# Empty listen_addresses to use systemd socket activation (Debian) listen_addresses = [] # When not using socket activation (Arch), 127.0.2.1:53 is what the Debian # socket seems to give for all of my systems so I want to listen on it for # compatibility #listen_addresses = ['127.0.0.1:53', '127.0.2.1:53', '[::1]:53'] # mikaela.internal / my hosts file #cloaking_rules = '/etc/dnscrypt-proxy/hosts-mikaela.txt' # The fastest working servers are automatically picked from configured # ones. If not configured, the whole list is compared. This overrides the # requirements below. # https://quad9.net/about/ & https://quad9.net/privacy/ server_names = ['quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-doh-ip4-filter-pri', 'quad9-doh-ip4-filter-alt', 'quad9-doh-ip6-filter-pri', 'quad9-doh-ip6-filter-alt'] # Server names to never use even if they match the criteria below. I think # Cloudflare is too big and as it gets selected by default everywhere other # resolvers won't even get attempted. There is also Mozilla planning to send # all Firefox DNS queries to them. # This is unsupported in the Debian's version 2.0.19, so I am keeping # server_names. #disabled_server_names = ['cloudflare-ipv6', 'cloudflare'] # Requirements for which servers to use ipv4_servers = true ipv6_servers = true block_ipv6 = false require_dnssec = true require_nofilter = true require_nolog = true # Resolver to use for the initial queries, DNSSEC capable one recommended. # China: 114.114.114.114:53 according to the example file. #fallback_resolver = '149.112.112.112:53' # Ensure syslog use_syslog = true # Cert reload time in minutes (see refresh_delay under sources for them) cert_refresh_delay = 240 # Shouldn't take that much MEM and I imagine it's subject to TTL anyway. cache = true cache_size = 10000 # Load-balancing # fastest = always fastest, p2 = random between two fastest, ph = random # from the fastest half of the configured list, random = any random # https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options lb_strategy = 'p2' # Tor if necessary #force_tcp = true #proxy = "socks5://127.0.0.1:9050" # To be enabled by hand on systems needing them #[query_log] # file = '/var/log/dnscrypt-proxy/query.log' #[nx_log] # file = '/var/log/dnscrypt-proxy/nx.log' [sources] [sources.'public-resolvers'] #url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md' urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md'] cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' refresh_delay = 72 prefix = '' # [sources.'opennic'] # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md'] # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' # refresh_delay = 72 # cache_file = '/var/cache/dnscrypt-proxy/opennic.md' # 2.0.23 recommended so onions won't be attempted without proxy enabled # (5c9edfccfe67474bee2836ada67f955f10e43357) [sources.'onion-services'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v2/onion-services.md'] minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' cache_file = 'onion-services.md'