|
|
|
|
@ -88,3 +88,24 @@ General Settings
|
|
|
|
|
Minimum TTL for negatively cached entries.
|
|
|
|
|
:Cache Negative Max TTL:
|
|
|
|
|
Maximum TTL for negatively cached entries.
|
|
|
|
|
|
|
|
|
|
-----------------------
|
|
|
|
|
Example: Standalone DNS
|
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
|
|
You can use the DNSCrypt-Proxy as a full-featured standalone DNS instead of Unbound or Dnsmasq.
|
|
|
|
|
This setup has the advantage that you do not need a forwarder solution for encrypting DNS requests
|
|
|
|
|
or the usage of DNSBL.
|
|
|
|
|
|
|
|
|
|
To do so go to **Services->Unbound DNS->General** and uncheck *Enable*. If you are using Dnsmasq
|
|
|
|
|
go to **Services->Dnsmasq DNS->Settings** and uncheck *Enable*. Now change to **Services->DNSCrypt-Proxy->Configuration**
|
|
|
|
|
and add your Local LAN IP address to the *Listen Address* field, e.g. 192.168.2.1:53.
|
|
|
|
|
|
|
|
|
|
For IPv6 with dynamic prefixes you can work around this with ::1:53 as *Listen Address* and add
|
|
|
|
|
a Port Forward rule, matching every IPv6 UDP traffic, port 53, redirect to ::1.
|
|
|
|
|
|
|
|
|
|
Optionally you can set :53 to listen on all addresses like the default behaviour in Unbound.
|
|
|
|
|
|
|
|
|
|
Now you can go on with your configuration task, like choosing which servers to use, privacy policy or caching.
|
|
|
|
|
Also cloaking (overrides) or DNSBL can be used without any workarounds.
|
|
|
|
|
|
|
|
|
|
|
Michael
5 years ago
committed by
Franco Fichtner