shell-things/etc/dnscrypt-proxy/dnscrypt-proxy.toml

77 lines
3.2 KiB
TOML

# Empty listen_addresses to use systemd socket activation (Debian)
listen_addresses = []
# When not using socket activation (Arch), 127.0.2.1:53 is what the Debian
# socket seems to give for all of my systems so I want to listen on it for
# compatibility
#listen_addresses = ['127.0.0.1:53', '127.0.2.1:53', '[::1]:53']
# mikaela.internal / my hosts file
#cloaking_rules = '/etc/dnscrypt-proxy/hosts-mikaela.txt'
# The fastest working servers are automatically picked from configured
# ones. If not configured, the whole list is compared. This overrides the
# requirements below.
# https://quad9.net/about/ & https://quad9.net/privacy/
server_names = ['quad9-dnscrypt-ip4-filter-pri', 'quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip6-filter-pri', 'quad9-dnscrypt-ip6-filter-alt', 'quad9-doh-ip4-filter-pri', 'quad9-doh-ip4-filter-alt', 'quad9-doh-ip6-filter-pri', 'quad9-doh-ip6-filter-alt']
# Server names to never use even if they match the criteria below. I think
# Cloudflare is too big and as it gets selected by default everywhere other
# resolvers won't even get attempted. There is also Mozilla planning to send
# all Firefox DNS queries to them.
# This is unsupported in the Debian's version 2.0.19, so I am keeping
# server_names.
#disabled_server_names = ['cloudflare-ipv6', 'cloudflare']
# Requirements for which servers to use
ipv4_servers = true
ipv6_servers = true
block_ipv6 = false
require_dnssec = true
require_nofilter = true
require_nolog = true
# Resolver to use for the initial queries, DNSSEC capable one recommended.
# China: 114.114.114.114:53 according to the example file.
#fallback_resolver = '149.112.112.112:53'
# Ensure syslog
use_syslog = true
# Cert reload time in minutes (see refresh_delay under sources for them)
cert_refresh_delay = 240
# Shouldn't take that much MEM and I imagine it's subject to TTL anyway.
cache = true
cache_size = 10000
# Load-balancing
# fastest = always fastest, p2 = random between two fastest, ph = random
# from the fastest half of the configured list, random = any random
# https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options
lb_strategy = 'p2'
# Tor if necessary
#force_tcp = true
#proxy = "socks5://127.0.0.1:9050"
# To be enabled by hand on systems needing them
#[query_log]
# file = '/var/log/dnscrypt-proxy/query.log'
#[nx_log]
# file = '/var/log/dnscrypt-proxy/nx.log'
[sources]
[sources.'public-resolvers']
#url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md', 'https://cdn.staticaly.com/gh/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://evilvibes.com/list/public-resolvers.md']
cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
# [sources.'opennic']
# urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/opennic.md', 'https://download.dnscrypt.info/resolvers-list/v2/opennic.md']
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
# refresh_delay = 72
# cache_file = '/var/cache/dnscrypt-proxy/opennic.md'