2018-11-26 15:46:30 +01:00
|
|
|
# Empty listen_addresses to use systemd socket activation (Debian)
|
2018-10-07 12:45:45 +02:00
|
|
|
listen_addresses = []
|
2018-11-26 15:46:30 +01:00
|
|
|
# When not using socket activation (Arch), 127.0.2.1:53 is what the Debian
|
|
|
|
# socket seems to give for all of my systems so I want to listen on it for
|
|
|
|
# compatibility
|
|
|
|
#listen_addresses = ['127.0.0.1:53', '127.0.2.1:53', '[::1]:53']
|
|
|
|
|
2018-11-26 15:53:47 +01:00
|
|
|
# mikaela.internal / my hosts file
|
|
|
|
#cloaking_rules = '/etc/dnscrypt-proxy/hosts-mikaela.txt'
|
|
|
|
|
2019-03-26 09:12:57 +01:00
|
|
|
# Server names to never use even if they match the criteria below. I think
|
|
|
|
# Cloudflare is too big and as it gets selected by default everywhere other
|
|
|
|
# resolvers won't even get attempted. There is also Mozilla planning to send
|
|
|
|
# all Firefox DNS queries to them.
|
2019-05-15 09:48:11 +02:00
|
|
|
# However through Tor Cloudflare never seems to be the fastest so I am
|
|
|
|
# leaving this commented.
|
|
|
|
# This is unsupported in the Debian's version 2.0.19.
|
2019-03-26 09:12:57 +01:00
|
|
|
#disabled_server_names = ['cloudflare-ipv6', 'cloudflare']
|
2018-10-07 12:45:45 +02:00
|
|
|
|
2018-11-26 15:46:30 +01:00
|
|
|
# Requirements for which servers to use
|
2018-10-07 12:45:45 +02:00
|
|
|
ipv4_servers = true
|
|
|
|
ipv6_servers = true
|
2018-10-08 19:39:48 +02:00
|
|
|
block_ipv6 = false
|
2018-10-07 12:45:45 +02:00
|
|
|
require_dnssec = true
|
2018-10-08 19:39:48 +02:00
|
|
|
require_nofilter = true
|
2018-11-26 22:43:39 +01:00
|
|
|
require_nolog = true
|
2018-11-26 15:46:30 +01:00
|
|
|
|
2019-03-26 09:12:57 +01:00
|
|
|
# Resolver to use for the initial queries, DNSSEC capable one recommended.
|
2019-05-15 09:48:11 +02:00
|
|
|
# China: 114.114.114.114:53 according to the example file. Default is
|
|
|
|
# currently 9.9.9.9 and I can follow the defaults.
|
2019-03-26 09:12:57 +01:00
|
|
|
#fallback_resolver = '149.112.112.112:53'
|
2018-11-26 15:46:30 +01:00
|
|
|
|
2018-11-29 10:30:28 +01:00
|
|
|
# Ensure syslog
|
|
|
|
use_syslog = true
|
|
|
|
|
|
|
|
# Cert reload time in minutes (see refresh_delay under sources for them)
|
|
|
|
cert_refresh_delay = 240
|
|
|
|
|
2018-11-26 15:46:30 +01:00
|
|
|
# Shouldn't take that much MEM and I imagine it's subject to TTL anyway.
|
2018-10-07 12:45:45 +02:00
|
|
|
cache = true
|
|
|
|
cache_size = 10000
|
2018-11-26 15:46:30 +01:00
|
|
|
|
2018-10-09 13:08:38 +02:00
|
|
|
# Load-balancing
|
|
|
|
# fastest = always fastest, p2 = random between two fastest, ph = random
|
|
|
|
# from the fastest half of the configured list, random = any random
|
2018-11-29 10:23:05 +01:00
|
|
|
# https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options
|
|
|
|
lb_strategy = 'p2'
|
2018-10-07 12:45:45 +02:00
|
|
|
|
2018-10-08 19:39:48 +02:00
|
|
|
# Tor if necessary
|
|
|
|
#force_tcp = true
|
2019-05-15 09:48:11 +02:00
|
|
|
# Experience: this port shouldn't have IsolateDestAddr/IsolateDestPort or
|
|
|
|
# Tor may be unhappy due to the amount of circuits opened. Different ports
|
|
|
|
# are already isolated from each other and I think dnscrypt-proxy should
|
|
|
|
# mostly be connecting to the top fastest servers with lb_strategy p2
|
|
|
|
#proxy = "socks5://127.0.0.1:9052"
|
2018-10-08 19:39:48 +02:00
|
|
|
|
2019-05-15 09:48:11 +02:00
|
|
|
# Logging to be enabled by hand on systems needing them
|
2018-11-26 16:00:50 +01:00
|
|
|
#[query_log]
|
|
|
|
# file = '/var/log/dnscrypt-proxy/query.log'
|
|
|
|
#[nx_log]
|
|
|
|
# file = '/var/log/dnscrypt-proxy/nx.log'
|
|
|
|
|
2018-10-07 12:45:45 +02:00
|
|
|
[sources]
|
|
|
|
[sources.'public-resolvers']
|
2018-11-27 19:01:35 +01:00
|
|
|
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
|
|
|
|
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
|
2018-10-07 12:45:45 +02:00
|
|
|
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
|
|
|
|
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
|
|
|
refresh_delay = 72
|
2019-05-06 23:55:07 +02:00
|
|
|
prefix = 'public-'
|
2018-11-27 19:04:12 +01:00
|
|
|
|
2019-05-06 23:55:07 +02:00
|
|
|
[sources.'opennic']
|
2019-05-15 09:48:11 +02:00
|
|
|
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
|
2019-05-06 23:55:07 +02:00
|
|
|
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
|
|
|
refresh_delay = 72
|
|
|
|
cache_file = '/var/cache/dnscrypt-proxy/opennic.md'
|
|
|
|
prefix = 'opennic-'
|
2019-05-06 23:23:51 +02:00
|
|
|
|
|
|
|
# 2.0.23 recommended so onions won't be attempted without proxy enabled
|
|
|
|
# (5c9edfccfe67474bee2836ada67f955f10e43357)
|
2019-05-15 09:48:11 +02:00
|
|
|
# I won't uncomment this until I have updated version everywhere.
|
2019-05-06 23:55:07 +02:00
|
|
|
#[sources.'onion-services']
|
|
|
|
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md']
|
|
|
|
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
2019-05-15 09:48:11 +02:00
|
|
|
# cache_file = '/var/cache/dnscrypt-proxy/onion-services.md'
|
2019-05-06 23:55:07 +02:00
|
|
|
# prefix = 'onion-'
|