From 03d780097a178c0039c2c26d09d463b1bc132d2e Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Wed, 11 Dec 2019 15:17:48 +0100
Subject: [PATCH] Sync encrypted-dns.toml.in and bump EDS version

---
 Dockerfile            |  2 +-
 encrypted-dns.toml.in | 24 ++++++++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 12022b8..eb2d5ff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -37,7 +37,7 @@ ENV RUSTFLAGS "-C link-arg=-s"
 RUN apt-get update && apt-get install -qy --no-install-recommends $BUILD_DEPS && \
     curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain stable && \
     export PATH="$HOME/.cargo/bin:$PATH" && \
-    echo "Compiling encrypted-dns version 0.3.8" && \
+    echo "Compiling encrypted-dns version 0.3.10" && \
     cargo install encrypted-dns && \
     mkdir -p /opt/encrypted-dns/sbin && \
     mv ~/.cargo/bin/encrypted-dns /opt/encrypted-dns/sbin/ && \
diff --git a/encrypted-dns.toml.in b/encrypted-dns.toml.in
index ee36142..df2b0c9 100644
--- a/encrypted-dns.toml.in
+++ b/encrypted-dns.toml.in
@@ -14,6 +14,13 @@
 ## IP addresses and ports to listen to, as well as their external IP
 ## If there is no NAT involved, `local` and `external` can be the same.
 ## As many addresses as needed can be configured here, IPv4 and/or IPv6.
+## You should at least change the `external` IP address.
+
+### Example with both IPv4 and IPv6 addresses:
+# listen_addrs = [
+#     { local = "0.0.0.0:443",    external = "198.51.100.1:443" },
+#     { local = "[::]:443",       external = "[2001:db8::1]:443" }
+# ]
 
 listen_addrs = [
     @LISTEN_ADDRESSES@
@@ -160,9 +167,24 @@ key_cache_capacity = 10000
 
 [filtering]
 
+## List of domains to block, one per line
+
 @DOMAIN_BLACKLIST_CONFIGURATION@
 
 
+## List of undelegated TLDs
+## This is the list of nonexistent TLDs that queries are frequently observed for,
+## but will never resolve to anything. The server will immediately return a
+## synthesized NXDOMAIN response instead of hitting root servers.
+
+# undelegated_list = "/etc/undelegated.txt"
+
+
+## Ignore A and AAAA queries for unqualified host names.
+
+ignore_unqualified_hostnames = true
+
+
 
 #########################
 #        Metrics        #
@@ -175,6 +197,7 @@ listen_addr = "@METRICS_ADDRESS@"
 path = "/metrics"
 
 
+
 ################################
 #        Anonymized DNS        #
 ################################
@@ -187,6 +210,7 @@ enabled = @ANONDNS_ENABLED@
 
 
 # Allowed upstream ports
+# This is a list of commonly used ports for encrypted DNS services
 
 allowed_ports = [ 443, 553, 853, 1443, 2053, 4343, 4434, 4443, 5353, 5443, 8443, 15353 ]