From 42992fd09007b88df13ab6d2820f4ffb3b5774f8 Mon Sep 17 00:00:00 2001
From: quindecim <quindecim@airmail.cc>
Date: Mon, 6 Jul 2020 18:04:01 -0400
Subject: [PATCH] [UPSTREAM] - Update example config file (see description)

https://github.com/DNSCrypt/dnscrypt-proxy/commit/7a6f1461f842c34e7af2599a4e6dc75b6668e5bc
https://github.com/DNSCrypt/dnscrypt-proxy/commit/9bc5bb0e14630a5b5a147eab2febeef632882206
https://github.com/DNSCrypt/dnscrypt-proxy/commit/63c8f0610feea26554d315aa352521e0a45057a5
https://github.com/DNSCrypt/dnscrypt-proxy/commit/038ebea0ed1a83768ead6c5a5ca62211a668f6d8
---
 config/example-docs/example-dnscrypt-proxy.toml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/config/example-docs/example-dnscrypt-proxy.toml b/config/example-docs/example-dnscrypt-proxy.toml
index bd09ace..25d485e 100644
--- a/config/example-docs/example-dnscrypt-proxy.toml
+++ b/config/example-docs/example-dnscrypt-proxy.toml
@@ -641,7 +641,7 @@ cache_neg_max_ttl = 600
 # The list below enables workarounds to make non-relayed usage more reliable
 # until the servers are fixed.
 
-fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-alt', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-alt', 'quad9-dnscrypt-ip6-nofilter-pri', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security']
+fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-pri', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security']
 
 
 
@@ -698,11 +698,18 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
 # ]
 
 
-# skip resolvers incompatible with anonymization instead of using them directly
+# Skip resolvers incompatible with anonymization instead of using them directly
 
 skip_incompatible = false
 
 
+# If public server certificates for a non-conformant server cannot be
+# retrieved via a relay, try getting them directly. Actual queries
+# will then always go through relays.
+
+# direct_cert_fallback = false
+
+
 
 ###############################
 #            DNS64            #