Acrylic DNS Proxy Configuration

• Windows 10
• Windows 8
• Windows 7
• Windows Vista
• Windows XP
• Windows 2000

;
; IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS PROXY SERVICE OR CONSOLE IN ORDER TO SEE
; THEIR EFFECTS.
;
[GlobalSection]
;
; The IP address of your primary DNS server. You can use an IPv4 address in quad-dotted notation or an IPv6 address in
; colon-separated groups.
;
; Upon installation it points to the primary Google Public DNS server.
;
PrimaryServerAddress=8.8.8.8
;
; The TCP/UDP port your primary DNS server is supposed to be listening to. The default value of 53 is the standard port
; for DNS resolution. You should change this value only if you are using a non standard DNS server or a protocol
; different than UDP/TCP (e.g. the standard port for the DNS-over-HTTPS protocol is 443).
;
PrimaryServerPort=53
;
; The protocol to use with your primary DNS server.
;
; The currently supported protocols are UDP, TCP, SOCKS5 and DOH (DNS-over-HTTPS).
;
; When using the UDP protocol, Acrylic forwards DNS requests using UDP or TCP, in accordance with RFC 5625.
;
; When using the TCP protocol, Acrylic forwards DNS requests using TCP only. Since establishing a TCP connection for
; every DNS request requires a significant amount of time and the number of TCP connections that can be opened in a unit
; of time is limited by the Operating System, this protocol should be used only in situations where using the UDP
; protocol isn't possible for some reason.
;
; When using the SOCKS5 protocol, Acrylic forwards DNS requests to your primary DNS server using a SOCKS 5 proxy as an
; intermediary, in accordance with RFC 1928. Currently, only the NO AUTHENTICATION REQUIRED method for SOCKS 5 is
; supported.
;
; When using the DOH protocol, Acrylic forwards DNS requests to your primary DNS server using DNS-over-HTTPS, a protocol
; for performing DNS resolution via HTTPS and thus increase user privacy and security by preventing eavesdropping and
; manipulation of DNS data by man-in-the-middle attacks. Be aware though that when using DNS-over-HTTPS, the encryption
; algorithms (e.g. the TLS version) your Operating System can use must match at least one your primary DNS server
; accepts, and this is not always the case depending on the combination of your Operating System version and the chosen
; DNS server. For example, old Windows versions can have a hard time establishing an HTTPS connection with DNS servers
; requiring TLS 1.1 or 1.2, and thus may require the installation of specific updates.
;
PrimaryServerProtocol=UDP
;
; When using the DNS-over-HTTPS protocol, you must specify below the query path of your primary DNS server.
;
PrimaryServerDoHProtocolPath=
;
; When using the DNS-over-HTTPS protocol, you must specify below the host name of your primary DNS server.
;
PrimaryServerDoHProtocolHost=
;
; When using the DNS-over-HTTPS protocol, you can specify below whether Acrylic should connect to the internet using
; your system proxy configuration (System) or directly without using a proxy (Direct).
;
PrimaryServerDoHProtocolConnectionType=System
;
; When using the DNS-over-HTTPS protocol, you can specify below whether or not Acrylic is allowed to reuse existing TCP
; connections when sending requests to your primary DNS server. Since establishing a TCP connection for every DNS
; request requires a significant amount of time and the number of TCP connections that can be opened in a unit of time
; is limited by the Operating System, reusing existing TCP connections is a very effective way to improve the
; performance of the DNS-over-HTTPS protocol.
;
PrimaryServerDoHProtocolReuseConnections=Yes
;
; When using the DNS-over-HTTPS protocol, you can specify below whether or not Acrylic should use the WinHttp library,
; instead of the WinINet library, when sending requests to your primary DNS server.
