[toml] Fix upload issue

config/dnscrypt-proxy.toml

@@ -39,7 +39,7 @@ server_names = ['acsacsar-ams-ipv4', 'altername', 'ams-dnscrypt-nl', 'bcn-dnscry
 ## To listen to all IPv4 addresses, use `listen_addresses = ['0.0.0.0:53']`
 ## To listen to all IPv4+IPv6 addresses, use `listen_addresses = ['[::]:53']`
 
-listen_addresses = ['127.0.0.1:53']
+listen_addresses = ['127.0.0.1:5354']
 
 
 ## Maximum number of simultaneous client connections to accept
@@ -94,7 +94,7 @@ disabled_server_names = []
 ## (dnscrypt-proxy will always encrypt everything even using UDP), and can
 ## only increase latency.
 
-force_tcp = false
+force_tcp = true
 
 
 ## SOCKS proxy
@@ -128,7 +128,7 @@ keepalive = 30
 ## Multiple networks can be listed; they will be randomly chosen.
 ## These networks don't have to match your actual networks.
 
-# edns_client_subnet = ["0.0.0.0/0", "2001:db8::/32"]
+# edns_client_subnet = ['0.0.0.0/0', '2001:db8::/32']
 
 
 ## Response for blocked queries. Options are `refused`, `hinfo` (default) or
@@ -168,7 +168,7 @@ blocked_query_response = 'refused'
 
 ## When using a log file, only keep logs from the most recent launch.
 
- log_file_latest = true
+# log_file_latest = true
 
 
 ## Use the system logger (syslog on Unix, Event Log on Windows)
@@ -214,7 +214,7 @@ dnscrypt_ephemeral_keys = true
 ## Bootstrap resolvers
 ##
 ## These are normal, non-encrypted DNS resolvers, that will be only used
-## for one-shot queries when retrieving the initial resolvers list and the
+## for one-shot queries when retrieving the initial resolvers list and if
 ## the system DNS configuration doesn't work.
 ##
 ## No user queries will ever be leaked through these resolvers, and they will
@@ -454,20 +454,20 @@ cache_neg_max_ttl = 600
 
 [query_log]
 
-  ## Path to the query log file (absolute, or relative to the same directory as the config file)
-  ## Can be set to /dev/stdout in order to log to the standard output.
+## Path to the query log file (absolute, or relative to the same directory as the config file)
+## Can be set to /dev/stdout in order to log to the standard output.
 
-   file = 'query.log'
+# file = 'query.log'
 
 
-  ## Query log format (currently supported: tsv and ltsv)
+## Query log format (currently supported: tsv and ltsv)
 
-  format = 'tsv'
+format = 'tsv'
 
 
-  ## Do not log these query types, to reduce verbosity. Keep empty to log everything.
+## Do not log these query types, to reduce verbosity. Keep empty to log everything.
 
-  # ignored_qtypes = ['DNSKEY', 'NS']
+# ignored_qtypes = ['DNSKEY', 'NS']
 
 
 
@@ -481,19 +481,19 @@ cache_neg_max_ttl = 600
 
 [nx_log]
 
-  ## Path to the query log file (absolute, or relative to the same directory as the config file)
+## Path to the query log file (absolute, or relative to the same directory as the config file)
 
-   file = 'nx.log'
+# file = 'nx.log'
 
 
-  ## Query log format (currently supported: tsv and ltsv)
+## Query log format (currently supported: tsv and ltsv)
 
-  format = 'tsv'
+format = 'tsv'
 
 
 
 ######################################################
-#        Pattern-based blocking (blocklists)        #
+#        Pattern-based blocking (blocklists)         #
 ######################################################
 
 ## Blocklists are made of one pattern per line. Example of valid patterns:
@@ -511,19 +511,19 @@ cache_neg_max_ttl = 600
 
 [blocked_names]
 
-  ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
+## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
 
-  blocked_names_file = 'blocked-names.txt'
+blocked_names_file = 'blocked-names.txt'
 
 
-  ## Optional path to a file logging blocked queries
+## Optional path to a file logging blocked queries
 
-   log_file = 'blocked-names.log'
+# log_file = 'blocked-names.log'
 
 
-  ## Optional log format: tsv or ltsv (default: tsv)
+## Optional log format: tsv or ltsv (default: tsv)
 
-  # log_format = 'tsv'
+# log_format = 'tsv'
 
 
 
@@ -539,24 +539,24 @@ cache_neg_max_ttl = 600
 
 [blocked_ips]
 
-  ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
+## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
 
-  blocked_ips_file = 'blocked-ips.txt'
+blocked_ips_file = 'blocked-ips.txt'
 
