update upstream version to 2.0.10

This commit is contained in:
bluemeda 2018-04-17 12:58:12 +07:00
parent 5ee2affd4b
commit 56cd600d23
8 changed files with 102 additions and 10 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -10,6 +10,7 @@
## ads.* | matches anything with an "ads." prefix ## ads.* | matches anything with an "ads." prefix
## *.example.com | matches example.com and all names within that zone such as www.example.com ## *.example.com | matches example.com and all names within that zone such as www.example.com
## example.com | identical to the above ## example.com | identical to the above
## =example.com | block example.com but not *.example.com
## *sex* | matches any name containing that substring ## *sex* | matches any name containing that substring
## ads[0-9]* | matches "ads" followed by one or more digits ## ads[0-9]* | matches "ads" followed by one or more digits
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster ## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster

View File

@ -3,14 +3,13 @@
################################ ################################
# The following example rules force "safe" (without adult content) search # The following example rules force "safe" (without adult content) search
# results from Google, Bing and Youtube. # results from Google, Bing and YouTube.
# #
# This has to be enabled with the `cloaking_rules` parameter in the main # This has to be enabled with the `cloaking_rules` parameter in the main
# configuration file # configuration file
www.google.com forcesafesearch.google.com www.google.* forcesafesearch.google.com
www.google.fr forcesafesearch.google.com
www.bing.com strict.bing.com www.bing.com strict.bing.com
@ -20,3 +19,4 @@ youtubei.googleapis.com restrictmoderate.youtube.com
youtube.googleapis.com restrictmoderate.youtube.com youtube.googleapis.com restrictmoderate.youtube.com
www.youtube-nocookie.com restrictmoderate.youtube.com www.youtube-nocookie.com restrictmoderate.youtube.com
localhost 127.0.0.1

View File

@ -17,12 +17,17 @@
################################## ##################################
## List of servers to use ## List of servers to use
##
## Servers from the "public-resolvers" source (see down below) can
## be viewed here: https://dnscrypt.info/public-servers
##
## If this line is commented, all registered servers matching the require_* filters ## If this line is commented, all registered servers matching the require_* filters
## will be used ## will be used.
##
## The proxy will automatically pick the fastest, working servers from the list. ## The proxy will automatically pick the fastest, working servers from the list.
## Remove the leading # first to enable this; lines starting with # are ignored. ## Remove the leading # first to enable this; lines starting with # are ignored.
# server_names = ['scaleway-fr', 'google', 'yandex'] # server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
@ -74,6 +79,11 @@ force_tcp = false
timeout = 2500 timeout = 2500
## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
keepalive = 30
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random' ## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
# lb_strategy = 'p2' # lb_strategy = 'p2'
@ -99,6 +109,34 @@ timeout = 2500
cert_refresh_delay = 240 cert_refresh_delay = 240
## DNSCrypt: Create a new, unique key for every single DNS query
## This may improve privacy but can also have a significant impact on CPU usage
## Only enable if you don't have a lot of network load
# dnscrypt_ephemeral_keys = false
## DoH: Disable TLS session tickets - increases privacy but also latency
# tls_disable_session_tickets = false
## DoH: Use a specific cipher suite instead of the server preference
## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
##
## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
## the following suite improves performance.
## This may also help on Intel CPUs running 32-bit operating systems.
##
## Keep tls_cipher_suite empty if you have issues fetching sources or
## connecting to some DoH servers. Google and Cloudflare are fine with it.
# tls_cipher_suite = [52392, 49199]
## Fallback resolver ## Fallback resolver
## This is a normal, non-encrypted DNS resolver, that will be only used ## This is a normal, non-encrypted DNS resolver, that will be only used
## for one-shot queries when retrieving the initial resolvers list, and ## for one-shot queries when retrieving the initial resolvers list, and
@ -111,6 +149,7 @@ cert_refresh_delay = 240
## A resolver supporting DNSSEC is recommended. This may become mandatory. ## A resolver supporting DNSSEC is recommended. This may become mandatory.
## ##
## People in China may need to use 114.114.114.114:53 here. ## People in China may need to use 114.114.114.114:53 here.
## Other popular options include 8.8.8.8 and 1.1.1.1.
fallback_resolver = '9.9.9.9:53' fallback_resolver = '9.9.9.9:53'
@ -153,7 +192,7 @@ block_ipv6 = false
## Example map entries (one entry per line): ## Example map entries (one entry per line):
## example.com 9.9.9.9 ## example.com 9.9.9.9
## example.net 9.9.9.9,8.8.8.8 ## example.net 9.9.9.9,8.8.8.8,1.1.1.1
# forwarding_rules = 'forwarding-rules.txt' # forwarding_rules = 'forwarding-rules.txt'
@ -186,7 +225,7 @@ cache = true
## Cache size ## Cache size
cache_size = 256 cache_size = 512
## Minimum TTL for cached entries ## Minimum TTL for cached entries
@ -257,6 +296,7 @@ cache_neg_ttl = 60
## Blacklists are made of one pattern per line. Example of valid patterns: ## Blacklists are made of one pattern per line. Example of valid patterns:
## ##
## example.com ## example.com
## =example.com
## *sex* ## *sex*
## ads.* ## ads.*
## ads*.example.* ## ads*.example.*
@ -312,6 +352,34 @@ cache_neg_ttl = 60
######################################################
# Pattern-based whitelisting (blacklists bypass) #
######################################################
## Whitelists support the same patterns as blacklists
## If a name matches a whitelist entry, the corresponding session
## will bypass names and IP filters.
##
## Time-based rules are also supported to make some websites only accessible at specific times of the day.
[whitelist]
## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
# whitelist_file = 'whitelist.txt'
## Optional path to a file logging whitelisted queries
# log_file = 'whitelisted.log'
## Optional log format: tsv or ltsv (default: tsv)
# log_format = 'tsv'
########################################## ##########################################
# Time access restrictions # # Time access restrictions #
########################################## ##########################################
@ -322,7 +390,7 @@ cache_neg_ttl = 60
## ##
## For example, the following rule in a blacklist file: ## For example, the following rule in a blacklist file:
## *.youtube.* @time-to-sleep ## *.youtube.* @time-to-sleep
## would block access to Youtube only during the days, and period of the days ## would block access to YouTube only during the days, and period of the days
## define by the 'time-to-sleep' schedule. ## define by the 'time-to-sleep' schedule.
## ##
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00 ## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
@ -369,7 +437,7 @@ cache_neg_ttl = 60
[sources] [sources]
## An example of a remote source ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
[sources.'public-resolvers'] [sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
@ -394,4 +462,4 @@ cache_neg_ttl = 60
[static] [static]
# [static.'google'] # [static.'google']
# stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs' # stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA'

View File

@ -0,0 +1,23 @@
###########################
# Whitelist #
###########################
## Rules for name-based query whitelisting, one per line
##
## Example of valid patterns:
##
## ads.* | matches anything with an "ads." prefix
## *.example.com | matches example.com and all names within that zone such as www.example.com
## example.com | identical to the above
## =example.com | whitelists example.com but not *.example.com
## *sex* | matches any name containing that substring
## ads[0-9]* | matches "ads" followed by one or more digits
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
## Time-based rules
# *.youtube.* @time-to-play
# facebook.com @play