Files from 2.0.21
Source: https://github.com/jedisct1/dnscrypt-proxy Release 2.0.21 on 14/Mar/2019
This commit is contained in:
parent
f3733f7cef
commit
62b92ffff7
|
@ -20,3 +20,4 @@ youtube.googleapis.com restrictmoderate.youtube.com
|
||||||
www.youtube-nocookie.com restrictmoderate.youtube.com
|
www.youtube-nocookie.com restrictmoderate.youtube.com
|
||||||
|
|
||||||
localhost 127.0.0.1
|
localhost 127.0.0.1
|
||||||
|
localhost ::1
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
## The proxy will automatically pick the fastest, working servers from the list.
|
## The proxy will automatically pick the fastest, working servers from the list.
|
||||||
## Remove the leading # first to enable this; lines starting with # are ignored.
|
## Remove the leading # first to enable this; lines starting with # are ignored.
|
||||||
|
|
||||||
# server_names = ['cloudflare', 'google']
|
# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
|
||||||
|
|
||||||
|
|
||||||
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
|
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
|
||||||
|
@ -41,14 +41,10 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53']
|
||||||
max_clients = 250
|
max_clients = 250
|
||||||
|
|
||||||
|
|
||||||
## Switch to a non-privileged system user after listening sockets have been created.
|
## Switch to a different system user after listening sockets have been created.
|
||||||
## Two processes will be running.
|
|
||||||
## The first one will keep root privileges, but is only a supervisor, that does nothing
|
|
||||||
## except create the sockets, manage the service, and restart it if it crashes.
|
|
||||||
## The second process is the service itself, and that one will always run as a different
|
|
||||||
## user.
|
|
||||||
## Note (1): this feature is currently unsupported on Windows.
|
## Note (1): this feature is currently unsupported on Windows.
|
||||||
## Note (2): this feature is not compatible with systemd socket activation.
|
## Note (2): this feature is not compatible with systemd socket activation.
|
||||||
|
## Note (3): when using -pidfile, the PID file directory must be writable by the new user
|
||||||
|
|
||||||
# user_name = 'nobody'
|
# user_name = 'nobody'
|
||||||
|
|
||||||
|
@ -79,9 +75,12 @@ require_nolog = true
|
||||||
# Server must not enforce its own blacklist (for parental control, ads blocking...)
|
# Server must not enforce its own blacklist (for parental control, ads blocking...)
|
||||||
require_nofilter = true
|
require_nofilter = true
|
||||||
|
|
||||||
|
# Server names to avoid even if they match all criteria
|
||||||
|
disabled_server_names = []
|
||||||
|
|
||||||
|
|
||||||
## Always use TCP to connect to upstream servers.
|
## Always use TCP to connect to upstream servers.
|
||||||
## This can be can be useful if you need to route everything through Tor.
|
## This can be useful if you need to route everything through Tor.
|
||||||
## Otherwise, leave this to `false`, as it doesn't improve security
|
## Otherwise, leave this to `false`, as it doesn't improve security
|
||||||
## (dnscrypt-proxy will always encrypt everything even using UDP), and can
|
## (dnscrypt-proxy will always encrypt everything even using UDP), and can
|
||||||
## only increase latency.
|
## only increase latency.
|
||||||
|
@ -89,13 +88,18 @@ require_nofilter = true
|
||||||
force_tcp = false
|
force_tcp = false
|
||||||
|
|
||||||
|
|
||||||
## HTTP / SOCKS proxy
|
## SOCKS proxy
|
||||||
## Uncomment the following line to route all TCP connections to a local Tor node
|
## Uncomment the following line to route all TCP connections to a local Tor node
|
||||||
## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
|
## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
|
||||||
|
|
||||||
# proxy = "socks5://127.0.0.1:9050"
|
# proxy = "socks5://127.0.0.1:9050"
|
||||||
|
|
||||||
|
|
||||||
|
## HTTP/HTTPS proxy
|
||||||
|
## Only for DoH servers
|
||||||
|
|
||||||
|
# http_proxy = "http://127.0.0.1:8888"
|
||||||
|
|
||||||
|
|
||||||
## How long a DNS query will wait for a response, in milliseconds
|
## How long a DNS query will wait for a response, in milliseconds
|
||||||
|
|
||||||
|
@ -107,6 +111,13 @@ timeout = 2500
|
||||||
keepalive = 30
|
keepalive = 30
|
||||||
|
|
||||||
|
|
||||||
|
## Use the REFUSED return code for blocked responses
|
||||||
|
## Setting this to `false` means that some responses will be lies.
|
||||||
|
## Unfortunately, `false` appears to be required for Android 8+
|
||||||
|
|
||||||
|
refused_code_in_responses = false
|
||||||
|
|
||||||
|
|
||||||
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
|
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
|
||||||
|
|
||||||
# lb_strategy = 'p2'
|
# lb_strategy = 'p2'
|
||||||
|
@ -174,7 +185,7 @@ cert_refresh_delay = 240
|
||||||
## People in China may need to use 114.114.114.114:53 here.
|
## People in China may need to use 114.114.114.114:53 here.
|
||||||
## Other popular options include 8.8.8.8 and 1.1.1.1.
|
## Other popular options include 8.8.8.8 and 1.1.1.1.
|
||||||
|
|
||||||
fallback_resolver = '1.1.1.1:53'
|
fallback_resolver = '9.9.9.9:53'
|
||||||
|
|
||||||
|
|
||||||
## Never let dnscrypt-proxy try to use the system DNS settings;
|
## Never let dnscrypt-proxy try to use the system DNS settings;
|
||||||
|
@ -189,7 +200,7 @@ ignore_system_dns = false
|
||||||
## connectivity is not guaranteed to be immediately available.
|
## connectivity is not guaranteed to be immediately available.
|
||||||
## Use 0 to disable.
|
## Use 0 to disable.
|
||||||
|
|
||||||
netprobe_timeout = 30
|
netprobe_timeout = 60
|
||||||
|
|
||||||
|
|
||||||
## Offline mode - Do not use any remote encrypted servers.
|
## Offline mode - Do not use any remote encrypted servers.
|
||||||
|
@ -491,6 +502,15 @@ cache_neg_max_ttl = 600
|
||||||
refresh_delay = 72
|
refresh_delay = 72
|
||||||
prefix = ''
|
prefix = ''
|
||||||
|
|
||||||
|
## Quad9 over DNSCrypt - https://quad9.net/
|
||||||
|
|
||||||
|
# [sources.quad9-resolvers]
|
||||||
|
# urls = ["https://www.quad9.net/quad9-resolvers.md"]
|
||||||
|
# minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
|
||||||
|
# cache_file = "quad9-resolvers.md"
|
||||||
|
# refresh_delay = 72
|
||||||
|
# prefix = "quad9-"
|
||||||
|
|
||||||
## Another example source, with resolvers censoring some websites not appropriate for children
|
## Another example source, with resolvers censoring some websites not appropriate for children
|
||||||
## This is a subset of the `public-resolvers` list, so enabling both is useless
|
## This is a subset of the `public-resolvers` list, so enabling both is useless
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue