1 files changed, 27 insertions, 9 deletions
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
index ccd80ecc58..b2149acfde 100644
--- a/community/dnscrypt-proxy/config-full-paths.patch
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@@ -1,9 +1,9 @@
 diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml
 new file mode 100644
-index 0000000..8455f8d
+index 0000000..736ec29
 --- /dev/null
 +++ b/dnscrypt-proxy/dnscrypt-proxy.toml
-@@ -0,0 +1,610 @@
+@@ -0,0 +1,628 @@
 +
 +##############################################
 +#                                            #
@@ -196,7 +196,7 @@ index 0000000..8455f8d
 +## It will never be used if lists have already been cached, and if stamps
 +## don't include host names without IP addresses.
 +## It will not be used if the configured system DNS works.
-+## A resolver supporting DNSSEC is recommended. This may become mandatory.
++## A resolver supporting DNSSEC is recommended.
 +##
 +## People in China may need to use 114.114.114.114:53 here.
 +## Other popular options include 8.8.8.8 and 1.1.1.1.
@@ -204,10 +204,9 @@ index 0000000..8455f8d
 +fallback_resolver = '9.9.9.9:53'
 +
 +
-+## Never let dnscrypt-proxy try to use the system DNS settings;
-+## unconditionally use the fallback resolver.
++## Always use the fallback resolver before the system DNS settings
 +
-+ignore_system_dns = false
++ignore_system_dns = true
 +
 +
 +## Maximum time (in seconds) to wait for network connectivity before
@@ -321,12 +320,12 @@ index 0000000..8455f8d
 +
 +## Cache size
 +
-+cache_size = 512
++cache_size = 1024
 +
 +
 +## Minimum TTL for cached entries
 +
-+cache_min_ttl = 600
++cache_min_ttl = 2400
 +
 +
 +## Maximum TTL for cached entries
@@ -550,7 +549,7 @@ index 0000000..8455f8d
 +  ## Anonymized DNS relays
 +
 +  [sources.'relays']
-+  urls = ['https://github.com/DNSCrypt/dnscrypt-resolvers/raw/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
++  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
 +  cache_file = '/var/cache/dnscrypt-proxy/relays.md'
 +  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
 +  refresh_delay = 72
@@ -573,6 +572,25 @@ index 0000000..8455f8d
 +  #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
 +
 +
++
++
++#########################################
++#        Servers with known bugs        #
++#########################################
++
++[broken_implementations]
++
++# Cisco servers currently cannot handle queries larger than 1472 bytes, and don't
++# truncate reponses larger than questions as expected by the DNSCrypt protocol.
++# This prevents large responses from being received, and breaks relaying.
++# A workaround for the first issue will be applied to servers in list below.
++# Do not change that list until the bugs are fixed server-side.
++
++broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield']
++
++
++
++
 +################################
 +#        Anonymized DNS        #
 +################################