aboutsummaryrefslogtreecommitdiff
path: root/network/dnscrypt-proxy/dnscrypt-proxy.toml
diff options
context:
space:
mode:
authorT3slider <t3slider@gmail.com>2019-03-31 09:06:14 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2019-04-05 07:37:58 +0700
commitd9107252915d0b11a1f333bb7c1f2a4e167f32e2 (patch)
tree17c707905ee74166dc96ee00294d7d348c0157fb /network/dnscrypt-proxy/dnscrypt-proxy.toml
parent71af6fe02461f00529773503cab44516a2e2dc14 (diff)
network/dnscrypt-proxy: Updated for version 2.0.21.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'network/dnscrypt-proxy/dnscrypt-proxy.toml')
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.toml38
1 files changed, 29 insertions, 9 deletions
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.toml b/network/dnscrypt-proxy/dnscrypt-proxy.toml
index 0341cbed712f7..2e2679c316174 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.toml
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.toml
@@ -41,14 +41,10 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53']
max_clients = 250
-## Switch to a non-privileged system user after listening sockets have been created.
-## Two processes will be running.
-## The first one will keep root privileges, but is only a supervisor, that does nothing
-## except create the sockets, manage the service, and restart it if it crashes.
-## The second process is the service itself, and that one will always run as a different
-## user.
+## Switch to a different system user after listening sockets have been created.
## Note (1): this feature is currently unsupported on Windows.
## Note (2): this feature is not compatible with systemd socket activation.
+## Note (3): when using -pidfile, the PID file directory must be writable by the new user
# user_name = 'nobody'
user_name = 'dnscrypt'
@@ -80,9 +76,12 @@ require_nolog = true
# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = true
+# Server names to avoid even if they match all criteria
+disabled_server_names = []
+
## Always use TCP to connect to upstream servers.
-## This can be can be useful if you need to route everything through Tor.
+## This can be useful if you need to route everything through Tor.
## Otherwise, leave this to `false`, as it doesn't improve security
## (dnscrypt-proxy will always encrypt everything even using UDP), and can
## only increase latency.
@@ -90,13 +89,18 @@ require_nofilter = true
force_tcp = false
-## HTTP / SOCKS proxy
+## SOCKS proxy
## Uncomment the following line to route all TCP connections to a local Tor node
## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
# proxy = "socks5://127.0.0.1:9050"
+## HTTP/HTTPS proxy
+## Only for DoH servers
+
+# http_proxy = "http://127.0.0.1:8888"
+
## How long a DNS query will wait for a response, in milliseconds
@@ -108,6 +112,13 @@ timeout = 2500
keepalive = 30
+## Use the REFUSED return code for blocked responses
+## Setting this to `false` means that some responses will be lies.
+## Unfortunately, `false` appears to be required for Android 8+
+
+refused_code_in_responses = false
+
+
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
# lb_strategy = 'p2'
@@ -191,7 +202,7 @@ ignore_system_dns = false
## connectivity is not guaranteed to be immediately available.
## Use 0 to disable.
-netprobe_timeout = 30
+netprobe_timeout = 60
## Offline mode - Do not use any remote encrypted servers.
@@ -493,6 +504,15 @@ cache_neg_max_ttl = 600
refresh_delay = 72
prefix = ''
+ ## Quad9 over DNSCrypt - https://quad9.net/
+
+ # [sources.quad9-resolvers]
+ # urls = ["https://www.quad9.net/quad9-resolvers.md"]
+ # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
+ # cache_file = "quad9-resolvers.md"
+ # refresh_delay = 72
+ # prefix = "quad9-"
+
## Another example source, with resolvers censoring some websites not appropriate for children
## This is a subset of the `public-resolvers` list, so enabling both is useless