|
|
|
|
@ -14,6 +14,13 @@
|
|
|
|
|
## IP addresses and ports to listen to, as well as their external IP
|
|
|
|
|
## If there is no NAT involved, `local` and `external` can be the same.
|
|
|
|
|
## As many addresses as needed can be configured here, IPv4 and/or IPv6.
|
|
|
|
|
## You should at least change the `external` IP address.
|
|
|
|
|
|
|
|
|
|
### Example with both IPv4 and IPv6 addresses:
|
|
|
|
|
# listen_addrs = [
|
|
|
|
|
# { local = "0.0.0.0:443", external = "198.51.100.1:443" },
|
|
|
|
|
# { local = "[::]:443", external = "[2001:db8::1]:443" }
|
|
|
|
|
# ]
|
|
|
|
|
|
|
|
|
|
listen_addrs = [
|
|
|
|
|
@LISTEN_ADDRESSES@
|
|
|
|
|
@ -160,9 +167,24 @@ key_cache_capacity = 10000
|
|
|
|
|
|
|
|
|
|
[filtering]
|
|
|
|
|
|
|
|
|
|
## List of domains to block, one per line
|
|
|
|
|
|
|
|
|
|
@DOMAIN_BLACKLIST_CONFIGURATION@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## List of undelegated TLDs
|
|
|
|
|
## This is the list of nonexistent TLDs that queries are frequently observed for,
|
|
|
|
|
## but will never resolve to anything. The server will immediately return a
|
|
|
|
|
## synthesized NXDOMAIN response instead of hitting root servers.
|
|
|
|
|
|
|
|
|
|
# undelegated_list = "/etc/undelegated.txt"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Ignore A and AAAA queries for unqualified host names.
|
|
|
|
|
|
|
|
|
|
ignore_unqualified_hostnames = true
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#########################
|
|
|
|
|
# Metrics #
|
|
|
|
|
@ -175,6 +197,7 @@ listen_addr = "@METRICS_ADDRESS@"
|
|
|
|
|
path = "/metrics"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
################################
|
|
|
|
|
# Anonymized DNS #
|
|
|
|
|
################################
|
|
|
|
|
@ -187,6 +210,7 @@ enabled = @ANONDNS_ENABLED@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Allowed upstream ports
|
|
|
|
|
# This is a list of commonly used ports for encrypted DNS services
|
|
|
|
|
|
|
|
|
|
allowed_ports = [ 443, 553, 853, 1443, 2053, 4343, 4434, 4443, 5353, 5443, 8443, 15353 ]
|
|
|
|
|
|
|
|
|
|
|
Frank Denis
5 years ago