;
; WinINet is designed more as an HTTP client platform for interactive desktop applications and, with a few exceptions,
; is a superset of WinHttp, while WinHttp is designed to be used primarily in server-based scenarios by server
; applications that communicate with HTTP servers. For Acrylic's purposes they are equivalent in the vast majority of
; situations, but having the possibility to choose between the two at the DNS server level can help with some very
; particular ones.
;
PrimaryServerDoHProtocolUseWinHttp=Yes
;
; Here is a known good DNS-over-HTTPS configuration for the Quad9 Public DNS server:
;
; PrimaryServerAddress=9.9.9.9
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=dns.quad9.net
;
; Here is a known good DNS-over-HTTPS configuration for the Google Public DNS server:
;
; PrimaryServerAddress=8.8.8.8
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=dns.google
;
; Here is a known good DNS-over-HTTPS configuration for the CloudFlare Public DNS server:
;
; PrimaryServerAddress=1.1.1.1
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=cloudflare-dns.com
;
; When using the SOCKS5 protocol, you can specify below the IP address of the SOCKS 5 proxy server to use as an
; intermediary to your primary DNS server. You can use an IPv4 address in quad-dotted notation or an IPv6 address in
; colon-separated groups.
;
PrimaryServerSocks5ProtocolProxyAddress=
;
; When using the SOCKS5 protocol, you can specify below the TCP port the SOCKS 5 proxy server described above is
; supposed to be listening to.
;
PrimaryServerSocks5ProtocolProxyPort=
;
; The domain name affinity mask is a list of semicolon separated values or wildcards that allows to restrict which DNS
; server particular domain names get forwarded to.
;
; In the following example only the requests for domain names ending with ".com" get forwarded to the primary DNS
; server:
;
; PrimaryServerDomainNameAffinityMask=*.com
;
; In the following example only the requests for domain names ending with ".com" and ".org" get forwarded to the primary
; DNS server:
;
; PrimaryServerDomainNameAffinityMask=*.com;*.org
;
; Negations can be expressed by prepending a caret (^) to the value or wildcard.
;
; In the following example only the requests for domain names NOT ending with ".com" or ".org" get forwarded to the
; primary DNS server (the last catch-all value is particularly important in this case because, if missing, no request
; would ever be forwarded to the primary DNS server):
;
; PrimaryServerDomainNameAffinityMask=^*.com;^*.org;*
;
; Rules for domain name affinity masks are evaluated according to the order in which they are written, with the first
; positive rule that matches and the first negative rule that doesn't match determining, respectively, a positive result
; (i.e. the DNS query is forwarded to the DNS server) or a negative result (i.e. the DNS query is NOT forwarded to the
; DNS server). If none of the defined rules match then a negative result is determined.
;
PrimaryServerDomainNameAffinityMask=
;
; The query type affinity mask is list of semicolon separated values that allows to restrict which DNS server particular
; query types get forwarded to.
;
; In the following example only the requests for A, AAAA, MX and SRV query types get forwarded to the primary DNS
; server:
;
; PrimaryServerQueryTypeAffinityMask=A;AAAA;MX;SRV
;
; All DNS query types are supported, either explicitly using A, AAAA, CNAME, MX, NS, PTR, SOA, SRV and TXT or implicitly
; using their decimal values.
;
PrimaryServerQueryTypeAffinityMask=
;
; You can specify below whether to ignore failure responses coming from the primary DNS server.
;
IgnoreFailureResponsesFromPrimaryServer=No
;
; You can specify below whether to ignore negative responses coming from the primary DNS server.
;
IgnoreNegativeResponsesFromPrimaryServer=No
;
; The configuration of your secondary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
; Upon installation it points to the secondary Google Public DNS server.
