diff --git a/kubernetes/app/pihole/configmap-dnscrypt.yaml b/kubernetes/app/pihole/configmap-dnscrypt.yaml index 4f4734a..bd7d960 100644 --- a/kubernetes/app/pihole/configmap-dnscrypt.yaml +++ b/kubernetes/app/pihole/configmap-dnscrypt.yaml @@ -12,28 +12,22 @@ data: block_ipv6 = true dnscrypt_servers = true doh_servers = true - require_dnssec = false + require_dnssec = true force_tcp = false timeout = 5000 keepalive = 30 - lb_strategy = 'p2' - cache = true - cache_size = 4096 - cache_min_ttl = 2400 - cache_max_ttl = 86400 + lb_strategy = 'ph' + cache = false http3 = true http3_probe = true fallback_resolvers = ['8.8.8.8:53', '1.1.1.1:53'] ignore_system_dns = true - server_names = [] + server_names = ['cloudflare', 'google', 'quad9-dnscrypt-ip4-filter-pri', 'mullvad-doh', 'dns4eu'] - [static] - # Cloudflare DoH - [static.'cloudflare'] - stamp = 'sdns://AgcAAAAAAAAABzEuMC4wLjEAEmRucy5jbG91ZGZsYXJlLmNvbQovZG5zLXF1ZXJ5' - - # Google DoH - [static.'google'] - stamp = 'sdns://AgUAAAAAAAAABzguOC44LjggsKKKE4EwvtIbNjGjagI2607EdKSVHowYZtyvD9iPrkkHOC44LjguOAovZG5zLXF1ZXJ5' + [sources] + [sources.'public-resolvers'] + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'] + cache_file = '/tmp/public-resolvers.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' diff --git a/kubernetes/app/pihole/deployment.yaml b/kubernetes/app/pihole/deployment.yaml index dc2b574..54f5a64 100644 --- a/kubernetes/app/pihole/deployment.yaml +++ b/kubernetes/app/pihole/deployment.yaml @@ -97,6 +97,8 @@ spec: - name: dnscrypt-config mountPath: /config/dnscrypt-proxy.toml subPath: dnscrypt-proxy.toml + - name: dnscrypt-tmp + mountPath: /tmp volumes: - name: pihole-config @@ -110,6 +112,8 @@ spec: - name: pihole-adlists configMap: name: pihole-adlists + - name: dnscrypt-tmp + emptyDir: {} - name: dnscrypt-config configMap: name: dnscrypt-config