tornet.yml aktualisiert

This commit is contained in:
olli 2023-07-28 15:19:46 +02:00
parent e111dd7cfa
commit 4adb70ea8f

View File

@ -251,18 +251,25 @@
group: root
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
# Documentation https://github.com/DNSCrypt/dnscrypt-proxy/wiki
# Listen
# listen on all interfaces
listen_addresses = ['127.0.0.55:5354']
# what kinds of server do we want to resolve from?
# DoH server list
server_names = ['doh.mullvad.net-194.242.2.2', 'doh.ffmuc.net-185.150.99.255', 'doh.ffmuc.net-5.1.66.255', 'dns.digitale-gesellschaft.ch-185.95.218.42', 'dns.digitale-gesellschaft.ch-185.95.218.43', 'anycast.uncensoreddns.org-91.239.100.100']
# server names to avoid even if they match all criteria
# disabled_server_names = []
## what kinds of server do we want to resolve from?
doh_servers = true
ipv4_servers = false
ipv6_servers = false
dnscrypt_servers = false
# do we support IPv6 accressing? Maybe performance issue.
block_ipv6 = false
# do we support IPv6 accressing?
block_ipv6 = true
# don't let weird queries & typos leak upstream
block_unqualified = true
@ -279,7 +286,7 @@
# request DoH servers that advertise themselves as unfiltered
require_nofilter = true
# use tor
force_tcp = true
proxy = 'socks5://127.0.0.1:9050'
@ -296,7 +303,7 @@
# logging: approx 1 month of weekly logs, capped-out/force-rotated at 64Mb
log_level = 2
use_syslog = true
use_syslog = false
log_files_max_size = 64
log_files_max_age = 7
log_files_max_backups = 4
@ -322,7 +329,7 @@
ignore_system_dns = true
# explicit caching
cache = true
cache = true
cache_size = 4096
cache_min_ttl = 2400
cache_max_ttl = 86400
@ -340,9 +347,9 @@
file = '/var/log/dnscrypt-proxy/nx.log'
[blocked_names]
# blocked_names_file = 'blocked-names.txt'
# log_file = '/var/log/dnscrypt-proxy/blocked-names.log'
blocked_names_file = 'blocked-names.txt'
log_file = '/var/log/dnscrypt-proxy/blocked-names.log'
[blocked_ips]
# blocked_ips_file = 'blocked-ips.txt'
# log_file = '/var/log/dnscrypt-proxy/blocked-ips.log'
@ -350,26 +357,33 @@
[allowed_names]
# allowed_names_file = 'allowed-names.txt'
# log_file = '/var/log/dnscrypt-proxy/allowed-names.log'
[allowed_ips]
# allowed_ips_file = 'allowed-ips.txt'
# log_file = '/var/log/dnscrypt-proxy/allowed-ips.log'
[sources]
[sources.'public-resolvers']
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'public-resolvers.md'
# Static DoH DNS Servers from inspired by https://www.kuketz-blog.de/empfehlungsecke/#dns
# Stamps from https://dnscrypt.info/stamps/
[static]
[static.'doh.mullvad.net-194.242.2.2']
stamp = 'sdns://AgcAAAAAAAAACzE5NC4yNDIuMi4yAA9kb2gubXVsbHZhZC5uZXQKL2Rucy1xdWVyeQ'
[static.'doh.ffmuc.net-185.150.99.255']
stamp = 'sdns://AgcAAAAAAAAADjE4NS4xNTAuOTkuMjU1AA1kb2guZmZtdWMubmV0Ci9kbnMtcXVlcnk'
[static.'doh.ffmuc.net-5.1.66.255']
stamp = 'sdns://AgcAAAAAAAAACjUuMS42Ni4yNTUADWRvaC5mZm11Yy5uZXQKL2Rucy1xdWVyeQ'
[static.'dns.digitale-gesellschaft.ch-185.95.218.42']
stamp = 'sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDIAHGRucy5kaWdpdGFsZS1nZXNlbGxzY2hhZnQuY2gKL2Rucy1xdWVyeQ'
[static.'dns.digitale-gesellschaft.ch-185.95.218.43']
stamp = 'sdns://AgcAAAAAAAAADTE4NS45NS4yMTguNDMAHGRucy5kaWdpdGFsZS1nZXNlbGxzY2hhZnQuY2gKL2Rucy1xdWVyeQ'
[static.'anycast.uncensoreddns.org-91.239.100.100']
stamp = 'sdns://AgcAAAAAAAAADjkxLjIzOS4xMDAuMTAwABlhbnljYXN0LnVuY2Vuc29yZWRkbnMub3JnCi9kbnMtcXVlcnk'
[sources.'onion-services']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/onion-services.md', 'https://download.dnscrypt.info/resolvers-list/v3/onion-services.md']
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
cache_file = 'onion-services.md'
notify:
- Restart dnscrypt-proxy