;
SecondaryServerAddress=8.8.4.4
SecondaryServerPort=53
SecondaryServerProtocol=UDP
SecondaryServerDoHProtocolPath=
SecondaryServerDoHProtocolHost=
SecondaryServerDoHProtocolConnectionType=System
SecondaryServerDoHProtocolReuseConnections=Yes
SecondaryServerDoHProtocolUseWinHttp=Yes
SecondaryServerSocks5ProtocolProxyAddress=
SecondaryServerSocks5ProtocolProxyPort=
SecondaryServerDomainNameAffinityMask=
SecondaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSecondaryServer=No
IgnoreNegativeResponsesFromSecondaryServer=No
;
; The configuration of your tertiary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
TertiaryServerAddress=
TertiaryServerPort=53
TertiaryServerProtocol=UDP
TertiaryServerDoHProtocolPath=
TertiaryServerDoHProtocolHost=
TertiaryServerDoHProtocolConnectionType=System
TertiaryServerDoHProtocolReuseConnections=Yes
TertiaryServerDoHProtocolUseWinHttp=Yes
TertiaryServerSocks5ProtocolProxyAddress=
TertiaryServerSocks5ProtocolProxyPort=
TertiaryServerDomainNameAffinityMask=
TertiaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromTertiaryServer=No
IgnoreNegativeResponsesFromTertiaryServer=No
;
; The configuration of your quaternary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
QuaternaryServerAddress=
QuaternaryServerPort=53
QuaternaryServerProtocol=UDP
QuaternaryServerDoHProtocolPath=
QuaternaryServerDoHProtocolHost=
QuaternaryServerDoHProtocolConnectionType=System
QuaternaryServerDoHProtocolReuseConnections=Yes
QuaternaryServerDoHProtocolUseWinHttp=Yes
QuaternaryServerSocks5ProtocolProxyAddress=
QuaternaryServerSocks5ProtocolProxyPort=
QuaternaryServerDomainNameAffinityMask=
QuaternaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromQuaternaryServer=No
IgnoreNegativeResponsesFromQuaternaryServer=No
;
; The configuration of your quinary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
QuinaryServerAddress=
QuinaryServerPort=53
QuinaryServerProtocol=UDP
QuinaryServerDoHProtocolPath=
QuinaryServerDoHProtocolHost=
QuinaryServerDoHProtocolConnectionType=System
QuinaryServerDoHProtocolReuseConnections=Yes
QuinaryServerDoHProtocolUseWinHttp=Yes
QuinaryServerSocks5ProtocolProxyAddress=
QuinaryServerSocks5ProtocolProxyPort=
QuinaryServerDomainNameAffinityMask=
QuinaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromQuinaryServer=No
IgnoreNegativeResponsesFromQuinaryServer=No
;
; The configuration of your senary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
SenaryServerAddress=
SenaryServerPort=53
SenaryServerProtocol=UDP
SenaryServerDoHProtocolPath=
SenaryServerDoHProtocolHost=
SenaryServerDoHProtocolConnectionType=System
SenaryServerDoHProtocolReuseConnections=Yes
SenaryServerDoHProtocolUseWinHttp=Yes
SenaryServerSocks5ProtocolProxyAddress=
SenaryServerSocks5ProtocolProxyPort=
SenaryServerDomainNameAffinityMask=
SenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSenaryServer=No
IgnoreNegativeResponsesFromSenaryServer=No
;
; The configuration of your septenary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
SeptenaryServerAddress=
SeptenaryServerPort=53
SeptenaryServerProtocol=UDP
SeptenaryServerDoHProtocolPath=
SeptenaryServerDoHProtocolHost=
SeptenaryServerDoHProtocolConnectionType=System
SeptenaryServerDoHProtocolReuseConnections=Yes
SeptenaryServerDoHProtocolUseWinHttp=Yes
SeptenaryServerSocks5ProtocolProxyAddress=
SeptenaryServerSocks5ProtocolProxyPort=
SeptenaryServerDomainNameAffinityMask=
SeptenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSeptenaryServer=No
IgnoreNegativeResponsesFromSeptenaryServer=No
;
; The configuration of your octonary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
OctonaryServerAddress=
OctonaryServerPort=53
OctonaryServerProtocol=UDP
OctonaryServerDoHProtocolPath=
OctonaryServerDoHProtocolHost=
OctonaryServerDoHProtocolConnectionType=System
OctonaryServerDoHProtocolReuseConnections=Yes
