shell-things/etc/dnscrypt-proxy/dnscrypt-proxy.toml

# Empty listen_addresses to use systemd socket activation
listen_addresses = []
# The fastest working servers are automatically picked.
server_names = ['cloudflare-ipv6', 'quad9-ip6-nofilter-pri', 'quad9-ip6-nofilter-alt', 'cloudflare', 'google', 'quad9-ip4-nofilter-pri', 'quad9-ip4-nofilter-alt']

# hosts-file via dnscrypt-proxy that is probably only of interest to me.
#cloaking_rules = '/etc/dnscrypt-proxy/hosts-mikaela.txt'

ipv4_servers = true
ipv6_servers = true
block_ipv6 = false
require_dnssec = true
require_nofilter = true
# Use Google DNS B for resolving the server_names[] if the system
# resolver is broken (which it is for me as it points directly to
# dnscrypt-proxy which is not functional at that time.
# The example config recommends DNSSEC support which OpenDNS is missing.
# China: 114.114.114.114:53 according to the example file.
fallback_resolver = '8.8.4.4:53'
cache = true
cache_size = 10000
# Load-balancing
# fastest = always fastest, p2 = random between two fastest, ph = random
# from the fastest half of the configured list, random = any random
# Default is p2, but as my list grew so long and contains so much IPv6 that
# may not work everywhere, I am picking ph just in case.
lb_strategy = 'ph'

# Tor if necessary
#force_tcp = true
#proxy = "socks5://127.0.0.1:9050"

[query_log]
  file = '/var/log/dnscrypt-proxy/query.log'

[nx_log]
  file = '/var/log/dnscrypt-proxy/nx.log'

[sources]
  [sources.'public-resolvers']
  url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''
add etc/dnscrypt-proxy.toml (WIP!) 2018-10-07 12:45:45 +02:00			`# Empty listen_addresses to use systemd socket activation`
			`listen_addresses = []`
dnscrypt-proxy: more thinking for #92 * Comment that the fastest server is automatically picked. * Explicitly don't filter AAAA requests. * Require provider to not do filtering * which is implied by DNSSEC which would get broken. * Use Google DNS B as fallback resolver and explain what it does in comment. * Add commented options for using Tor. 2018-10-08 19:39:48 +02:00			`# The fastest working servers are automatically picked.`
dnscrypt-proxy: add quad9 nofilters, lb ph See that #92 2018-10-09 13:08:38 +02:00			`server_names = ['cloudflare-ipv6', 'quad9-ip6-nofilter-pri', 'quad9-ip6-nofilter-alt', 'cloudflare', 'google', 'quad9-ip4-nofilter-pri', 'quad9-ip4-nofilter-alt']`
add etc/dnscrypt-proxy.toml (WIP!) 2018-10-07 12:45:45 +02:00
etc/dnscrypt-proxy: add hosts-mikaela.txt Closes #93 2018-10-18 18:54:15 +02:00			`# hosts-file via dnscrypt-proxy that is probably only of interest to me.`
			`#cloaking_rules = '/etc/dnscrypt-proxy/hosts-mikaela.txt'`

add etc/dnscrypt-proxy.toml (WIP!) 2018-10-07 12:45:45 +02:00			`ipv4_servers = true`
			`ipv6_servers = true`
dnscrypt-proxy: more thinking for #92 * Comment that the fastest server is automatically picked. * Explicitly don't filter AAAA requests. * Require provider to not do filtering * which is implied by DNSSEC which would get broken. * Use Google DNS B as fallback resolver and explain what it does in comment. * Add commented options for using Tor. 2018-10-08 19:39:48 +02:00			`block_ipv6 = false`
add etc/dnscrypt-proxy.toml (WIP!) 2018-10-07 12:45:45 +02:00			`require_dnssec = true`
dnscrypt-proxy: more thinking for #92 * Comment that the fastest server is automatically picked. * Explicitly don't filter AAAA requests. * Require provider to not do filtering * which is implied by DNSSEC which would get broken. * Use Google DNS B as fallback resolver and explain what it does in comment. * Add commented options for using Tor. 2018-10-08 19:39:48 +02:00			`require_nofilter = true`
			`# Use Google DNS B for resolving the server_names[] if the system`
			`# resolver is broken (which it is for me as it points directly to`
			`# dnscrypt-proxy which is not functional at that time.`
			`# The example config recommends DNSSEC support which OpenDNS is missing.`
			`# China: 114.114.114.114:53 according to the example file.`
			`fallback_resolver = '8.8.4.4:53'`
add etc/dnscrypt-proxy.toml (WIP!) 2018-10-07 12:45:45 +02:00			`cache = true`
			`cache_size = 10000`
dnscrypt-proxy: add quad9 nofilters, lb ph See that #92 2018-10-09 13:08:38 +02:00			`# Load-balancing`
			`# fastest = always fastest, p2 = random between two fastest, ph = random`
			`# from the fastest half of the configured list, random = any random`
			`# Default is p2, but as my list grew so long and contains so much IPv6 that`
			`# may not work everywhere, I am picking ph just in case.`
			`lb_strategy = 'ph'`
add etc/dnscrypt-proxy.toml (WIP!) 2018-10-07 12:45:45 +02:00
dnscrypt-proxy: more thinking for #92 * Comment that the fastest server is automatically picked. * Explicitly don't filter AAAA requests. * Require provider to not do filtering * which is implied by DNSSEC which would get broken. * Use Google DNS B as fallback resolver and explain what it does in comment. * Add commented options for using Tor. 2018-10-08 19:39:48 +02:00			`# Tor if necessary`
			`#force_tcp = true`
			`#proxy = "socks5://127.0.0.1:9050"`

add etc/dnscrypt-proxy.toml (WIP!) 2018-10-07 12:45:45 +02:00			`[query_log]`
			`file = '/var/log/dnscrypt-proxy/query.log'`

			`[nx_log]`
			`file = '/var/log/dnscrypt-proxy/nx.log'`

			`[sources]`
			`[sources.'public-resolvers']`
			`url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'`
			`cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'`
			`minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'`
			`refresh_delay = 72`
			`prefix = ''`