 
-  ## Optional path to a file logging blocked queries
+## Optional path to a file logging blocked queries
 
-  # log_file = 'blocked-ips.log'
+# log_file = 'blocked-ips.log'
 
 
-  ## Optional log format: tsv or ltsv (default: tsv)
+## Optional log format: tsv or ltsv (default: tsv)
 
-  # log_format = 'tsv'
+# log_format = 'tsv'
 
 
 
 ######################################################
-#   Pattern-based allow lists (blocklists bypass)   #
+#   Pattern-based allow lists (blocklists bypass)    #
 ######################################################
 
 ## Allowlists support the same patterns as blocklists
@@ -567,19 +567,19 @@ cache_neg_max_ttl = 600
 
 [allowed_names]
 
-  ## Path to the file of allow list rules (absolute, or relative to the same directory as the config file)
+## Path to the file of allow list rules (absolute, or relative to the same directory as the config file)
 
-  allowed_names_file = 'allowed-names.txt'
+allowed_names_file = 'allowed-names.txt'
 
 
-  ## Optional path to a file logging allowed queries
+## Optional path to a file logging allowed queries
 
-  # log_file = 'allowed-names.log'
+# log_file = 'allowed-names.log'
 
 
-  ## Optional log format: tsv or ltsv (default: tsv)
+## Optional log format: tsv or ltsv (default: tsv)
 
-  # log_format = 'tsv'
+# log_format = 'tsv'
 
 
 
@@ -595,18 +595,18 @@ cache_neg_max_ttl = 600
 
 [allowed_ips]
 
-  ## Path to the file of allowed ip rules (absolute, or relative to the same directory as the config file)
+## Path to the file of allowed ip rules (absolute, or relative to the same directory as the config file)
 
-  allowed_ips_file = 'allowed-ips.txt'
+allowed_ips_file = 'allowed-ips.txt'
 
 
-  ## Optional path to a file logging allowed queries
+## Optional path to a file logging allowed queries
 
-  # log_file = 'allowed-ips.log'
+# log_file = 'allowed-ips.log'
 
-  ## Optional log format: tsv or ltsv (default: tsv)
+## Optional log format: tsv or ltsv (default: tsv)
 
-  # log_format = 'tsv'
+# log_format = 'tsv'
 
 
 
@@ -627,21 +627,21 @@ cache_neg_max_ttl = 600
 
 [schedules]
 
-  # [schedules.'time-to-sleep']
-  # mon = [{after='21:00', before='7:00'}]
-  # tue = [{after='21:00', before='7:00'}]
-  # wed = [{after='21:00', before='7:00'}]
-  # thu = [{after='21:00', before='7:00'}]
-  # fri = [{after='23:00', before='7:00'}]
-  # sat = [{after='23:00', before='7:00'}]
-  # sun = [{after='21:00', before='7:00'}]
+  # [schedules.time-to-sleep]
+  #   mon = [{after='21:00', before='7:00'}]
+  #   tue = [{after='21:00', before='7:00'}]
+  #   wed = [{after='21:00', before='7:00'}]
+  #   thu = [{after='21:00', before='7:00'}]
+  #   fri = [{after='23:00', before='7:00'}]
+  #   sat = [{after='23:00', before='7:00'}]
+  #   sun = [{after='21:00', before='7:00'}]
 
-  # [schedules.'work']
-  # mon = [{after='9:00', before='18:00'}]
-  # tue = [{after='9:00', before='18:00'}]
-  # wed = [{after='9:00', before='18:00'}]
-  # thu = [{after='9:00', before='18:00'}]
-  # fri = [{after='9:00', before='17:00'}]
+  # [schedules.work]
+  #   mon = [{after='9:00', before='18:00'}]
+  #   tue = [{after='9:00', before='18:00'}]
+  #   wed = [{after='9:00', before='18:00'}]
+  #   thu = [{after='9:00', before='18:00'}]
+  #   fri = [{after='9:00', before='17:00'}]
 
 
 
@@ -669,40 +669,40 @@ cache_neg_max_ttl = 600
 
 [sources]
 
-  ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
+  ### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
 
-  [sources.'public-resolvers']
+  [sources.public-resolvers]
     urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
     cache_file = 'public-resolvers.md'
     minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
     refresh_delay = 72
     prefix = ''
 
-  ## Anonymized DNS relays
+  ### Anonymized DNS relays
 
-  [sources.'relays']
+  [sources.relays]
     urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md']
     cache_file = 'relays.md'
     minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
     refresh_delay = 72
     prefix = ''
 
