Acrylic DNS Proxy Configuration


Upon installation Acrylic is preconfigured to point to the Google Public DNS servers.

You can change that by selecting the "Open Acrylic Configuration" menu item of the Acrylic UI desktop application or by opening the AcrylicConfiguration.ini file with a text editor. You can also change the contents of Acrylic HOSTS file by selecting the "Open Acrylic Hosts" menu item of the Acrylic UI desktop application or by opening the AcrylicHosts.txt file with a text editor.

Be aware that in order to use Acrylic you need to configure your network interface so that the DNS servers to be contacted for name resolution are no more your ISP's but Acrylic. The details of how to do it depend on the version of your OS:


For detailed information about the many available Acrylic configuration options here is the latest default AcrylicConfiguration.ini file:

;
; IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS PROXY SERVICE OR CONSOLE IN ORDER TO SEE THEIR EFFECTS.
;
[GlobalSection]
;
; The IP address of your primary DNS server. You can use an IPv4 address in quad-dotted notation or an IPv6 address in colon-separated groups.
;
; Upon installation it points to the primary Google Public DNS server.
;
PrimaryServerAddress=8.8.8.8
;
; The TCP/UDP port your primary DNS server is supposed to be listening to. The default value of 53 is the standard port for DNS resolution. You should change this value only if you are using a non standard DNS server or a protocol different than UDP/TCP (e.g. the standard port for the DNS-over-HTTPS protocol is 443).
;
PrimaryServerPort=53
;
; The protocol to use with your primary DNS server.
;
; The currently supported protocols are UDP, TCP, SOCKS5 and DOH (DNS-over-HTTPS).
;
; When using the UDP protocol, Acrylic forwards DNS requests using UDP or TCP, in accordance with RFC 5625.
;
; When using the TCP protocol, Acrylic forwards DNS requests using TCP only. Since establishing a TCP connection for every DNS request requires a significant amount of time and the number of TCP connections that can be opened in a unit of time is limited by the Operating System, this protocol should be used only in situations where using the UDP protocol isn't possible for some reason.
;
; When using the SOCKS5 protocol, Acrylic forwards DNS requests to your primary DNS server using a SOCKS 5 proxy as an intermediary, in accordance with RFC 1928. Currently, only the NO AUTHENTICATION REQUIRED method for SOCKS 5 is supported.
;
; When using the DOH protocol, Acrylic forwards DNS requests to your primary DNS server using DNS-over-HTTPS, a protocol for performing DNS resolution via HTTPS and thus increase user privacy and security by preventing eavesdropping and manipulation of DNS data by man-in-the-middle attacks. Be aware though that when using DNS-over-HTTPS, the encryption algorithms (e.g. the TLS version) your Operating System can use must match at least one your primary DNS server accepts, and this is not always the case depending on the combination of your Operating System version and the chosen DNS server. For example, old Windows versions can have a hard time establishing an HTTPS connection with DNS servers requiring TLS 1.1 or 1.2, and thus may require the installation of specific updates.
;
PrimaryServerProtocol=UDP
;
; When using the DNS-over-HTTPS protocol, you must specify below the query path of your primary DNS server.
;
PrimaryServerDoHProtocolPath=
;
; When using the DNS-over-HTTPS protocol, you must specify below the host name of your primary DNS server.
;
PrimaryServerDoHProtocolHost=
;
; When using the DNS-over-HTTPS protocol, you can specify below whether Acrylic should connect to the internet using your system proxy configuration (System) or directly without using a proxy (Direct).
;
PrimaryServerDoHProtocolConnectionType=System
;
; When using the DNS-over-HTTPS protocol, you can specify below whether or not Acrylic is allowed to reuse existing TCP connections when sending requests to your primary DNS server. Since establishing a TCP connection for every DNS request requires a significant amount of time and the number of TCP connections that can be opened in a unit of time is limited by the Operating System, reusing existing TCP connections is a very effective way to improve the performance of the DNS-over-HTTPS protocol.
;
PrimaryServerDoHProtocolReuseConnections=Yes
;
; When using the DNS-over-HTTPS protocol, you can specify below whether or not Acrylic should use the WinHttp library, instead of the WinINet library, when sending requests to your primary DNS server.
;
; WinINet is designed more as an HTTP client platform for interactive desktop applications and, with a few exceptions, is a superset of WinHttp, while WinHttp is designed to be used primarily in server-based scenarios by server applications that communicate with HTTP servers. For Acrylic's purposes they are equivalent in the vast majority of situations, but having the possibility to choose between the two at the DNS server level can help with some very particular ones.
