diff options
| author | Shulhan <ms@kilabit.info> | 2026-03-26 05:57:47 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2026-03-26 05:59:26 +0700 |
| commit | 06e602df04fe8f8c96505993b7f5c48527f83d63 (patch) | |
| tree | f1624476efbcfde12d8d7266721f23b402eb8e74 /_sys | |
| parent | ce1c579b5db1a51a8e7e1f36c09a4cddb378ebc8 (diff) | |
| download | rescached-main.tar.xz | |
Using port makes the IP address of DoT and DoH listen on the same
address with UDP.
If we set ListenAddress to 0.0.0.0 and TLS termination is handled
by proxy, this cause DoT and DoH will also listen on all
addresses.
This behaviour makes the server open DoT and DoH ports to the public,
where it should be on local address only.
Diffstat (limited to '_sys')
| -rw-r--r-- | _sys/etc/rescached/rescached.cfg | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/_sys/etc/rescached/rescached.cfg b/_sys/etc/rescached/rescached.cfg index 7a3cd18..ddbd02f 100644 --- a/_sys/etc/rescached/rescached.cfg +++ b/_sys/etc/rescached/rescached.cfg @@ -35,13 +35,13 @@ listen = 127.0.0.1:53 ## Uncomment line below if you want to serve DNS to other computers. #listen = 0.0.0.0:53 -#http.port = 443 -#tls.port = 853 - #tls.certificate = /etc/rescached/localhost.pem #tls.private_key = /etc/rescached/localhost.pem.key tls.allow_insecure = true + +#doh.listen = 127.0.0.1:443 #doh.behind_proxy = false +#dot.listen = 853 #cache.prune_delay = 1h0m0s #cache.prune_threshold = -1h0m0s |