-
Notifications
You must be signed in to change notification settings - Fork 0
/
dnscrypt-proxy.toml
99 lines (60 loc) · 2.14 KB
/
dnscrypt-proxy.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
listen_addresses = ['127.0.0.1:53', '[::1]:53']
max_clients = 250
## IPV4/IPV6
ipv4_servers = true
ipv6_servers = false
block_ipv6 = false
## Server connections
dnscrypt_servers = true
doh_servers = true
require_dnssec = true
require_nolog = true
require_nofilter = true
force_tcp = false
# Shadowsocks Proxy
# proxy = "socks5://127.0.0.1:1086"
timeout = 2500
keepalive = 30
## Potential speed reducers
dnscrypt_ephemeral_keys = false
tls_disable_session_tickets = false
## Privacy
# log_file = '/library/logs/dnscrypt-proxy.log'
## DoH: Use a specific cipher suite instead of the server preference
## 49199 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
##
## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
## the following suite improves performance.
## This may also help on Intel CPUs running 32-bit operating systems.
##
## Keep tls_cipher_suite empty if you have issues fetching sources or
## connecting to some DoH servers. Google and Cloudflare are fine with it.
# tls_cipher_suite = [52392, 49199]
fallback_resolver = '8.8.8.8:53'
ignore_system_dns = false
netprobe_timeout = 0
# offline_mode = true # Setting this true breaks dnscrypt-proxy, for some reason
## For Choate networks
cloaking_rules = '/Users/max/git/dotfiles/hosts.txt'
## DNS Cache
cache = true
cache_size = 4096
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600
[blacklist]
blacklist_file = '/Users/max/blacklists/blacklist.txt'
log_file = '/Users/max/blacklists/blocked.log'
log_format = 'tsv'
[sources]
## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''