Mikaela
/
shell-things
mirror of https://gitea.blesmrt.net/mikaela/shell-things.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

dnscrypt-proxy.toml: sort the options and add/update/fix comments 

Now the options that I am more likely to care about or want to adjust
are on the top.
This commit is contained in:
Aminda Suomalainen 2018-11-26 16:46:30 +02:00
parent eecb4a980d
commit c8fb2b896a
No known key found for this signature in database
GPG Key ID: 0C207F07B2F32B67
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
etc/dnscrypt-proxy/dnscrypt-proxy.toml
View File

@ -1,28 +1,39 @@
# Empty listen_addresses to use systemd socket activation
# Empty listen_addresses to use systemd socket activation (Debian)
listen_addresses = []
# When not using socket activation (Arch), 127.0.2.1:53 is what the Debian
# socket seems to give for all of my systems so I want to listen on it for
# compatibility
#listen_addresses = ['127.0.0.1:53', '127.0.2.1:53', '[::1]:53']
# Logs on top for easier noticing and disabling
[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
[nx_log]
file = '/var/log/dnscrypt-proxy/nx.log'
# The fastest working servers are automatically picked from configured
# ones. If not configured, the whole list is compared.
#server_names = ['cloudflare-ipv6', 'quad9-ip6-nofilter-pri', 'quad9-ip6-nofilter-alt', 'cloudflare', 'google', 'quad9-ip4-nofilter-pri', 'quad9-ip4-nofilter-alt']
# hosts-file via dnscrypt-proxy that is probably only of interest to me.
#cloaking_rules = '/etc/dnscrypt-proxy/hosts-mikaela.txt'
# When not using socket activation (Arch)
#listen_addresses = ['127.0.0.1:53', '127.0.2.1:53', '[::1]:53']
# Requirements for which servers to use
ipv4_servers = true
ipv6_servers = true
block_ipv6 = false
require_dnssec = true
require_nofilter = true
# Use Google DNS B for resolving the server_names[] if the system
# resolver is broken (which it is for me as it points directly to
# dnscrypt-proxy which is not functional at that time.
# dnscrypt-proxy which is not functional at that time.)
# The example config recommends DNSSEC support which OpenDNS is missing.
# China: 114.114.114.114:53 according to the example file.
fallback_resolver = '8.8.4.4:53'
# Shouldn't take that much MEM and I imagine it's subject to TTL anyway.
cache = true
cache_size = 10000
# Load-balancing
# fastest = always fastest, p2 = random between two fastest, ph = random
# from the fastest half of the configured list, random = any random
@ -34,11 +45,6 @@ lb_strategy = 'ph'
#force_tcp = true
#proxy = "socks5://127.0.0.1:9050"
[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
[nx_log]
file = '/var/log/dnscrypt-proxy/nx.log'
[sources]
[sources.'public-resolvers']