summaryrefslogtreecommitdiff
path: root/network/dnscrypt-proxy/dnscrypt-proxy.default
diff options
context:
space:
mode:
Diffstat (limited to 'network/dnscrypt-proxy/dnscrypt-proxy.default')
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.default93
1 files changed, 15 insertions, 78 deletions
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.default b/network/dnscrypt-proxy/dnscrypt-proxy.default
index 1f8408ffe2..3979212ade 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.default
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.default
@@ -1,85 +1,22 @@
# /etc/default/dnscrypt-proxy
-# This file contains the configuration settings for dnscrypt-proxy. This file
-# supports configuring and running multiple instances (see the bottom of this
-# file for a sample secondary configuration).
-
-# CHROOTDIR should be the same path as the USER's home directory.
-# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody,
-# this should be "/".
+# This file contains additional configuration settings for dnscrypt-proxy
+# (primary configuration belongs in the dnscrypt-proxy configuration file).
+# This file supports configuring and running multiple instances (see the bottom
+# of this file for a sample secondary configuration).
+
+# CHROOTDIR should be the same path as the daemon user's home directory. For
+# the standard dnscrypt user this should be "/run/dnscrypt". For nobody, this
+# should be "/".
CHROOTDIR[0]="/run/dnscrypt"
#CHROOTDIR[0]="/"
-# The local address and (optional) port to listen on. The default port is 53.
-LOCALADDRESS[0]="127.0.0.1:53"
-
-# The pid file for this instance. PIDFILE must always be specified for each
-# instance!
-PIDFILE[0]="/var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid"
-
-# Runs the daemon as the following user and chroots to that user's home
-# directory (this is a security feature -- it is best not to change this!)
-USER[0]="dnscrypt"
-#USER[0]="nobody"
-
-# If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and
-# PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver
-# from RESOLVERSLIST (the first column).
-RESOLVERNAME[0]="cisco"
-
-# Specify the location of the resolver list, used if RESOLVERNAME is set.
-RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
-
-# If RESOLVERNAME is unset, RESOLVERADDRESS, PROVIDERNAME and PROVIDERKEY are
-# the settings of the remote DNSCrypt provider.
-#RESOLVERADDRESS[0]="208.67.220.220:443"
-#PROVIDERNAME[0]="2.dnscrypt-cert.opendns.com"
-#PROVIDERKEY[0]="B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79"
-
-# By default, queries are always sent with the same public key, allowing
-# providers to link this public key to the different IP addresses you
-# are using. Enabling ephemeral keys requires extra CPU cycles, but
-# mitigates this by computing an ephemeral key pair for every query.
-#EPHEMERALKEYS[0]="no"
-
-# Use client authentication (ie. a static client key) instead of randomly
-# generating one. This should point to a private file. Its content does *not*
-# need to be known by the DNS service provider. See
-# /usr/doc/dnscrypt-proxy-@VERSION@/README.markdown for more information. This
-# option conflicts with EPHEMERALKEYS.
-#CLIENTKEY[0]="/etc/dnscrypt.clientkey"
-
-# Transparently add an OPT pseudo-RR to outgoing queries in order to enable
-# the EDNS0 extension mechanism. The payload size is the size of the largest
-# response we accept from the resolver before retrying over TCP. This feature
-# is enabled by default, with a payload size of 1252 bytes. Any value below
-# 512 disables it.
-#EDNSPAYLOADSIZE[0]="1252"
-
-# Set the maximum number of simultaneous active requests (default 250).
-#MAXACTIVEREQUESTS[0]="250"
-
-# Use TCP instead of UDP. This is slower than UDP, and this workaround should
-# never be used except when bypassing a filter is actually required. Moreover,
-# multiple queries over a single TCP connection aren't supported yet.
-# Don't use this unless you have to. Defaults to off ("no").
-#TCPONLY[0]="no"
-
-# Load the following plugins. None are loaded by default. See
-# /usr/doc/dnscrypt-proxy-@VERSION@/README-PLUGINS.markdown for more
-# information.
-#PLUGINS[0]="libdcplugin_example,--ips=/etc/blk-ips,--domains=/etc/blk-names \
-#libdcplugin_example_logging,/var/log/dns.log"
-
-# Where and what to log. The default LOGLEVEL is LOG_INFO.
-#LOGLEVEL[0]="LOG_INFO"
-LOGFILE[0]="/var/log/dnscrypt-proxy/dnscrypt-proxy.log"
+# DNSCRYPTCONFIG should be the path to the dnscrypt-proxy configuration file
+# for the given instance. Note that PidFile must be defined in the config for
+# the rc.dnscrypt start/stop script to function properly!
+DNSCRYPTCONFIG[0]="/etc/dnscrypt-proxy.conf"
-# A simple example configuration for a second instance
+# A simple example configuration for a second instance (note that this would
+# require a new dnscrypt-proxy configuration file)
#CHROOTDIR[1]="/run/dnscrypt"
-#LOCALADDRESS[1]="127.0.0.2:53"
-#PIDFILE[1]="/var/run/dnscrypt-proxy/dnscrypt-proxy-1.pid"
-#USER[1]="dnscrypt"
-#RESOLVERNAME[1]="cloudns-can"
-#RESOLVERSLIST[1]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
-#LOGFILE[1]="/var/log/dnscrypt-proxy/dnscrypt-proxy-1.log"
+#DNSCRYPTCONFIG[1]="/etc/dnscrypt-proxy-1.conf"