;
; IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS PROXY SERVICE OR CONSOLE IN ORDER TO SEE
; THEIR EFFECTS.
;
[GlobalSection] ;
; The IP address of your primary DNS server. You can use an IPv4 address in quad-dotted notation or an IPv6 address in
; colon-separated groups.
;
; Upon installation it points to the primary Google Public DNS server. ;
;
PrimaryServerAddress=192.168.1.1
; The TCP/UDP port your primary DNS server is supposed to be listening to. The default value of 53 is the standard port
; for DNS resolution. You should change this value only if you are using a non standard DNS server or a protocol
; different than UDP/TCP (e.g. the standard port for the DNS-over-HTTPS protocol is 443).
;
PrimaryServerPort=53
; PrimaryServerPort=443
;
; The protocol to use with your primary DNS server.
;
; The currently supported protocols are UDP, TCP, SOCKS5 and DOH (DNS-over-HTTPS).
;
; When using the UDP protocol, Acrylic forwards DNS requests using UDP or TCP, in accordance with RFC 5625.
;
; When using the TCP protocol, Acrylic forwards DNS requests using TCP only. Since establishing a TCP connection for
; every DNS request requires a significant amount of time and the number of TCP connections that can be opened in a unit
; of time is limited by the Operating System, this protocol should be used only in situations where using the UDP
; protocol isn’t possible for some reason.
;
; When using the SOCKS5 protocol, Acrylic forwards DNS requests to your primary DNS server using a SOCKS 5 proxy as an
; intermediary, in accordance with RFC 1928. Currently, only the NO AUTHENTICATION REQUIRED method for SOCKS 5 is
; supported.
;
; When using the DOH protocol, Acrylic forwards DNS requests to your primary DNS server using DNS-over-HTTPS, a protocol
; for performing DNS resolution via HTTPS and thus increase user privacy and security by preventing eavesdropping and
; manipulation of DNS data by man-in-the-middle attacks. Be aware though that when using DNS-over-HTTPS, the encryption
; algorithms (e.g. the TLS version) your Operating System can use must match at least one your primary DNS server
; accepts, and this is not always the case depending on the combination of your Operating System version and the chosen
; DNS server. For example, old Windows versions can have a hard time establishing an HTTPS connection with DNS servers
; requiring TLS 1.1 or 1.2, and thus may require the installation of specific updates.
;
PrimaryServerProtocol=UDP
; PrimaryServerProtocol=DOH
;
; When using the DNS-over-HTTPS protocol, you must specify below the query path of your primary DNS server.
;
PrimaryServerDoHProtocolPath=
; PrimaryServerDoHProtocolPath=dns-query
;
; When using the DNS-over-HTTPS protocol, you must specify below the host name of your primary DNS server.
;
PrimaryServerDoHProtocolHost=
; PrimaryServerDoHProtocolHost=dns.google
;
; When using the DNS-over-HTTPS protocol, you can specify below whether Acrylic should connect to the internet using
; your system proxy configuration (System) or directly without using a proxy (Direct).
;
PrimaryServerDoHProtocolConnectionType=System
;
; When using the DNS-over-HTTPS protocol, you can specify below whether or not Acrylic is allowed to reuse existing TCP
; connections when sending requests to your primary DNS server. Since establishing a TCP connection for every DNS
; request requires a significant amount of time and the number of TCP connections that can be opened in a unit of time
; is limited by the Operating System, reusing existing TCP connections is an effective way to improve the performance of
; the DNS-over-HTTPS protocol.
;
PrimaryServerDoHProtocolReuseConnections=Yes
;
; When using the DNS-over-HTTPS protocol, you can specify below whether or not Acrylic should use the WinHttp library,
; instead of the WinINet library, when sending requests to your primary DNS server. For Acrylic’s purposes WinHttp is
; more efficient and therefore preferable, but having the possibility to choose between the two at the DNS server level
; can help with some compatibility issues that may arise.
;
PrimaryServerDoHProtocolUseWinHttp=Yes
;
; Here is a known good DNS-over-HTTPS configuration for the Quad9 Public DNS server:
;
; PrimaryServerAddress=9.9.9.9
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=dns.quad9.net
;
; Here is a known good DNS-over-HTTPS configuration for the Google Public DNS server:
;
; PrimaryServerAddress=8.8.8.8
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=dns.google
;
; Here is a known good DNS-over-HTTPS configuration for the CloudFlare Public DNS server:
;
; PrimaryServerAddress=1.1.1.1
; PrimaryServerPort=443
; PrimaryServerProtocol=DOH
; PrimaryServerDoHProtocolPath=dns-query
; PrimaryServerDoHProtocolHost=cloudflare-dns.com
;
; When using the SOCKS5 protocol, you can specify below the IP address of the SOCKS 5 proxy server to use as an
; intermediary to your primary DNS server. You can use an IPv4 address in quad-dotted notation or an IPv6 address in
; colon-separated groups.
;
PrimaryServerSocks5ProtocolProxyAddress=
; PrimaryServerSocks5ProtocolProxyAddress=192.168.77.211
;
; When using the SOCKS5 protocol, you can specify below the TCP port the SOCKS 5 proxy server described above is
; supposed to be listening to.
;
PrimaryServerSocks5ProtocolProxyPort=
; PrimaryServerSocks5ProtocolProxyPort=1080
;
; The domain name affinity mask is a list of semicolon separated values or wildcards that allows to restrict which DNS
; server particular domain names get forwarded to.
;
; In the following example only the requests for domain names ending with “.com” get forwarded to the primary DNS
; server:
;
; PrimaryServerDomainNameAffinityMask=*.com
;
; In the following example only the requests for domain names ending with “.com” and “.org” get forwarded to the primary
; DNS server:
;
; PrimaryServerDomainNameAffinityMask=*.com;*.org
;
; Negations can be expressed by prepending a caret (^) to the value or wildcard.
;
; In the following example only the requests for domain names NOT ending with “.com” or “.org” get forwarded to the
; primary DNS server (the last catch-all value is particularly important in this case because, if missing, no request
; would ever be forwarded to the primary DNS server):
;
; PrimaryServerDomainNameAffinityMask=^*.com;^*.org;*
;
; Rules for domain name affinity masks are evaluated according to the order in which they are written, with the first
; positive rule that matches and the first negative rule that doesn’t match determining, respectively, a positive result
; (i.e. the DNS query is forwarded to the DNS server) or a negative result (i.e. the DNS query is NOT forwarded to the
; DNS server). If none of the defined rules match then a negative result is determined.
;
PrimaryServerDomainNameAffinityMask=
; PrimaryServerDomainNameAffinityMask=*.si;*.eu;*.com;*.org;*.net;*
;
; The query type affinity mask is list of semicolon separated values that allows to restrict which DNS server particular
; query types get forwarded to.
;
; In the following example only the requests for A, AAAA, MX and SRV query types get forwarded to the primary DNS
; server:
;
; PrimaryServerQueryTypeAffinityMask=A;AAAA;MX;SRV
;
; All DNS query types are supported, either explicitly using A, AAAA, ANY, CNAME, HTTPS, MX, NS, PTR, SOA, SRV and TXT
; or implicitly using their decimal values.
;
PrimaryServerQueryTypeAffinityMask=
; PrimaryServerQueryTypeAffinityMask=A;AAAA;MX;SRV;ANY;CNAME;HTTPS;NS;PTR;SOA;TXT
;
; You can specify below whether to ignore failure responses coming from the primary DNS server.
;
IgnoreFailureResponsesFromPrimaryServer=No
;
; You can specify below whether to ignore negative responses coming from the primary DNS server.
;
IgnoreNegativeResponsesFromPrimaryServer=No
;
; The configuration of your secondary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
; Upon installation it points to the secondary Google Public DNS server.
