Last active
April 1, 2019 21:44
-
-
Save goofball222/9c07b9404bafb0b1504b934ff0a71d6b to your computer and use it in GitHub Desktop.
DNS-over-HTTPS Server Unbound config for Android Private DNS ad filtering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # HTTP listen port | |
| listen = [ | |
| "[::]:8053", | |
| ] | |
| # Local address and port for upstream DNS | |
| # If left empty, a local address is automatically chosen. | |
| local_addr = "" | |
| # TLS certification file | |
| # If left empty, plain-text HTTP will be used. | |
| # You are recommended to leave empty and to use a server load balancer (e.g. | |
| # Caddy, Nginx) and set up TLS there, because this program does not do OCSP | |
| # Stapling, which is necessary for client bootstrapping in a network | |
| # environment with completely no traditional DNS service. | |
| cert = "" | |
| # TLS private key file | |
| key = "" | |
| # HTTP path for resolve application | |
| path = "/dns-query" | |
| # Upstream DNS resolver | |
| # If multiple servers are specified, a random one will be chosen each time. | |
| #upstream = [ | |
| # "1.1.1.1:53", | |
| # "1.0.0.1:53", | |
| # "8.8.8.8:53", | |
| # "8.8.4.4:53", | |
| #] | |
| #upstream = [ | |
| # "pihole:53", | |
| # | |
| upstream = [ | |
| "unbound:53", | |
| ] | |
| # Upstream timeout | |
| timeout = 10 | |
| # Number of tries if upstream DNS fails | |
| tries = 3 | |
| # Only use TCP for DNS query | |
| tcp_only = false | |
| # Enable logging | |
| verbose = false | |
| # Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP | |
| # Note: http uri/useragent log cannot be controlled by this config | |
| log_guessed_client_ip = false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment