-
Notifications
You must be signed in to change notification settings - Fork 8
/
jdnsproxy.properties
51 lines (40 loc) · 3.26 KB
/
jdnsproxy.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# minTtl: rewrite TTLs lower than this to this value, default 600, 0 disables this feature
minTtl=600
# staleResponseTimeout: milliseconds to wait for response to query before serving a stale record if we have it, default 1000
staleResponseTimeout=1000
# staleResponseTtl: TTL to apply to stale record when above timeout is met and stale record is served, default 10
staleResponseTtl=10
# cacheFile: path to file to persist cache to at an interval
cacheFile=dnscache.map
# cacheDelayMinutes: how often to write the cache to disk
cacheDelayMinutes=60
# packetQueueLength: maximum requests queued waiting for responses from upstream, all resolvers specified process from this queue, cached responses don't enter this queue, default 100, 0 means unlimited, -1 means no queue, just use RandomUpstreamResolver
packetQueueLength=100
# listeners: list of listeners, currently supports tcp:// and udp:// with no options, default 'tcp://127.0.0.1:5353 udp://127.0.0.1:5353'
listeners=tcp://127.0.0.1:5353 udp://127.0.0.1:5353
# resolvers: list of resolvers with or without options, whitespace separated, options are in fragment separated by ;
# currently support tcp:// (regular DNS-over-TCP), tls:// (DNS-over-TLS), http:// https:// (DNS-over-HTTPS)
# both tls:// and https:// support option pubKeyPinsSha256 with a comma-separated list of base64 public key hashes like HPKP, not supplying this causes TLS connections to be unauthenticated (vulnerable to MITM)
# https:// also validates the hostname for now like a browser would
# default 'https://dns.google.com/experimental?ct#name=dns.google.com'
resolvers=\
tls://89.233.43.71#name=unicast.censurfridns.dk;pubKeyPinsSha256=wikE3jYAA6jQmXYTr/rbHeEPmC78dQwZbQp6WdrseEs= \
tls://145.100.185.15#name=dnsovertls.sinodun.com;pubKeyPinsSha256=62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= \
tls://145.100.185.16#name=dnsovertls1.sinodun.com;pubKeyPinsSha256=cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= \
tls://185.49.141.37#name=getdnsapi.net;pubKeyPinsSha256=foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q= \
https://dns.google.com/experimental?ct#name=dns.google.com
#resolvers=https://dns.google.com/experimental?ct
#resolvers=tcp://8.8.4.4:53
#resolvers=tls://89.233.43.71:853#pubKeyPinsSha256=wikE3jYAA6jQmXYTr/rbHeEPmC78dQwZbQp6WdrseEs=
# below here are resolver options that may be defined here and/or at the resolver level, if both resolver level wins
# proxy: defines a proxy to use for all connections to this resolver, supports socks:// and http://, default none
#proxy=socks://127.0.0.1:9050
# pubKeyPinsSha256: should be on an individual resolver level, specify comma-seperated base64 public key hashes like HPKP, not supplying this causes TLS connections to be unauthenticated (vulnerable to MITM), default none
# https:// also validates the hostname for now like a browser would
#pubKeyPinsSha256=wikE3jYAA6jQmXYTr/rbHeEPmC78dQwZbQp6WdrseEs=
# maxRetries: maximum number of times a request is re-queued to be resolved upstream due to failure before giving up, this is maximum retries total, not per-resolver, default resolvers.length * 2
#maxRetries=5
# name: human-readable name of resolver, might end up in logs, default full resolver URI
#name=somename
# connectTimeout: TCP connection timeout in milliseconds to upstream resolver, default 500
connectTimeout=500