;
PrimaryServerDoHProtocolUseWinHttp=Yes
;
; Here is a known good DNS-over-HTTPS configuration for the Quad9 Public DNS server:
;
; PrimaryServerAddress=9.9.9.9
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=dns.quad9.net
;
; Here is a known good DNS-over-HTTPS configuration for the Google Public DNS server:
;
; PrimaryServerAddress=8.8.8.8
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=dns.google
;
; Here is a known good DNS-over-HTTPS configuration for the CloudFlare Public DNS server:
;
; PrimaryServerAddress=1.1.1.1
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=cloudflare-dns.com
;
; When using the SOCKS5 protocol, you can specify below the IP address of the SOCKS 5 proxy server to use as an intermediary to your primary DNS server. You can use an IPv4 address in quad-dotted notation or an IPv6 address in colon-separated groups.
;
PrimaryServerSocks5ProtocolProxyAddress=
;
; When using the SOCKS5 protocol, you can specify below the TCP port the SOCKS 5 proxy server described above is supposed to be listening to.
;
PrimaryServerSocks5ProtocolProxyPort=
;
; The domain name affinity mask is a list of semicolon separated values or wildcards that allows to restrict which DNS server particular domain names get forwarded to.
;
; In the following example only the requests for domain names ending with ".com" get forwarded to the primary DNS server:
;
; PrimaryServerDomainNameAffinityMask=*.com
;
; In the following example only the requests for domain names ending with ".com" and ".org" get forwarded to the primary DNS server:
;
; PrimaryServerDomainNameAffinityMask=*.com;*.org
;
; Negations can be expressed by prepending a caret (^) to the value or wildcard.
;
; In the following example only the requests for domain names NOT ending with ".com" or ".org" get forwarded to the primary DNS server (the last catch-all value is particularly important in this case because, if missing, no request would ever be forwarded to the primary DNS server):
;
; PrimaryServerDomainNameAffinityMask=^*.com;^*.org;*
;
PrimaryServerDomainNameAffinityMask=
;
; The query type affinity mask is list of semicolon separated values that allows to restrict which DNS server particular query types get forwarded to.
;
; In the following example only the requests for A, AAAA, MX and SRV query types get forwarded to the primary DNS server:
;
; PrimaryServerQueryTypeAffinityMask=A;AAAA;MX;SRV
;
; All DNS query types are supported, either explicitly using A, AAAA, CNAME, MX, NS, PTR, SOA, SRV and TXT or implicitly using their decimal values.
;
PrimaryServerQueryTypeAffinityMask=
;
; You can specify below whether to ignore failure responses coming from the primary DNS server.
;
IgnoreFailureResponsesFromPrimaryServer=No
;
; You can specify below whether to ignore negative responses coming from the primary DNS server.
;
IgnoreNegativeResponsesFromPrimaryServer=No
;
; The configuration of your secondary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
; Upon installation it points to the secondary Google Public DNS server.
;
SecondaryServerAddress=8.8.4.4
SecondaryServerPort=53
SecondaryServerProtocol=UDP
SecondaryServerDoHProtocolPath=
SecondaryServerDoHProtocolHost=
SecondaryServerDoHProtocolConnectionType=System
SecondaryServerDoHProtocolReuseConnections=Yes
SecondaryServerDoHProtocolUseWinHttp=Yes
SecondaryServerSocks5ProtocolProxyAddress=
SecondaryServerSocks5ProtocolProxyPort=
SecondaryServerDomainNameAffinityMask=
SecondaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSecondaryServer=No
IgnoreNegativeResponsesFromSecondaryServer=No
;
; The configuration of your tertiary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
TertiaryServerAddress=
TertiaryServerPort=53
TertiaryServerProtocol=UDP
TertiaryServerDoHProtocolPath=
TertiaryServerDoHProtocolHost=
TertiaryServerDoHProtocolConnectionType=System
TertiaryServerDoHProtocolReuseConnections=Yes
TertiaryServerDoHProtocolUseWinHttp=Yes
TertiaryServerSocks5ProtocolProxyAddress=
TertiaryServerSocks5ProtocolProxyPort=
TertiaryServerDomainNameAffinityMask=
TertiaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromTertiaryServer=No
IgnoreNegativeResponsesFromTertiaryServer=No
;
; The configuration of your quaternary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
QuaternaryServerAddress=
QuaternaryServerPort=53
QuaternaryServerProtocol=UDP
QuaternaryServerDoHProtocolPath=
QuaternaryServerDoHProtocolHost=
QuaternaryServerDoHProtocolConnectionType=System
QuaternaryServerDoHProtocolReuseConnections=Yes
QuaternaryServerDoHProtocolUseWinHttp=Yes
QuaternaryServerSocks5ProtocolProxyAddress=
QuaternaryServerSocks5ProtocolProxyPort=
QuaternaryServerDomainNameAffinityMask=
QuaternaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromQuaternaryServer=No
IgnoreNegativeResponsesFromQuaternaryServer=No
;
; The configuration of your quinary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
QuinaryServerAddress=
QuinaryServerPort=53
QuinaryServerProtocol=UDP
QuinaryServerDoHProtocolPath=
QuinaryServerDoHProtocolHost=
QuinaryServerDoHProtocolConnectionType=System
QuinaryServerDoHProtocolReuseConnections=Yes
QuinaryServerDoHProtocolUseWinHttp=Yes
QuinaryServerSocks5ProtocolProxyAddress=
QuinaryServerSocks5ProtocolProxyPort=
QuinaryServerDomainNameAffinityMask=
QuinaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromQuinaryServer=No
IgnoreNegativeResponsesFromQuinaryServer=No
;
; The configuration of your senary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
SenaryServerAddress=
SenaryServerPort=53
SenaryServerProtocol=UDP
SenaryServerDoHProtocolPath=
SenaryServerDoHProtocolHost=
SenaryServerDoHProtocolConnectionType=System
SenaryServerDoHProtocolReuseConnections=Yes
SenaryServerDoHProtocolUseWinHttp=Yes
SenaryServerSocks5ProtocolProxyAddress=
SenaryServerSocks5ProtocolProxyPort=
SenaryServerDomainNameAffinityMask=
SenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSenaryServer=No
IgnoreNegativeResponsesFromSenaryServer=No
;
; The configuration of your septenary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
SeptenaryServerAddress=
SeptenaryServerPort=53
SeptenaryServerProtocol=UDP
SeptenaryServerDoHProtocolPath=
SeptenaryServerDoHProtocolHost=
SeptenaryServerDoHProtocolConnectionType=System
SeptenaryServerDoHProtocolReuseConnections=Yes
SeptenaryServerDoHProtocolUseWinHttp=Yes
SeptenaryServerSocks5ProtocolProxyAddress=
SeptenaryServerSocks5ProtocolProxyPort=
SeptenaryServerDomainNameAffinityMask=
SeptenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSeptenaryServer=No
IgnoreNegativeResponsesFromSeptenaryServer=No
;
; The configuration of your octonary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
OctonaryServerAddress=
OctonaryServerPort=53
OctonaryServerProtocol=UDP
OctonaryServerDoHProtocolPath=
OctonaryServerDoHProtocolHost=
OctonaryServerDoHProtocolConnectionType=System
OctonaryServerDoHProtocolReuseConnections=Yes
OctonaryServerDoHProtocolUseWinHttp=Yes
OctonaryServerSocks5ProtocolProxyAddress=
OctonaryServerSocks5ProtocolProxyPort=
OctonaryServerDomainNameAffinityMask=
OctonaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromOctonaryServer=No
IgnoreNegativeResponsesFromOctonaryServer=No
;
; The configuration of your nonary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
NonaryServerAddress=
NonaryServerPort=53
NonaryServerProtocol=UDP
NonaryServerDoHProtocolPath=
NonaryServerDoHProtocolHost=
NonaryServerDoHProtocolConnectionType=System
NonaryServerDoHProtocolReuseConnections=Yes
NonaryServerDoHProtocolUseWinHttp=Yes
NonaryServerSocks5ProtocolProxyAddress=
NonaryServerSocks5ProtocolProxyPort=
NonaryServerDomainNameAffinityMask=
NonaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromNonaryServer=No
IgnoreNegativeResponsesFromNonaryServer=No
;
; The configuration of your denary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
DenaryServerAddress=
DenaryServerPort=53
DenaryServerProtocol=UDP
DenaryServerDoHProtocolPath=
DenaryServerDoHProtocolHost=
DenaryServerDoHProtocolConnectionType=System
DenaryServerDoHProtocolReuseConnections=Yes
DenaryServerDoHProtocolUseWinHttp=Yes
DenaryServerSocks5ProtocolProxyAddress=
DenaryServerSocks5ProtocolProxyPort=
DenaryServerDomainNameAffinityMask=
DenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromDenaryServer=No
IgnoreNegativeResponsesFromDenaryServer=No
;
; You can specify below whether Acrylic should sinkhole IPv6 lookups (also known as DNS requests of AAAA type) or not.
