Fix bootstrapping
This commit is contained in:
quindecim
parent
fe2926386f
commit
a3cbaab2a0
|
|
@ -38,9 +38,9 @@ All the binary files are downloaded from the [official release page](https://git
|
|||
|
||||
- `dnscrypt_ephemeral_keys = true` (create a new, unique key for every single DNS query)
|
||||
|
||||
- `bootstrap_resolvers = ['84.200.69.80:53', '84.200.70.40:53']` (use [resolver1.dns.watch](https://dns.watch/) and [resolver2.dns.watch](https://dns.watch/) instead [CloudFlare](https://archive.today/tS1Ln))
|
||||
- `bootstrap_resolvers = ['185.222.222.222:53']` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln))
|
||||
|
||||
- `netprobe_address = '84.200.69.80:53'` (use [resolver1.dns.watch](https://dns.watch/) instead [CloudFlare](https://archive.today/tS1Ln))
|
||||
- `netprobe_address = '185.222.222.222:53'` (use [DNS.SB](https://dns.sb/) instead [CloudFlare](https://archive.today/tS1Ln))
|
||||
|
||||
- `block_ipv6 = true` (immediately respond to IPv6-related queries with an empty response)
|
||||
|
||||
|
|
|
|||
|
|
@ -248,7 +248,7 @@ dnscrypt_ephemeral_keys = true
|
|||
## not be sent there. If you're using DNSCrypt or Anonymized DNS and your
|
||||
## lists are up to date, these resolvers will not even be used.
|
||||
|
||||
bootstrap_resolvers = ['84.200.69.80:53', '84.200.70.40:53']
|
||||
bootstrap_resolvers = ['185.222.222.222:53']
|
||||
|
||||
|
||||
## Always use the bootstrap resolver before the system DNS settings.
|
||||
|
|
@ -274,7 +274,7 @@ netprobe_timeout = -1
|
|||
## On other operating systems, the connection will be initialized
|
||||
## but nothing will be sent at all.
|
||||
|
||||
netprobe_address = '84.200.69.80:53'
|
||||
netprobe_address = '185.222.222.222:53'
|
||||
|
||||
|
||||
## Offline mode - Do not use any remote encrypted servers.
|
||||
|
|
|
|||
|
|
@ -8,16 +8,6 @@ MODDIR=${0%/*}
|
|||
|
||||
# This script will be executed in post-fs-data mode
|
||||
|
||||
# Redirect DNS requests to localhost
|
||||
iptables -t nat -A OUTPUT -p tcp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
iptables -t nat -A OUTPUT -p udp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
iptables -t nat -A OUTPUT -p tcp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
iptables -t nat -A OUTPUT -p udp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination 127.0.0.1:5354
|
||||
# ip6tables -t nat -A OUTPUT -p tcp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
# ip6tables -t nat -A OUTPUT -p udp ! -d 84.200.69.80 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
# ip6tables -t nat -A OUTPUT -p tcp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
# ip6tables -t nat -A OUTPUT -p udp ! -d 84.200.70.40 --dport 53 -j DNAT --to-destination [::1]:5354
|
||||
|
||||
# Force disable IPv6 OS connections
|
||||
resetprop net.ipv6.conf.all.accept_redirects 0
|
||||
resetprop net.ipv6.conf.all.disable_ipv6 1
|
||||
|
|
|
|||
Loading…
Reference in New Issue