# Empty listen_addresses to use systemd socket activation
listen_addresses = []
# The fastest working servers are automatically picked from configured
# ones. If not configured, the whole list is compared.
#server_names = ['cloudflare-ipv6', 'quad9-ip6-nofilter-pri', 'quad9-ip6-nofilter-alt', 'cloudflare', 'google', 'quad9-ip4-nofilter-pri', 'quad9-ip4-nofilter-alt']

# hosts-file via dnscrypt-proxy that is probably only of interest to me.
#cloaking_rules = '/etc/dnscrypt-proxy/hosts-mikaela.txt'

# When not using socket activation (Arch)
#listen_addresses = ['127.0.0.1:53', '127.0.2.1:53', '[::1]:53']

ipv4_servers = true
ipv6_servers = true
block_ipv6 = false
require_dnssec = true
require_nofilter = true
# Use Google DNS B for resolving the server_names[] if the system
# resolver is broken (which it is for me as it points directly to
# dnscrypt-proxy which is not functional at that time.
# The example config recommends DNSSEC support which OpenDNS is missing.
# China: 114.114.114.114:53 according to the example file.
fallback_resolver = '8.8.4.4:53'
cache = true
cache_size = 10000
# Load-balancing
# fastest = always fastest, p2 = random between two fastest, ph = random
# from the fastest half of the configured list, random = any random
# Default is p2, but as my list grew so long and contains so much IPv6 that
# may not work everywhere, I am picking ph just in case.
lb_strategy = 'ph'

# Tor if necessary
#force_tcp = true
#proxy = "socks5://127.0.0.1:9050"

[query_log]
  file = '/var/log/dnscrypt-proxy/query.log'

[nx_log]
  file = '/var/log/dnscrypt-proxy/nx.log'

[sources]
  [sources.'public-resolvers']
  url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
  cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
  refresh_delay = 72
  prefix = ''