mirror of
https://github.com/minoplhy/DNSserver.git
synced 2024-11-24 10:16:54 +00:00
updates with current configuration
This commit is contained in:
synto
parent
e08570d856
commit
f973f37a3a
@ -1,5 +1,3 @@
|
||||
# This Client Configuration are made for dnscrypt-proxy and Thanks ookangzheng for sample configuration files
|
||||
# Based on https://github.com/ookangzheng/blahdns/blob/master/client-conf/dnscrypt/dnscrypt-proxy.toml
|
||||
server_names = ['ProviderName', 'ProviderNamev6-Ifexisted']
|
||||
listen_addresses = ['127.0.0.1:53', '[::1]:53']
|
||||
max_clients = 250
|
||||
@ -10,7 +8,7 @@ keepalive = 30
|
||||
# Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
|
||||
lb_strategy = 'fastest'
|
||||
fallback_resolver = '94.140.14.14:53'
|
||||
ignore_system_dns = false
|
||||
ignore_system_dns = true
|
||||
netprobe_timeout = 30
|
||||
cache = false
|
||||
cache_size = 512
|
||||
@ -19,6 +17,18 @@ cache_max_ttl = 1800
|
||||
cache_neg_min_ttl = 2
|
||||
cache_neg_max_ttl = 6
|
||||
|
||||
# Use servers reachable over IPv4
|
||||
ipv4_servers = true
|
||||
|
||||
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
|
||||
ipv6_servers = true
|
||||
|
||||
# Use servers implementing the DNSCrypt protocol
|
||||
dnscrypt_servers = true
|
||||
|
||||
# Use servers implementing the DNS-over-HTTPS protocol
|
||||
doh_servers = false
|
||||
|
||||
[static]
|
||||
## Publickey: YOURPUBKEY
|
||||
[static.'ProviderName']
|
||||
|
||||
@ -1,4 +1,3 @@
|
||||
# Original author : aaflalo.me https://www.aaflalo.me/2018/10/tutorial-setup-dns-over-https-server/#Configuration
|
||||
# HTTP listen port
|
||||
listen = [
|
||||
"127.0.0.1:8053",
|
||||
@ -24,6 +23,8 @@ path = "/dns-query"
|
||||
upstream = [
|
||||
"tcp:127.0.0.1:5353",
|
||||
"udp:127.0.0.1:5353",
|
||||
"tcp:[::1]:5353",
|
||||
"udp:[::1]:5353"
|
||||
]
