2019-09-19 12:09:00 +02:00
|
|
|
####################################################
|
|
|
|
|
# #
|
|
|
|
|
# Encrypted DNS Server configuration #
|
|
|
|
|
# #
|
|
|
|
|
####################################################
|
|
|
|
|
|
|
|
|
|
|
2019-09-21 01:07:50 +02:00
|
|
|
|
2019-09-19 12:09:00 +02:00
|
|
|
##################################
|
|
|
|
|
# Global settings #
|
|
|
|
|
##################################
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## IP addresses and ports to listen to
|
|
|
|
|
|
2019-09-20 12:03:49 +02:00
|
|
|
listen_addrs = ["0.0.0.0:443", "[::1]:4443"]
|
2019-09-19 12:09:00 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
## IP address to connect to upstream servers from
|
|
|
|
|
|
|
|
|
|
external_addr = "0.0.0.0"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## File name to save the state to
|
|
|
|
|
|
|
|
|
|
state_file = "encrypted-dns.state"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Upstream DNS server and port
|
|
|
|
|
|
|
|
|
|
upstream_addr = "9.9.9.9:53"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## UDP timeout in seconds
|
|
|
|
|
|
|
|
|
|
udp_timeout = 10
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## TCP timeout in seconds
|
|
|
|
|
|
|
|
|
|
tcp_timeout = 10
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Maximum active UDP sockets
|
|
|
|
|
|
|
|
|
|
udp_max_active_connections = 1000
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Maximum active TCP connections
|
|
|
|
|
|
|
|
|
|
tcp_max_active_connections = 100
|
|
|
|
|
|
|
|
|
|
|
2019-09-21 01:07:19 +02:00
|
|
|
## Built-in DNS cache capacity
|
2019-09-21 00:53:20 +02:00
|
|
|
|
2019-09-22 02:06:33 +02:00
|
|
|
cache_capacity = 50000
|
2019-09-21 00:53:20 +02:00
|
|
|
|
|
|
|
|
|
2019-09-21 12:18:27 +02:00
|
|
|
## DNS cache: minimum TTL
|
|
|
|
|
|
|
|
|
|
cache_ttl_min = 600
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## DNS cache: max TTL
|
|
|
|
|
|
|
|
|
|
cache_ttl_max = 86400
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## DNS cache: error TTL
|
|
|
|
|
|
|
|
|
|
cache_ttl_error = 600
|
|
|
|
|
|
|
|
|
|
|
2019-09-21 16:19:39 +02:00
|
|
|
## Run as a background process
|
|
|
|
|
|
|
|
|
|
daemonize = false
|
|
|
|
|
|
|
|
|
|
|
2019-09-21 16:29:13 +02:00
|
|
|
## Log file
|
|
|
|
|
|
|
|
|
|
# log_file = "/tmp/encrypted-dns.log"
|
|
|
|
|
|
|
|
|
|
|
2019-09-21 16:19:39 +02:00
|
|
|
## PID file
|
|
|
|
|
|
|
|
|
|
# pid_file = "/tmp/encrypted-dns.pid"
|
|
|
|
|
|
|
|
|
|
|
2019-09-19 12:57:24 +02:00
|
|
|
## User name to drop privileges to, when started as root.
|
|
|
|
|
|
|
|
|
|
# user = "nobody"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Group name to drop privileges to, when started as root.
|
|
|
|
|
|
|
|
|
|
# group = "nobody"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Path to chroot() to, when started as root.
|
2019-09-20 12:03:49 +02:00
|
|
|
## The path to the state file is relative to the chroot base.
|
2019-09-19 12:57:24 +02:00
|
|
|
|
2019-09-20 12:03:49 +02:00
|
|
|
# chroot = "/var/empty"
|
2019-09-19 12:57:24 +02:00
|
|
|
|
|
|
|
|
|
2019-09-19 12:09:00 +02:00
|
|
|
|
|
|
|
|
####################################
|
|
|
|
|
# DNSCrypt settings #
|
|
|
|
|
####################################
|
|
|
|
|
|
|
|
|
|
[dnscrypt]
|
|
|
|
|
|
2019-09-20 11:25:24 +02:00
|
|
|
## Provider name (with or without the `2.dnscrypt-cert.` prefix)
|
2019-09-19 12:09:00 +02:00
|
|
|
|
|
|
|
|
provider_name = "secure.dns.test"
|
|
|
|
|
|
|
|
|
|
|
2019-09-20 10:39:42 +02:00
|
|
|
## Key cache capacity, per certificate
|
|
|
|
|
|
|
|
|
|
key_cache_capacity = 10000
|
|
|
|
|
|
|
|
|
|
|
2019-09-19 12:09:00 +02:00
|
|
|
|
|
|
|
|
###############################
|
|
|
|
|
# TLS settings #
|
|
|
|
|
###############################
|
|
|
|
|
|
|
|
|
|
[tls]
|
|
|
|
|
|
|
|
|
|
## Where to prooxy TLS connections to (e.g. DoH server)
|
|
|
|
|
|
2019-09-19 12:57:24 +02:00
|
|
|
# upstream_addr = "127.0.0.1:4343"
|
