aboutsummaryrefslogtreecommitdiffstats
path: root/community/dnscrypt-proxy/config-full-paths.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/dnscrypt-proxy/config-full-paths.patch')
-rw-r--r--community/dnscrypt-proxy/config-full-paths.patch34
1 files changed, 29 insertions, 5 deletions
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
index b9eac807d4..3b0258fd3f 100644
--- a/community/dnscrypt-proxy/config-full-paths.patch
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@@ -1,9 +1,9 @@
diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml
new file mode 100644
-index 0000000..ceb9308
+index 0000000..cabf679
--- /dev/null
+++ b/dnscrypt-proxy/dnscrypt-proxy.toml
-@@ -0,0 +1,506 @@
+@@ -0,0 +1,530 @@
+
+##############################################
+# #
@@ -81,9 +81,12 @@ index 0000000..ceb9308
+# Server must not enforce its own blacklist (for parental control, ads blocking...)
+require_nofilter = true
+
++# Server names to avoid even if they match all criteria
++disabled_server_names = []
++
+
+## Always use TCP to connect to upstream servers.
-+## This can be can be useful if you need to route everything through Tor.
++## This can be useful if you need to route everything through Tor.
+## Otherwise, leave this to `false`, as it doesn't improve security
+## (dnscrypt-proxy will always encrypt everything even using UDP), and can
+## only increase latency.
@@ -91,13 +94,18 @@ index 0000000..ceb9308
+force_tcp = false
+
+
-+## HTTP / SOCKS proxy
++## SOCKS proxy
+## Uncomment the following line to route all TCP connections to a local Tor node
+## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
+
+# proxy = "socks5://127.0.0.1:9050"
+
+
++## HTTP/HTTPS proxy
++## Only for DoH servers
++
++# http_proxy = "http://127.0.0.1:8888"
++
+
+## How long a DNS query will wait for a response, in milliseconds
+
@@ -109,6 +117,13 @@ index 0000000..ceb9308
+keepalive = 30
+
+
++## Use the REFUSED return code for blocked responses
++## Setting this to `false` means that some responses will be lies.
++## Unfortunately, `false` appears to be required for Android 8+
++
++refused_code_in_responses = false
++
++
+## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
+
+# lb_strategy = 'p2'
@@ -191,7 +206,7 @@ index 0000000..ceb9308
+## connectivity is not guaranteed to be immediately available.
+## Use 0 to disable.
+
-+netprobe_timeout = 30
++netprobe_timeout = 60
+
+
+## Offline mode - Do not use any remote encrypted servers.
@@ -493,6 +508,15 @@ index 0000000..ceb9308
+ refresh_delay = 72
+ prefix = ''
+
++ ## Quad9 over DNSCrypt - https://quad9.net/
++
++ # [sources.quad9-resolvers]
++ # urls = ["https://www.quad9.net/quad9-resolvers.md"]
++ # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
++ # cache_file = "/var/cache/dnscrypt-proxy/quad9-resolvers.md"
++ # refresh_delay = 72
++ # prefix = "quad9-"
++
+ ## Another example source, with resolvers censoring some websites not appropriate for children
+ ## This is a subset of the `public-resolvers` list, so enabling both is useless
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-23 19:34:02 +0000