esolitos/dnsmasq.conf

## dnsmasq.conf
# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

domain-needed
bogus-priv
stop-dns-rebind
clear-on-reload
dns-forward-max=150
cache-size=8192
neg-ttl=60

resolv-file=/usr/local/etc/resolv.dnsmasq
strict-order
no-poll

# Uncomment these to enable DNSSEC validation and caching:
#dnssec
#trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
#dnssec-check-unsigned

port=53
local-service
listen-address=127.0.0.1
interface=lo0
bind-interfaces

address=/.onion/0.0.0.0

local=/local/
local=/localhost/

address=/local/127.0.0.1
address=/localhost/127.0.0.1

local-ttl=300

log-queries
log-facility=/var/log/dnsmasq.log

# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11

# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries

# Include another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf

# Include all files in a directory which end in .conf
#conf-dir=/etc/dnsmasq.d/,*.conf

## resolv.dnsmasq
# Cloudflare
1.1.1.1

# DNS.Watch
nameserver 84.200.69.80

# OpenDNS
nameserver 208.67.220.220
	# Configuration file for dnsmasq.
	#
	# Format is one option per line, legal options are the same
	# as the long options legal on the command line. See
	# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

	domain-needed
	bogus-priv
	stop-dns-rebind
	clear-on-reload
	dns-forward-max=150
	cache-size=8192
	neg-ttl=60

	resolv-file=/usr/local/etc/resolv.dnsmasq
	strict-order
	no-poll

	# Uncomment these to enable DNSSEC validation and caching:
	#dnssec
	#trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
	#dnssec-check-unsigned

	port=53
	local-service
	listen-address=127.0.0.1
	interface=lo0
	bind-interfaces

	address=/.onion/0.0.0.0

	local=/local/
	local=/localhost/

	address=/local/127.0.0.1
	address=/localhost/127.0.0.1

	local-ttl=300

	log-queries
	log-facility=/var/log/dnsmasq.log

	# If you want dnsmasq to detect attempts by Verisign to send queries
	# to unregistered .com and .net hosts to its sitefinder service and
	# have dnsmasq instead return the correct NXDOMAIN response, uncomment
	# this line. You can add similar lines to do the same for other
	# registries which have implemented wildcard A records.
	#bogus-nxdomain=64.94.110.11

	# For debugging purposes, log each DNS query as it passes through
	# dnsmasq.
	#log-queries

	# Include another lot of configuration options.
	#conf-file=/etc/dnsmasq.more.conf

	# Include all files in a directory which end in .conf
	#conf-dir=/etc/dnsmasq.d/,*.conf
	# Cloudflare
	1.1.1.1

	# DNS.Watch
	nameserver 84.200.69.80

	# OpenDNS
	nameserver 208.67.220.220