;
SinkholeIPv6Lookups=No
;
; You can direct Acrylic to forward reverse lookups (also known as DNS requests of PTR type) for private IP ranges to your DNS servers by choosing Yes instead of No. Aside from protecting you and your DNS servers from the traffic of these usually needless queries, choosing No is usually a better choice also to avoid leaking information about your private address space.
;
ForwardPrivateReverseLookups=No
;
; THE ACRYLIC DNS PROXY CACHING MECHANISM EXPLAINED
;
; When Acrylic receives a DNS request from a client the hosts cache (an in-memory static cache derived from the AcrylicHosts.txt file) is searched first. If nothing is found there the request is then searched in the address cache (an in-memory dynamic cache backed up by the AcrylicCache.dat file). At this point one of the following three cases can happen:
;
; [1] The request is not found in the address cache or its corresponding response is older than "AddressCacheScavengingTime" minutes: In this case the original request is forwarded to all of the configured DNS servers simultaneously. The response to the client is delayed until the first one of the DNS servers comes out with a valid response. All the other responses coming from the other DNS servers will be discarded.
;
; [2] The request is found in the address cache and its corresponding response is older than "AddressCacheSilentUpdateTime" minutes but not older than "AddressCacheScavengingTime minutes": In this case the response to the client is sent immediately from the address cache and the original request is also forwarded to all of the configured DNS servers simultaneously like in the previous case. The first valid response coming from one of the DNS servers will be used to silently update the address cache, while all the other responses coming from the other DNS servers will be discarded.
;
; [3] The request is found in the address cache and its corresponding response is younger than "AddressCacheSilentUpdateTime" minutes: In this case the response to the client is sent immediately from the address cache and no network activity with any of the configured DNS servers will occur.
;
; Be aware that to minimize disk activity the address cache is flushed from memory to disk only when Acrylic is stopped or the system is shut down.
;
; And now about the caching parameters:
;
; The time to live (in minutes) of a failure response in the address cache.
;
AddressCacheFailureTime=0
;
; The time to live (in minutes) of a negative response in the address cache.
;
AddressCacheNegativeTime=60
;
; The time to live (in minutes) of a positive response in the address cache.
;
AddressCacheScavengingTime=5760
;
; The time (in minutes) elapsed which an item in the address cache must be silently updated should a request occur.
;
AddressCacheSilentUpdateTime=1440
;
; The time (in minutes) elapsed which the address cache is pruned of obsolete items. A value of 0 indicates that no pruning of the address cache is ever done.
;
AddressCachePeriodicPruningTime=360
;
; The address cache domain name affinity mask is a list of semicolon separated values or wildcards that allows to restrict DNS responses for which domain names are to be cached in the address cache.
;
AddressCacheDomainNameAffinityMask=^dns.msftncsi.com;^ipv6.msftncsi.com;^www.msftncsi.com;*
;
; The address cache query type affinity mask is list of semicolon separated values that allows to restrict DNS responses for which query types are to be cached in the address cache.
;
; All DNS query types are supported, either explicitly using A, AAAA, CNAME, MX, NS, PTR, SOA, SRV and TXT or implicitly using their decimal values.
;
AddressCacheQueryTypeAffinityMask=A;AAAA;CNAME;MX;NS;PTR;SOA;SRV;TXT
;
; You can disable any disk activity related to the address cache by choosing Yes instead of No. If you do that Acrylic will use the address cache only in memory.
;
AddressCacheInMemoryOnly=No
;
; You can disable the address cache altogether by choosing Yes instead of No. If you do that Acrylic will work as a forwarding-only DNS proxy.
;
AddressCacheDisabled=No
;
; The local IPv4 address to which Acrylic binds. A value of 0.0.0.0 indicates that Acrylic should bind to all available addresses and as such it will be able to receive DNS requests coming from all of your network interfaces. A value corresponding to the IPv4 address of one of your network interfaces instead will allow Acrylic to receive DNS requests only from that specific network interface. An empty value instead indicates that no binding should occur on IPv4.
;
LocalIPv4BindingAddress=0.0.0.0
;
; The local UDPv4 port to which Acrylic binds. The default value of 53 is the standard port for DNS resolution. You should change this value only if you are using a non standard DNS client.
