diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index 95f867bc..23fdc19d 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -44,6 +44,8 @@ type Config struct { SourceRequireDNSSEC bool `toml:"require_dnssec"` SourceRequireNoLog bool `toml:"require_nolog"` SourceRequireNoFilter bool `toml:"require_nofilter"` + SourceDNSCrypt bool `toml:"dnscrypt_servers"` + SourceDoH bool `toml:"doh_servers"` SourceIPv4 bool `toml:"ipv4_servers"` SourceIPv6 bool `toml:"ipv6_servers"` MaxClients uint32 `toml:"max_clients"` @@ -68,6 +70,8 @@ func newConfig() Config { SourceRequireNoFilter: true, SourceIPv4: true, SourceIPv6: false, + SourceDNSCrypt: true, + SourceDoH: true, MaxClients: 100, FallbackResolver: DefaultFallbackResolver, IgnoreSystemDNS: false, @@ -265,6 +269,8 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error { config.SourceRequireNoLog = false config.SourceIPv4 = true config.SourceIPv6 = true + config.SourceDNSCrypt = true + config.SourceDoH = true } if err := config.loadSources(proxy); err != nil { @@ -396,6 +402,10 @@ func (config *Config) loadSource(proxy *Proxy, requiredProps ServerInformalPrope continue } } + if !((config.SourceDNSCrypt && registeredServer.stamp.proto == StampProtoTypeDNSCrypt) || + (config.SourceDoH && registeredServer.stamp.proto == StampProtoTypeDoH)) { + continue + } dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name) proxy.registeredServers = append(proxy.registeredServers, registeredServer) } diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml index dc9dd3be..bd753ebc 100644 --- a/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -41,6 +41,12 @@ ipv4_servers = true # Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity ipv6_servers = false +# Use servers implementing the DNSCrypt protocol +dnscrypt_servers = true + +# Use servers implementing the DNS-over-HTTPS protocol +doh_servers = true + ## Require servers defined by remote sources to satisfy specific properties @@ -54,6 +60,7 @@ require_nolog = true require_nofilter = true + ## Always use TCP to connect to upstream servers force_tcp = false