diff --git a/config/dnscrypt-proxy.toml b/config/dnscrypt-proxy.toml index 607b0a5..9510739 100644 --- a/config/dnscrypt-proxy.toml +++ b/config/dnscrypt-proxy.toml @@ -627,7 +627,7 @@ allowed_ips_file = 'allowed-ips.txt' [schedules] - # [schedules.'time-to-sleep'] + # [schedules.time-to-sleep] # mon = [{after='21:00', before='7:00'}] # tue = [{after='21:00', before='7:00'}] # wed = [{after='21:00', before='7:00'}] @@ -636,7 +636,7 @@ allowed_ips_file = 'allowed-ips.txt' # sat = [{after='23:00', before='7:00'}] # sun = [{after='21:00', before='7:00'}] - # [schedules.'work'] + # [schedules.work] # mon = [{after='9:00', before='18:00'}] # tue = [{after='9:00', before='18:00'}] # wed = [{after='9:00', before='18:00'}] @@ -671,7 +671,7 @@ allowed_ips_file = 'allowed-ips.txt' ### An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers - [sources.'public-resolvers'] + [sources.public-resolvers] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'] cache_file = 'public-resolvers.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' @@ -680,7 +680,7 @@ allowed_ips_file = 'allowed-ips.txt' ### Anonymized DNS relays - [sources.'relays'] + [sources.relays] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md'] cache_file = 'relays.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' @@ -689,13 +689,13 @@ allowed_ips_file = 'allowed-ips.txt' ### ODoH (Oblivious DoH) servers and relays - # [sources.'odoh-servers'] + # [sources.odoh-servers] # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md'] # cache_file = 'odoh-servers.md' # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' # refresh_delay = 24 # prefix = '' - # [sources.'odoh-relays'] + # [sources.odoh-relays] # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md'] # cache_file = 'odoh-relays.md' # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' @@ -713,7 +713,7 @@ allowed_ips_file = 'allowed-ips.txt' ### Another example source, with resolvers censoring some websites not appropriate for children ### This is a subset of the `public-resolvers` list, so enabling both is useless - # [sources.'parental-control'] + # [sources.parental-control] # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md'] # cache_file = 'parental-control.md' # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' @@ -729,11 +729,11 @@ allowed_ips_file = 'allowed-ips.txt' ## Cisco servers currently cannot handle queries larger than 1472 bytes, and don't ## truncate responses larger than questions as expected by the DNSCrypt protocol. ## This prevents large responses from being received over UDP and over relays. -## +## ## Older versions of the `dnsdist` server software had a bug with queries larger ## than 1500 bytes. This is fixed since `dnsdist` version 1.5.0, but ## some server may still run an outdated version. -## +## ## The list below enables workarounds to make non-relayed usage more reliable ## until the servers are fixed. @@ -851,6 +851,26 @@ direct_cert_fallback = false +############################### +# DNS64 # +############################### + +## DNS64 is a mechanism for synthesizing AAAA records from A records. +## It is used with an IPv6/IPv4 translator to enable client-server +## communication between an IPv6-only client and an IPv4-only server, +## without requiring any changes to either the IPv6 or the IPv4 node, +## for the class of applications that work through NATs. +## +## There are two options to synthesize such records: +## Option 1: Using a set of static IPv6 prefixes; +## Option 2: By discovering the IPv6 prefix from DNS64-enabled resolver. +## +## If both options are configured - only static prefixes are used. +## (Ref. RFC6147, RFC6052, RFC7050) +## +## Do not enable unless you know what DNS64 is and why you need it, or else +## you won't be able to connect to anything at all. + ############################### # DNS64 # ############################### @@ -873,13 +893,15 @@ direct_cert_fallback = false [dns64] -## (Option 1) Static prefix(es) as Pref64::/n CIDRs. +## Static prefix(es) as Pref64::/n CIDRs + # prefix = ['64:ff9b::/96'] -## (Option 2) DNS64-enabled resolver(s) to discover Pref64::/n CIDRs. +## DNS64-enabled resolver(s) to discover Pref64::/n CIDRs ## These resolvers are used to query for Well-Known IPv4-only Name (WKN) "ipv4only.arpa." to discover only. ## Set with your ISP's resolvers in case of custom prefixes (other than Well-Known Prefix 64:ff9b::/96). ## IMPORTANT: Default resolvers listed below support Well-Known Prefix 64:ff9b::/96 only. + # resolver = ['[2606:4700:4700::64]:53', '[2001:4860:4860::64]:53'] @@ -893,5 +915,5 @@ direct_cert_fallback = false [static] - # [static.'myserver'] + # [static.myserver] # stamp = 'sdns://AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg'