; ; IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS ; PROXY SERVICE IN ORDER TO SEE THEIR EFFECTS. ; [GlobalSection] ; ; The cluster of host names the primary DNS server is to resolve. ; ; The affinity mask is a list of semicolon separated values or wildcards that ; allows to restrict which DNS server is going to resolve a particular host ; name or a particular domain name. ; ; In the following example only the requests for host names ending with ".com" ; get forwarded to the primary DNS server: ; ; PrimaryServerAffinityMask=*.com ; ; In the following example the requests for host names ending with ".com" and ; ".org" get forwarded to the primary DNS server: ; ; PrimaryServerAffinityMask=*.com;*.org ; ; Negations can be expressed by prepending a caret (^) to the value or wildcard. ; ; In the following example only the requests for host names NOT ending with ; ".com" or ".org" get forwarded to the primary DNS server (the last catch-all ; value is particularly important in this case as, if missing, no request would ; ever be forwarded to the primary DNS server): ; ; PrimaryServerAffinityMask=^*.com;^*.org;* ; PrimaryServerAffinityMask=^*.bit;* ; ; The IP address of your primary DNS server (required). ; Upon installation contains the address of the primary OpenDNS server. ; PrimaryServerAddress=8.8.4.4 ; ; The UDP port your primary DNS server is supposed to be listening to. The ; default value of 53 is the standard port for DNS resolution. You should ; change this value only if you are using a non standard DNS server. ; PrimaryServerPort=53 ; ; You can decide to ignore negative responses coming from the primary ; server by uncommenting the following line. ; ; IgnoreNegativeResponsesFromPrimaryServer=Yes ; ; The cluster of host names the secondary DNS server is to resolve. ; ; The affinity mask is a list of semicolon separated values or wildcards that ; allows to restrict which DNS server is going to resolve a particular host ; name or a particular domain name. ; ; In the following example only the requests for host names ending with ".com" ; get forwarded to the secondary DNS server: ; ; SecondaryServerAffinityMask=*.bit ; ; In the following example the requests for host names ending with ".com" and ; ".org" get forwarded to the secondary DNS server: ; ; SecondaryServerAffinityMask=*.com;*.org ; ; Negations can be expressed by prepending a caret (^) to the value or wildcard. ; ; In the following example only the requests for host names NOT ending with ; ".com" or ".org" get forwarded to the secondary DNS server (the last catch-all ; value is particularly important in this case as, if missing, no request would ; ever be forwarded to the secondary DNS server): ; ; SecondaryServerAffinityMask=^*.com;^*.org;* ; SecondaryServerAffinityMask=^*.bit;* ; ; The IP address of your secondary DNS server (optional). ; Upon installation contains the address of the secondary OpenDNS server. ; SecondaryServerAddress=8.8.8.8 ; ; The UDP port your secondary DNS server is supposed to be listening to. The ; default value of 53 is the standard port for DNS resolution. You should ; change this value only if you are using a non standard DNS server. ; SecondaryServerPort=53 ; ; You can decide to ignore negative responses coming from the secondary ; server by uncommenting the following line. ; ; IgnoreNegativeResponsesFromSecondaryServer=Yes ; ; The cluster of host names the tertiary DNS server is to resolve. ; ; The affinity mask is a list of semicolon separated values or wildcards that ; allows to restrict which DNS server is going to resolve a particular host ; name or a particular domain name. ; ; In the following example only the requests for host names ending with ".com" ; get forwarded to the tertiary DNS server: ; ; TertiaryServerAffinityMask=*.com ; ; In the following example the requests for host names ending with ".com" and ; ".org" get forwarded to the tertiary DNS server: ; ; TertiaryServerAffinityMask=*.com;*.org ; ; Negations can be expressed by prepending a caret (^) to the value or wildcard. ; ; In the following example only the requests for host names NOT ending with ; ".com" or ".org" get forwarded to the tertiary DNS server (the last catch-all ; value is particularly important in this case as, if missing, no request would ; ever be forwarded to the tertiary DNS server): ; ; TertiaryServerAffinityMask=^*.com;^*.org;* ; TertiaryServerAffinityMask=*.bit ; ; The IP address of your tertiary DNS server (optional). ; TertiaryServerAddress=178.32.31.41 ; ; The UDP port your tertiary DNS server is supposed to be listening to. The ; default value of 53 is the standard port for DNS resolution. You should ; change this value only if you are using a non standard DNS server. ; TertiaryServerPort=53 ; ; You can decide to ignore negative responses coming from the tertiary ; server by uncommenting the following