-  ## ODoH (Oblivious DoH) servers and relays
+  ### ODoH (Oblivious DoH) servers and relays
 
-  # [sources.'odoh-servers']
+  # [sources.odoh-servers]
   #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md']
   #   cache_file = 'odoh-servers.md'
   #   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
   #   refresh_delay = 24
   #   prefix = ''
-  # [sources.'odoh-relays']
+  # [sources.odoh-relays]
   #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md']
   #   cache_file = 'odoh-relays.md'
   #   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
   #   refresh_delay = 24
   #   prefix = ''
 
-  ## Quad9
+  ### Quad9
 
   # [sources.quad9-resolvers]
   #   urls = ['https://www.quad9.net/quad9-resolvers.md']
@@ -710,13 +710,13 @@ cache_neg_max_ttl = 600
   #   cache_file = 'quad9-resolvers.md'
   #   prefix = 'quad9-'
 
-  ## Another example source, with resolvers censoring some websites not appropriate for children
-  ## This is a subset of the `public-resolvers` list, so enabling both is useless
+  ### Another example source, with resolvers censoring some websites not appropriate for children
+  ### This is a subset of the `public-resolvers` list, so enabling both is useless
 
-  #  [sources.'parental-control']
-  #    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md']
-  #    cache_file = 'parental-control.md'
-  #    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+  # [sources.parental-control]
+  #   urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md']
+  #   cache_file = 'parental-control.md'
+  #   minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
 
 
 
@@ -726,16 +726,16 @@ cache_neg_max_ttl = 600
 
 [broken_implementations]
 
-# Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
-# truncate reponses larger than questions as expected by the DNSCrypt protocol.
-# This prevents large responses from being received over UDP and over relays.
-#
-# Older versions of the `dnsdist` server software had a bug with queries larger
-# than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but
-# some server may still run an outdated version.
-#
-# The list below enables workarounds to make non-relayed usage more reliable
-# until the servers are fixed.
+## Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
+## truncate responses larger than questions as expected by the DNSCrypt protocol.
+## This prevents large responses from being received over UDP and over relays.
+##
+## Older versions of the `dnsdist` server software had a bug with queries larger
+## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but
+## some server may still run an outdated version.
+##
+## The list below enables workarounds to make non-relayed usage more reliable
+## until the servers are fixed.
 
 fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6']
 
@@ -745,15 +745,14 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
 #        Certificate-based client authentication for DoH        #
 #################################################################
 
-# Use a X509 certificate to authenticate yourself when connecting to DoH servers.
-# This is only useful if you are operating your own, private DoH server(s).
-# 'creds' maps servers to certificates, and supports multiple entries.
-# If you are not using the standard root CA, an optional "root_ca"
-# property set to the path to a root CRT file can be added to a server entry.
+## Use a X509 certificate to authenticate yourself when connecting to DoH servers.
+## This is only useful if you are operating your own, private DoH server(s).
+## 'creds' maps servers to certificates, and supports multiple entries.
+## If you are not using the standard root CA, an optional "root_ca"
+## property set to the path to a root CRT file can be added to a server entry.
 
 [doh_client_x509_auth]
 
-#
 # creds = [
 #    { server_name='*', client_cert='client.crt', client_key='client.key' }
 # ]
@@ -837,14 +836,14 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys
  ]
 
 
-# Skip resolvers incompatible with anonymization instead of using them directly
+## Skip resolvers incompatible with anonymization instead of using them directly
 
 skip_incompatible = true
 
 
-# If public server certificates for a non-conformant server cannot be
-# retrieved via a relay, try getting them directly. Actual queries
-# will then always go through relays.
+## If public server certificates for a non-conformant server cannot be
+## retrieved via a relay, try getting them directly. Actual queries
+## will then always go through relays.
 
 direct_cert_fallback = false
 
@@ -872,13 +871,15 @@ direct_cert_fallback = false
 
 [dns64]
 
-## (Option 1) Static prefix(es) as Pref64::/n CIDRs.
+## Static prefix(es) as Pref64::/n CIDRs
+
 # prefix = ['64:ff9b::/96']
 
-## (Option 2) DNS64-enabled resolver(s) to discover Pref64::/n CIDRs.
+## DNS64-enabled resolver(s) to discover Pref64::/n CIDRs
 ## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only.
 ## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96).
 ## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only.
+
 # resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53']
 
 
@@ -892,5 +893,5 @@ direct_cert_fallback = false
 
 [static]
 
-  # [static.'myserver']
-  # stamp = 'sdns://AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'
+  # [static.myserver]
+  #   stamp = 'sdns://AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'