OctonaryServerDoHProtocolUseWinHttp=Yes
OctonaryServerSocks5ProtocolProxyAddress=
OctonaryServerSocks5ProtocolProxyPort=
OctonaryServerDomainNameAffinityMask=
OctonaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromOctonaryServer=No
IgnoreNegativeResponsesFromOctonaryServer=No
;
; The configuration of your nonary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
NonaryServerAddress=
NonaryServerPort=53
NonaryServerProtocol=UDP
NonaryServerDoHProtocolPath=
NonaryServerDoHProtocolHost=
NonaryServerDoHProtocolConnectionType=System
NonaryServerDoHProtocolReuseConnections=Yes
NonaryServerDoHProtocolUseWinHttp=Yes
NonaryServerSocks5ProtocolProxyAddress=
NonaryServerSocks5ProtocolProxyPort=
NonaryServerDomainNameAffinityMask=
NonaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromNonaryServer=No
IgnoreNegativeResponsesFromNonaryServer=No
;
; The configuration of your denary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
DenaryServerAddress=
DenaryServerPort=53
DenaryServerProtocol=UDP
DenaryServerDoHProtocolPath=
DenaryServerDoHProtocolHost=
DenaryServerDoHProtocolConnectionType=System
DenaryServerDoHProtocolReuseConnections=Yes
DenaryServerDoHProtocolUseWinHttp=Yes
DenaryServerSocks5ProtocolProxyAddress=
DenaryServerSocks5ProtocolProxyPort=
DenaryServerDomainNameAffinityMask=
DenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromDenaryServer=No
IgnoreNegativeResponsesFromDenaryServer=No
;
; You can specify below whether Acrylic should sinkhole IPv6 lookups (also known as DNS requests of AAAA type) or not.
;
SinkholeIPv6Lookups=No
;
; You can direct Acrylic to forward reverse lookups (also known as DNS requests of PTR type) for private IP ranges to
; your DNS servers by choosing Yes instead of No. Aside from protecting you and your DNS servers from the traffic of
; these usually needless queries, choosing No is usually a better choice also to avoid leaking information about your
; private address space.
;
ForwardPrivateReverseLookups=No
;
; THE ACRYLIC DNS PROXY CACHING MECHANISM EXPLAINED
;
; When Acrylic receives a DNS request from a client the hosts cache (an in-memory static cache derived from the
; AcrylicHosts.txt file) is searched first. If nothing is found there the request is then searched in the address cache
; (an in-memory dynamic cache backed up by the AcrylicCache.dat file). At this point one of the following three cases
; can happen:
;
; [1] The request is not found in the address cache or its corresponding response is older than
; "AddressCacheScavengingTime" minutes: In this case the original request is forwarded to all of the configured DNS
; servers simultaneously. The response to the client is delayed until the first one of the DNS servers comes out with a
; valid response. All the other responses coming from the other DNS servers will be discarded.
;
; [2] The request is found in the address cache and its corresponding response is older than
; "AddressCacheSilentUpdateTime" minutes but not older than "AddressCacheScavengingTime minutes": In this case the
; response to the client is sent immediately from the address cache and the original request is also forwarded to all of
; the configured DNS servers simultaneously like in the previous case. The first valid response coming from one of the
; DNS servers will be used to silently update the address cache, while all the other responses coming from the other DNS
; servers will be discarded.
;
; [3] The request is found in the address cache and its corresponding response is younger than
; "AddressCacheSilentUpdateTime" minutes: In this case the response to the client is sent immediately from the address
; cache and no network activity with any of the configured DNS servers will occur.
;
; Be aware that to minimize disk activity the address cache is flushed from memory to disk only when Acrylic is stopped
; or the system is shut down.
;
; And now about the caching parameters:
;
; The time to live (in minutes) of a failure response in the address cache.
;
AddressCacheFailureTime=0
;
; The time to live (in minutes) of a negative response in the address cache.
;
AddressCacheNegativeTime=60
;
; The time to live (in minutes) of a positive response in the address cache.
;
AddressCacheScavengingTime=5760
;
; The time (in minutes) elapsed which an item in the address cache must be silently updated should a request occur.
;
AddressCacheSilentUpdateTime=1440
;
; The time (in minutes) elapsed which the address cache is pruned of obsolete items. A value of 0 indicates that no
; pruning of the address cache is ever done.
;
AddressCachePeriodicPruningTime=360
;
; The address cache domain name affinity mask is a list of semicolon separated values or wildcards that allows to
; restrict DNS responses for which domain names are to be cached in the address cache.
;
AddressCacheDomainNameAffinityMask=^dns.msftncsi.com;^ipv6.msftncsi.com;^www.msftncsi.com;*
;
; The address cache query type affinity mask is list of semicolon separated values that allows to restrict DNS responses
; for which query types are to be cached in the address cache.
;
; All DNS query types are supported, either explicitly using A, AAAA, CNAME, MX, NS, PTR, SOA, SRV and TXT or implicitly
; using their decimal values.
;
AddressCacheQueryTypeAffinityMask=A;AAAA;CNAME;MX;NS;PTR;SOA;SRV;TXT
;
; You can disable any disk activity related to the address cache by choosing Yes instead of No. If you do that Acrylic
; will use the address cache only in memory.
;
AddressCacheInMemoryOnly=No
;
; You can disable the address cache altogether by choosing Yes instead of No. If you do that Acrylic will work as a
; forwarding-only DNS proxy.
;
AddressCacheDisabled=No
;
; The local IPv4 address to which Acrylic binds. A value of 0.0.0.0 indicates that Acrylic should bind to all available
; addresses and as such it will be able to receive DNS requests coming from all of your network interfaces. A value
; corresponding to the IPv4 address of one of your network interfaces instead will allow Acrylic to receive DNS requests
; only from that specific network interface. An empty value instead indicates that no binding should occur on IPv4.
;
LocalIPv4BindingAddress=0.0.0.0
;
; The local UDPv4 port to which Acrylic binds. The default value of 53 is the standard port for DNS resolution. You
; should change this value only if you are using a non standard DNS client.
;
LocalIPv4BindingPort=53
;
; The local IPv6 address to which Acrylic binds. A value of 0:0:0:0:0:0:0:0 indicates that Acrylic should bind to all
; available addresses and as such it will be able to receive DNS requests coming from all of your network interfaces. A
; value corresponding to the IPv6 address of one of your network interfaces instead will allow Acrylic to receive DNS
; requests only from that specific network interface. An empty value instead indicates that no binding should occur on
; IPv6.
;
LocalIPv6BindingAddress=0:0:0:0:0:0:0:0
;
; The local UDPv6 port to which Acrylic binds. The default value of 53 is the standard port for DNS resolution. You
; should change this value only if you are using a non standard DNS client.
;
LocalIPv6BindingPort=53
;
; On Windows versions prior to Windows Vista or Windows Server 2008 the IPv6 protocol is usually not installed by
; default. For Windows 2000 there is a Microsoft IPv6 Technology Preview package available for download while for
; Windows XP the IPv6 protocol must be added to the list of available network protocols in your network connection
; Properties window.
;
; If you want to enable local IPv6 binding for Acrylic on Windows versions prior to Windows Vista or Windows Server 2008
; you can choose Yes below after having installed all the necessary prerequisites.
;
LocalIPv6BindingEnabledOnWindowsVersionsPriorToWindowsVistaOrWindowsServer2008=No
;
; The time to live (in seconds) set for DNS responses generated by Acrylic (e.g. the ones generated from mappings
; contained in the AcrylicHosts.txt file).
