tornet.yml aktualisiert
This commit is contained in:
parent
647d8ed612
commit
3edb0bddd9
68
tornet.yml
68
tornet.yml
@ -301,6 +301,74 @@
|
|||||||
log_files_max_age = 7
|
log_files_max_age = 7
|
||||||
log_files_max_backups = 4
|
log_files_max_backups = 4
|
||||||
|
|
||||||
|
# delay, in minutes, after which certificates are reloaded; this also
|
||||||
|
# drives the latency logger, so we poll/log every hour
|
||||||
|
cert_refresh_delay = 60
|
||||||
|
|
||||||
|
# less linkability / more privacy at slight performance impact;
|
||||||
|
# see the notes in the above-cited documentation
|
||||||
|
tls_disable_session_tickets = true
|
||||||
|
tls_cipher_suite = [52392, 49199]
|
||||||
|
|
||||||
|
# for healthcheck, heartbeat and bootstrap, dnscrypt-proxy MUST be
|
||||||
|
# able to probe the internet, so we must configure our firewall so
|
||||||
|
# that it is the only one which can use port 53 to the internet;
|
||||||
|
# dnscrypt-proxy claims that it will only use these services in very
|
||||||
|
# limited circumstances. Regards option naming, see:
|
||||||
|
# https://github.com/DNSCrypt/dnscrypt-proxy/commit/c500287498a05b07c3af8effa23a0ba4c42f00f1
|
||||||
|
fallback_resolvers = ['46.182.19.48:53']
|
||||||
|
netprobe_address = '46.182.19.48:53'
|
||||||
|
netprobe_timeout = 60
|
||||||
|
ignore_system_dns = true
|
||||||
|
|
||||||
|
# explicit caching
|
||||||
|
cache = true
|
||||||
|
cache_size = 4096
|
||||||
|
cache_min_ttl = 2400
|
||||||
|
cache_max_ttl = 86400
|
||||||
|
cache_neg_min_ttl = 60
|
||||||
|
cache_neg_max_ttl = 600
|
||||||
|
|
||||||
|
# I am not configuring this resolver as a local DoH listener, to do so
|
||||||
|
# requires a TLS certificate and that's a world of pain
|
||||||
|
|
||||||
|
[query_log]
|
||||||
|
file = '/var/log/dnscrypt-proxy/query.log'
|
||||||
|
# ignored_qtypes = ['DNSKEY', 'NS']
|
||||||
|
|
||||||
|
[nx_log]
|
||||||
|
file = '/var/log/dnscrypt-proxy/nx.log'
|
||||||
|
|
||||||
|
[blocked_names]
|
||||||
|
# blocked_names_file = 'blocked-names.txt'
|
||||||
|
# log_file = '/var/log/dnscrypt-proxy/blocked-names.log'
|
||||||
|
|
||||||
|
[blocked_ips]
|
||||||
|
# blocked_ips_file = 'blocked-ips.txt'
|
||||||
|
# log_file = '/var/log/dnscrypt-proxy/blocked-ips.log'
|
||||||
|
|
||||||
|
[allowed_names]
|
||||||
|
# allowed_names_file = 'allowed-names.txt'
|
||||||
|
# log_file = '/var/log/dnscrypt-proxy/allowed-names.log'
|
||||||
|
|
||||||
|
[allowed_ips]
|
||||||
|
# allowed_ips_file = 'allowed-ips.txt'
|
||||||
|
# log_file = '/var/log/dnscrypt-proxy/allowed-ips.log'
|
||||||
|
|
||||||
|
[sources]
|
||||||
|
|
||||||
|
[sources.'public-resolvers']
|
||||||
|
|
||||||
|
|
||||||
|
[sources.'public-resolvers']
|
||||||
|
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
|
||||||
|
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||||
|
cache_file = 'public-resolvers.md'
|
||||||
|
|
||||||
|
[sources.'onion-services']
|
||||||
|
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v3/onion-services.md']
|
||||||
|
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||||
|
cache_file = 'onion-services.md'
|
||||||
|
|
||||||
notify:
|
notify:
|
||||||
- Restart dnscrypt-proxy
|
- Restart dnscrypt-proxy
|
||||||
|
Loading…
Reference in New Issue
Block a user