Runs a DNS proxy on 0.0.0.0:53 with a single upstream - Google DNS. pprof If present, exposes pprof information on localhost:6060. max-go-routines= Set the maximum number of go routines. A value <= 0 will use the system default. udp-buf-size= Set the size of the UDP buffer in bytes. bogus-nxdomain= Transform the responses containing at least a single IP that matches specified addressesĪnd CIDRs into NXDOMAIN. ipv6-disabled If specified, all AAAA requests will be replied with NoError RCode and empty answer If not specified, dnsproxy uses the 'Well-Known Prefix' 64:ff9b. dns64-prefix= Prefix used to handle DNS64. dns64 If specified, dnsproxy will act as a DNS64 server refuse-any If specified, refuse ANY requests r, -ratelimit= Ratelimit (requests per second) cache-optimistic If specified, optimistic DNS cache is enabled cache-max-ttl= Maximum TTL value for DNS entries, in seconds. Capped at 3600.Īrtificially extending TTLs should only be done with careful consideration. cache-min-ttl= Minimum TTL value for DNS entries, in seconds. cache If specified, DNS cache is enabled fastest-addr Respond to A or AAAA requests only with the fastest IP address all-servers If specified, parallel queries to all configured upstream servers are enabled private-rdns-upstream= Private DNS upstreams to use for reverse DNS lookups of private addresses, can f, -fallback= Fallback resolvers to use when regular ones are unavailable, can be specified multiple times. b, -bootstrap= Bootstrap DNS for DoH and DoT, can be specified multiple times (default: 8.8.8.8:53) You can also specify path to a file with the list of servers u, -upstream= An upstream to be used (can be specified multiple times). g, -dnscrypt-config= Path to a file with DNSCrypt configuration. insecure Disable secure TLS certificate validation tls-max-version= Maximum TLS version, for example 1.3 tls-min-version= Minimum TLS version, for example 1.0 k, -tls-key= Path to a file with the private key c, -tls-crt= Path to a file with the certificate chain y, -dnscrypt-port= Listening ports for DNSCrypt q, -quic-port= Listening ports for DNS-over-QUIC t, -tls-port= Listening ports for DNS-over-TLS s, -https-port= Listening ports for DNS-over-HTTPS Zero value disables TCP and UDP listeners Options passed through command line will override the ones from this file.
0 Comments
Leave a Reply. |