|
||||
|
||||
# Upstream timeout
|
||||
@ -34,3 +35,26 @@ tries = 10
|
||||
|
||||
# Enable logging
|
||||
verbose = false
|
||||
|
||||
# Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP
|
||||
# Note: http uri/useragent log cannot be controlled by this config
|
||||
log_guessed_client_ip = false
|
||||
|
||||
# By default, non global IP addresses are never forwarded to upstream servers.
|
||||
# This is to prevent two things from happening:
|
||||
# 1. the upstream server knowing your private LAN addresses;
|
||||
# 2. the upstream server unable to provide geographically near results,
|
||||
# or even fail to provide any result.
|
||||
# However, if you are deploying a split tunnel corporation network
|
||||
# environment, or for any other reason you want to inhibit this
|
||||
# behavior and allow local (eg RFC1918) address to be forwarded,
|
||||
# change the following option to "true".
|
||||
ecs_allow_non_global_ip = false
|
||||
|
||||
# If ECS is added to the request, let the full IP address or
|
||||
# cap it to 24 or 128 mask. This option is to be used only on private
|
||||
# networks where knwoledge of the terminal endpoint may be required for
|
||||
# security purposes (eg. DNS Firewalling). Not a good option on the
|
||||
# internet where IP address may be used to identify the user and
|
||||
# not only the approximate location.
|
||||
ecs_use_precise_ip = false
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -15,13 +15,15 @@ modules = {
|
||||
'predict', -- Prefetch expiring/frequent records
|
||||
}
|
||||
|
||||
-- Cache size https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html#sizing
|
||||
--- Cache size https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html#sizing
|
||||
-- "For personal and small office use-cases cache size around 100 MB is more than enough." -cz.nic
|
||||
cache.size = 100 * MB
|
||||
cache.size = 50 * MB
|
||||
|
||||
-- policy help : https://knot-resolver.readthedocs.io/en/stable/modules-policy.html
|
||||
-- This is Just a Blocklist
|
||||
policy.add(policy.rpz(policy.PASS, '/etc/knot-resolver/list/minopallow.rpz',true))
|
||||
policy.add(policy.rpz(policy.PASS, '/etc/knot-resolver/list/adguard-exceptions.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/adguard-dns.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/minopdeny.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/energized-ultimate.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/pgl-adserver.rpz',true))
|
||||
@ -29,6 +31,9 @@ policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/energized-social.r
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/energized-regional.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/urlhaus-abuse_ch.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/energized-xtreme.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/blahdns.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/1host-domains-pro.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/1host-wildcards-pro.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/minop-cname-cloaking.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/ad-cname-tracker.rpz',true))
|
||||
policy.add(policy.rpz(policy.REFUSE, '/etc/knot-resolver/list/rpz-oisd.rpz',true))
|
||||
|
||||
|
||||
@ -1,13 +1,17 @@
|
||||
#!/bin/sh
|
||||
wget -O /etc/knot-resolver/list/minopallow.rpz https://github.com/minoplhy/dnsBlocklist/raw/main/rpz/allowlist.rpz
|
||||
wget -O /etc/knot-resolver/list/minopdeny.rpz https://github.com/minoplhy/dnsBlocklist/raw/main/rpz/denylist.rpz
|
||||
wget -O /etc/knot-resolver/list/minopallow.rpz https://git.kylz.nl/GitHub/DNSBlocklist/raw/branch/main/rpz/allowlist.rpz
|
||||
wget -O /etc/knot-resolver/list/adguard-exceptions.rpz https://sos-ch-dk-2.exo.io/noblt/adguard/exceptions_rpz.txt
|
||||
wget -O /etc/knot-resolver/list/adguard-dns.rpz https://sos-ch-dk-2.exo.io/noblt/adguard/dns_rpz.txt
|
||||
wget -O /etc/knot-resolver/list/minopdeny.rpz https://git.kylz.nl/GitHub/DNSBlocklist/raw/branch/main/rpz/denylist.rpz
|
||||
wget -O /etc/knot-resolver/list/energized-ultimate.rpz https://block.energized.pro/ultimate/formats/rpz.txt
|
||||
wget -O /etc/knot-resolver/list/pgl-adserver.rpz https://pgl.yoyo.org/adservers/serverlist.php?hostformat=rpz&showintro=1&mimetype=plaintext
|
||||
wget -O /etc/knot-resolver/list/energized-social.rpz https://block.energized.pro/extensions/social/formats/rpz.txt
|
||||
wget -O /etc/knot-resolver/list/energized-regional.rpz https://block.energized.pro/extensions/regional/formats/rpz.txt
|
||||
wget -O /etc/knot-resolver/list/energized-xtreme.rpz https://block.energized.pro/extensions/xtreme/formats/rpz.txt
|
||||
wget -O /etc/knot-resolver/list/blahdns.rpz https://oooo.b-cdn.net/blahdns/blahdns_rpz.txt
|
||||
wget -O /etc/knot-resolver/list/1host-domains-pro.rpz https://sos-ch-dk-2.exo.io/noblt/1host/domains-pro_rpz.txt
|
||||
wget -O /etc/knot-resolver/list/1host-wildcards-pro.rpz https://sos-ch-dk-2.exo.io/noblt/1host/wildcards-pro_rpz.txt
|
||||
wget -O /etc/knot-resolver/list/urlhaus-abuse_ch.rpz https://urlhaus.abuse.ch/downloads/rpz
|
||||
wget -O /etc/knot-resolver/list/minop-cname-cloaking.rpz https://noblt.sos-ch-dk-2.exoscale-cdn.com/adguard/cname-original.rpz
|
||||
wget -O /etc/knot-resolver/list/ad-cname-tracker.rpz https://noblt.sos-ch-dk-2.exoscale-cdn.com/adguard/cname-tracker.rpz
|
||||
wget -O /etc/knot-resolver/list/minop-cname-cloaking.rpz https://sos-ch-dk-2.exo.io/noblt/adguard/cname-original_rpz.txt
|
||||
wget -O /etc/knot-resolver/list/ad-cname-tracker.rpz https://sos-ch-dk-2.exo.io/noblt/adguard/cname-tracker_rpz.txt
|
||||
wget -O /etc/knot-resolver/list/rpz-oisd.rpz https://rpz.oisd.nl/
|
||||
exit
|
||||
|
||||
Loading…
Reference in New Issue
Block a user