# /etc/default/dnscrypt-proxy # This file contains the configuration settings for dnscrypt-proxy. This file # supports configuring and running multiple instances (see the bottom of this # file for a sample secondary configuration). # CHROOTDIR should be the same path as the USER's home directory. # For the standard dnscrypt user this should be "/run/dnscrypt". For nobody, # this should be "/". CHROOTDIR[0]="/run/dnscrypt" #CHROOTDIR[0]="/" # The local address and (optional) port to listen on. The default port is 53. LOCALADDRESS[0]="127.0.0.1:53" # The pid file for this instance. PIDFILE must always be specified for each # instance! PIDFILE[0]="/var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid" # Runs the daemon as the following user and chroots to that user's home # directory (this is a security feature -- it is best not to change this!) USER[0]="dnscrypt" #USER[0]="nobody" # If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and # PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver # from RESOLVERSLIST (the first column). RESOLVERNAME[0]="cisco" # Specify the location of the resolver list, used if RESOLVERNAME is set. RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv" # If RESOLVERNAME is unset, RESOLVERADDRESS, PROVIDERNAME and PROVIDERKEY are # the settings of the remote DNSCrypt provider. #RESOLVERADDRESS[0]="208.67.220.220:443" #PROVIDERNAME[0]="2.dnscrypt-cert.opendns.com" #PROVIDERKEY[0]="B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79" # By default, queries are always sent with the same public key, allowing # providers to link this public key to the different IP addresses you # are using. Enabling ephemeral keys requires extra CPU cycles, but # mitigates this by computing an ephemeral key pair for every query. #EPHEMERALKEYS[0]="no" # Use client authentication (ie. a static client key) instead of randomly # generating one. This should point to a private file. Its content does *not* # need to be known by the DNS service provider. See # /usr/doc/dnscrypt-proxy-@VERSION@/README.markdown for more information. This # option conflicts with EPHEMERALKEYS. #CLIENTKEY[0]="/etc/dnscrypt.clientkey" # Transparently add an OPT pseudo-RR to outgoing queries in order to enable # the EDNS0 extension mechanism. The payload size is the size of the largest # response we accept from the resolver before retrying over TCP. This feature # is enabled by default, with a payload size of 1252 bytes. Any value below # 512 disables it. #EDNSPAYLOADSIZE[0]="1252" # Set the maximum number of simultaneous active requests (default 250). #MAXACTIVEREQUESTS[0]="250" # Use TCP instead of UDP. This is slower than UDP, and this workaround should # never be used except when bypassing a filter is actually required. Moreover, # multiple queries over a single TCP connection aren't supported yet. # Don't use this unless you have to. Defaults to off ("no"). #TCPONLY[0]="no" # Load the following plugins. None are loaded by default. See # /usr/doc/dnscrypt-proxy-@VERSION@/README-PLUGINS.markdown for more # information. #PLUGINS[0]="libdcplugin_example,--ips=/etc/blk-ips,--domains=/etc/blk-names \ #libdcplugin_example_logging,/var/log/dns.log" # Where and what to log. The default LOGLEVEL is LOG_INFO. #LOGLEVEL[0]="LOG_INFO" LOGFILE[0]="/var/log/dnscrypt-proxy/dnscrypt-proxy.log" # A simple example configuration for a second instance #CHROOTDIR[1]="/run/dnscrypt" #LOCALADDRESS[1]="127.0.0.2:53" #PIDFILE[1]="/var/run/dnscrypt-proxy/dnscrypt-proxy-1.pid" #USER[1]="dnscrypt" #RESOLVERNAME[1]="cloudns-can" #RESOLVERSLIST[1]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv" #LOGFILE[1]="/var/log/dnscrypt-proxy/dnscrypt-proxy-1.log"