From c4f5498b6464f7ed8250001a219592b94ef71712 Mon Sep 17 00:00:00 2001 From: George Daniel <51092143+lindroidux@users.noreply.github.com> Date: Wed, 12 Jun 2019 06:07:10 +0000 Subject: [PATCH] Update example-dnscrypt-proxy.toml --- config/example-dnscrypt-proxy.toml | 40 +++++++++++++++++------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/config/example-dnscrypt-proxy.toml b/config/example-dnscrypt-proxy.toml index 02b613f..ff777c4 100644 --- a/config/example-dnscrypt-proxy.toml +++ b/config/example-dnscrypt-proxy.toml @@ -1,4 +1,7 @@ +#dnscrypt-proxy.toml of lindroidux + + ############################################## # # # dnscrypt-proxy configuration # @@ -33,12 +36,14 @@ ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. ## Note: When using systemd socket activation, choose an empty set (i.e. [] ). -listen_addresses = ['127.0.0.1:53', '[::1]:53'] +listen_addresses = ['127.0.0.1:5354', '[::1]:5354'] + +# listen_addresses = ['127.0.0.1:5354'] ## Maximum number of simultaneous client connections to accept -max_clients = 150 +max_clients = 50 ## Switch to a different system user after listening sockets have been created. @@ -55,7 +60,7 @@ max_clients = 150 ipv4_servers = true # Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity -ipv6_servers = false +ipv6_servers = true # Use servers implementing the DNSCrypt protocol dnscrypt_servers = true @@ -67,7 +72,7 @@ doh_servers = true ## Require servers defined by remote sources to satisfy specific properties # Server must support DNS security extensions (DNSSEC) -require_dnssec = false +require_dnssec = true # Server must not log user queries (declarative) require_nolog = true @@ -75,9 +80,6 @@ require_nolog = true # Server must not enforce its own blacklist (for parental control, ads blocking...) require_nofilter = true -# Server names to avoid even if they match all criteria -disabled_server_names = [] - ## Always use TCP to connect to upstream servers. ## This can be useful if you need to route everything through Tor. @@ -103,7 +105,7 @@ force_tcp = false ## How long a DNS query will wait for a response, in milliseconds -timeout = 1500 +timeout = 2500 ## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds @@ -118,6 +120,7 @@ keepalive = 30 refused_code_in_responses = false + ## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random' # lb_strategy = 'p2' @@ -125,12 +128,12 @@ refused_code_in_responses = false ## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors) -# log_level = 2 + log_level = 0 ## log file for the application -# log_file = 'dnscrypt-proxy.log' + log_file = 'dnscrypt-proxy.log' ## Use the system logger (syslog on Unix, Event Log on Windows) @@ -168,7 +171,7 @@ cert_refresh_delay = 240 ## Keep tls_cipher_suite empty if you have issues fetching sources or ## connecting to some DoH servers. Google and Cloudflare are fine with it. -tls_cipher_suite = [52392, 49199] +# tls_cipher_suite = [52392, 49199] ## Fallback resolver @@ -185,13 +188,16 @@ tls_cipher_suite = [52392, 49199] ## People in China may need to use 114.114.114.114:53 here. ## Other popular options include 8.8.8.8 and 1.1.1.1. -fallback_resolver = '9.9.9.9:53' +# fallback_resolver = '9.9.9.9:53' + +fallback_resolver = '1.1.1.1:53' + ## Never let dnscrypt-proxy try to use the system DNS settings; ## unconditionally use the fallback resolver. -ignore_system_dns = false +ignore_system_dns = true ## Maximum time (in seconds) to wait for network connectivity before @@ -200,7 +206,7 @@ ignore_system_dns = false ## connectivity is not guaranteed to be immediately available. ## Use 0 to disable. -netprobe_timeout = 60 + netprobe_timeout = 864000 ## Offline mode - Do not use any remote encrypted servers. @@ -213,7 +219,7 @@ netprobe_timeout = 60 ## Automatic log files rotation # Maximum log files size in MB -log_files_max_size = 1 +log_files_max_size = 10 # How long to keep backup files, in days log_files_max_age = 7 @@ -310,7 +316,7 @@ cache_neg_max_ttl = 600 ## Path to the query log file (absolute, or relative to the same directory as the executable file) - # file = 'query.log' + file = 'query.log' ## Query log format (currently supported: tsv and ltsv) @@ -336,7 +342,7 @@ cache_neg_max_ttl = 600 ## Path to the query log file (absolute, or relative to the same directory as the executable file) - # file = 'nx.log' + file = 'nx.log' ## Query log format (currently supported: tsv and ltsv)