Update example-dnscrypt-proxy.toml
This commit is contained in:
George Daniel
GitHub
parent
0293eb2f64
commit
c4f5498b64
|
|
@ -1,4 +1,7 @@
|
|||
|
||||
#dnscrypt-proxy.toml of lindroidux
|
||||
|
||||
|
||||
##############################################
|
||||
# #
|
||||
# dnscrypt-proxy configuration #
|
||||
|
|
@ -33,12 +36,14 @@
|
|||
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
|
||||
## Note: When using systemd socket activation, choose an empty set (i.e. [] ).
|
||||
|
||||
listen_addresses = ['127.0.0.1:53', '[::1]:53']
|
||||
listen_addresses = ['127.0.0.1:5354', '[::1]:5354']
|
||||
|
||||
# listen_addresses = ['127.0.0.1:5354']
|
||||
|
||||
|
||||
## Maximum number of simultaneous client connections to accept
|
||||
|
||||
max_clients = 150
|
||||
max_clients = 50
|
||||
|
||||
|
||||
## Switch to a different system user after listening sockets have been created.
|
||||
|
|
@ -55,7 +60,7 @@ max_clients = 150
|
|||
ipv4_servers = true
|
||||
|
||||
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
|
||||
ipv6_servers = false
|
||||
ipv6_servers = true
|
||||
|
||||
# Use servers implementing the DNSCrypt protocol
|
||||
dnscrypt_servers = true
|
||||
|
|
@ -67,7 +72,7 @@ doh_servers = true
|
|||
## Require servers defined by remote sources to satisfy specific properties
|
||||
|
||||
# Server must support DNS security extensions (DNSSEC)
|
||||
require_dnssec = false
|
||||
require_dnssec = true
|
||||
|
||||
# Server must not log user queries (declarative)
|
||||
require_nolog = true
|
||||
|
|
@ -75,9 +80,6 @@ require_nolog = true
|
|||
# Server must not enforce its own blacklist (for parental control, ads blocking...)
|
||||
require_nofilter = true
|
||||
|
||||
# Server names to avoid even if they match all criteria
|
||||
disabled_server_names = []
|
||||
|
||||
|
||||
## Always use TCP to connect to upstream servers.
|
||||
## This can be useful if you need to route everything through Tor.
|
||||
|
|
@ -103,7 +105,7 @@ force_tcp = false
|
|||
|
||||
## How long a DNS query will wait for a response, in milliseconds
|
||||
|
||||
timeout = 1500
|
||||
timeout = 2500
|
||||
|
||||
|
||||
## Keepalive for HTTP (HTTPS, HTTP/2) queries, in seconds
|
||||
|
|
@ -118,6 +120,7 @@ keepalive = 30
|
|||
refused_code_in_responses = false
|
||||
|
||||
|
||||
|
||||
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
|
||||
|
||||
# lb_strategy = 'p2'
|
||||
|
|
@ -125,12 +128,12 @@ refused_code_in_responses = false
|
|||
|
||||
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
|
||||
|
||||
# log_level = 2
|
||||
log_level = 0
|
||||
|
||||
|
||||
## log file for the application
|
||||
|
||||
# log_file = 'dnscrypt-proxy.log'
|
||||
log_file = 'dnscrypt-proxy.log'
|
||||
|
||||
|
||||
## Use the system logger (syslog on Unix, Event Log on Windows)
|
||||
|
|
@ -168,7 +171,7 @@ cert_refresh_delay = 240
|
|||
## Keep tls_cipher_suite empty if you have issues fetching sources or
|
||||
## connecting to some DoH servers. Google and Cloudflare are fine with it.
|
||||
|
||||
tls_cipher_suite = [52392, 49199]
|
||||
# tls_cipher_suite = [52392, 49199]
|
||||
|
||||
|
||||
## Fallback resolver
|
||||
|
|
@ -185,13 +188,16 @@ tls_cipher_suite = [52392, 49199]
|
|||
## People in China may need to use 114.114.114.114:53 here.
|
||||
## Other popular options include 8.8.8.8 and 1.1.1.1.
|
||||
|
||||
fallback_resolver = '9.9.9.9:53'
|
||||
# fallback_resolver = '9.9.9.9:53'
|
||||
|
||||
fallback_resolver = '1.1.1.1:53'
|
||||
|
||||
|
||||
|
||||
## Never let dnscrypt-proxy try to use the system DNS settings;
|
||||
## unconditionally use the fallback resolver.
|
||||
|
||||
ignore_system_dns = false
|
||||
ignore_system_dns = true
|
||||
|
||||
|
||||
## Maximum time (in seconds) to wait for network connectivity before
|
||||
|
|
@ -200,7 +206,7 @@ ignore_system_dns = false
|
|||
## connectivity is not guaranteed to be immediately available.
|
||||
## Use 0 to disable.
|
||||
|
||||
netprobe_timeout = 60
|
||||
netprobe_timeout = 864000
|
||||
|
||||
|
||||
## Offline mode - Do not use any remote encrypted servers.
|
||||
|
|
@ -213,7 +219,7 @@ netprobe_timeout = 60
|
|||
## Automatic log files rotation
|
||||
|
||||
# Maximum log files size in MB
|
||||
log_files_max_size = 1
|
||||
log_files_max_size = 10
|
||||
|
||||
# How long to keep backup files, in days
|
||||
log_files_max_age = 7
|
||||
|
|
@ -310,7 +316,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# file = 'query.log'
|
||||
file = 'query.log'
|
||||
|
||||
|
||||
## Query log format (currently supported: tsv and ltsv)
|
||||
|
|
@ -336,7 +342,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# file = 'nx.log'
|
||||
file = 'nx.log'
|
||||
|
||||
|
||||
## Query log format (currently supported: tsv and ltsv)
|
||||
|
|
|
|||
Loading…
Reference in New Issue