Acrylic DNS Proxy Configuration


The best way to learn about Acrylic features and configuration options is by looking at its commented configuration file:

;
; IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS
; PROXY SERVICE IN ORDER TO SEE THEIR EFFECTS.
;
[GlobalSection]
;
; The cluster of host names the primary DNS server is to resolve.
;
; The affinity mask is a list of semicolon separated values or wildcards that
; allows to restrict which DNS server is going to resolve a particular host name.
;
; In the following example only the requests for host names ending with ".com"
; get forwarded to the primary DNS server:
;
; PrimaryServerHostNameAffinityMask=*.com
;
; In the following example only the requests for host names ending with ".com"
; and ".org" get forwarded to the primary DNS server:
;
; PrimaryServerHostNameAffinityMask=*.com;*.org
;
; Negations can be expressed by prepending a caret (^) to the value or wildcard.
;
; In the following example only the requests for host names NOT ending with
; ".com" or ".org" get forwarded to the primary DNS server (the last catch-all
; value is particularly important in this case as, if missing, no request would
; ever be forwarded to the primary DNS server):
;
; PrimaryServerHostNameAffinityMask=^*.com;^*.org;*
;
PrimaryServerHostNameAffinityMask=
;
; A list of semicolon separated values representing DNS query types that allows
; to restrict which DNS server is going to resolve a particular query type.
;
; In the following example only the requests for A, AAAA and MX query types
; get forwarded to the primary DNS server:
;
; PrimaryServerQueryTypeAffinityMask=A;AAAA;MX
;
; The supported query types are:
;
; A A6 AAAA ADDRS AFSDB ATMA AXFR CERT CNAME
; DHCID DNAME DNSKEY DS EID GID GPOS HINFO ISDN
; IXFR KEY KX LOC MAILA MAILB MB MD MF
; MG MINFO MR MX NAPTR NIMLOC NS NSAP NSAPPTR
; NSEC NULL NXT OPT PTR PX RP RRSIG RT
; SIG SINK SOA SRV TEXT TKEY TSIG UID UINFO
; UNSPEC WINS WINSR WKS X25
;
PrimaryServerQueryTypeAffinityMask=
;
; The IP address of your primary DNS server.
; Upon installation it points to the primary OpenDNS server.
;
PrimaryServerAddress=208.67.222.222
;
; The UDP port your primary DNS server is supposed to be listening to. The
; default value of 53 is the standard port for DNS resolution. You should
; change this value only if you are using a non standard DNS server.
;
PrimaryServerPort=53
;
; You can decide to ignore negative responses coming from the primary DNS
; server by uncommenting the following line.
;
; IgnoreNegativeResponsesFromPrimaryServer=Yes
;
; The configuration of your secondary DNS server.
; Upon installation it points to the secondary OpenDNS server.
; For details please refer to the explanations given for the primary DNS server.
;
SecondaryServerHostNameAffinityMask=
SecondaryServerQueryTypeAffinityMask=
SecondaryServerAddress=208.67.220.220
SecondaryServerPort=53
; IgnoreNegativeResponsesFromSecondaryServer=Yes
;
; The configuration of your tertiary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
TertiaryServerHostNameAffinityMask=
TertiaryServerQueryTypeAffinityMask=
TertiaryServerAddress=
TertiaryServerPort=53
; IgnoreNegativeResponsesFromTertiaryServer=Yes
;
; The configuration of your quaternary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
QuaternaryServerHostNameAffinityMask=
QuaternaryServerQueryTypeAffinityMask=
QuaternaryServerAddress=
QuaternaryServerPort=53
; IgnoreNegativeResponsesFromQuaternaryServer=Yes
;
; The configuration of your quinary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
QuinaryServerHostNameAffinityMask=
QuinaryServerQueryTypeAffinityMask=
QuinaryServerAddress=
QuinaryServerPort=53
; IgnoreNegativeResponsesFromQuinaryServer=Yes
;
; The configuration of your senary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
SenaryServerHostNameAffinityMask=
SenaryServerQueryTypeAffinityMask=
SenaryServerAddress=
SenaryServerPort=53
; IgnoreNegativeResponsesFromSenaryServer=Yes
;
; The configuration of your septenary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
SeptenaryServerHostNameAffinityMask=
SeptenaryServerQueryTypeAffinityMask=
SeptenaryServerAddress=
SeptenaryServerPort=53
; IgnoreNegativeResponsesFromSeptenaryServer=Yes
;
; The configuration of your octonary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
OctonaryServerHostNameAffinityMask=
OctonaryServerQueryTypeAffinityMask=
OctonaryServerAddress=
OctonaryServerPort=53
; IgnoreNegativeResponsesFromOctonaryServer=Yes
;
; The configuration of your nonary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
NonaryServerHostNameAffinityMask=
NonaryServerQueryTypeAffinityMask=
NonaryServerAddress=
NonaryServerPort=53
; IgnoreNegativeResponsesFromNonaryServer=Yes
;
; The configuration of your denary DNS server.
