mirror of
https://github.com/m13253/dns-over-https.git
synced 2026-03-30 20:45:38 +00:00
54 lines
1.5 KiB
Plaintext
54 lines
1.5 KiB
Plaintext
# HTTP listen port
|
|
listen = [
|
|
"127.0.0.1:8053",
|
|
"[::1]:8053",
|
|
|
|
## To listen on both 0.0.0.0:8053 and [::]:8053, use the following line
|
|
# ":8053",
|
|
]
|
|
|
|
# Local address and port for upstream DNS
|
|
# If left empty, a local address is automatically chosen.
|
|
local_addr = ""
|
|
|
|
# TLS certification file
|
|
# If left empty, plain-text HTTP will be used.
|
|
# You are recommended to leave empty and to use a server load balancer (e.g.
|
|
# Caddy, Nginx) and set up TLS there, because this program does not do OCSP
|
|
# Stapling, which is necessary for client bootstrapping in a network
|
|
# environment with completely no traditional DNS service.
|
|
cert = ""
|
|
|
|
# TLS private key file
|
|
key = ""
|
|
|
|
# HTTP path for resolve application
|
|
path = "/dns-query"
|
|
|
|
# Upstream DNS resolver
|
|
# If multiple servers are specified, a random one will be chosen each time.
|
|
# You can use "udp", "tcp" or "tcp-tls" for the type prefix.
|
|
# For "udp", UDP will first be used, and switch to TCP when the server asks to
|
|
# or the response is too large.
|
|
# For "tcp", only TCP will be used.
|
|
# For "tcp-tls", DNS-over-TLS (RFC 7858) will be used to secure the upstream connection.
|
|
upstream = [
|
|
"udp:1.1.1.1:53",
|
|
"udp:1.0.0.1:53",
|
|
"udp:8.8.8.8:53",
|
|
"udp:8.8.4.4:53",
|
|
]
|
|
|
|
# Upstream timeout
|
|
timeout = 10
|
|
|
|
# Number of tries if upstream DNS fails
|
|
tries = 3
|
|
|
|
# Enable logging
|
|
verbose = false
|
|
|
|
# Enable log IP from HTTPS-reverse proxy header: X-Forwarded-For or X-Real-IP
|
|
# Note: http uri/useragent log cannot be controlled by this config
|
|
log_guessed_client_ip = false
|