# /etc/default/dnscrypt-wrapper # This file contains the configuration settings for dnscrypt-wrapper. In the # unusual event that you may wish to run multiple instances on the same # machine, this file supports configuring and running multiple instances (see # the bottom of this file for a sample secondary configuration). # CHROOTDIR should be the same path as the USER's home directory. # For the standard dnscrypt user this should be "/run/dnscrypt". For nobody, # this should be "/". CHROOTDIR[0]="/run/dnscrypt" #CHROOTDIR[0]="/" # The address and (optional) port to listen on. The default port is 53. LISTENADDRESS[0]="0.0.0.0:53" # The pid file for this instance. PIDFILE must always be specified for each # instance! PIDFILE[0]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-0.pid" # Runs the daemon as the following user and chroots to that user's home # directory (this is a security feature -- it is best not to change this!) USER[0]="dnscrypt" #USER[0]="nobody" # If DNSCRYPTDIR is set, it will look for files crypt_public.key, # crypt_secret.key, public.key, and secret.key in the specified directory. # CRYPTPUBLICKEYFILE, CRYPTSECRETKEYFILE, PROVIDERPUBLICKEYFILE and # PROVIDERSECRETKEYFILE will be ignored. DNSCRYPTDIR[0]="/var/lib/dnscrypt-wrapper" # Or, if DNSCRYPTDIR is unset, you can specify those files manually. #CRYPTPUBLICKEYFILE[0]="/var/lib/dnscrypt-wrapper/crypt_public.key" #CRYPTSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/crypt_secret.key" #PROVIDERPUBLICKEYFILE[0]="/var/lib/dnscrypt-wrapper/public.key" #PROVIDERSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/secret.key" # PROVIDERNAME is the fully qualified domain name that identifies the server. # For a LAN service the first example should work (you should replace hostname # with your actual hostname since it will be used by clients). For a public # service you should use a real domain like the second example. PROVIDERNAME[0]="2.dnscrypt-cert.hostname.localdomain" #PROVIDERNAME[0]="2.dnscrypt-cert.example.com" # PROVIDERCERTFILE is the location of the pre-signed certificate generated. If # you are running a public service, it may be desirable to omit this option and # instead store the generated pre-signed certificate (binary string) in a TXT # record for your provider name (set by PROVIDERNAME above) so that the # certificate will be provided by a nameserver instead of directly by # dnscrypt-wrapper. See /usr/doc/dnscrypt-wrapper-@VERSION@/README.md for more. PROVIDERCERTFILE[0]="/var/lib/dnscrypt-wrapper/dnscrypt.cert" # The address of the DNS resolver to use to forward requests. You will probably # want to change this! If you run your own nameserver (or forwarder) you should # point it there. You may wish to use the nameserver from /etc/resolv.conf. RESOLVERADDRESS[0]="8.8.8.8:53" # Allow and forward unauthenticated queries (not recommended). Defaults to off # ("no"). #UNAUTHENTICATED[0]="no" # Where to log. LOGFILE[0]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper.log" # A simple example configuration for a second instance #CHROOTDIR[1]="/run/dnscrypt" #LISTENADDRESS[1]="0.0.0.0:5353" #PIDFILE[1]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-1.pid" #USER[1]="dnscrypt" #DNSCRYPTDIR[1]="/var/lib/dnscrypt-wrapper/1" #PROVIDERNAME[1]="2.dnscrypt-cert.hostname.localdomain" #PROVIDERCERTFILE[1]="/var/lib/dnscrypt-wrapper/1/dnscrypt.cert" #RESOLVERADDRESS[1]="8.8.8.8:53" #LOGFILE[1]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper-1.log"