; For details please refer to the explanations given for the primary DNS server.
;
DenaryServerHostNameAffinityMask=
DenaryServerQueryTypeAffinityMask=
DenaryServerAddress=
DenaryServerPort=53
; IgnoreNegativeResponsesFromDenaryServer=Yes
;
; THE ACRYLIC DNS CACHING MECHANISM EXPLAINED
;
; When Acrylic receives a DNS request from a client the hosts cache (a static
; cache contained in the AcrylicHosts.txt file) is searched first. If nothing
; is found in it the request is subsequently searched in the address cache (a
; dynamic cache contained in the AcrylicCache.dat file). At this point three
; things may happen:
;
; Case 1:
;
; The request is not found in the address cache or its corresponding response
; is older than AddressCacheScavengingTime minutes: In this case the original
; request is forwarded to all of the configured DNS servers simultaneously. The
; response to the client is delayed until the first one of the configured DNS
; servers comes out with a valid response (all the others will be discarded).
;
; Case 2:
;
; The request is found in the address cache and its corresponding response is
; older than AddressCacheSilentUpdateTime minutes but not older than
; AddressCacheScavengingTime minutes: In this case the response to the client
; is sent immediately from the address cache and the original request is also
; forwarded to all of the configured DNS servers like in the previous case. The
; first response coming from one of the configured DNS servers will be used to
; silently update the address cache (all the others will be discarded).
;
; Case 3:
;
; The request is found in the address cache and its corresponding response is
; younger than AddressCacheSilentUpdateTime minutes: In this case the response
; to the client is sent immediately from the address cache and no network
; activity with the configured DNS servers will occur.
;
; Note: Negative responses from the DNS servers can be cached with a different
; expiration time (usually much smaller) than positive ones by setting the value
; of the AddressCacheNegativeTime parameter.
;
; Simply using Acrylic with default parameters should give a lot of boost to the
; performance of your DNS queries but to get the best out of it you may have to
; tune it to your specific needs:
;
; If you are concerned with the cache not being enough up to date (e.g. you are
; using Acrylic on a LAN with addresses given by a DHCP server using a short
; lease) use a lower value for the AddressCacheSilentUpdateTime and the
; AddressCacheNegativeTime parameters:
;
; AddressCacheNegativeTime=10
; AddressCacheScavengingTime=600
; AddressCacheSilentUpdateTime=450
;
; If your DNS servers are particularly unreliable and you want to minimize the
; disruption to your work should they become unresponsive use a higher value for
; the AddressCacheScavengingTime and the AddressCacheSilentUpdateTime:
;
; AddressCacheNegativeTime=57600
; AddressCacheScavengingTime=57600
; AddressCacheSilentUpdateTime=43200
;
; And now about the caching parameters:
;
; The time to live (in minutes) of a negative response in the address cache.
;
AddressCacheNegativeTime=720
;
; The time to live (in minutes) of a positive response in the address cache.
;
AddressCacheScavengingTime=14400
;
; The time (in minutes) elapsed which an item in the address cache must be
; silently updated should a request occur.
;
AddressCacheSilentUpdateTime=10800
;
; AddressCache data can be compressed by Acrylic should it determine (on a
; single item basis) that it would save some space. Since a very fast LZO
; compression engine is used it is usually best to keep compression ON.
;
; AddressCacheDisableCompression=Yes
;
; You can disable the address cache altogether by uncommenting the following
; line. If you do Acrylic will work as a forwarding-only DNS proxy.
