2014-10-05 18:38:01 +02:00
|
|
|
# /etc/default/dnscrypt-proxy
|
|
|
|
|
|
|
|
# This file contains the configuration settings for dnscrypt-proxy. This file
|
|
|
|
# supports configuring and running multiple instances (see the bottom of this
|
|
|
|
# file for a sample secondary configuration).
|
|
|
|
|
|
|
|
# CHROOTDIR should be the same path as the USER's home directory.
|
|
|
|
# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody,
|
|
|
|
# this should be "/".
|
|
|
|
CHROOTDIR[0]="/run/dnscrypt"
|
|
|
|
#CHROOTDIR[0]="/"
|
|
|
|
|
|
|
|
# The local address and (optional) port to listen on. The default port is 53.
|
|
|
|
LOCALADDRESS[0]="127.0.0.1:53"
|
|
|
|
|
|
|
|
# The pid file for this instance. PIDFILE must always be specified for each
|
|
|
|
# instance!
|
|
|
|
PIDFILE[0]="/var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid"
|
|
|
|
|
|
|
|
# Runs the daemon as the following user and chroots to that user's home
|
|
|
|
# directory (this is a security feature -- it is best not to change this!)
|
|
|
|
USER[0]="dnscrypt"
|
|
|
|
#USER[0]="nobody"
|
|
|
|
|
|
|
|
# If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and
|
|
|
|
# PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver
|
|
|
|
# from RESOLVERSLIST (the first column).
|
2015-07-22 03:34:14 +02:00
|
|
|
RESOLVERNAME[0]="cisco"
|
2014-10-05 18:38:01 +02:00
|
|
|
|
|
|
|
# Specify the location of the resolver list, used if RESOLVERNAME is set.
|
|
|
|
RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
|
|
|
|
|
|
|
|
# If RESOLVERNAME is unset, RESOLVERADDRESS, PROVIDERNAME and PROVIDERKEY are
|
|
|
|
# the settings of the remote DNSCrypt provider.
|
|
|
|
#RESOLVERADDRESS[0]="208.67.220.220:443"
|
|
|
|
#PROVIDERNAME[0]="2.dnscrypt-cert.opendns.com"
|
|
|
|
#PROVIDERKEY[0]="B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79"
|
|
|
|
|
2015-06-14 17:31:27 +02:00
|
|
|
# By default, queries are always sent with the same public key, allowing
|
|
|
|
# providers to link this public key to the different IP addresses you
|
|
|
|
# are using. Enabling ephemeral keys requires extra CPU cycles, but
|
|
|
|
# mitigates this by computing an ephemeral key pair for every query.
|
|
|
|
#EPHEMERALKEYS[0]="no"
|
|
|
|
|
2015-07-22 03:34:14 +02:00
|
|
|
# Use client authentication (ie. a static client key) instead of randomly
|
|
|
|
# generating one. This should point to a private file. Its content does *not*
|
|
|
|
# need to be known by the DNS service provider. See
|
|
|
|
# /usr/doc/dnscrypt-proxy-@VERSION@/README.markdown for more information. This
|
|
|
|
# option conflicts with EPHEMERALKEYS.
|
|
|
|
#CLIENTKEY[0]="/etc/dnscrypt.clientkey"
|
|
|
|
|
2014-10-05 18:38:01 +02:00
|
|
|
# Transparently add an OPT pseudo-RR to outgoing queries in order to enable
|
|
|
|
# the EDNS0 extension mechanism. The payload size is the size of the largest
|
|
|
|
# response we accept from the resolver before retrying over TCP. This feature
|
|
|
|
# is enabled by default, with a payload size of 1252 bytes. Any value below
|
|
|
|
# 512 disables it.
|
|
|
|
#EDNSPAYLOADSIZE[0]="1252"
|
|
|
|
|
|
|
|
# Set the maximum number of simultaneous active requests (default 250).
|
|
|
|
#MAXACTIVEREQUESTS[0]="250"
|
|
|
|
|
|
|
|
# Use TCP instead of UDP. This is slower than UDP, and this workaround should
|
|
|
|
# never be used except when bypassing a filter is actually required. Moreover,
|
|
|
|
# multiple queries over a single TCP connection aren't supported yet.
|
|
|
|
# Don't use this unless you have to. Defaults to off ("no").
|
|
|
|
#TCPONLY[0]="no"
|
|
|
|
|
|
|
|
# Load the following plugins. None are loaded by default. See
|
|
|
|
# /usr/doc/dnscrypt-proxy-@VERSION@/README-PLUGINS.markdown for more
|
|
|
|
# information.
|
|
|
|
#PLUGINS[0]="libdcplugin_example,--ips=/etc/blk-ips,--domains=/etc/blk-names \
|
|
|
|
#libdcplugin_example_logging,/var/log/dns.log"
|
|
|
|
|
|
|
|
# Where and what to log. The default LOGLEVEL is LOG_INFO.
|
|
|
|
#LOGLEVEL[0]="LOG_INFO"
|
|
|
|
LOGFILE[0]="/var/log/dnscrypt-proxy/dnscrypt-proxy.log"
|
|
|
|
|
|
|
|
# A simple example configuration for a second instance
|
|
|
|
#CHROOTDIR[1]="/run/dnscrypt"
|
|
|
|
#LOCALADDRESS[1]="127.0.0.2:53"
|
|
|
|
#PIDFILE[1]="/var/run/dnscrypt-proxy/dnscrypt-proxy-1.pid"
|
|
|
|
#USER[1]="dnscrypt"
|
|
|
|
#RESOLVERNAME[1]="cloudns-can"
|
|
|
|
#RESOLVERSLIST[1]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
|
|
|
|
#LOGFILE[1]="/var/log/dnscrypt-proxy/dnscrypt-proxy-1.log"
|