server_names = ['cloudflare'] listen_addresses = ['0.0.0.0:53'] max_clients = 250 ipv4_servers = true ipv6_servers = false dnscrypt_servers = false doh_servers = true force_tcp = false timeout = 5000 keepalive = 60 blocked_query_response = 'hinfo' lb_strategy = 'ph' log_level = 2 log_file = '/dev/stdout' use_syslog = false cert_refresh_delay = 240 # DoH: Disable TLS session tickets - increases privacy but also latency tls_disable_session_tickets = false fallback_resolvers = ['1.1.1.1:53', '9.9.9.9:53', '8.8.8.8:53'] ignore_system_dns = true netprobe_timeout = 60 netprobe_address = '8.8.8.8:53' offline_mode = false log_files_max_size = 0 log_files_max_age = 0 log_files_max_backups = 0 block_ipv6 = true block_unqualified = true block_undelegated = true reject_ttl = 600 forwarding_rules = '/data/forwarding-rules.txt' cloaking_rules = '/data/cloaking-rules.txt' cloak_ttl = 60 cache = true cache_size = 16384 cache_min_ttl = 2400 cache_max_ttl = 86400 cache_neg_min_ttl = 60 cache_neg_max_ttl = 600 [local_doh] [query_log] [nx_log] [schedules] [sources] [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'] cache_file = 'public-resolvers.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' prefix = '' [broken_implementations] fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'cleanbrowsing-adult', 'cleanbrowsing-family-ipv6', 'cleanbrowsing-family', 'cleanbrowsing-security'] [anonymized_dns] [static]