diff --git a/etc/dnscrypt-proxy/dnscrypt-proxy.toml b/etc/dnscrypt-proxy/dnscrypt-proxy.toml index ef7096cd..d69be6fb 100644 --- a/etc/dnscrypt-proxy/dnscrypt-proxy.toml +++ b/etc/dnscrypt-proxy/dnscrypt-proxy.toml @@ -1,28 +1,39 @@ -# Empty listen_addresses to use systemd socket activation +# Empty listen_addresses to use systemd socket activation (Debian) listen_addresses = [] +# When not using socket activation (Arch), 127.0.2.1:53 is what the Debian +# socket seems to give for all of my systems so I want to listen on it for +# compatibility +#listen_addresses = ['127.0.0.1:53', '127.0.2.1:53', '[::1]:53'] + +# Logs on top for easier noticing and disabling +[query_log] + file = '/var/log/dnscrypt-proxy/query.log' +[nx_log] + file = '/var/log/dnscrypt-proxy/nx.log' + # The fastest working servers are automatically picked from configured # ones. If not configured, the whole list is compared. #server_names = ['cloudflare-ipv6', 'quad9-ip6-nofilter-pri', 'quad9-ip6-nofilter-alt', 'cloudflare', 'google', 'quad9-ip4-nofilter-pri', 'quad9-ip4-nofilter-alt'] -# hosts-file via dnscrypt-proxy that is probably only of interest to me. -#cloaking_rules = '/etc/dnscrypt-proxy/hosts-mikaela.txt' - -# When not using socket activation (Arch) -#listen_addresses = ['127.0.0.1:53', '127.0.2.1:53', '[::1]:53'] +# Requirements for which servers to use ipv4_servers = true ipv6_servers = true block_ipv6 = false require_dnssec = true require_nofilter = true + # Use Google DNS B for resolving the server_names[] if the system # resolver is broken (which it is for me as it points directly to -# dnscrypt-proxy which is not functional at that time. +# dnscrypt-proxy which is not functional at that time.) # The example config recommends DNSSEC support which OpenDNS is missing. # China: 114.114.114.114:53 according to the example file. fallback_resolver = '8.8.4.4:53' + +# Shouldn't take that much MEM and I imagine it's subject to TTL anyway. cache = true cache_size = 10000 + # Load-balancing # fastest = always fastest, p2 = random between two fastest, ph = random # from the fastest half of the configured list, random = any random @@ -34,11 +45,6 @@ lb_strategy = 'ph' #force_tcp = true #proxy = "socks5://127.0.0.1:9050" -[query_log] - file = '/var/log/dnscrypt-proxy/query.log' - -[nx_log] - file = '/var/log/dnscrypt-proxy/nx.log' [sources] [sources.'public-resolvers']