d3cim
/
dnscrypt-proxy-android
mirror of https://github.com/d3cim/dnscrypt-proxy-android.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[UPSTREAM] - Quad9 back to the list of broken padding / Try harder workaround Cisco and Quad9 bugs 

25b89e57ae
7424f1a8b7
This commit is contained in:
quindecim 2020-03-26 04:47:50 -04:00
parent bb7201fc53
commit 4c9de135ef
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
config/dnscrypt-proxy.toml
View File

@ -33,6 +33,8 @@ server_names = ['dnscrypt.nl-ns0', 'dnscrypt.eu-dk', 'dnscrypt.eu-nl', 'dnscrypt
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
## Example with both IPv4 and IPv6:
## listen_addresses = ['127.0.0.1:53', '[::1]:53']
listen_addresses = ['127.0.0.1:53'] listen_addresses = ['127.0.0.1:53']
@ -239,8 +241,10 @@ netprobe_address = '91.239.100.100:53'
## These strings will be added as TXT records to queries. ## These strings will be added as TXT records to queries.
## Do not use, except on servers explicitly asking for extra data ## Do not use, except on servers explicitly asking for extra data
## to be present. ## to be present.
## encrypted-dns-server can be configured to use this for access control
## in the [access_control] section
# query_meta = ["key1:value1", "key2:value2", "key3:value3"] # query_meta = ["key1:value1", "key2:value2", "token:MySecretToken"]
## Automatic log files rotation ## Automatic log files rotation
@ -612,7 +616,6 @@ cache_neg_max_ttl = 600
######################################### #########################################
# Servers with known bugs # # Servers with known bugs #
######################################### #########################################
@ -621,12 +624,19 @@ cache_neg_max_ttl = 600
# Cisco servers currently cannot handle queries larger than 1472 bytes, and don't # Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
# truncate reponses larger than questions as expected by the DNSCrypt protocol. # truncate reponses larger than questions as expected by the DNSCrypt protocol.
# This prevents large responses from being received, and breaks relaying.
# This prevents large responses from being received over UDP, and breaks relaying.
# A workaround for the first issue will be applied to servers in list below. # A workaround for the first issue will be applied to servers in list below.
# Quad9 appears to be dropping fragmented UDP queries, but only for some networks. # Relaying cannot be reliable until the servers are fixed.
# Do not change that list until the bugs are fixed server-side. # Do not change that list until the bugs are fixed server-side.
broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield'] fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-alt', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-alt', 'quad9-dnscrypt-ip6-nofilter-pri']
# Quad9 ignores the query instead of sending a truncated response when the
# response is larger than the question.
# Do not change that list until the bugs are fixed server-side.
larger_responses_dropped = ['quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-nofilter-alt', 'quad9-dnscrypt-ip4-nofilter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-nofilter-alt', 'quad9-dnscrypt-ip6-nofilter-pri']
@ -696,3 +706,4 @@ broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
# [static.'myserver'] # [static.'myserver']
# stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg' # stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'