# this config suitable for both standalone as well as 'aliased' (ln -s dnscrypt-proxy dnscrypt-proxy.alias) use, # where alias can "select" (be equal to) Name (1st) field from dnscrypt-resolvers.csv file (see DNSCRYPT_MODE='name' and it's variables below) # by default dns-crypt service intentionally not 'provides' dns because of probably (and reasonably) chained use of dnscrypt-proxy # with some forwarder/cache, e.g. unbound. In that case, you can use here: # rc_provide=cryptodns # ... whereas conf.d/unbound 'provides' dns and 'needs' cryptodns # if you plan to use two or more 'aliased' instances as redundant dns subproviders, consider put # rc_provide="!cryptodns" # ...into 'main' conf.d/dnscrypt-proxy, but keep rc_provide=cryptodns for 'aliased' conf.d's. # This will remove a non-aliased service from dependency graph, avoided unneeded service start. # for proper autostart of aliased services also put rc_need="cryptodns" and rc_want="dnscrypt-proxy.*" into conf.d/unbound # ip[:port] DNSCRYPT_LOCAL_ADDRESS='127.0.0.1' # if empty, log to /var/log/${SVCNAME}.log, otherwise it can be set to /path/to/file or special 'syslog' value # WARNING! Now logging to file is not recommended because of lack of timestamp in log lines DNSCRYPT_LOGGER=syslog # placeholder '' replaces by ${SVCNAME#dnscrypt-proxy.} # only valid when DNSCRYPT_LOGGER=syslog DNSCRYPT_SYSLOG_PREFIX='[]' #DNSCRYPT_SYSLOG_PREFIX= # default is dnscrypt DNSCRYPT_USER= # default is dnscrypt (not sure it *really* needed) DNSCRYPT_GROUP= # various dnscrypt-proxy options: --loglevel=, --max-active-requests=, --ephemeral-keys etc DNSCRYPT_OPTS= # mode: 'name' (use resolver from file) or 'ip' (set resolver explicitly) DNSCRYPT_MODE='name' ### 'name' mode variables: # empty value means ${SVCNAME#dnscrypt-proxy.} (e.g. DNSCRYPT_RESOLVER_NAME is equal to 'alias') DNSCRYPT_RESOLVER_NAME= # Can be set explicitly (Cisco OpenDNS): # DNSCRYPT_RESOLVER_NAME=cisco # default is /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv DNSCRYPT_RESOLVERS_FILE= ### 'ip' mode variables: # ip:port, mandatory DNSCRYPT_PROVIDER_ADDRESS= # mandatory DNSCRYPT_PROVIDER_NAME= # mandatory DNSCRYPT_PROVIDER_KEY=