;
GeneratedResponseTimeToLive=300
;
; The maximum time (in milliseconds) to wait for a response coming from a DNS server configured with the UDP protocol.
;
ServerUdpProtocolResponseTimeout=4999
;
; The maximum time (in milliseconds) to wait for the first byte of a response coming from a DNS server configured with
; the TCP protocol.
;
ServerTcpProtocolResponseTimeout=4999
;
; The maximum time (in milliseconds) to wait for the other bytes of a response coming from a DNS server configured with
; the TCP protocol.
;
ServerTcpProtocolInternalTimeout=2477
;
; The maximum times (in milliseconds) to wait for the below events when communicating with an intermediary SOCKS 5 proxy
; server on behalf of a DNS server configured with the SOCKS5 protocol.
;
ServerSocks5ProtocolProxyFirstByteTimeout=2477
ServerSocks5ProtocolProxyOtherBytesTimeout=2477
ServerSocks5ProtocolProxyRemoteConnectTimeout=2477
ServerSocks5ProtocolProxyRemoteResponseTimeout=4999
;
; The hit log is a text file into which every DNS request and DNS response received by Acrylic can be logged.
;
; It is activated by specifying a non-empty value for the HitLogFileName parameter and contains lines with the following
; TAB-separated fields:
;
; [01] The timestamp of the DNS request or response in the format YYYY-MM-DD HH:MM:SS.FFF (local time).
; [02] The IP address from where the DNS request originates from or the DNS response is destined to.
; [03] The status code of the DNS request or response:
;        X => Resolved directly by Acrylic
;        H => Resolved using the hosts cache
;        C => Resolved using the address cache
;        F => Forwarded to at least one of your DNS servers
;        R => Response accepted from one of your DNS servers
;        U => Silent update accepted from one of your DNS servers
; [04] The index of the DNS server the DNS response is coming from.
; [05] The time it took (in milliseconds) for the DNS server to produce a DNS response.
; [06] The dissected DNS request or response.
;
; A dissected DNS request looks like:
;
; OC=0;RD=1;QDC=1;Q[1]=x.com;T[1]=A
;
; Where:
;
; [01] OC=0 means that the DNS operation code (OPCODE) is 0. Possible values are: 0 = a standard query (QUERY), 1 = an
; inverse query (IQUERY), 2 = a server status request (STATUS).
; [02] RD=1 means that the DNS response recursion desired bit (RD) is 1. If RD is set, it directs the name server to
; pursue the query recursively.
; [03] QDC=1 means that the number of queries (QDCOUNT) contained in the DNS request is 1.
; [04] Q[1]=x.com means that DNS query 1 refers to the "x.com" domain name.
; [05] T[1]=A means that DNS query 1 is of type A (IPv4).
;
; A dissected DNS response looks like:
;
; OC=0;RC=0;TC=0;RD=1;RA=1;AA=0;QDC=1;ANC=2;NSC=0;ARC=0;Q[1]=x.com;T[1]=CNAME;A[1]=x.com>y.com;T[2]=A;A[2]=y.com>1.2.3.4
;
; Where:
;
; [01] OC=0 means that the DNS operation code (OPCODE) is 0. Possible values are: 0 = a standard query (QUERY), 1 = an
; inverse query (IQUERY), 2 = a server status request (STATUS).
; [02] RC=0 means that the DNS response code (RCODE) is 0. Possible values are: 0 = no error condition, 1 = format error
; (the name server was unable to interpret the query), 2 = server failure (the name server was unable to process this
; query due to a problem with the name server), 3 = name error (meaningful only for responses from an authoritative name
; server, this code signifies that the domain name referenced in the query does not exist), 4 = not implemented (the
; name server does not support the requested kind of query), 5 = refused (the name server refuses to perform the
; specified operation for policy reasons).
