# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.

# Custom development domains
address=/.dev/127.0.0.1
address=/.dom/127.0.0.1

# Upstream DNSCrypt
server=127.0.0.1#40

#user=
#group=

# Don't read the hostnames in /etc/hosts.
no-hosts
 
# Do not go into the background at startup but otherwise run as
# normal.
keep-in-foreground
 
# Do not provide DHCP or TFTP on the loopback interface.
no-dhcp-interface=lo
 
# Only listen on the loopback interface.
listen-address=127.0.0.1
 
# Only bind to interfaces dnsmasq is listening on.
bind-interfaces
 
# Never forward addresses in the non-routed address spaces.
bogus-priv
 
# Don't read /etc/resolv.conf.
no-resolv

# Reject (and log) addresses from upstream nameservers which are in
# the private IP ranges. This blocks an attack where a browser behind
# a firewall is used to probe machines on the local network.
stop-dns-rebind
 
# Exempt 127.0.0.0/8 from rebinding checks. This address range is
# returned by realtime black hole servers, so blocking it may disable
# these services.
rebind-localhost-ok
 
# Never forward plain names (without a dot or domain part).
# domain-needed

# Set the cache size here. If you don't use spam blocking add-ons such
# Adblock Plus or Ghostery, you may want to increase this value as you
# will be resolving more domain names.
cache-size=1000

#no-negcache
#local-ttl=

# Pass through DNSSEC validation results from dnscrypt-proxy.
proxy-dnssec

#mx-host=maildomain.com,servermachine.com,50
#mx-target=servermachine.com
#localmx
#selfmx

#log-queries