############################################## # # # dnscrypt-proxy configuration # # # ############################################## ################################## # Global settings # ################################## ## List of servers to use ## If this line is commented, all registered servers will be used # server_names = ["dnscrypt.org-fr"] ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. listen_addresses = ["127.0.0.1:53", "[::1]:53"] ## Whether to the server as a background process (linux only) ## Do not set to true if you are using systemd daemonize = false ## Always use TCP to connect to upstream servers force_tcp = false ## Timeout, in milliseconds timeout = 2500 ## Delay, in minutes, after which certificates are reloaded cert_refresh_delay = 30 ######################### # Filters # ######################### ## Immediately respond to IPv6-related queries with an empty response ## This makes things faster when there is no IPv6 connectivity block_ipv6 = false ################################################################################## # Route queries for specific domains to a dedicated set of servers # ################################################################################## ## Example map entries (one entry per line): ## example.com 9.9.9.9 ## example.net 9.9.9.9,8.8.8.8 # forwarding_rules = "forwarding-rules.txt" ########################### # DNS cache # ########################### ## Enable a basic DNS cache to reduce outgoing traffic cache = true ## Cache size cache_size = 256 ## Minimum TTL for cached entries cache_min_ttl = 600 ## Maxmimum TTL for cached entries cache_max_ttl = 86400 ## TTL for negatively cached entries cache_neg_ttl = 60 ############################### # Query logging # ############################### ## Log client queries to a file [query_log] ## Full path to the query log file # file = "query.log" ## Query log format (currently supported: tsv and ltsv) format = "tsv" ###################################################### # Pattern-based blocking (blacklists) # ###################################################### ## Blacklists are made of one pattern per line. Example of valid patterns: ## ## example.com ## *sex* ## ads.* ## ads*.example.* ## ads*.example[0-9]*.com [blacklist] ## Full path to the file of blocking rules # blacklist_file = "blacklist.txt" ## Optional path to a file logging blocked queries # log_file = "blocked.log" ## Optional log format: tsv or ltsv (default: tsv) # log_format = "tsv" ######################### # Servers # ######################### ## Remote lists of available servers ## Recommended: change the cache_file location to an absolute path [sources] [sources."proxy v1 list from github"] url = "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v1/dnscrypt-resolvers.csv" minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3" cache_file = "dnscrypt-resolvers.csv" format = "v1" refresh_delay = 24 ## Local, static list of available servers [servers] [servers."dnscrypt.org-fr"] provider_name = "2.dnscrypt-cert.fr.dnscrypt.org" address = "212.47.228.136:443" public_key = "E801:B84E:A606:BFB0:BAC0:CE43:445B:B15E:BA64:B02F:A3C4:AA31:AE10:636A:0790:324D"