summaryrefslogtreecommitdiff
path: root/network/dnscrypt-proxy/dnscrypt-proxy.default
diff options
context:
space:
mode:
Diffstat (limited to 'network/dnscrypt-proxy/dnscrypt-proxy.default')
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.default9
1 files changed, 8 insertions, 1 deletions
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.default b/network/dnscrypt-proxy/dnscrypt-proxy.default
index a1b62d82f9..1f8408ffe2 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.default
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.default
@@ -25,7 +25,7 @@ USER[0]="dnscrypt"
# If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and
# PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver
# from RESOLVERSLIST (the first column).
-RESOLVERNAME[0]="opendns"
+RESOLVERNAME[0]="cisco"
# Specify the location of the resolver list, used if RESOLVERNAME is set.
RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
@@ -42,6 +42,13 @@ RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
# mitigates this by computing an ephemeral key pair for every query.
#EPHEMERALKEYS[0]="no"
+# Use client authentication (ie. a static client key) instead of randomly
+# generating one. This should point to a private file. Its content does *not*
+# need to be known by the DNS service provider. See
+# /usr/doc/dnscrypt-proxy-@VERSION@/README.markdown for more information. This
+# option conflicts with EPHEMERALKEYS.
+#CLIENTKEY[0]="/etc/dnscrypt.clientkey"
+
# Transparently add an OPT pseudo-RR to outgoing queries in order to enable
# the EDNS0 extension mechanism. The payload size is the size of the largest
# response we accept from the resolver before retrying over TCP. This feature