From 5d2b138b3ef5c247665b6b55499d4f3001f9152d Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Mon, 8 Oct 2018 20:39:48 +0300 Subject: [PATCH] dnscrypt-proxy: more thinking for #92 * Comment that the fastest server is automatically picked. * Explicitly don't filter AAAA requests. * Require provider to not do filtering * which is implied by DNSSEC which would get broken. * Use Google DNS B as fallback resolver and explain what it does in comment. * Add commented options for using Tor. --- etc/dnscrypt-proxy/dnscrypt-proxy.toml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/etc/dnscrypt-proxy/dnscrypt-proxy.toml b/etc/dnscrypt-proxy/dnscrypt-proxy.toml index 73a863a6..95256399 100644 --- a/etc/dnscrypt-proxy/dnscrypt-proxy.toml +++ b/etc/dnscrypt-proxy/dnscrypt-proxy.toml @@ -1,14 +1,26 @@ # Empty listen_addresses to use systemd socket activation listen_addresses = [] +# The fastest working servers are automatically picked. server_names = ['cloudflare-ipv6', 'cloudflare', 'google'] ipv4_servers = true ipv6_servers = true +block_ipv6 = false require_dnssec = true -fallback_resolver = '208.67.220.220:53' +require_nofilter = true +# Use Google DNS B for resolving the server_names[] if the system +# resolver is broken (which it is for me as it points directly to +# dnscrypt-proxy which is not functional at that time. +# The example config recommends DNSSEC support which OpenDNS is missing. +# China: 114.114.114.114:53 according to the example file. +fallback_resolver = '8.8.4.4:53' cache = true cache_size = 10000 +# Tor if necessary +#force_tcp = true +#proxy = "socks5://127.0.0.1:9050" + [query_log] file = '/var/log/dnscrypt-proxy/query.log'