tornet.yml aktualisiert

This commit is contained in:
olli 2023-07-28 12:32:14 +02:00
parent 647d8ed612
commit 3edb0bddd9

View File

@ -300,7 +300,75 @@
log_files_max_size = 64 log_files_max_size = 64
log_files_max_age = 7 log_files_max_age = 7
log_files_max_backups = 4 log_files_max_backups = 4
# delay, in minutes, after which certificates are reloaded; this also
# drives the latency logger, so we poll/log every hour
cert_refresh_delay = 60
# less linkability / more privacy at slight performance impact;
# see the notes in the above-cited documentation
tls_disable_session_tickets = true
tls_cipher_suite = [52392, 49199]
# for healthcheck, heartbeat and bootstrap, dnscrypt-proxy MUST be
# able to probe the internet, so we must configure our firewall so
# that it is the only one which can use port 53 to the internet;
# dnscrypt-proxy claims that it will only use these services in very
# limited circumstances. Regards option naming, see:
# https://github.com/DNSCrypt/dnscrypt-proxy/commit/c500287498a05b07c3af8effa23a0ba4c42f00f1
fallback_resolvers = ['46.182.19.48:53']
netprobe_address = '46.182.19.48:53'
netprobe_timeout = 60
ignore_system_dns = true
# explicit caching
cache = true
cache_size = 4096
cache_min_ttl = 2400
cache_max_ttl = 86400
cache_neg_min_ttl = 60
cache_neg_max_ttl = 600
# I am not configuring this resolver as a local DoH listener, to do so
# requires a TLS certificate and that's a world of pain
[query_log]
file = '/var/log/dnscrypt-proxy/query.log'
# ignored_qtypes = ['DNSKEY', 'NS']
[nx_log]
file = '/var/log/dnscrypt-proxy/nx.log'
[blocked_names]
# blocked_names_file = 'blocked-names.txt'
# log_file = '/var/log/dnscrypt-proxy/blocked-names.log'
[blocked_ips]
# blocked_ips_file = 'blocked-ips.txt'
# log_file = '/var/log/dnscrypt-proxy/blocked-ips.log'
[allowed_names]
# allowed_names_file = 'allowed-names.txt'
# log_file = '/var/log/dnscrypt-proxy/allowed-names.log'
[allowed_ips]
# allowed_ips_file = 'allowed-ips.txt'
# log_file = '/var/log/dnscrypt-proxy/allowed-ips.log'
[sources]
[sources.'public-resolvers']
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'public-resolvers.md'
[sources.'onion-services']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v3/onion-services.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'onion-services.md'
notify: notify:
- Restart dnscrypt-proxy - Restart dnscrypt-proxy