diff options
Diffstat (limited to 'network/dnscrypt-proxy/dnscrypt-proxy.default')
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.default | 93 |
1 files changed, 15 insertions, 78 deletions
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.default b/network/dnscrypt-proxy/dnscrypt-proxy.default index 1f8408ffe2..3979212ade 100644 --- a/network/dnscrypt-proxy/dnscrypt-proxy.default +++ b/network/dnscrypt-proxy/dnscrypt-proxy.default @@ -1,85 +1,22 @@ # /etc/default/dnscrypt-proxy -# This file contains the configuration settings for dnscrypt-proxy. This file -# supports configuring and running multiple instances (see the bottom of this -# file for a sample secondary configuration). - -# CHROOTDIR should be the same path as the USER's home directory. -# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody, -# this should be "/". +# This file contains additional configuration settings for dnscrypt-proxy +# (primary configuration belongs in the dnscrypt-proxy configuration file). +# This file supports configuring and running multiple instances (see the bottom +# of this file for a sample secondary configuration). + +# CHROOTDIR should be the same path as the daemon user's home directory. For +# the standard dnscrypt user this should be "/run/dnscrypt". For nobody, this +# should be "/". CHROOTDIR[0]="/run/dnscrypt" #CHROOTDIR[0]="/" -# The local address and (optional) port to listen on. The default port is 53. -LOCALADDRESS[0]="127.0.0.1:53" - -# The pid file for this instance. PIDFILE must always be specified for each -# instance! -PIDFILE[0]="/var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid" - -# Runs the daemon as the following user and chroots to that user's home -# directory (this is a security feature -- it is best not to change this!) -USER[0]="dnscrypt" -#USER[0]="nobody" - -# If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and -# PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver -# from RESOLVERSLIST (the first column). -RESOLVERNAME[0]="cisco" - -# Specify the location of the resolver list, used if RESOLVERNAME is set. -RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv" - -# If RESOLVERNAME is unset, RESOLVERADDRESS, PROVIDERNAME and PROVIDERKEY are -# the settings of the remote DNSCrypt provider. -#RESOLVERADDRESS[0]="208.67.220.220:443" -#PROVIDERNAME[0]="2.dnscrypt-cert.opendns.com" -#PROVIDERKEY[0]="B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79" - -# By default, queries are always sent with the same public key, allowing -# providers to link this public key to the different IP addresses you -# are using. Enabling ephemeral keys requires extra CPU cycles, but -# mitigates this by computing an ephemeral key pair for every query. -#EPHEMERALKEYS[0]="no" - -# Use client authentication (ie. a static client key) instead of randomly -# generating one. This should point to a private file. Its content does *not* -# need to be known by the DNS service provider. See -# /usr/doc/dnscrypt-proxy-@VERSION@/README.markdown for more information. This -# option conflicts with EPHEMERALKEYS. -#CLIENTKEY[0]="/etc/dnscrypt.clientkey" - -# Transparently add an OPT pseudo-RR to outgoing queries in order to enable -# the EDNS0 extension mechanism. The payload size is the size of the largest -# response we accept from the resolver before retrying over TCP. This feature -# is enabled by default, with a payload size of 1252 bytes. Any value below -# 512 disables it. -#EDNSPAYLOADSIZE[0]="1252" - -# Set the maximum number of simultaneous active requests (default 250). -#MAXACTIVEREQUESTS[0]="250" - -# Use TCP instead of UDP. This is slower than UDP, and this workaround should -# never be used except when bypassing a filter is actually required. Moreover, -# multiple queries over a single TCP connection aren't supported yet. -# Don't use this unless you have to. Defaults to off ("no"). -#TCPONLY[0]="no" - -# Load the following plugins. None are loaded by default. See -# /usr/doc/dnscrypt-proxy-@VERSION@/README-PLUGINS.markdown for more -# information. -#PLUGINS[0]="libdcplugin_example,--ips=/etc/blk-ips,--domains=/etc/blk-names \ -#libdcplugin_example_logging,/var/log/dns.log" - -# Where and what to log. The default LOGLEVEL is LOG_INFO. -#LOGLEVEL[0]="LOG_INFO" -LOGFILE[0]="/var/log/dnscrypt-proxy/dnscrypt-proxy.log" +# DNSCRYPTCONFIG should be the path to the dnscrypt-proxy configuration file +# for the given instance. Note that PidFile must be defined in the config for +# the rc.dnscrypt start/stop script to function properly! +DNSCRYPTCONFIG[0]="/etc/dnscrypt-proxy.conf" -# A simple example configuration for a second instance +# A simple example configuration for a second instance (note that this would +# require a new dnscrypt-proxy configuration file) #CHROOTDIR[1]="/run/dnscrypt" -#LOCALADDRESS[1]="127.0.0.2:53" -#PIDFILE[1]="/var/run/dnscrypt-proxy/dnscrypt-proxy-1.pid" -#USER[1]="dnscrypt" -#RESOLVERNAME[1]="cloudns-can" -#RESOLVERSLIST[1]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv" -#LOGFILE[1]="/var/log/dnscrypt-proxy/dnscrypt-proxy-1.log" +#DNSCRYPTCONFIG[1]="/etc/dnscrypt-proxy-1.conf" |