From 5df2386d4e9cd6fb6eb9b44d3a128e03072842a6 Mon Sep 17 00:00:00 2001 From: quindecim Date: Sun, 3 Jan 2021 10:06:30 -0500 Subject: [PATCH] [UPSTREAM] - Update to the latest changes https://github.com/DNSCrypt/dnscrypt-proxy/commit/3b18058ae51774e9c63588c5551acc9f1d641c97#diff-b6fe19ee681b8c138db91ad0d6a3706af903f89fbb7134b9e6531d04d3068be3 https://github.com/DNSCrypt/dnscrypt-proxy/commit/a713e1a517481bd81e4cd548ffd8888fcd5d150f#diff-b6fe19ee681b8c138db91ad0d6a3706af903f89fbb7134b9e6531d04d3068be3 https://github.com/DNSCrypt/dnscrypt-proxy/commit/ee5711fbd64d8d9b9a7decb566bdd31a09f79b63#diff-b6fe19ee681b8c138db91ad0d6a3706af903f89fbb7134b9e6531d04d3068be3 https://github.com/DNSCrypt/dnscrypt-proxy/commit/8a9e61d6cdd98cc22849e2b172e2fbf870d18a6b#diff-b6fe19ee681b8c138db91ad0d6a3706af903f89fbb7134b9e6531d04d3068be3 https://github.com/DNSCrypt/dnscrypt-proxy/commit/7c6f0823eac7bc1045aeffc407076638c6bc82a9#diff-b6fe19ee681b8c138db91ad0d6a3706af903f89fbb7134b9e6531d04d3068be3 https://github.com/DNSCrypt/dnscrypt-proxy/commit/5861a5808995ab1e5577f68833d791b401dcd5ef#diff-b6fe19ee681b8c138db91ad0d6a3706af903f89fbb7134b9e6531d04d3068be3 https://github.com/DNSCrypt/dnscrypt-proxy/commit/197f13ea0f4fcc2a6e2df17e0025b48d71afb4f5#diff-b6fe19ee681b8c138db91ad0d6a3706af903f89fbb7134b9e6531d04d3068be3 --- .../example-docs/example-dnscrypt-proxy.toml | 34 ++++++++++++++++--- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/config/example-docs/example-dnscrypt-proxy.toml b/config/example-docs/example-dnscrypt-proxy.toml index d22b7b0..852abd7 100644 --- a/config/example-docs/example-dnscrypt-proxy.toml +++ b/config/example-docs/example-dnscrypt-proxy.toml @@ -346,6 +346,7 @@ reject_ttl = 600 # cloak_ttl = 600 + ########################### # DNS cache # ########################### @@ -381,6 +382,20 @@ cache_neg_max_ttl = 600 +######################################## +# Captive portal handling # +######################################## + +[captive_portals] + +## A file that contains a set of names used by operating systems to +## check for connectivity and captive portals, along with hard-coded +## IP addresses to return. + +# map_file = 'example-captive-portals.txt' + + + ################################## # Local DoH server # ################################## @@ -688,7 +703,7 @@ cache_neg_max_ttl = 600 # The list below enables workarounds to make non-relayed usage more reliable # until the servers are fixed. -fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security'] +fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6'] @@ -726,8 +741,8 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys ## DNSCrypt stamp) or a server name. ## ## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`, -## and "example-server-2" via the relay whose relay DNS stamp -## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM". +## and "example-server-2" via the relay whose relay DNS stamp is +## "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM". ## ## !!! THESE ARE JUST EXAMPLES !!! ## @@ -736,14 +751,23 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys ## ## Carefully choose relays and servers so that they are run by different entities. ## -## "server_name" can also be set to "*" to define a default route, but this is not -## recommended. If you do so, keep "server_names" short and distinct from relays. +## "server_name" can also be set to "*" to define a default route, for all servers: +## { server_name='*', via=['anon-example-1', 'anon-example-2'] } +## +## If a route is ["*"], the proxy automatically picks a relay on a distinct network. +## { server_name='*', via=['*'] } is also an option, but is likely to be suboptimal. +## +## Manual selection is always recommended over automatic selection, so that you can +## select (relay,server) pairs that work well and fit your own criteria (close by or +## in different countries, operated by different entities, on distinct ISPs...) # routes = [ # { server_name='example-server-1', via=['anon-example-1', 'anon-example-2'] }, # { server_name='example-server-2', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] } # ] +routes = { server_name='*', via = ['*'] } + # Skip resolvers incompatible with anonymization instead of using them directly