Last active
August 25, 2021 12:16
-
-
Save modelorona/43db8cc050e52fd5d154646ee81cb241 to your computer and use it in GitHub Desktop.
dnscrypt-proxy configuration file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################################## | |
# # | |
# dnscrypt-proxy configuration # | |
# # | |
############################################## | |
listen_addresses = ['127.0.0.1:53'] | |
server_names = ['mullvad-adblock-doh', 'doh-crypto-sx', 'doh-crypto-sx-ipv6', 'doh-de-blahdns-v6', 'doh-de-blahdns', 'dnscrypt-ch-blahdns-ipv4', 'dnscrypt-ch-blahdns-ipv6', 'dnscrypt-de-blahdns-ipv4', 'dnscrypt-de-blahdns-ipv6', 'cz.nic', 'cz.nic-ipv6', 'doh.appliedprivacy.net', 'libredns-noads', 'libredns', 'powerdns-doh', 'quad9-dnscrypt-ip4-filter-pri', 'quad9-doh-ip4-port443-filter-pri', 'uncensoreddns-ipv4', 'uncensoreddns-ipv6', 'v.dnscrypt.uk-doh-ipv4', 'v.dnscrypt.uk-ipv4'] | |
max_clients = 250 | |
# Use servers reachable over IPv4 | |
ipv4_servers = true | |
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity | |
ipv6_servers = false | |
# Use servers implementing the DNSCrypt protocol | |
dnscrypt_servers = true | |
# Use servers implementing the DNS-over-HTTPS protocol | |
doh_servers = true | |
## Require servers defined by remote sources to satisfy specific properties | |
# Server must support DNS security extensions (DNSSEC) | |
require_dnssec = true | |
# Server must not log user queries (declarative) | |
require_nolog = true | |
# Server must not enforce its own blocklist (for parental control, ads blocking...) | |
require_nofilter = false | |
# Server names to avoid even if they match all criteria | |
disabled_server_names = ['google', 'yandex', 'altername'] | |
force_tcp = false | |
timeout = 5000 | |
keepalive = 30 | |
cert_refresh_delay = 240 | |
bootstrap_resolvers = ['9.9.9.9:53', '8.8.8.8:53'] # renamed from fallback_resolvers to bootstrap_resolvers in version 2.1.0 | |
ignore_system_dns = true | |
netprobe_timeout = 60 | |
netprobe_address = '9.9.9.9:53' | |
log_files_max_size = 10 | |
log_files_max_age = 7 | |
log_files_max_backups = 1 | |
block_ipv6 = false | |
block_unqualified = true | |
block_undelegated = true | |
reject_ttl = 600 | |
cache = true | |
cache_size = 4096 | |
cache_min_ttl = 2400 | |
cache_max_ttl = 86400 | |
cache_neg_min_ttl = 60 | |
cache_neg_max_ttl = 600 | |
[query_log] | |
file = 'query.log' | |
format = 'tsv' | |
[nx_log] | |
file = 'nx.log' | |
format = 'tsv' | |
[sources] | |
[sources.'public-resolvers'] | |
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://download.dnscrypt.net/resolvers-list/v3/public-resolvers.md'] | |
cache_file = 'public-resolvers.md' | |
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' | |
refresh_delay = 72 | |
prefix = '' | |
[sources.'relays'] | |
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/relays.md'] | |
cache_file = 'relays.md' | |
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' | |
refresh_delay = 72 | |
prefix = '' | |
[broken_implementations] | |
fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-adult-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-security', 'cleanbrowsing-security-ipv6'] | |
[anonymized_dns] | |
skip_incompatible = false | |
[local_doh] | |
listen_addresses = ['127.0.0.1:3000'] | |
path = "/dns-query" | |
cert_file = "localhost.pem" | |
cert_key_file = "localhost.pem" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
edit 25/08/2021 - renamed from fallback_resolvers to bootstrap_resolvers in version 2.1.0