tornet.yml aktualisiert
This commit is contained in:
parent
647d8ed612
commit
3edb0bddd9
68
tornet.yml
68
tornet.yml
@ -301,6 +301,74 @@
|
||||
log_files_max_age = 7
|
||||
log_files_max_backups = 4
|
||||
|
||||
# delay, in minutes, after which certificates are reloaded; this also
|
||||
# drives the latency logger, so we poll/log every hour
|
||||
cert_refresh_delay = 60
|
||||
|
||||
# less linkability / more privacy at slight performance impact;
|
||||
# see the notes in the above-cited documentation
|
||||
tls_disable_session_tickets = true
|
||||
tls_cipher_suite = [52392, 49199]
|
||||
|
||||
# for healthcheck, heartbeat and bootstrap, dnscrypt-proxy MUST be
|
||||
# able to probe the internet, so we must configure our firewall so
|
||||
# that it is the only one which can use port 53 to the internet;
|
||||
# dnscrypt-proxy claims that it will only use these services in very
|
||||
# limited circumstances. Regards option naming, see:
|
||||
# https://github.com/DNSCrypt/dnscrypt-proxy/commit/c500287498a05b07c3af8effa23a0ba4c42f00f1
|
||||
fallback_resolvers = ['46.182.19.48:53']
|
||||
netprobe_address = '46.182.19.48:53'
|
||||
netprobe_timeout = 60
|
||||
ignore_system_dns = true
|
||||
|
||||
# explicit caching
|
||||
cache = true
|
||||
cache_size = 4096
|
||||
cache_min_ttl = 2400
|
||||
cache_max_ttl = 86400
|
||||
cache_neg_min_ttl = 60
|
||||
cache_neg_max_ttl = 600
|
||||
|
||||
# I am not configuring this resolver as a local DoH listener, to do so
|
||||
# requires a TLS certificate and that's a world of pain
|
||||
|
||||
[query_log]
|
||||
file = '/var/log/dnscrypt-proxy/query.log'
|
||||
# ignored_qtypes = ['DNSKEY', 'NS']
|
||||
|
||||
[nx_log]
|
||||
file = '/var/log/dnscrypt-proxy/nx.log'
|
||||
|
||||
[blocked_names]
|
||||
# blocked_names_file = 'blocked-names.txt'
|
||||
# log_file = '/var/log/dnscrypt-proxy/blocked-names.log'
|
||||
|
||||
[blocked_ips]
|
||||
# blocked_ips_file = 'blocked-ips.txt'
|
||||
# log_file = '/var/log/dnscrypt-proxy/blocked-ips.log'
|
||||
|
||||
[allowed_names]
|
||||
# allowed_names_file = 'allowed-names.txt'
|
||||
# log_file = '/var/log/dnscrypt-proxy/allowed-names.log'
|
||||
|
||||
[allowed_ips]
|
||||
# allowed_ips_file = 'allowed-ips.txt'
|
||||
# log_file = '/var/log/dnscrypt-proxy/allowed-ips.log'
|
||||
|
||||
[sources]
|
||||
|
||||
[sources.'public-resolvers']
|
||||
|
||||
|
||||
[sources.'public-resolvers']
|
||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
cache_file = 'public-resolvers.md'
|
||||
|
||||
[sources.'onion-services']
|
||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v3/onion-services.md']
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
cache_file = 'onion-services.md'
|
||||
|
||||
notify:
|
||||
- Restart dnscrypt-proxy
|
||||
|
Loading…
Reference in New Issue
Block a user