;
LocalIPv4BindingPort=53
;
; The local IPv6 address to which Acrylic binds. A value of 0:0:0:0:0:0:0:0 indicates that Acrylic should bind to all available addresses and as such it will be able to receive DNS requests coming from all of your network interfaces. A value corresponding to the IPv6 address of one of your network interfaces instead will allow Acrylic to receive DNS requests only from that specific network interface. An empty value instead indicates that no binding should occur on IPv6.
;
LocalIPv6BindingAddress=0:0:0:0:0:0:0:0
;
; The local UDPv6 port to which Acrylic binds. The default value of 53 is the standard port for DNS resolution. You should change this value only if you are using a non standard DNS client.
;
LocalIPv6BindingPort=53
;
; On Windows versions prior to Windows Vista or Windows Server 2008 the IPv6 protocol is usually not installed by default. For Windows 2000 there is a Microsoft IPv6 Technology Preview package available for download while for Windows XP the IPv6 protocol must be added to the list of available network protocols in your network connection Properties window.
;
; If you want to enable local IPv6 binding for Acrylic on Windows versions prior to Windows Vista or Windows Server 2008 you can choose Yes below after having installed all the necessary prerequisites.
;
LocalIPv6BindingEnabledOnWindowsVersionsPriorToWindowsVistaOrWindowsServer2008=No
;
; The time to live (in seconds) set for DNS responses generated by Acrylic (e.g. the ones generated from mappings contained in the AcrylicHosts.txt file).
;
GeneratedResponseTimeToLive=300
;
; The maximum time (in milliseconds) to wait for a response coming from a DNS server configured with the UDP protocol.
;
ServerUdpProtocolResponseTimeout=4999
;
; The maximum time (in milliseconds) to wait for the first byte of a response coming from a DNS server configured with the TCP protocol.
;
ServerTcpProtocolResponseTimeout=4999
;
; The maximum time (in milliseconds) to wait for the other bytes of a response coming from a DNS server configured with the TCP protocol.
;
ServerTcpProtocolInternalTimeout=2477
;
; The maximum times (in milliseconds) to wait for the below events when communicating with an intermediary SOCKS 5 proxy server on behalf of a DNS server configured with the SOCKS5 protocol.
;
ServerSocks5ProtocolProxyFirstByteTimeout=2477
ServerSocks5ProtocolProxyOtherBytesTimeout=2477
ServerSocks5ProtocolProxyRemoteConnectTimeout=2477
ServerSocks5ProtocolProxyRemoteResponseTimeout=4999
;
; The hit log is a text file into which every DNS request and DNS response received by Acrylic can be logged.
;
; It is activated by specifying a non-empty value for the HitLogFileName parameter and contains lines with the following TAB-separated fields:
;
; [01] The timestamp of the DNS request or response in the format YYYY-MM-DD HH:MM:SS.FFF (local time).
; [02] The IP address from where the DNS request originates from or the DNS response is destined to.
; [03] The status code of the DNS request or response:
;        X => Resolved directly by Acrylic
;        H => Resolved using the hosts cache
;        C => Resolved using the address cache
;        F => Forwarded to at least one of your DNS servers
;        R => Response accepted from one of your DNS servers
;        U => Silent update accepted from one of your DNS servers
; [04] The index of the DNS server the DNS response is coming from.
; [05] The time it took (in milliseconds) for the DNS server to produce a DNS response.
; [06] The dissected DNS request or response.
;
; A dissected DNS request looks like:
;
; OC=0;RD=1;QDC=1;Q[1]=x.com;T[1]=A
;
; Where:
;
; [01] OC=0 means that the DNS operation code (OPCODE) is 0. Possible values are: 0 = a standard query (QUERY), 1 = an inverse query (IQUERY), 2 = a server status request (STATUS).
; [02] RD=1 means that the DNS response recursion desired bit (RD) is 1. If RD is set, it directs the name server to pursue the query recursively.
; [03] QDC=1 means that the number of queries (QDCOUNT) contained in the DNS request is 1.
; [04] Q[1]=x.com means that DNS query 1 refers to the "x.com" domain name.
; [05] T[1]=A means that DNS query 1 is of type A (IPv4).
;
; A dissected DNS response looks like:
;
; OC=0;RC=0;TC=0;RD=1;RA=1;AA=0;QDC=1;ANC=2;NSC=0;ARC=0;Q[1]=x.com;T[1]=CNAME;A[1]=x.com>y.com;T[2]=A;A[2]=y.com>1.2.3.4
;
; Where:
;
; [01] OC=0 means that the DNS operation code (OPCODE) is 0. Possible values are: 0 = a standard query (QUERY), 1 = an inverse query (IQUERY), 2 = a server status request (STATUS).
