User Tools

Site Tools


inbox:dnscrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
inbox:dnscrypt [2017/01/28 20:08]
dartraiden [dnscrypt-proxy]
inbox:dnscrypt [2017/07/08 21:43] (current)
dartraiden [dnscrypt-proxy]
Line 83: Line 83:
 | ''​resolver''​ | string | no | ''​cisco''​ | DNS service for resolving queries. You can't add more than one resolver. | | ''​resolver''​ | string | no | ''​cisco''​ | DNS service for resolving queries. You can't add more than one resolver. |
 | ''​resolvers_list''​ | string | no | ''/​usr/​share/​dnscrypt-proxy/​dnscrypt-resolvers.csv''​ | Location of CSV file containing list of resolvers. When you use a custom DNSCrypt server and you later get problems when executing DNSCrypt, have a look in the resolver list (''/​usr/​share/​dnscrypt-proxy/​dnscrypt-resolvers.csv''​) and make sure the resolver you chose is listed there. If not you may need to manually add it or just update the resolver list with the [[https://​github.com/​jedisct1/​dnscrypt-proxy/​blob/​master/​dnscrypt-resolvers.csv|official one]]. Make sure to verify the integrity of the file before overwriting the local list! | | ''​resolvers_list''​ | string | no | ''/​usr/​share/​dnscrypt-proxy/​dnscrypt-resolvers.csv''​ | Location of CSV file containing list of resolvers. When you use a custom DNSCrypt server and you later get problems when executing DNSCrypt, have a look in the resolver list (''/​usr/​share/​dnscrypt-proxy/​dnscrypt-resolvers.csv''​) and make sure the resolver you chose is listed there. If not you may need to manually add it or just update the resolver list with the [[https://​github.com/​jedisct1/​dnscrypt-proxy/​blob/​master/​dnscrypt-resolvers.csv|official one]]. Make sure to verify the integrity of the file before overwriting the local list! |
-| ''​ephemeral_keys''​ | boolean | no | ''​0''​ | Improve privacy by using an ephemeral public key for each query. Note that you cannot yet use it with current ​versions ​of OpenWrt as the dnscrypt-proxy package is outdated and uses a version of DNSCrypt, which does not support ephemeral keys. Ephemeral keys option requires extra CPU cycles (especially on non-x86 platforms) and can cause huge system load. Disable it in case of performance problems. Also this option is useless with most DNSCrypt servers (all the servers using short TTLs for the certificates,​ which is done by default in the Docker image). |+| ''​ephemeral_keys''​ | boolean | no | ''​0''​ | Improve privacy by using an ephemeral public key for each query. Note that you cannot yet use it with current ​(Chaos Calmer) version ​of OpenWrt as the dnscrypt-proxy package is outdated and uses a version of DNSCrypt, which does not support ephemeral keys. Ephemeral keys option requires extra CPU cycles (especially on non-x86 platforms) and can cause huge system load. Disable it in case of performance problems. Also this option is useless with most DNSCrypt servers (all the servers using short TTLs for the certificates,​ which is done by default in the Docker image). |
  
 This options are only supported by Trunk: This options are only supported by Trunk:
Line 89: Line 89:
 ^ Name ^ Type ^ Required ^ Default ^ Description ^ ^ Name ^ Type ^ Required ^ Default ^ Description ^
 | ''​client_key''​ | string | no | //none// | Use a client public key for identification. By default, the client uses a randomized key pair in order to make tracking more difficult. This option does the opposite and uses a static key pair, so that DNS providers can offer premium services to queries signed with a known set of public keys. A client cannot decrypt the received responses without also knowing the secret key. The value for this property is the path to a file containing the secret key. The corresponding public key is computed automatically | | ''​client_key''​ | string | no | //none// | Use a client public key for identification. By default, the client uses a randomized key pair in order to make tracking more difficult. This option does the opposite and uses a static key pair, so that DNS providers can offer premium services to queries signed with a known set of public keys. A client cannot decrypt the received responses without also knowing the secret key. The value for this property is the path to a file containing the secret key. The corresponding public key is computed automatically |
-| ''​syslog''​ | boolean | no | ''​1''​ | Send server ​logs to the syslog daemon |+| ''​syslog''​ | boolean | no | ''​1''​ | Send logs to the syslog daemon |
 | ''​syslog_prefix''​ | string | no | ''​dnscrypt-proxy''​ | Log entries can optionally be prefixed with a string | | ''​syslog_prefix''​ | string | no | ''​dnscrypt-proxy''​ | Log entries can optionally be prefixed with a string |
 +
 +This options are not supported (at this moment), because DNSCrypt compiled without plugins support:
 +
 +^ Name ^ Type ^ Required ^ Default ^ Description ^
 | ''​query_log_file''​ | string | no | //none// | Log the received DNS queries to a file, so you can watch in real-time what is happening on the network. The value for this parameter is a full path to the log file. The file name can be prefixed with ltsv: in order to store logs using the LTSV format (ex: ltsv:/​tmp/​dns-queries.log) | | ''​query_log_file''​ | string | no | //none// | Log the received DNS queries to a file, so you can watch in real-time what is happening on the network. The value for this parameter is a full path to the log file. The file name can be prefixed with ltsv: in order to store logs using the LTSV format (ex: ltsv:/​tmp/​dns-queries.log) |
 | ''​local_cache''​ | boolean | no | ''​0''​ | Enable cache may speed up dnscrypt-proxy,​ see https://​github.com/​jedisct1/​dnscrypt-proxy/​wiki/​Go-faster | | ''​local_cache''​ | boolean | no | ''​0''​ | Enable cache may speed up dnscrypt-proxy,​ see https://​github.com/​jedisct1/​dnscrypt-proxy/​wiki/​Go-faster |
inbox/dnscrypt.1485630497.txt.bz2 · Last modified: 2017/01/28 20:08 by dartraiden