# DNS listen port
listen = [
    "127.0.0.1:53",
    "[::1]:53",
]

# HTTP path for upstream resolver
# If multiple servers are specified, a random one will be chosen each time.
upstream_google = [

    # Google's productive resolver, good ECS, bad DNSSEC
    "https://dns.google.com/resolve",

    # CloudFlare's resolver, bad ECS, good DNSSEC
    #"https://cloudflare-dns.com/dns-query",
    #"https://1.1.1.1/dns-query",
    #"https://1.0.0.1/dns-query",

    # CloudFlare's resolver for Tor, available only with Tor
    # Remember to disable ECS below when using Tor!
    # Blog: https://blog.cloudflare.com/welcome-hidden-resolver/
    #"https://dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion/dns-query",

]
upstream_ietf = [

    # Google's experimental resolver, good ECS, good DNSSEC
    #"https://dns.google.com/experimental",

    # CloudFlare's resolver, bad ECS, good DNSSEC
    #"https://cloudflare-dns.com/dns-query",
    #"https://1.1.1.1/dns-query",
    #"https://1.0.0.1/dns-query",

    # CloudFlare's resolver for Tor, available only with Tor
    # Remember to disable ECS below when using Tor!
    # Blog: https://blog.cloudflare.com/welcome-hidden-resolver/
    #"https://dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion/dns-query",

]

# Bootstrap DNS server to resolve the address of the upstream resolver
# If multiple servers are specified, a random one will be chosen each time.
# If empty, use the system DNS settings.
# If you want to preload IP addresses in /etc/hosts instead of using a
# bootstrap server, please make this list empty.
bootstrap = [

    # Google's resolver, bad ECS, good DNSSEC
    "8.8.8.8:53",
    "8.8.4.4:53",

    # CloudFlare's resolver, bad ECS, good DNSSEC
    #"1.1.1.1:53",
    #"1.0.0.1:53",

]

# Timeout for upstream request
timeout = 30

# Disable HTTP Cookies
#
# Cookies may be useful if your upstream resolver is protected by some
# anti-DDoS services to identify clients.
# Note that DNS Cookies (an DNS protocol extension to DNS) also has the ability
# to track uesrs and is not controlled by doh-client.
no_cookies = true

# Disable EDNS0-Client-Subnet (ECS)
#
# DNS-over-HTTPS supports EDNS0-Client-Subnet protocol, which submits part of
# the client's IP address (/24 for IPv4, /48 for IPv6 by default) to the
# upstream server. This is useful for GeoDNS and CDNs to work, and is exactly
# the same configuration as most public DNS servers.
no_ecs = false

# Disable IPv6 when querying upstream
#
# Only enable this if you really have trouble connecting.
# Doh-client uses both IPv4 and IPv6 by default and should not have problems
# with an IPv4-only environment.
# Note that DNS listening and bootstrapping is not controlled by this option.
no_ipv6 = false

# Enable logging
verbose = false