line. ; ; IgnoreNegativeResponsesFromTertiaryServer=Yes ; ; The cluster of host names the quaternary DNS server is to resolve. ; ; The affinity mask is a list of semicolon separated values or wildcards that ; allows to restrict which DNS server is going to resolve a particular host ; name or a particular domain name. ; ; In the following example only the requests for host names ending with ".com" ; get forwarded to the quaternary DNS server: ; ; QuaternaryServerAffinityMask=*.com ; ; In the following example the requests for host names ending with ".com" and ; ".org" get forwarded to the quaternary DNS server: ; ; QuaternaryServerAffinityMask=*.com;*.org ; ; Negations can be expressed by prepending a caret (^) to the value or wildcard. ; ; In the following example only the requests for host names NOT ending with ; ".com" or ".org" get forwarded to the quaternary DNS server (the last catch-all ; value is particularly important in this case as, if missing, no request would ; ever be forwarded to the quaternary DNS server): ; ; QuaternaryServerAffinityMask=^*.com;^*.org;* ; QuaternaryServerAffinityMask=*.bit ; ; The IP address of your quaternary DNS server (optional). ; ; bitmaster netherlands: 95.211.195.245 QuaternaryServerAddress=95.211.195.245 ; ; The UDP port your quaternary DNS server is supposed to be listening to. The ; default value of 53 is the standard port for DNS resolution. You should ; change this value only if you are using a non standard DNS server. ; QuaternaryServerPort=53 ; ; You can decide to ignore negative responses coming from the quaternary ; server by uncommenting the following line. ; ; IgnoreNegativeResponsesFromQuaternaryServer=Yes ; ; THE ACRYLIC DNS CACHING MECHANISM EXPLAINED ; ; When Acrylic receives a DNS request from a client the hosts cache (a static ; cache contained in the AcrylicHosts.txt file) is searched first. If nothing ; is found in it the request is subsequently searched in the address cache (a ; dynamic cache contained in the AcrylicCache.dat file). At this point three ; things may happen: ; ; Case 1: ; ; The request is not found in the address cache or its corresponding response ; is older than AddressCacheScavengingTime minutes: In this case the original ; request is forwarded to all of the configured DNS servers simultaneously. The ; response to the client is delayed until the first one of the configured DNS ; servers comes out with a response (all the others will be discarded). ; ; Case 2: ; ; The request is found in the address cache and its corresponding response is ; older than AddressCacheSilentUpdateTime minutes but not older than ; AddressCacheScavengingTime minutes: In this case the response to the client ; is sent immediately from the address cache and the original request is also ; forwarded to all of the configured DNS servers like in the previous case. The ; first response coming from one of the configured DNS servers will be used to ; silently update the address cache (all the others will be discarded). ; ; Case 3: ; ; The request is found in the address cache and its corresponding response is ; younger than AddressCacheSilentUpdateTime minutes: In this case the response ; to the client is sent immediately from the address cache and no network ; activity with the configured DNS servers will occur. ; ; Note: Negative responses from the DNS servers can be cached with a different ; expiration time (usually much smaller) than positive ones by setting the value ; of the AddressCacheNegativeTime parameter. ; ; Simply using Acrylic with default parameters should give a lot of boost to the ; performance of your DNS queries but to get the best out of it you may have to ; tune it to your specific needs: ; ; If you are concerned with the cache not being enough up to date (e.g. you are ; using Acrylic on a LAN with addresses given by a DHCP server using a short ; lease) use a lower value for the AddressCacheSilentUpdateTime and the ; AddressCacheNegativeTime parameters. For example: ; ; AddressCacheNegativeTime=30 ; AddressCacheScavengingTime=28800 ; AddressCacheSilentUpdateTime=30 ; ; If your DNS servers are particularly unreliable and you want to minimize the ; disruption to your work should they become unresponsive use a higher value for ; the AddressCacheScavengingTime and the AddressCacheNegativeTime. For example: ; ; AddressCacheNegativeTime=57600 ; AddressCacheScavengingTime=57600 ; AddressCacheSilentUpdateTime=30 ; ; If you are concerned about network bandwidth and you don't care having a cache ; less up to date use a higher value for all the parameters. For example: ; ; AddressCacheNegativeTime=57600 ; AddressCacheScavengingTime=57600 ; AddressCacheSilentUpdateTime=2147483647 ; ; And now about the caching parameters: ; ; The time to live (in minutes) of a negative response in the address cache. ; ;AddressCacheNegativeTime=57600 