;
; AddressCacheDisabled=Yes
;
; The local IP address to which Acrylic binds. A value of 0.0.0.0 indicates
; that Acrylic should bind to all available addresses and as such it will be
; able to receive DNS requests and responses coming from all of your network
; cards and modems. A value corresponding to the IP address of one of them
; instead will allow Acrylic to receive DNS requests/responses only from
; that specific network card or modem.
;
LocalBindingAddress=0.0.0.0
;
; The UDP port at which Acrylic responds. The default value of 53 is the
; standard port for DNS resolution. You should change this value only if
; you are using a non standard DNS client.
;
LocalBindingPort=53
;
; The file name of the hit log into which every incoming DNS packet seen by
; Acrylic gets logged. You can specify here an absolute or a relative path and
; a sort of daily log rotation can be achieved by including the %DATE% template
; within the name.
;
; In the hit log, along with the packet timestamp, client address and host name
; there's a treatment field (how Acrylic treated it). Possibile values are:
;
; B -> Explicitly blocked
; H -> Resolved from the HOSTS cache
; C -> Resolved from the Acrylic cache
; F -> Forwarded to the configured DNS servers
; R -> Received from one of the configured DNS servers
; U -> Silent update from one of the configured DNS servers
;
; Example:
;
; HitLogFileName=HitLog.%DATE%.txt
;
HitLogFileName=
;
; The filter which controls what gets logged into the hit log and what's not.
; A valid filter is whatever combination of packet types (for their meaning
; see the previous note) specified in any order.
;
HitLogFileWhat=BHCFRU
;
; The file name of the stats log into which Acrylic saves informations
; about the performance of your DNS servers and some statistical data about
; the fate of your DNS requests. You can specify here an absolute or a relative
; path.
;
StatsLogFileName=
;
; ALLOWING REQUESTS FROM OTHER COMPUTERS
;
; Although for security reasons the default behaviour of Acrylic is to refuse
; to handle requests coming from other computers it is possible to specify in
; the AllowedAddressesSection a list of IP addresses or IP subnets from which
; can come requests that Acrylic is allowed to handle. You have to specify
; a different key name for each entry, like in the following example:
;
; [AllowedAddressesSection]
; IP1=192.168.45.254 -- A single IP address
; IP2=192.168.44.100 -- Another single IP address
; IP3=192.168.100.* -- All addresses starting with 192.168.100
; IP4=172.16.* -- All addresses starting with 172.16
;
; For performance reasons keep the number of addresses listed in this section
; as low as possible (you should try to specify subnets instead of large lists
; of IP addresses whenever possible).
;
; Note: Wildcards (like 192.168.100.*) are allowed. Although not recommended
; for security reasons you can allow Acrylic to handle requests coming from
; any IP address, like in the following example:
;
; [AllowedAddressesSection]
; IP1=*
;
[AllowedAddressesSection]
;
; The CacheExceptionsSection section below may contain a list of names
; for which caching does not occur (DNS requests for them are directly
; forwarded to the DNS servers). This may be useful if you have a small
; subset of IP addresses that change rapidly but you don't want to loose
; the performance improvements of caching for all the other addresses.
;
; Example:
;
; [CacheExceptionsSection]
; NAME1=somemachine.mydomain.local
; NAME2=*.microsoft.com
;
; Note: Wildcards (like *.microsoft.com) are allowed.
;
[CacheExceptionsSection]
;
; The WhiteExceptionsSection section below may contain a list of names
; outside of which DNS requests are resolved by Acrylic as "localhost". If
; the section is empty Acrylic behaves normally by trying to resolve every DNS
; request through all its strategies (hosts cache, address cache, forward). If
; the section contains at least an item instead Acrylic behaves as in some
; sort of parental control mode by resolving automatically as "localhost"
; every DNS request for hosts which are not present in the list.
;
; Example:
;
; [WhiteExceptionsSection]
; NAME1=mayakron.altervista.org
; NAME2=*.wikipedia.org
;
; Note: Wildcards (like *.wikipedia.org) are allowed.
;
[WhiteExceptionsSection]

Go back to the Acrylic Home page.