tornet.yml aktualisiert

This commit is contained in:
olli 2023-07-28 15:19:46 +02:00
parent e111dd7cfa
commit 4adb70ea8f

View File

@ -251,18 +251,25 @@
group: root group: root
marker: "# {mark} ANSIBLE MANAGED BLOCK" marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: | block: |
# Documentation https://github.com/DNSCrypt/dnscrypt-proxy/wiki
# Listen # listen on all interfaces
listen_addresses = ['127.0.0.55:5354'] listen_addresses = ['127.0.0.55:5354']
# what kinds of server do we want to resolve from? # DoH server list
server_names = ['doh.mullvad.net-194.242.2.2', 'doh.ffmuc.net-185.150.99.255', 'doh.ffmuc.net-5.1.66.255', 'dns.digitale-gesellschaft.ch-185.95.218.42', 'dns.digitale-gesellschaft.ch-185.95.218.43', 'anycast.uncensoreddns.org-91.239.100.100']
# server names to avoid even if they match all criteria
# disabled_server_names = []
## what kinds of server do we want to resolve from?
doh_servers = true doh_servers = true
ipv4_servers = false ipv4_servers = false
ipv6_servers = false ipv6_servers = false
dnscrypt_servers = false dnscrypt_servers = false
# do we support IPv6 accressing? Maybe performance issue. # do we support IPv6 accressing?
block_ipv6 = false block_ipv6 = true
# don't let weird queries & typos leak upstream # don't let weird queries & typos leak upstream
block_unqualified = true block_unqualified = true
@ -279,7 +286,7 @@
# request DoH servers that advertise themselves as unfiltered # request DoH servers that advertise themselves as unfiltered
require_nofilter = true require_nofilter = true
# use tor # use tor
force_tcp = true force_tcp = true
proxy = 'socks5://127.0.0.1:9050' proxy = 'socks5://127.0.0.1:9050'
@ -296,7 +303,7 @@
# logging: approx 1 month of weekly logs, capped-out/force-rotated at 64Mb # logging: approx 1 month of weekly logs, capped-out/force-rotated at 64Mb
log_level = 2 log_level = 2
use_syslog = true use_syslog = false
log_files_max_size = 64 log_files_max_size = 64
log_files_max_age = 7 log_files_max_age = 7
log_files_max_backups = 4 log_files_max_backups = 4
@ -322,7 +329,7 @@
ignore_system_dns = true ignore_system_dns = true
# explicit caching # explicit caching
cache = true cache = true
cache_size = 4096 cache_size = 4096
cache_min_ttl = 2400 cache_min_ttl = 2400
cache_max_ttl = 86400 cache_max_ttl = 86400
@ -340,9 +347,9 @@
file = '/var/log/dnscrypt-proxy/nx.log' file = '/var/log/dnscrypt-proxy/nx.log'
[blocked_names] [blocked_names]
# blocked_names_file = 'blocked-names.txt' blocked_names_file = 'blocked-names.txt'
# log_file = '/var/log/dnscrypt-proxy/blocked-names.log' log_file = '/var/log/dnscrypt-proxy/blocked-names.log'
[blocked_ips] [blocked_ips]
# blocked_ips_file = 'blocked-ips.txt' # blocked_ips_file = 'blocked-ips.txt'
# log_file = '/var/log/dnscrypt-proxy/blocked-ips.log' # log_file = '/var/log/dnscrypt-proxy/blocked-ips.log'
@ -350,26 +357,33 @@
[allowed_names] [allowed_names]
# allowed_names_file = 'allowed-names.txt' # allowed_names_file = 'allowed-names.txt'
# log_file = '/var/log/dnscrypt-proxy/allowed-names.log' # log_file = '/var/log/dnscrypt-proxy/allowed-names.log'
[allowed_ips] [allowed_ips]
# allowed_ips_file = 'allowed-ips.txt' # allowed_ips_file = 'allowed-ips.txt'
# log_file = '/var/log/dnscrypt-proxy/allowed-ips.log' # log_file = '/var/log/dnscrypt-proxy/allowed-ips.log'
[sources] # Static DoH DNS Servers from inspired by https://www.kuketz-blog.de/empfehlungsecke/#dns
# Stamps from https://dnscrypt.info/stamps/
[sources.'public-resolvers'] [static]
[static.'doh.mullvad.net-194.242.2.2']
[sources.'public-resolvers'] stamp = 'sdns://AgcAAAAAAAAACzE5NC4yNDIuMi4yAA9kb2gubXVsbHZhZC5uZXQKL2Rucy1xdWVyeQ'
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' [static.'doh.ffmuc.net-185.150.99.255']
cache_file = 'public-resolvers.md' stamp = 'sdns://AgcAAAAAAAAADjE4NS4xNTAuOTkuMjU1AA1kb2guZmZtdWMubmV0Ci9kbnMtcXVlcnk'
[static.'doh.ffmuc.net-5.1.66.255']
stamp = 'sdns://AgcAAAAAAAAACjUuMS42Ni4yNTUADWRvaC5mZm11Yy5uZXQKL2Rucy1xdWVyeQ'
[static.'dns.digitale-gesellschaft.ch-185.95.218.42']
stamp = 'sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDIAHGRucy5kaWdpdGFsZS1nZXNlbGxzY2hhZnQuY2gKL2Rucy1xdWVyeQ'
[static.'dns.digitale-gesellschaft.ch-185.95.218.43']
stamp = 'sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDMAHGRucy5kaWdpdGFsZS1nZXNlbGxzY2hhZnQuY2gKL2Rucy1xdWVyeQ'
[static.'anycast.uncensoreddns.org-91.239.100.100']
stamp = 'sdns://AgcAAAAAAAAADjkxLjIzOS4xMDAuMTAwABlhbnljYXN0LnVuY2Vuc29yZWRkbnMub3JnCi9kbnMtcXVlcnk'
[sources.'onion-services']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v3/onion-services.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'onion-services.md'
notify: notify:
- Restart dnscrypt-proxy - Restart dnscrypt-proxy