; [02] RC=0 means that the DNS response code (RCODE) is 0. Possible values are: 0 = no error condition, 1 = format error (the name server was unable to interpret the query), 2 = server failure (the name server was unable to process this query due to a problem with the name server), 3 = name error (meaningful only for responses from an authoritative name server, this code signifies that the domain name referenced in the query does not exist), 4 = not implemented (the name server does not support the requested kind of query), 5 = refused (the name server refuses to perform the specified operation for policy reasons).
; [03] TC=0 means that the DNS response truncated bit (TC) is 0. This bit specifies that this message was truncated due to length greater than that permitted on the transmission channel.
; [04] RD=1 means that the DNS response recursion desired bit (RD) is 0. If RD is set, it directs the name server to pursue the query recursively.
; [05] RA=1 means that the DNS response recursion available bit (RA) is 0. This bit denotes whether recursive query support is available in the name server.
; [06] AA=0 means that the DNS response authoritative answer bit (AA) is 0. This bit specifies that the responding name server is an authority for the domain name in question section.
; [07] QDC=1 means that the number of queries (QDCOUNT) contained in the DNS response is 1.
; [08] ANC=2 means that the number of answers (ANCOUNT) contained in the DNS response is 2.
; [09] NSC=0 means that the number of nameserver records (NSCOUNT) contained in the DNS response is 0.
; [10] ARC=0 means that the number of additional records (ARCOUNT) contained in the DNS response is 0.
; [11] Q[1]=x.com means that the DNS query 1 refers to the "x.com" domain name.
; [12] T[1]=CNAME means that the DNS answer 1 is of type CNAME (canonical name).
; [13] A[1]=x.com>y.com means that the DNS answer 1 that refers to the "x.com" domain name is "y.com".
; [14] T[2]=A means that the DNS answer 2 is of type A (IPv4).
; [15] A[2]=y.com>1.2.3.4 means that the DNS answer 2 that refers to the "y.com" domain name is "1.2.3.4".
;
; Regarding the HitLogFileName you can use an absolute or a relative path and a kind of daily log rotation can be achieved by including the %DATE% template within the file name. A complete list of all the templates you can use within the file name is shown below:
;
; %DATE%
; The current date in YYYYMMDD format.
;
; %TEMP%
; The current value of the TEMP environment variable.
;
; %APPDATA%
; The current value of the APPDATA environment variable.
;
; %LOCALAPPDATA%
; The current value of the LOCALAPPDATA environment variable.
;
; Examples:
;
; HitLogFileName=HitLog.%DATE%.txt
; HitLogFileName=%TEMP%\AcrylicDNSProxyHitLog.%DATE%.txt
;
HitLogFileName=
;
; The filter (a combination of one or more of the status codes explained above) which controls what gets written into the hit log.
;
HitLogFileWhat=XHCF
;
; You can enable the full dump (in addition to the DNS format dissections explained above) of DNS requests and responses into the hit log by choosing Yes instead of No.
;
HitLogFullDump=No
;
; The maximum number of hit log items that can be kept in memory before they are flushed to disk. For performance reasons the hit log is flushed to disk only when the hit log memory buffer is full, when Acrylic is stopped or when the system is shutdown, therefore you might experience a delay from when a DNS request or response is received to when its details get written into the hit log.
;
HitLogMaxPendingHits=512
;
; ALLOWING REQUESTS FROM OTHER COMPUTERS
;
; Although for security reasons the default behaviour of Acrylic is to refuse to handle requests coming from other computers, it is possible to specify below in the AllowedAddressesSection a list of IP addresses (wildcards are allowed) from which can come requests that Acrylic is allowed to handle. You have to specify a different key name for each entry, like in the following example:
;
; [AllowedAddressesSection]
; IP1=192.168.45.254 -- A single IP address
; IP2=192.168.44.100 -- Another single IP address
; IP3=192.168.100.* -- All addresses starting with 192.168.100
; IP4=172.16.* -- All addresses starting with 172.16
;
; Although not recommended for security reasons you can also allow Acrylic to handle requests coming from any IP address, like in the following example:
;
; [AllowedAddressesSection]
; IP1=*
;
; You must also create a firewall rule to allow incoming traffic directed to the two Acrylic executables: "AcrylicService.exe" and "AcrylicConsole.exe".
;
[AllowedAddressesSection]