-
Notifications
You must be signed in to change notification settings - Fork 3
/
stubby.yml
39 lines (37 loc) · 1.15 KB
/
stubby.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
tls_ca_file: "/rom/etc/ssl/certs/ca-certificates.crt"
resolution_type: GETDNS_RESOLUTION_STUB
dns_transport_list:
- GETDNS_TRANSPORT_TLS
tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128
edns_client_subnet_private : 1
round_robin_upstreams: 1
idle_timeout: 2000
tls_connection_retries: 5
tls_backoff_time: 900
timeout: 2000
appdata_dir: "/opt/var/cache/stubby"
listen_addresses:
- 127.0.0.1@5453
- 0::1@5453
upstream_recursive_servers:
# Quad 9 Secure Primary
# - address_data: 9.9.9.9
# tls_auth_name: "dns.quad9.net"
# Quad 9 Secure Primary
# - address_data: 2620:fe::fe
# tls_auth_name: "dns.quad9.net"
# Cloudflare Primary IPv4
- address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Secondary IPv4
- address_data: 1.0.0.1
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Primary IPv6
- address_data: 2606:4700:4700::1111
tls_auth_name: "cloudflare-dns.com"
# Cloudflare Secondary IPv6
- address_data: 2606:4700:4700::1001
tls_auth_name: "cloudflare-dns.com"
tls_min_version: GETDNS_TLS1_3
tls_ciphersuites: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"