Archives
/
algo
mirror of https://github.com/trailofbits/algo
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Allow more flexible DNSCrypt configuration (#1120)

Browse Source 
* Allow more flexible DNSCrypt configuration

* Correct permissions on files changed in #1120

I'm not sure why using BBEdit over SMB makes every file executable.

* Put the public resolvers cache file in /tmp.
pull/1141/head
David Myers 6 years ago committed by Dan Guido
parent d7dcaeb575
commit d90ba3d11a
3 changed files with 27 additions and 7 deletions
Show Stats Download Patch File Download Diff File

20
config.cfg
Unescape Escape View File

@ -38,13 +38,25 @@ adblock_lists:
- "https://www.malwaredomainlist.com/hostslist/hosts.txt"
- "https://hosts-file.net/ad_servers.txt"
# Enable DNS encryption. Use dns_encryption_provider to specify the provider. If false dns_servers should be specified
# Enable DNS encryption.
# If 'false', 'dns_servers' should be specified below.
dns_encryption: true
# Possible values: google, cloudflare
dns_encryption_provider: cloudflare
# DNS servers which will be used if 'dns_encryption' is 'true'. Multiple
# providers may be specified, but avoid mixing providers that filter results
# (like Cisco) with those that don't (like Cloudflare) or you could get
# inconsistent results. The list of available public providers can be found
# here:
# https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v2/public-resolvers.md
dnscrypt_servers:
ipv4:
- cloudflare
# - google
ipv6:
- cloudflare-ipv6
# DNS servers which will be used if dns_encryption disabled
# DNS servers which will be used if 'dns_encryption' is 'false'.
# The default is to use Cloudflare.
dns_servers:
ipv4:
- 1.1.1.1

6
roles/dns_encryption/defaults/main.yml
Unescape Escape View File

@ -5,5 +5,9 @@ listen_port: "{% if algo_local_dns %}5353{% else %}53{% endif %}"
dnscrypt_proxy_version: 2.0.10
apparmor_enabled: true
dns_encryption: true
dns_encryption_provider: "*"
ipv6_support: false
dnscrypt_servers:
ipv4:
- cloudflare
ipv6:
- cloudflare-ipv6

8
roles/dns_encryption/templates/dnscrypt-proxy.toml.j2
Unescape Escape View File

@ -27,7 +27,11 @@
## The proxy will automatically pick the fastest, working servers from the list.
## Remove the leading # first to enable this; lines starting with # are ignored.
server_names = ['{{ dns_encryption_provider }}'{% if ipv6_support and dns_encryption_provider == "cloudflare" %}, '{{ dns_encryption_provider }}-ipv6' {% endif %} ]
{# Allow either list to be empty. Output nothing if both are empty. #}
{% set servers = [] %}
{% if dnscrypt_servers.ipv4 %}{% set servers = dnscrypt_servers.ipv4 %}{% endif %}
{% if ipv6_support and dnscrypt_servers.ipv6 %}{% set servers = servers + dnscrypt_servers.ipv6 %}{% endif %}
{% if servers %}server_names = ['{{ servers | join("', '") }}']{% endif %}
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
@ -446,7 +450,7 @@ cache_neg_max_ttl = 600
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
cache_file = 'public-resolvers.md'
cache_file = '/tmp/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''

Write Preview
Loading…
Cancel
Save