tornet.yml aktualisiert
This commit is contained in:
parent
e111dd7cfa
commit
4adb70ea8f
64
tornet.yml
64
tornet.yml
@ -251,18 +251,25 @@
|
|||||||
group: root
|
group: root
|
||||||
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
marker: "# {mark} ANSIBLE MANAGED BLOCK"
|
||||||
block: |
|
block: |
|
||||||
|
# Documentation https://github.com/DNSCrypt/dnscrypt-proxy/wiki
|
||||||
|
|
||||||
# Listen
|
# listen on all interfaces
|
||||||
listen_addresses = ['127.0.0.55:5354']
|
listen_addresses = ['127.0.0.55:5354']
|
||||||
|
|
||||||
# what kinds of server do we want to resolve from?
|
# DoH server list
|
||||||
|
server_names = ['doh.mullvad.net-194.242.2.2', 'doh.ffmuc.net-185.150.99.255', 'doh.ffmuc.net-5.1.66.255', 'dns.digitale-gesellschaft.ch-185.95.218.42', 'dns.digitale-gesellschaft.ch-185.95.218.43', 'anycast.uncensoreddns.org-91.239.100.100']
|
||||||
|
|
||||||
|
# server names to avoid even if they match all criteria
|
||||||
|
# disabled_server_names = []
|
||||||
|
|
||||||
|
## what kinds of server do we want to resolve from?
|
||||||
doh_servers = true
|
doh_servers = true
|
||||||
ipv4_servers = false
|
ipv4_servers = false
|
||||||
ipv6_servers = false
|
ipv6_servers = false
|
||||||
dnscrypt_servers = false
|
dnscrypt_servers = false
|
||||||
|
|
||||||
# do we support IPv6 accressing? Maybe performance issue.
|
# do we support IPv6 accressing?
|
||||||
block_ipv6 = false
|
block_ipv6 = true
|
||||||
|
|
||||||
# don't let weird queries & typos leak upstream
|
# don't let weird queries & typos leak upstream
|
||||||
block_unqualified = true
|
block_unqualified = true
|
||||||
@ -279,7 +286,7 @@
|
|||||||
|
|
||||||
# request DoH servers that advertise themselves as unfiltered
|
# request DoH servers that advertise themselves as unfiltered
|
||||||
require_nofilter = true
|
require_nofilter = true
|
||||||
|
|
||||||
# use tor
|
# use tor
|
||||||
force_tcp = true
|
force_tcp = true
|
||||||
proxy = 'socks5://127.0.0.1:9050'
|
proxy = 'socks5://127.0.0.1:9050'
|
||||||
@ -296,7 +303,7 @@
|
|||||||
|
|
||||||
# logging: approx 1 month of weekly logs, capped-out/force-rotated at 64Mb
|
# logging: approx 1 month of weekly logs, capped-out/force-rotated at 64Mb
|
||||||
log_level = 2
|
log_level = 2
|
||||||
use_syslog = true
|
use_syslog = false
|
||||||
log_files_max_size = 64
|
log_files_max_size = 64
|
||||||
log_files_max_age = 7
|
log_files_max_age = 7
|
||||||
log_files_max_backups = 4
|
log_files_max_backups = 4
|
||||||
@ -322,7 +329,7 @@
|
|||||||
ignore_system_dns = true
|
ignore_system_dns = true
|
||||||
|
|
||||||
# explicit caching
|
# explicit caching
|
||||||
cache = true
|
cache = true
|
||||||
cache_size = 4096
|
cache_size = 4096
|
||||||
cache_min_ttl = 2400
|
cache_min_ttl = 2400
|
||||||
cache_max_ttl = 86400
|
cache_max_ttl = 86400
|
||||||
@ -340,9 +347,9 @@
|
|||||||
file = '/var/log/dnscrypt-proxy/nx.log'
|
file = '/var/log/dnscrypt-proxy/nx.log'
