-
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathdoh-auth-proxy.toml
107 lines (82 loc) · 4.22 KB
/
doh-auth-proxy.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
##############################################
# #
# doh-auth-proxy configuration #
# #
##############################################
##################################
# Global settings #
##################################
## Address to listen to.
listen_addresses = ['127.0.0.1:50053', '[::1]:50053']
## DNS (Do53) resolver addresses for bootstrap.
## You can omit protocol name and port number, default is udp over port 53.
## The first one is used for bootstrap, and the rest are used for fallback as ordered.
bootstrap_dns = ["udp://8.8.8.8:53", "1.1.1.1:53", "8.8.4.4", "tcp://1.0.0.1"]
## Minutes to re-resolve the IP addr of the nexthop and authentication endpoint url
## Ip addresses are first resolved by bootstrap DNS, after that, they will be resolved by (MO)DoH resolver itself.
## default is 60 minutes
# endpoint_resolution_period = 60
## Health check period in minitus. Check health of all path candidates and purge DNS cache.
## Default is 10 minutes.
# healthcheck_period = 10
## Cache entry size (Default 16384)
# max_cache_size = 16384
## URL of (O)DoH target server like "https://dns.google/dns-query".
## You can specify multiple servers by repeatedly set this option, then one of given
## servers is chosen (if target_randomization = true, randomly every time).
## Note that we do not choose looped paths, so you need at least one diffrent relay host when (M)ODoH.
target_urls = ["https://odoh.cloudflare-dns.com/dns-query"]
## According to the suggestion in "Designing for Tussle in Encrypted DNS" (HotNets'21),
## multiple (O)DoH servers should be specified and used in randomized fashion in this
## proxy when "target_randomization = true". Otherwise, the first one is always chosen.
## To this end, 'Global' objects should have Vec<DoHClient> object as clients configured
## with different target servers. Default value is true
target_randomization = true
## Use Get method to query if true. Default is false
# use_get_method = false
## User agent string to be sent to target server. Default is "doh-auth-proxy".
# user_agent = "doh-auth-proxy"
##################################
# Auth settings #
##################################
[authentication]
## (optional)
## API url to retrieve and refresh tokens and validation keys (jwks and blindjwks) like "https://example.com/v1.0",
## where /tokens and /refresh are used for login and refresh, respectively.
## Also /jwks and /blindjwks are used for jwks retrieval.
# token_api = "https://token.api.example.org/v1.0"
## (optional)
## Credential env file path for login endpoint like "./credential.env"
# credential_file = "./.credential"
## (optional)
## Prioritize the use of the anonymous token over the ID token for the connection with the nexthop node. [default = false]
## The anonymous token is retrieved from the rust-token-server over the secure channel established using the ID token (ID token is issued with the ID and password specified in `credential_file`).
# use_anonymous_token = false
##################################
# Anon settings #
##################################
[anonymization]
## (optional) URL of ODoH nexthop relay server like "https://relay.example.com/relay"
odoh_relay_urls = ["https://odoh-nl.alekberg.net:443/proxy"]
## (optional)
## Choose ODoH relay in a randomized fashion from `odoh_relay_urls`.
## Default is true
odoh_relay_randomization = true
## (optional)
## URL of multiple-relay-based ODoH's intermediate relay like "https://relay.example.com/inter-relay".
## Specified relay is used after the relay of 'odoh_relay_url' in a randomized fashion.
# mid_relay_urls = ["htps://relay.url.after.surfdomeinen.example.org/proxy"]
## (optional)
## Maximum number of intermediate relays between nexthop and target.
## Default is 1
# max_mid_relays = 2
##################################
# Plugin settings #
##################################
[plugins]
## (optional)
## List of domain names to be blocked.
# domains_blocked_file = "./blocklist.txt"
## (optional)
## List of pairs of a domain name and an IPv4/v6 address, which will be overridden by specified address.
# domains_overridden_file = "./overridelist.txt"