aboutsummaryrefslogtreecommitdiffstats
path: root/zdnsrc
blob: 0c5e4ce8265a78288fc52c8d49e34c6f21df4ecb (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

# -*- mode: conf-toml -*-

# Each commented option contains the default value.

[dns]
# Listening address of the resolver.
#
# listen = "127.0.0.1:53000"

# Listening protocol. The only supported one is "udp".
#
# protocol = "udp"

# Maximum number of entries to keep in the DNS cache. The cache discards older
# entries once the number of entries exceeds this size.
#
# cache_size = 4096

# Cache pre-fetching.
#
# If enabled, cached entries will be re-resolved asynchronously. Note that this
# may lead to slightly stale entries, but cached requests will never block
# waiting for the upstream resolver.
#
# cache_prefetch = true

# Cache persistence.
#
# If enabled, cache contents is periodically written to disk. The persisted
# content will then be used to pre-populate the cache on startup.
#
# cache_persist = false

# Upstream DNS servers to use when answering queries.
#
# Each entry has the following format:
#
# addr:port[=tls-name]
#
# The tls-name part is optional. Some DNS servers only have FQDNs in their
# certificate SAN field. This causes certificate validation to fail when
# connecting using an IP address.
#
# When tls-name is set it's used to verify the hostname of the returned
# certificate. This only makes sense in combination with the tcp-tls protocol.
#
# The default is Cloudflare DNS servers, which support DNS-over-TLS.
# https://www.cloudflare.com/learning/dns/what-is-1.1.1.1/
#
# resolvers = [
#   "1.1.1.1:853",
#   "1.0.0.1:853",
# ]
#
# Or using DNS-over-HTTPS:
#
# resolvers = [
#   "https://cloudflare-dns.com/dns-query",
# ]
#
# Or using a specific TLS server name, for example with a UncensoredDNS servers
# (https://blog.uncensoreddns.org):
#
# resolvers = [
#   "89.233.43.71:853=unicast.censurfridns.dk",
#   "91.239.100.100:853=anycast.censurfridns.dk",
# ]

# Configure how to answer hijacked DNS requests.
#
# zero:  Respond with the IPv4 zero address (0.0.0.0) to type A requests.
#        Respond with the IPv6 zero address (::) to type AAAA requests.
# empty: Respond with an empty answer to all hijacked requests.
# hosts: Respond with the corresponding inline host, if any.
#
# hijack_mode = "zero"

# Configures the interval when each remote hosts list should be refreshed.
#
# hosts_refresh_interval = "48h"

# Path to the database. This is used for persistence, such as logging of DNS requests.
#
# database = ""

# Set logging mode. The option log_database must be set when setting this to
# non-empty.
#
# all:          Logs all requests.
# hijacked:     Logs only hijacked requests
# empty string: Log nothing (default).
#
# log_mode = ""

# Configure the duration of logged requests. Log entries older than this will be
# removed.
#
# log_ttl = "168h"

# HTTP server for inspecting logs and cache. Setting a listening address on the
# form addr:port will enable the server. Set to empty string to disable.
#
# listen_http = "127.0.0.1:8053"

[resolver]
# Set the protocol to use when sending requests to upstream resolvers. Supported protocols:
#
# tcp-tls: DNS over TLS (encrypted). Note that the upstream resolver must
#          support this protocol.
# https:   DNS over HTTPS (encrypted). Only recommended for networks where tcp-tls
#          does not work, due to e.g. aggressive firewalls. Note that the upstream
#          resolver must support this protocol.
# udp:     DNS over UDP (plaintext).
# tcp:     DNS over TCP (plaintext).
#
# protocol = "tcp-tls"

# Set the maximum timeout of a DNS request.
#
# timeout = "2s"

# Answer queries from static hosts files. There are no default values for the
# following examples.
#
# Load hosts from an URL. The hijack option can be one of:
#
# true:  Matching requests will be answered according to hijack_mode.
# false: Matching requests will never be hijacked. This can be used to
#        whitelist particular hosts as shown in the example below.
#
# [[hosts]]
# url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
# hijack = true
# timeout = "5s"

# Load hosts from a local file.
#
# [[hosts]]
# url = "file:///home/foo/myhosts.txt"
# hijack = true

# Inline hosts list. Useful for blocking or whitelisting a small set of hosts.
#
# [[hosts]]
# entries = [
#   # Unblock the following to avoid breaking video watching history
#    "0.0.0.0 s.youtube.com",
# ]
# hijack = false