; [03] TC=0 means that the DNS response truncated bit (TC) is 0. This bit specifies that this message was truncated due
; to length greater than that permitted on the transmission channel.
; [04] RD=1 means that the DNS response recursion desired bit (RD) is 0. If RD is set, it directs the name server to
; pursue the query recursively.
; [05] RA=1 means that the DNS response recursion available bit (RA) is 0. This bit denotes whether recursive query
; support is available in the name server.
; [06] AA=0 means that the DNS response authoritative answer bit (AA) is 0. This bit specifies that the responding name
; server is an authority for the domain name in question section.
; [07] QDC=1 means that the number of queries (QDCOUNT) contained in the DNS response is 1.
; [08] ANC=2 means that the number of answers (ANCOUNT) contained in the DNS response is 2.
; [09] NSC=0 means that the number of nameserver records (NSCOUNT) contained in the DNS response is 0.
; [10] ARC=0 means that the number of additional records (ARCOUNT) contained in the DNS response is 0.
; [11] Q[1]=x.com means that the DNS query 1 refers to the "x.com" domain name.
; [12] T[1]=CNAME means that the DNS answer 1 is of type CNAME (canonical name).
; [13] A[1]=x.com>y.com means that the DNS answer 1 that refers to the "x.com" domain name is "y.com".
; [14] T[2]=A means that the DNS answer 2 is of type A (IPv4).
; [15] A[2]=y.com>1.2.3.4 means that the DNS answer 2 that refers to the "y.com" domain name is "1.2.3.4".
;
; Regarding the HitLogFileName you can use an absolute or a relative path and a kind of daily log rotation can be
; achieved by including the %DATE% template within the file name. A complete list of all the templates you can use
; within the file name is shown below:
;
; %DATE%
; The current date in YYYYMMDD format.
;
; %TEMP%
; The current value of the TEMP environment variable.
;
; %APPDATA%
; The current value of the APPDATA environment variable.
;
; %LOCALAPPDATA%
; The current value of the LOCALAPPDATA environment variable.
;
; Examples:
;
; HitLogFileName=HitLog.%DATE%.txt
; HitLogFileName=%TEMP%\AcrylicDNSProxyHitLog.%DATE%.txt
;
HitLogFileName=
;
; The filter (a combination of one or more of the status codes explained above) which controls what gets written into
; the hit log.
;
HitLogFileWhat=XHCF
;
; You can enable the full dump (in addition to the DNS format dissections explained above) of DNS requests and responses
; into the hit log by choosing Yes instead of No.
;
HitLogFullDump=No
;
; The maximum number of hit log items that can be kept in memory before they are flushed to disk. For performance
; reasons the hit log is flushed to disk only when the hit log memory buffer is full, when Acrylic is stopped or when
; the system is shutdown, therefore you might experience a delay from when a DNS request or response is received to when
; its details get written into the hit log.
;
HitLogMaxPendingHits=512
;
; ALLOWING REQUESTS FROM OTHER COMPUTERS
;
; Although for security reasons the default behaviour of Acrylic is to refuse to handle requests coming from other
; computers, it is possible to specify below in the AllowedAddressesSection a list of IP addresses (wildcards are
; allowed) from which can come requests that Acrylic is allowed to handle. You have to specify a different key name for
; each entry, like in the following example:
;
; [AllowedAddressesSection]
; IP1=192.168.45.254 -- A single IP address
; IP2=192.168.44.100 -- Another single IP address
; IP3=192.168.100.* -- All addresses starting with 192.168.100
; IP4=172.16.* -- All addresses starting with 172.16
;
; Although not recommended for security reasons you can also allow Acrylic to handle requests coming from any IP
; address, like in the following example:
;
; [AllowedAddressesSection]
; IP1=*
;
; You must also create a firewall rule to allow incoming traffic directed to the two Acrylic executables:
; "AcrylicService.exe" and "AcrylicConsole.exe".
;
[AllowedAddressesSection]