diff --git a/dnscrypt-proxy/example-blacklist.txt b/dnscrypt-proxy/example-blacklist.txt index a63e1e89..94031b83 100644 --- a/dnscrypt-proxy/example-blacklist.txt +++ b/dnscrypt-proxy/example-blacklist.txt @@ -34,5 +34,5 @@ eth0.me ## Time-based rules -# *.youtube.* @time-to-sleep -# facebook.com @work +# invidious.namazso.eu @time-to-sleep +# *.hyperbola.info @work diff --git a/dnscrypt-proxy/example-cloaking-rules.txt b/dnscrypt-proxy/example-cloaking-rules.txt index 7f98c2e3..8f85eeb4 100644 --- a/dnscrypt-proxy/example-cloaking-rules.txt +++ b/dnscrypt-proxy/example-cloaking-rules.txt @@ -2,27 +2,9 @@ # Cloaking rules # ################################ -# The following example rules force "safe" (without adult content) search -# results from Google, Bing and YouTube. -# # This has to be enabled with the `cloaking_rules` parameter in the main # configuration file - -www.google.* forcesafesearch.google.com - -www.bing.com strict.bing.com - -yandex.ru familysearch.yandex.ru # inline comments are allowed after a pound sign - -=duckduckgo.com safe.duckduckgo.com - -www.youtube.com restrictmoderate.youtube.com -m.youtube.com restrictmoderate.youtube.com -youtubei.googleapis.com restrictmoderate.youtube.com -youtube.googleapis.com restrictmoderate.youtube.com -www.youtube-nocookie.com restrictmoderate.youtube.com - # Multiple IP entries for the same name are supported. # In the following example, the same name maps both to IPv4 and IPv6 addresses: diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml index ec40441c..cadadc97 100644 --- a/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -29,7 +29,7 @@ ## ## Remove the leading # first to enable this; lines starting with # are ignored. -# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare'] +# server_names = ['cs-ch', 'd0wn-is-ns2', 'ibksturm', 'securedns'] ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. @@ -146,7 +146,7 @@ keepalive = 30 ## This file is different from other log files, and will not be ## automatically rotated by the application. -# log_file = 'dnscrypt-proxy.log' +# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log' ## When using a log file, only keep logs from the most recent launch. @@ -156,7 +156,7 @@ keepalive = 30 ## Use the system logger (syslog on Unix, Event Log on Windows) -# use_syslog = true +use_syslog = true ## Delay, in minutes, after which certificates are reloaded @@ -189,7 +189,7 @@ cert_refresh_delay = 240 ## This may also help on Intel CPUs running 32-bit operating systems. ## ## Keep tls_cipher_suite empty if you have issues fetching sources or -## connecting to some DoH servers. Google and Cloudflare are fine with it. +## connecting to some DoH servers. # tls_cipher_suite = [52392, 49199] @@ -206,11 +206,10 @@ cert_refresh_delay = 240 ## Resolvers supporting DNSSEC are recommended. ## ## People in China may need to use 114.114.114.114:53 here. -## Other popular options include 8.8.8.8 and 1.1.1.1. ## ## If more than one resolver is specified, they will be tried in sequence. -fallback_resolvers = ['9.9.9.9:53', '8.8.8.8:53'] +fallback_resolvers = ['84.200.69.80:53', '212.129.46.32:53', '66.70.228.164:53', '172.104.136.243:53', '112.109.84.76:53'] ## Always use the fallback resolver before the system DNS settings. @@ -236,7 +235,7 @@ netprobe_timeout = 60 ## On other operating systems, the connection will be initialized ## but nothing will be sent at all. -netprobe_address = '9.9.9.9:53' +# netprobe_address = '84.200.69.80:53' ## Offline mode - Do not use any remote encrypted servers. @@ -310,7 +309,7 @@ reject_ttl = 600 ## See the `example-forwarding-rules.txt` file for an example -# forwarding_rules = 'forwarding-rules.txt' +# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt' @@ -324,7 +323,7 @@ reject_ttl = 600 ## ## See the `example-cloaking-rules.txt` file for an example -# cloaking_rules = 'cloaking-rules.txt' +# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt' ## TTL used when serving entries in cloaking-rules.txt @@ -408,7 +407,7 @@ cache_neg_max_ttl = 600 ## Path to the query log file (absolute, or relative to the same directory as the config file) ## On non-Windows systems, can be /dev/stdout to log to the standard output (also set log_files_max_size to 0) - # file = 'query.log' + # file = '/var/log/dnscrypt-proxy/query.log' ## Query log format (currently supported: tsv and ltsv) @@ -434,7 +433,7 @@ cache_neg_max_ttl = 600 ## Path to the query log file (absolute, or relative to the same directory as the config file) - # file = 'nx.log' + # file = '/var/log/dnscrypt-proxy/nx.log' ## Query log format (currently supported: tsv and ltsv) @@ -469,7 +468,7 @@ cache_neg_max_ttl = 600 ## Optional path to a file logging blocked queries - # log_file = 'blocked.log' + # log_file = '/var/log/dnscrypt-proxy/blocked.log' ## Optional log format: tsv or ltsv (default: tsv) @@ -497,7 +496,7 @@ cache_neg_max_ttl = 600 ## Optional path to a file logging blocked queries - # log_file = 'ip-blocked.log' + # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log' ## Optional log format: tsv or ltsv (default: tsv) @@ -525,7 +524,7 @@ cache_neg_max_ttl = 600 ## Optional path to a file logging whitelisted queries - # log_file = 'whitelisted.log' + # log_file = '/var/log/dnscrypt-proxy/whitelisted.log' ## Optional log format: tsv or ltsv (default: tsv) @@ -543,8 +542,8 @@ cache_neg_max_ttl = 600 ## to apply the pattern 'schedule_name' only when it matches a time range of that schedule. ## ## For example, the following rule in a blacklist file: -## *.youtube.* @time-to-sleep -## would block access to YouTube during the times defined by the 'time-to-sleep' schedule. +## invidious.namazso.eu @time-to-sleep +## would block access to Invidious instance only during the times defined by the 'time-to-sleep' schedule. ## ## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00 ## {after= '9:00', before='18:00'} matches 9:00-18:00 @@ -590,40 +589,15 @@ cache_neg_max_ttl = 600 [sources] - ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers + ## This list is maintained by Jesús E. < heckyel [at] hyperbola [dot] info > - [sources.'public-resolvers'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] - cache_file = 'public-resolvers.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - prefix = '' - - ## Anonymized DNS relays - - [sources.'relays'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md'] - cache_file = 'relays.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + [sources.'extra-resolvers'] + urls = ['https://git.sr.ht/~heckyel/resolvers-list/blob/master/extra-resolvers.md'] + cache_file = '/var/cache/dnscrypt-proxy/extra-resolvers.md' + minisign_key = 'RWQIrgNLO4JgxhKU+K5L+z8Y0YTDZv68NZQ5hOAoBT1/admHrfLt9Eyl' refresh_delay = 72 prefix = '' - ## Quad9 over DNSCrypt - https://quad9.net/ - - # [sources.quad9-resolvers] - # urls = ['https://www.quad9.net/quad9-resolvers.md'] - # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' - # cache_file = 'quad9-resolvers.md' - # prefix = 'quad9-' - - ## Another example source, with resolvers censoring some websites not appropriate for children - ## This is a subset of the `public-resolvers` list, so enabling both is useless - - # [sources.'parental-control'] - # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'] - # cache_file = 'parental-control.md' - # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - - ######################################### # Servers with known bugs # diff --git a/dnscrypt-proxy/example-forwarding-rules.txt b/dnscrypt-proxy/example-forwarding-rules.txt index 97a4859e..bf274292 100644 --- a/dnscrypt-proxy/example-forwarding-rules.txt +++ b/dnscrypt-proxy/example-forwarding-rules.txt @@ -20,5 +20,5 @@ # internal 192.168.1.1 # localdomain 192.168.1.1 -## Forward queries for example.com and *.example.com to 9.9.9.9 and 8.8.8.8 -# example.com 9.9.9.9,8.8.8.8 +## Forward queries for example.com and *.example.com to 127.0.0.1 and 0.0.0.0 +# example.com 127.0.0.1,0.0.0.0 diff --git a/dnscrypt-proxy/example-whitelist.txt b/dnscrypt-proxy/example-whitelist.txt index 66190784..ca3dc0ca 100644 --- a/dnscrypt-proxy/example-whitelist.txt +++ b/dnscrypt-proxy/example-whitelist.txt @@ -21,5 +21,5 @@ tracker.debian.org ## Time-based rules -# *.youtube.* @time-to-play -# facebook.com @play +# invidious.namazso.eu @time-to-play +# *.hyperbola.info @play