diff options
Diffstat (limited to 'community/dnscrypt-proxy/config-full-paths.patch')
| -rw-r--r-- | community/dnscrypt-proxy/config-full-paths.patch | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch index 017da3c555..1af5089c52 100644 --- a/community/dnscrypt-proxy/config-full-paths.patch +++ b/community/dnscrypt-proxy/config-full-paths.patch @@ -206,7 +206,7 @@ index 0000000..736ec29 +fallback_resolver = '9.9.9.9:53' + + -+## Always use the fallback resolver before the system DNS settings ++## Always use the fallback resolver before the system DNS settings. + +ignore_system_dns = true + @@ -264,11 +264,15 @@ index 0000000..736ec29 +# Filters # +######################### + ++## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you ++## configure dnscrypt-proxy to do any kind of filtering (including the filters ++## below and blacklists). ++## But you can still choose resolvers that do DNSSEC validation. ++ ++ +## Immediately respond to IPv6-related queries with an empty response +## This makes things faster when there is no IPv6 connectivity, but can +## also cause reliability issues with some stub resolvers. -+## Do not enable if you added a validating resolver such as dnsmasq in front -+## of the proxy. + +block_ipv6 = false + @@ -278,6 +282,12 @@ index 0000000..736ec29 +block_unqualified = true + + ++## Immediately respond to queries for local zones instead of leaking them to ++## upstream resolvers (always causing errors or timeouts). ++ ++block_undelegated = true ++ ++ +## TTL for synthetic responses sent when a request has been blocked (due to +## IPv6 or blacklists). + @@ -390,7 +400,7 @@ index 0000000..736ec29 + +[query_log] + -+ ## Path to the query log file (absolute, or relative to the same directory as the executable file) ++ ## Path to the query log file (absolute, or relative to the same directory as the config file) + ## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0) + + # file = '/var/log/dnscrypt-proxy/query.log' @@ -417,7 +427,7 @@ index 0000000..736ec29 + +[nx_log] + -+ ## Path to the query log file (absolute, or relative to the same directory as the executable file) ++ ## Path to the query log file (absolute, or relative to the same directory as the config file) + + # file = '/var/log/dnscrypt-proxy/nx.log' + @@ -447,7 +457,7 @@ index 0000000..736ec29 + +[blacklist] + -+ ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) ++ ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) + + # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt' + @@ -475,7 +485,7 @@ index 0000000..736ec29 + +[ip_blacklist] + -+ ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file) ++ ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) + + # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt' + @@ -503,7 +513,7 @@ index 0000000..736ec29 + +[whitelist] + -+ ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file) ++ ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file) + + # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt' + @@ -643,7 +653,7 @@ index 0000000..736ec29 +## A relay can be specified as a DNS Stamp (either a relay stamp, or a +## DNSCrypt stamp), an IP:port, a hostname:port, or a server name. +## -+## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2``, ++## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`, +## and "example-server-2" via the relay whose relay DNS stamp +## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM". +## |