_file = 'ip-blacklist.txt'
|
||||||
|
|
||||||
|
@ -497,7 +507,7 @@ cache_neg_max_ttl = 600
|
||||||
|
|
||||||
[whitelist]
|
[whitelist]
|
||||||
|
|
||||||
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
|
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file)
|
||||||
|
|
||||||
# whitelist_file = 'whitelist.txt'
|
# whitelist_file = 'whitelist.txt'
|
||||||
|
|
||||||
|
@ -637,7 +647,7 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
||||||
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
|
## A relay can be specified as a DNS Stamp (either a relay stamp, or a
|
||||||
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
|
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
|
||||||
##
|
##
|
||||||
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2``,
|
## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
|
||||||
## and "example-server-2" via the relay whose relay DNS stamp
|
## and "example-server-2" via the relay whose relay DNS stamp
|
||||||
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
|
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
|
||||||
##
|
##
|
||||||
|
@ -664,3 +674,4 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
|
||||||
|
|
||||||
# [static.'myserver']
|
# [static.'myserver']
|
||||||
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
|
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue