Acrylic DNS Proxy Configuration


The best way to learn about Acrylic features and configuration options is by looking at its commented configuration file:

;
; IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS
; PROXY SERVICE IN ORDER TO SEE THEIR EFFECTS.
;
[GlobalSection]
;
; The IP address of your primary DNS server. You can specify here an IPv4
; address in quad-dotted notation or an IPv6 address in colon-separated groups.
;
; Upon installation it points to the primary Google Public DNS server.
;
PrimaryServerAddress=8.8.8.8
;
; The TCP or UDP port your primary DNS server is supposed to be listening to.
; The default value of 53 is the standard port for DNS resolution. You should
; change this value only if you are using a non standard DNS server.
;
PrimaryServerPort=53
;
; The protocol to use with your primary DNS server.
; The currently supported protocols are UDP, TCP and SOCKS5.
;
PrimaryServerProtocol=UDP
;
; The IP address of the proxy server to use to reach your primary DNS server,
; in case you instructed Acrylic to use the SOCKS5 protocol in the previous
; configuration option. You can specify here an IPv4 address in quad-dotted
; notation or an IPv6 address in colon-separated groups.
;
PrimaryServerProxyAddress=
;
; The TCP port the proxy server described above is supposed to be listening to.
;
PrimaryServerProxyPort=
;
; The cluster of domain names the primary DNS server is to resolve.
;
; The affinity mask is a list of semicolon separated values or wildcards that
; allows to restrict which DNS server is going to resolve a particular host
; name.
;
; In the following example only the requests for domain names ending with ".com"
; get forwarded to the primary DNS server:
;
; PrimaryServerDomainNameAffinityMask=*.com
;
; In the following example only the requests for domain names ending with ".com"
; and ".org" get forwarded to the primary DNS server:
;
; PrimaryServerDomainNameAffinityMask=*.com;*.org
;
; Negations can be expressed by prepending a caret (^) to the value or wildcard.
;
; In the following example only the requests for domain names NOT ending with
; ".com" or ".org" get forwarded to the primary DNS server (the last catch-all
; value is particularly important in this case as, if missing, no request would
; ever be forwarded to the primary DNS server):
;
; PrimaryServerDomainNameAffinityMask=^*.com;^*.org;*
;
PrimaryServerDomainNameAffinityMask=
;
; A list of semicolon separated values representing DNS query types that allows
; to restrict which DNS server is going to resolve a particular query type.
;
; In the following example only the requests for A, AAAA, CNAME, MX, NS, SOA and
; SRV query types get forwarded to the primary DNS server:
;
; PrimaryServerQueryTypeAffinityMask=A;AAAA;CNAME;MX;NS;SOA;SRV
;
; The supported query types are:
;
; A NS MD MF CNAME
; SOA MB MG MR NULL
; WKS PTR HINFO MINFO MX
; TXT RP AFSDB X25 ISDN
; RT NSAP NSAPPTR SIG KEY
; PX GPOS AAAA LOC NXT
; EID NIMLOC SRV ATMA NAPTR
; KX CERT A6 DNAME SINK
; OPT APL DS SSHFP IPSECKEY
; RRSIG NSEC DNSKEY DHCID NSEC3
; NSEC3PARAM TLSA HIP NINFO RKEY
; TALINK CDS CDNSKEY OPENPGPKEY CSYNC
; SPF UINFO UID GID UNSPEC
; NID L32 L64 LP EUI48
; EUI64 ADDRS TKEY TSIG IXFR
; AXFR MAILB MAILA ALL URI
; CAA TA DLV WINS WINSR
;
PrimaryServerQueryTypeAffinityMask=
;
; You can decide to ignore negative responses coming from the primary DNS
; server by choosing Yes instead of No.
;
IgnoreNegativeResponsesFromPrimaryServer=No
;
; The configuration of your secondary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
; Upon installation it points to the secondary Google Public DNS server.
;
SecondaryServerAddress=8.8.4.4
SecondaryServerPort=53
SecondaryServerProtocol=UDP
SecondaryServerProxyAddress=
SecondaryServerProxyPort=
SecondaryServerDomainNameAffinityMask=
SecondaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromSecondaryServer=No
;
; The configuration of your tertiary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
TertiaryServerAddress=
TertiaryServerPort=53
TertiaryServerProtocol=UDP
TertiaryServerProxyAddress=
TertiaryServerProxyPort=
TertiaryServerDomainNameAffinityMask=
TertiaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromTertiaryServer=No
;
; The configuration of your quaternary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
QuaternaryServerAddress=
QuaternaryServerPort=53
QuaternaryServerProtocol=UDP
QuaternaryServerProxyAddress=
QuaternaryServerProxyPort=
QuaternaryServerDomainNameAffinityMask=
QuaternaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromQuaternaryServer=No
;
; The configuration of your quinary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
QuinaryServerAddress=
QuinaryServerPort=53
QuinaryServerProtocol=UDP
QuinaryServerProxyAddress=
QuinaryServerProxyPort=
QuinaryServerDomainNameAffinityMask=
QuinaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromQuinaryServer=No
;
; The configuration of your senary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
SenaryServerAddress=
SenaryServerPort=53
SenaryServerProtocol=UDP
SenaryServerProxyAddress=
SenaryServerProxyPort=
SenaryServerDomainNameAffinityMask=
SenaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromSenaryServer=No
;
; The configuration of your septenary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
SeptenaryServerAddress=
SeptenaryServerPort=53
SeptenaryServerProtocol=UDP
SeptenaryServerProxyAddress=
SeptenaryServerProxyPort=
SeptenaryServerDomainNameAffinityMask=
SeptenaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromSeptenaryServer=No
;
; The configuration of your octonary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
OctonaryServerAddress=
OctonaryServerPort=53
OctonaryServerProtocol=UDP
OctonaryServerProxyAddress=
OctonaryServerProxyPort=
OctonaryServerDomainNameAffinityMask=
OctonaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromOctonaryServer=No
;
; The configuration of your nonary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
NonaryServerAddress=
NonaryServerPort=53
NonaryServerProtocol=UDP
NonaryServerProxyAddress=
NonaryServerProxyPort=
NonaryServerDomainNameAffinityMask=
NonaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromNonaryServer=No
;
; The configuration of your denary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
DenaryServerAddress=
DenaryServerPort=53
DenaryServerProtocol=UDP
DenaryServerProxyAddress=
DenaryServerProxyPort=
DenaryServerDomainNameAffinityMask=
DenaryServerQueryTypeAffinityMask=
IgnoreNegativeResponsesFromDenaryServer=No
;
; THE ACRYLIC DNS CACHING MECHANISM EXPLAINED
;
; When Acrylic receives a DNS request from a client the hosts cache (a static
; cache contained in the AcrylicHosts.txt file) is searched first. If nothing
; is found in it the request is subsequently searched in the address cache (a
; dynamic cache contained in the AcrylicCache.dat file). At this point three
; things may happen:
;
; Case 1:
;
; The request is not found in the address cache or its corresponding response
; is older than AddressCacheScavengingTime minutes: In this case the original
; request is forwarded to all of the configured DNS servers simultaneously. The
; response to the client is delayed until the first one of the configured DNS
; servers comes out with a valid response (all the others will be discarded).
;
; Case 2:
;
; The request is found in the address cache and its corresponding response is
; older than AddressCacheSilentUpdateTime minutes but not older than
; AddressCacheScavengingTime minutes: In this case the response to the client
; is sent immediately from the address cache and the original request is also
; forwarded to all of the configured DNS servers like in the previous case. The
; first response coming from one of the configured DNS servers will be used to
; silently update the address cache (all the others will be discarded).
;
; Case 3:
;
; The request is found in the address cache and its corresponding response is
; younger than AddressCacheSilentUpdateTime minutes: In this case the response
; to the client is sent immediately from the address cache and no network
; activity with the configured DNS servers will occur.
;
; Note: Negative responses from the DNS servers can be cached with a different
; expiration time (usually much smaller) than positive ones by setting the value
; of the AddressCacheNegativeTime parameter.
;
; Simply using Acrylic with default parameters should give a lot of boost to the
; performance of your DNS queries but to get the best out of it you may have to
; tune it to your specific needs:
;
; If you are concerned with the cache not being enough up to date (e.g. you are
; using Acrylic on a LAN with addresses given by a DHCP server using a short
; lease) use a lower value for the AddressCacheSilentUpdateTime and the
; AddressCacheNegativeTime parameters:
;
; AddressCacheNegativeTime=10
; AddressCacheScavengingTime=600
; AddressCacheSilentUpdateTime=60
;
; If your DNS servers are particularly unreliable and you want to minimize the
; disruption to your work should they become unresponsive use a higher value for
; the AddressCacheScavengingTime and the AddressCacheSilentUpdateTime:
;
; AddressCacheNegativeTime=10
; AddressCacheScavengingTime=57600
; AddressCacheSilentUpdateTime=1440
;
; And now about the caching parameters:
;
; The time to live (in minutes) of a negative response in the address cache.