|
||||||
|
|
||||||
[blocked_names]
|
[blocked_names]
|
||||||
# blocked_names_file = 'blocked-names.txt'
|
blocked_names_file = 'blocked-names.txt'
|
||||||
# log_file = '/var/log/dnscrypt-proxy/blocked-names.log'
|
log_file = '/var/log/dnscrypt-proxy/blocked-names.log'
|
||||||
|
|
||||||
[blocked_ips]
|
[blocked_ips]
|
||||||
# blocked_ips_file = 'blocked-ips.txt'
|
# blocked_ips_file = 'blocked-ips.txt'
|
||||||
# log_file = '/var/log/dnscrypt-proxy/blocked-ips.log'
|
# log_file = '/var/log/dnscrypt-proxy/blocked-ips.log'
|
||||||
@ -350,26 +357,33 @@
|
|||||||
[allowed_names]
|
[allowed_names]
|
||||||
# allowed_names_file = 'allowed-names.txt'
|
# allowed_names_file = 'allowed-names.txt'
|
||||||
# log_file = '/var/log/dnscrypt-proxy/allowed-names.log'
|
# log_file = '/var/log/dnscrypt-proxy/allowed-names.log'
|
||||||
|
|
||||||
[allowed_ips]
|
[allowed_ips]
|
||||||
# allowed_ips_file = 'allowed-ips.txt'
|
# allowed_ips_file = 'allowed-ips.txt'
|
||||||
# log_file = '/var/log/dnscrypt-proxy/allowed-ips.log'
|
# log_file = '/var/log/dnscrypt-proxy/allowed-ips.log'
|
||||||
|
|
||||||
[sources]
|
# Static DoH DNS Servers from inspired by https://www.kuketz-blog.de/empfehlungsecke/#dns
|
||||||
|
# Stamps from https://dnscrypt.info/stamps/
|
||||||
[sources.'public-resolvers']
|
[static]
|
||||||
|
|
||||||
|
[static.'doh.mullvad.net-194.242.2.2']
|
||||||
[sources.'public-resolvers']
|
stamp = 'sdns://AgcAAAAAAAAACzE5NC4yNDIuMi4yAA9kb2gubXVsbHZhZC5uZXQKL2Rucy1xdWVyeQ'
|
||||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
|
|
||||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
[static.'doh.ffmuc.net-185.150.99.255']
|
||||||
cache_file = 'public-resolvers.md'
|
stamp = 'sdns://AgcAAAAAAAAADjE4NS4xNTAuOTkuMjU1AA1kb2guZmZtdWMubmV0Ci9kbnMtcXVlcnk'
|
||||||
|
|
||||||
|
[static.'doh.ffmuc.net-5.1.66.255']
|
||||||
|
stamp = 'sdns://AgcAAAAAAAAACjUuMS42Ni4yNTUADWRvaC5mZm11Yy5uZXQKL2Rucy1xdWVyeQ'
|
||||||
|
|
||||||
|
[static.'dns.digitale-gesellschaft.ch-185.95.218.42']
|
||||||
|
stamp = 'sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDIAHGRucy5kaWdpdGFsZS1nZXNlbGxzY2hhZnQuY2gKL2Rucy1xdWVyeQ'
|
||||||
|
|
||||||
|
[static.'dns.digitale-gesellschaft.ch-185.95.218.43']
|
||||||
|
stamp = 'sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDMAHGRucy5kaWdpdGFsZS1nZXNlbGxzY2hhZnQuY2gKL2Rucy1xdWVyeQ'
|
||||||
|
|
||||||
|
[static.'anycast.uncensoreddns.org-91.239.100.100']
|
||||||
|
stamp = 'sdns://AgcAAAAAAAAADjkxLjIzOS4xMDAuMTAwABlhbnljYXN0LnVuY2Vuc29yZWRkbnMub3JnCi9kbnMtcXVlcnk'
|
||||||
|
|
||||||
[sources.'onion-services']
|
|
||||||
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v3/onion-services.md']
|
|
||||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
|
||||||
cache_file = 'onion-services.md'
|
|
||||||
|
|
||||||
notify:
|
notify:
|
||||||
- Restart dnscrypt-proxy
|
- Restart dnscrypt-proxy
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user