AddressCacheNegativeTime=30 ; ; The time to live (in minutes) of a positive response in the address cache. ; ;AddressCacheScavengingTime=57600 AddressCacheScavengingTime=28800 ; ; The time (in minutes) elapsed which an item in the address cache must be ; silently updated should a request occur. ; ;AddressCacheSilentUpdateTime=2147483647 AddressCacheSilentUpdateTime=60 ; ; AddressCache data can be compressed by Acrylic should it determine (on a ; single item basis) that it would save some space. Since a very fast LZO ; compression engine is used it is usually best to keep compression ON. ; ; AddressCacheDisableCompression=Yes ; ; The local IP address to which Acrylic binds. A value of 0.0.0.0 indicates ; that Acrylic should bind to all available addresses and as such it will be ; able to receive DNS requests and responses coming from all of your network ; cards and modems. A value corresponding to the IP address of one of them ; instead will allow Acrylic to receive DNS requests/responses only from ; that specific network card or modem. ; LocalBindingAddress=0.0.0.0 ; ; The UDP port at which Acrylic responds. The default value of 53 is the ; standard port for DNS resolution. You should change this value only if ; you are using a non standard DNS client. ; LocalBindingPort=53 ; ; The file name of the hit log into which every incoming DNS packet seen by ; Acrylic gets logged. You can specify here an absolute or a relative path and ; a sort of daily log rotation can be achieved by including the %DATE% template ; within the name. ; ; In the hit log, along with the packet timestamp, client address and host name ; there's a treatment field (how Acrylic treated it). Possibile values are: ; ; B -> Explicitly blocked ; H -> Resolved from the HOSTS cache ; C -> Resolved from the Acrylic cache ; F -> Forwarded to the configured DNS servers ; R -> Received from one of the configured DNS servers ; U -> Silent update from one of the configured DNS servers ; ; Example: ; ; HitLogFileName=HitLog.%DATE%.txt ; HitLogFileName= ; ; The filter which controls what gets logged into the hit log and what's not. ; A valid filter is whatever combination of packet types (for their meaning ; see the previous note) specified in any order. ; HitLogFileWhat=BHCFRU ; ; The file name of the stats log into which Acrylic saves informations ; about the performance of your DNS servers and some statistical data about ; the fate of your DNS requests. You can specify here an absolute or a relative ; path. ; StatsLogFileName= ; ; ALLOWING REQUESTS FROM OTHER COMPUTERS ; ; Although for security reasons the default behaviour of Acrylic is to refuse ; to handle requests coming from other computers it is possible to specify in ; the AllowedAddressesSection a list of IP addresses or IP subnets from which ; can come requests that Acrylic is allowed to handle. You have to specify ; a different key name for each entry, like in the following example: ; ; [AllowedAddressesSection] ; IP1=192.168.45.254 -- A single IP address ; IP2=192.168.44.100 -- Another single IP address ; IP3=192.168.100.* -- All addresses starting with 192.168.100 ; IP4=172.16.* -- All addresses starting with 172.16 ; ; For performance reasons keep the number of addresses listed in this section ; as low as possible (you can try to specify subnets instead of large lists of ; IP addresses whenever possible). ; ; Note: Wildcards (like 192.168.100.*) are allowed. Although not recommended ; for security reasons you can allow Acrylic to handle requests coming from ; any IP address, like in the following example: ; ; [AllowedAddressesSection] ; IP1=* ; [AllowedAddressesSection] ; ; The CacheExceptionsSection section may contain a list of names ; for which caching does not occur (DNS requests for them are directly ; forwarded to the DNS servers). This may be useful if you have a small ; subset of IP addresses that change rapidly but you don't want to loose ; the performance improvements of caching for all the other addresses. ; ; Example: ; ; [CacheExceptionsSection] ; NAME1=somemachine.mydomain.local ; NAME2=*.microsoft.com ; ; Note: Wildcards (like *.microsoft.com) are allowed. ; [CacheExceptionsSection] ; ; The WhiteExceptionsSection section may contain a list of names ; outside of which DNS requests are resolved by Acrylic as "localhost". If ; the section is empty Acrylic behaves normally by trying to resolve every DNS ; request through all its strategies (hosts cache, address cache, forward). If ; the section contains at least an item instead Acrylic behaves as in some ; sort of parental control mode by resolving automatically as "localhost" ; every DNS request for hosts which are not present in the list. ; ; Example: ; ; [WhiteExceptionsSection] ; NAME1=mayakron.altervista.org ; NAME2=*.wikipedia.org ; ; Note: Wildcards (like *.wikipedia.org) are allowed. ; [WhiteExceptionsSection]