;
AddressCacheNegativeTime=10
;
; The time to live (in minutes) of a positive response in the address cache.
;
AddressCacheScavengingTime=28800
;
; The time (in minutes) elapsed which an item in the address cache must be
; silently updated should a request occur.
;
AddressCacheSilentUpdateTime=1440
;
; You can disable the address cache by choosing Yes instead of No. If you
; do that Acrylic will work as a forwarding-only DNS proxy.
;
AddressCacheDisabled=No
;
; The local IPv4 address to which Acrylic binds. A value of 0.0.0.0 indicates
; that Acrylic should bind to all available addresses and as such it will be
; able to receive DNS requests coming from all of your network interfaces. A
; value corresponding to the IPv4 address of one of them instead will allow
; Acrylic to receive DNS requests only from that specific network interface. An
; empty value instead indicates that no binding should occur on IPv4.
;
LocalIPv4BindingAddress=0.0.0.0
;
; The local UDPv4 port to which Acrylic binds. The default value of 53 is the
; standard port for DNS resolution. You should change this value only if you
; are using a non standard DNS client.
;
LocalIPv4BindingPort=53
;
; The local IPv6 address to which Acrylic binds. A value of 0:0:0:0:0:0:0:0
; indicates that Acrylic should bind to all available addresses. An empty
; value instead indicates that no binding should occur on IPv6.
;
LocalIPv6BindingAddress=0:0:0:0:0:0:0:0
;
; The local UDPv6 port to which Acrylic binds. The default value of 53 is the
; standard port for DNS resolution. You should change this value only if you
; are using a non standard DNS client.
;
LocalIPv6BindingPort=53
;
; On Windows versions prior to Windows Vista or Windows Server 2008 the IPv6
; protocol is usually not installed by default. For Windows 2000 there is a
; Microsoft IPv6 Technology Preview package available for download while for
; Windows XP the IPv6 protocol must be added to the list of available network
; protocols in your network connection Properties window.
;
; If you want to enable local IPv6 binding for Acrylic on Windows versions prior
; to Windows Vista or Windows Server 2008 you can choose Yes below after having
; installed all the necessary prerequisites.
;
LocalIPv6BindingEnabledOnWindowsVersionsPriorToWindowsVistaOrWindowsServer2008=No
;
; The time to live (in seconds) set for DNS responses generated by Acrylic (e.g.
; the ones generated from mappings contained in the Acrylic HOSTS file).
;
GeneratedResponseTimeToLive=60
;
; The file name of the hit log into which every incoming DNS request seen by
; Acrylic gets logged. You can specify here an absolute or a relative path and
; a sort of daily log rotation can be achieved by including the %DATE% template
; within the file name. Here is the list of all supported templates:
;
; %DATE%
; The current date in YYYYMMDD format.
;
; %TEMP%
; The current value of the TEMP environment variable.
;
; %APPDATA%
; The current value of the APPDATA environment variable.
;
; %LOCALAPPDATA%
; The current value of the LOCALAPPDATA environment variable.
;
; Examples:
;
; HitLogFileName=HitLog.%DATE%.txt
; HitLogFileName=%TEMP%\AcrylicDNSProxyHitLog.%DATE%.txt
;
; In the hit log, along with the packet timestamp, client address and request
; description there's a treatment field code (how Acrylic treated it):
;
; B -> Explicitly blocked
; H -> Resolved from the hosts cache
; C -> Resolved from the address cache
; F -> Forwarded to the configured DNS servers
; R -> Received from one of the configured DNS servers
; U -> Silent update from one of the configured DNS servers
;
HitLogFileName=
;
; The filter which controls what gets logged into the hit log and what not. A
; valid filter is whatever combination of packet types (for their meaning see
; the previous note) specified in any order.
;
HitLogFileWhat=BHCFRU
;
; You can force Acrylic to write the hit log in the old (0.9.24) format by
; uncommenting the following line. The new format has more informations but
; you may want to use the old one for compatibility with an already existing
; log analyzer.
;
; HitLogFileMode=Legacy
;
; The file name of the stats log into which Acrylic saves informations about
; the performance of your DNS servers and some statistical data about the fate
; of your DNS requests. You can specify here an absolute or a relative path. All
; these templates are also supported within the file name:
;
; %TEMP%
; The current value of the TEMP environment variable.
;
; %APPDATA%
; The current value of the APPDATA environment variable.
;
; %LOCALAPPDATA%
; The current value of the LOCALAPPDATA environment variable.
;
; Examples:
;
; StatsLogFileName=StatsLog.txt
; StatsLogFileName=%TEMP%\AcrylicDNSProxyStatsLog.txt
;
StatsLogFileName=
;
; ENABLING THE ACRYLIC HTTP SERVER
;
; The Acrylic HTTP server is primarily used to provide some default content to
; your browser when a domain name is resolved through the Acrylic hosts file as
; localhost.
;
; When enabled the default behaviour of Acrylic, for security reasons, is to
; handle only requests coming from localhost.
;
; If you want to change that it is possible to specify in the
; AllowedAddressesSection a list of IP addresses or IP subnets from which can
; come requests that Acrylic is allowed to handle. For more informations please
; refer to the comments relative to the AllowedAddressesSection below.
;
; And now about the Acrylic HTTP server parameters:
;
; The local IPv4 address to which the Acrylic HTTP server binds. A value of
; 0.0.0.0 indicates that it should bind to all available addresses and as such
; it will be able to receive HTTP requests coming from all of your network
; interfaces. A value corresponding to the IPv4 address of one of your network
; interface instead will allow Acrylic to receive HTTP requests only from that
; specific network interface. An empty value instead indicates that no binding
; should occur on IPv4.
;
HttpServerBindingAddress=
;
; The local TCPv4 port to which Acrylic HTTP server binds. The default value of
; 80 is the standard port for HTTP servers.
;
HttpServerBindingPort=80
;
; ALLOWING REQUESTS FROM OTHER COMPUTERS
;
; Although for security reasons the default behaviour of Acrylic is to refuse to
; handle requests coming from other computers it is possible to specify in the
; AllowedAddressesSection a list of IP addresses or IP subnets from which can
; come requests that Acrylic is allowed to handle. You have to specify a
; different key name for each entry, like in the following example:
;
; [AllowedAddressesSection]
; IP1=192.168.45.254 -- A single IP address
; IP2=192.168.44.100 -- Another single IP address
; IP3=192.168.100.* -- All addresses starting with 192.168.100
; IP4=172.16.* -- All addresses starting with 172.16
;
; For performance reasons keep the number of addresses listed in this section as
; low as possible (you should try to specify subnets instead of large lists of
; IP addresses whenever possible).
;
; Note: Wildcards (like 192.168.100.*) are allowed. Although not recommended
; for security reasons you can allow Acrylic to handle requests coming from any
; IP address, like in the following example:
;
; [AllowedAddressesSection]
; IP1=*
;
[AllowedAddressesSection]
;
; The CacheExceptionsSection section below may contain a list of names for which
; caching does not occur (DNS requests for them are directly forwarded to the
; DNS servers). This may be useful if you have a small subset of IP addresses
; that change rapidly but you don't want to loose the performance improvements
; of caching for all the other addresses.
;
; Example:
;
; [CacheExceptionsSection]
; NAME1=somemachine.mydomain.local
; NAME2=*.microsoft.com
;
; Note: Wildcards (like *.microsoft.com) are allowed.
;
[CacheExceptionsSection]
;
; The WhiteExceptionsSection section below may contain a list of names outside
; of which DNS requests are resolved by Acrylic as "localhost". If the section
; is empty Acrylic behaves normally by trying to resolve every DNS request
; through all its strategies (hosts cache, address cache, forward). If the
; section contains at least an item instead Acrylic behaves as in some sort of
; parental control mode by resolving automatically as "localhost" every DNS
; request for hosts which are not present in the list.
;
; Example:
;
; [WhiteExceptionsSection]
; NAME1=mayakron.altervista.org
; NAME2=*.wikipedia.org
;
; Note: Wildcards (like *.wikipedia.org) are allowed.
;
[WhiteExceptionsSection]

Go back to the Acrylic Home page.