diff options
Diffstat (limited to 'network/dnscrypt-proxy/dnscrypt-proxy.default')
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.default | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.default b/network/dnscrypt-proxy/dnscrypt-proxy.default index a1b62d82f92e6..1f8408ffe297d 100644 --- a/network/dnscrypt-proxy/dnscrypt-proxy.default +++ b/network/dnscrypt-proxy/dnscrypt-proxy.default @@ -25,7 +25,7 @@ USER[0]="dnscrypt" # If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and # PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver # from RESOLVERSLIST (the first column). -RESOLVERNAME[0]="opendns" +RESOLVERNAME[0]="cisco" # Specify the location of the resolver list, used if RESOLVERNAME is set. RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv" @@ -42,6 +42,13 @@ RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv" # mitigates this by computing an ephemeral key pair for every query. #EPHEMERALKEYS[0]="no" +# Use client authentication (ie. a static client key) instead of randomly +# generating one. This should point to a private file. Its content does *not* +# need to be known by the DNS service provider. See +# /usr/doc/dnscrypt-proxy-@VERSION@/README.markdown for more information. This +# option conflicts with EPHEMERALKEYS. +#CLIENTKEY[0]="/etc/dnscrypt.clientkey" + # Transparently add an OPT pseudo-RR to outgoing queries in order to enable # the EDNS0 extension mechanism. The payload size is the size of the largest # response we accept from the resolver before retrying over TCP. This feature |