aboutsummaryrefslogtreecommitdiff
path: root/src/dns/dns.conf.in
blob: d2c67958a1317b9a0ea079268df0a66bd493168f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[dns]
AUTOSTART = YES
HOSTNAME = localhost
HOME = $SERVICEHOME
CONFIG = $DEFAULTCONFIG
BINARY = gnunet-service-dns
UNIXPATH = /tmp/gnunet-service-dns.sock

# Access to this service can compromise all DNS queries in this
# system.  Thus access should be restricted to the same UID.
# (see https://gnunet.org/gnunet-access-control-model)
UNIX_MATCH_UID = YES
UNIX_MATCH_GID = YES

# As there is no sufficiently restrictive access control for TCP, 
# we never use it, even if @UNIXONLY@ is not set (just to be safe)
@UNIXONLY@ PORT = 0

# This option should be set to YES to allow the DNS service to 
# perform lookups against the locally configured DNS resolver.
# (set to "NO" if no normal ISP is locally available and thus
# requests for normal ".com"/".org"/etc. must be routed via 
# the GNUnet VPN (the GNUNET PT daemon then needs to be configured
# to intercept and route DNS queries via mesh).
PROVIDE_EXIT = YES

# Name of the virtual interface we use to intercept DNS traffic.
IFNAME = gnunet-dns

# Use RFC 3849-style documentation IPv6 address (RFC 4773 might provide an alternative in the future)
# FIXME: or just default to a site-local address scope as we do for VPN!?
IPV6ADDR = 2001:DB8::1
IPV6PREFIX = 126

# Use RFC 3927-style link-local address
IPV4ADDR = 169.254.1.1
IPV4MASK = 255.255.0.0

# Enable GNUnet-wide DNS-EXIT service by setting this value to the IP address (IPv4 or IPv6)
# of a DNS resolver to use.  Only works if "PROVIDE_EXIT" is also set to YES.  Must absolutely
# NOT be an address of any of GNUnet's virtual tunnel interfaces.  Use a well-known
# public DNS resolver or your ISP's resolver from /etc/resolv.conf.
# DNS_EXIT = 8.8.8.8