summaryrefslogtreecommitdiff
path: root/network/dnscrypt-proxy/dnsmasq.conf
diff options
context:
space:
mode:
Diffstat (limited to 'network/dnscrypt-proxy/dnsmasq.conf')
-rw-r--r--network/dnscrypt-proxy/dnsmasq.conf21
1 files changed, 21 insertions, 0 deletions
diff --git a/network/dnscrypt-proxy/dnsmasq.conf b/network/dnscrypt-proxy/dnsmasq.conf
new file mode 100644
index 0000000000..9700cb2df9
--- /dev/null
+++ b/network/dnscrypt-proxy/dnsmasq.conf
@@ -0,0 +1,21 @@
+# Use dnsmasq as a caching DNS forwarder to dnscrypt-proxy. This configuration
+# assumes dnscrypt-proxy is running on port 55.
+
+# Never forward plain names (without a dot or domain part)
+domain-needed
+
+# Never forward addresses in the non-routed address spaces.
+bogus-priv
+
+# Don't use /etc/resolv.conf. Forward all queries to dnscrypt-proxy.
+no-resolv
+
+# Use the resolver on localhost port 55 (dnscrypt-proxy)
+server=127.0.0.1#55
+
+# Listen on localhost. Default port 53
+listen-address=127.0.0.1
+
+# Pass on the upstream DNSSEC flag. Only enable this if you trust the upstream
+# resolver.
+#proxy-dnssec