Last active
June 20, 2022 00:23
-
-
Save PatelUtkarsh/f1491721871c5a38788511c99e70a2f7 to your computer and use it in GitHub Desktop.
stubby cloudflare ipv4 and ipv6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| no-resolv | |
| proxy-dnssec | |
| server=::1#5353 | |
| server=127.0.0.1#5353 | |
| listen-address=::1,127.0.0.1 | |
| # Put any other line here like laravel valet using .test domain. | |
| address=/.test/127.0.0.1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################## BASIC & PRIVACY SETTINGS ############################ | |
| # Specifies whether to run as a recursive or stub resolver | |
| # For stubby this MUST be set to GETDNS_RESOLUTION_STUB | |
| resolution_type: GETDNS_RESOLUTION_STUB | |
| # Ordered list composed of one or more transport protocols: | |
| # GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP or GETDNS_TRANSPORT_TLS | |
| # If only one transport value is specified it will be the only transport used. | |
| # Should it not be available basic resolution will fail. | |
| # Fallback transport options are specified by including multiple values in the | |
| # list. Strict mode (see below) should use only GETDNS_TRANSPORT_TLS. | |
| dns_transport_list: | |
| - GETDNS_TRANSPORT_TLS | |
| # Selects Strict or Opportunistic Usage profile as described in | |
| # https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ | |
| # Strict mode requires that authentication information for the upstreams is | |
| # specified below. Opportunistic may fallback to clear text DNS if UDP or TCP | |
| # is included in the transport list above. | |
| # For Strict use GETDNS_AUTHENTICATION_REQUIRED | |
| # For Opportunistic use GETDNS_AUTHENTICATION_NONE | |
| tls_authentication: GETDNS_AUTHENTICATION_REQUIRED | |
| # EDNS0 option to pad the size of the DNS query to the given blocksize | |
| # 128 is currently recommended by | |
| # https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-03 | |
| tls_query_padding_blocksize: 128 | |
| # EDNS0 option for ECS client privacy as described in Section 7.1.2 of | |
| # https://tools.ietf.org/html/rfc7871 | |
| edns_client_subnet_private : 1 | |
| ############################# CONNECTION SETTINGS ############################## | |
| # Set to 1 to instruct stubby to distribute queries across all available name | |
| # servers - this will use multiple simultaneous connections which can give | |
| # better performance is most (but not all) cases. | |
| # Set to 0 to treat the upstreams below as an ordered list and use a single | |
| # upstream until it becomes unavailable, then use the next one. | |
| round_robin_upstreams: 1 | |
| # EDNS0 option for keepalive idle timeout in ms as specified in | |
| # https://tools.ietf.org/html/rfc7828 | |
| # This keeps idle TLS connections open to avoid the overhead of opening a new | |
| # connection for every query. | |
| idle_timeout: 10000 | |
| ################################ LISTEN ADDRESS ################################ | |
| # Set the listen addresses for the stubby DAEMON. This specifies localhost IPv4 | |
| # and IPv6. It will listen on port 53 by default. Use <IP_address>@<port> to | |
| # specify a different port | |
| listen_addresses: | |
| - 127.0.0.1@5353 | |
| - 0::1@5353 | |
| upstream_recursive_servers: | |
| ####### IPv4 addresses ###### | |
| ## Cloudflare 1.1.1.1 and 1.0.0.1 | |
| - address_data: 1.1.1.1 | |
| tls_auth_name: "cloudflare-dns.com" | |
| - address_data: 1.0.0.1 | |
| tls_auth_name: "cloudflare-dns.com" | |
| ####### IPv6 addresses ####### | |
| ## Cloudflare servers | |
| - address_data: 2606:4700:4700::1111 | |
| tls_auth_name: "cloudflare-dns.com" | |
| - address_data: 2606:4700:4700::1001 | |
| tls_auth_name: "cloudflare-dns.com" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################## BASIC & PRIVACY SETTINGS ############################ | |
| # Specifies whether to run as a recursive or stub resolver | |
| # For stubby this MUST be set to GETDNS_RESOLUTION_STUB | |
| resolution_type: GETDNS_RESOLUTION_STUB | |
| # Ordered list composed of one or more transport protocols: | |
| # GETDNS_TRANSPORT_UDP, GETDNS_TRANSPORT_TCP or GETDNS_TRANSPORT_TLS | |
| # If only one transport value is specified it will be the only transport used. | |
| # Should it not be available basic resolution will fail. | |
| # Fallback transport options are specified by including multiple values in the | |
| # list. Strict mode (see below) should use only GETDNS_TRANSPORT_TLS. | |
| dns_transport_list: | |
| - GETDNS_TRANSPORT_TLS | |
| # Selects Strict or Opportunistic Usage profile as described in | |
| # https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ | |
| # Strict mode requires that authentication information for the upstreams is | |
| # specified below. Opportunistic may fallback to clear text DNS if UDP or TCP | |
| # is included in the transport list above. | |
| # For Strict use GETDNS_AUTHENTICATION_REQUIRED | |
| # For Opportunistic use GETDNS_AUTHENTICATION_NONE | |
| tls_authentication: GETDNS_AUTHENTICATION_REQUIRED | |
| # EDNS0 option to pad the size of the DNS query to the given blocksize | |
| # 128 is currently recommended by | |
| # https://tools.ietf.org/html/draft-ietf-dprive-padding-policy-03 | |
| tls_query_padding_blocksize: 128 | |
| # EDNS0 option for ECS client privacy as described in Section 7.1.2 of | |
| # https://tools.ietf.org/html/rfc7871 | |
| edns_client_subnet_private : 1 | |
| ############################# CONNECTION SETTINGS ############################## | |
| # Set to 1 to instruct stubby to distribute queries across all available name | |
| # servers - this will use multiple simultaneous connections which can give | |
| # better performance is most (but not all) cases. | |
| # Set to 0 to treat the upstreams below as an ordered list and use a single | |
| # upstream until it becomes unavailable, then use the next one. | |
| round_robin_upstreams: 1 | |
| # EDNS0 option for keepalive idle timeout in ms as specified in | |
| # https://tools.ietf.org/html/rfc7828 | |
| # This keeps idle TLS connections open to avoid the overhead of opening a new | |
| # connection for every query. | |
| idle_timeout: 10000 | |
| ################################ LISTEN ADDRESS ################################ | |
| # Set the listen addresses for the stubby DAEMON. This specifies localhost IPv4 | |
| # and IPv6. It will listen on port 53 by default. Use <IP_address>@<port> to | |
| # specify a different port | |
| listen_addresses: | |
| - 127.0.0.1 | |
| - 0::1 | |
| upstream_recursive_servers: | |
| ####### IPv4 addresses ###### | |
| ## Cloudflare 1.1.1.1 and 1.0.0.1 | |
| - address_data: 1.1.1.1 | |
| tls_auth_name: "cloudflare-dns.com" | |
| - address_data: 1.0.0.1 | |
| tls_auth_name: "cloudflare-dns.com" | |
| ####### IPv6 addresses ####### | |
| ## Cloudflare servers | |
| - address_data: 2606:4700:4700::1111 | |
| tls_auth_name: "cloudflare-dns.com" | |
| - address_data: 2606:4700:4700::1001 | |
| tls_auth_name: "cloudflare-dns.com" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment