diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-08-13 21:01:51 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2019-08-13 21:07:37 +0200 |
commit | 42736ffdb84212bf7f25d2b5e649908a1a109488 (patch) | |
tree | 41fed97b371abeadb1adc99b9619384dc51b986d /README.md | |
parent | 5b94c08f360c2d12d02c99dddfd5a62967f6545a (diff) |
Sane configuration defaults
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 76 |
1 files changed, 1 insertions, 75 deletions
@@ -27,78 +27,4 @@ regular DNS requests, be portable and easy to configure. `zdns` uses the [TOML](https://github.com/toml-lang/toml) configuration format and expects to find its configuration file in `~/.zdnsrc`. -### Example - -```toml -[dns] -# Listening address of this resolver. -listen = "0.0.0.0:53" - -# Listening protocol. Defaults to "udp", the only supported protocol. -protocol = "udp" - -# Maxium number of entries to keep in the DNS cache. The cache discards older -# entries once the number of entries exceeds this size. -cache_size = 10000 - -# Upstream DNS servers to use when resolving queries. -# -# This example uses Cloudflare DNS servers, which support DNS-over-TLS. -# https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/ -resolvers = [ - "1.1.1.1:853", - "1.0.0.1:853", -] - -# Configure how to answer hijacked DNS requests. -# Possible values: -# zero: Answer A quiries with the IPv4 zero address (0.0.0.0). -# Answer AAAA requests with the IPv6 zero address (::). -# This is the default. -# empty: Answer all hijacked requests with an empty answer. -# hosts: Answer hijacked requests from inline hosts (see below). -hijack_mode = "zero" - -# Configures how often remote hosts lists should be refreshed. This option has -# no default value. -hosts_refresh_interval = "48h" - -# Path to the log database. Configuring a path here will enable logging of DNS -# requests. Default is empty string (no logging). -log_database = "/tmp/pfdns.db" - -# Configure which requests to log. -# Possible values: -# all: Logs all requests. -# hijacked: Logs only hijacked requests (default). -# disabled: Disable logging. -log_mode = "hijacked" - -[resolver] -# Set the protocol to use when sending requests to upstream resolvers. Defaults to "udp". -# Possible values: -# tcp-tls: Use encrypted protocol (DNS-over-TLS). Note that the configured upstream resolvers must support this protocol. -# udp: Plain DNS over UDP. -# tcp: Plain DNS over TCP. -protocol = "tcp-tls" - -# Set the maximum timeout for a single DNS request. -timeout = "1s" - -[[hosts]] -# Load hosts from an URL. No default. -url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" -# Whether to hijack DNS requests matching hostnames in this hosts list. -# true: Matching requests will be answered according to hijack_mode. -# false: Matching requests will never be hijacked. -hijack = true - -[[hosts]] -# Inline hosts list. Useful for whitelisting particular hosts. No default. -entries = [ - # Whitelist some hosts that otherwise break YouTube features - "0.0.0.0 s.youtube.com", - "0.0.0.0 s2.youtube.com", -] -hijack = false -``` +See [zdnsrc](zdnsrc) for an example configuration file. |