;
SecondaryServerAddress=8.8.8.8
SecondaryServerPort=443
SecondaryServerProtocol=DOH
SecondaryServerDoHProtocolPath=dns-query
SecondaryServerDoHProtocolHost=dns.google
SecondaryServerDoHProtocolConnectionType=System
SecondaryServerDoHProtocolReuseConnections=Yes
SecondaryServerDoHProtocolUseWinHttp=Yes
SecondaryServerSocks5ProtocolProxyAddress=
SecondaryServerSocks5ProtocolProxyPort=
SecondaryServerDomainNameAffinityMask=
SecondaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSecondaryServer=No
IgnoreNegativeResponsesFromSecondaryServer=No
;
; The configuration of your tertiary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
TertiaryServerAddress=9.9.9.9
TertiaryServerPort=443
TertiaryServerProtocol=DOH
TertiaryServerDoHProtocolPath=dns-query
TertiaryServerDoHProtocolHost=dns.quad9.net
TertiaryServerDoHProtocolConnectionType=System
TertiaryServerDoHProtocolReuseConnections=Yes
TertiaryServerDoHProtocolUseWinHttp=Yes
TertiaryServerSocks5ProtocolProxyAddress=
TertiaryServerSocks5ProtocolProxyPort=
TertiaryServerDomainNameAffinityMask=
TertiaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromTertiaryServer=No
IgnoreNegativeResponsesFromTertiaryServer=No
;
; The configuration of your quaternary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
QuaternaryServerAddress=1.1.1.1
QuaternaryServerPort=443
QuaternaryServerProtocol=DOH
QuaternaryServerDoHProtocolPath=dns-query
QuaternaryServerDoHProtocolHost=cloudflare-dns.com
QuaternaryServerDoHProtocolConnectionType=System
QuaternaryServerDoHProtocolReuseConnections=Yes
QuaternaryServerDoHProtocolUseWinHttp=Yes
QuaternaryServerSocks5ProtocolProxyAddress=
QuaternaryServerSocks5ProtocolProxyPort=
QuaternaryServerDomainNameAffinityMask=
QuaternaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromQuaternaryServer=No
IgnoreNegativeResponsesFromQuaternaryServer=No
;
; The configuration of your quinary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
QuinaryServerAddress=208.67.222.222
QuinaryServerPort=443
QuinaryServerProtocol=DOH
QuinaryServerDoHProtocolPath=dns-query
QuinaryServerDoHProtocolHost=resolver1.opendns.com
QuinaryServerDoHProtocolConnectionType=System
QuinaryServerDoHProtocolReuseConnections=Yes
QuinaryServerDoHProtocolUseWinHttp=Yes
QuinaryServerSocks5ProtocolProxyAddress=
QuinaryServerSocks5ProtocolProxyPort=
QuinaryServerDomainNameAffinityMask=
QuinaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromQuinaryServer=No
IgnoreNegativeResponsesFromQuinaryServer=No
;
; The configuration of your senary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
SenaryServerAddress=8.8.4.4
SenaryServerPort=53
SenaryServerProtocol=UDP
SenaryServerDoHProtocolPath=
SenaryServerDoHProtocolHost=
SenaryServerDoHProtocolConnectionType=System
SenaryServerDoHProtocolReuseConnections=Yes
SenaryServerDoHProtocolUseWinHttp=Yes
SenaryServerSocks5ProtocolProxyAddress=
SenaryServerSocks5ProtocolProxyPort=
SenaryServerDomainNameAffinityMask=
SenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSenaryServer=No
IgnoreNegativeResponsesFromSenaryServer=No
;
; The configuration of your septenary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
SeptenaryServerAddress=149.112.112.112
SeptenaryServerPort=53
SeptenaryServerProtocol=UDP
SeptenaryServerDoHProtocolPath=
SeptenaryServerDoHProtocolHost=
SeptenaryServerDoHProtocolConnectionType=System
SeptenaryServerDoHProtocolReuseConnections=Yes
SeptenaryServerDoHProtocolUseWinHttp=Yes
SeptenaryServerSocks5ProtocolProxyAddress=
SeptenaryServerSocks5ProtocolProxyPort=
SeptenaryServerDomainNameAffinityMask=
SeptenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromSeptenaryServer=No
IgnoreNegativeResponsesFromSeptenaryServer=No
;
; The configuration of your octonary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
OctonaryServerAddress=1.0.0.1
OctonaryServerPort=53
OctonaryServerProtocol=UDP
OctonaryServerDoHProtocolPath=
OctonaryServerDoHProtocolHost=
OctonaryServerDoHProtocolConnectionType=System
OctonaryServerDoHProtocolReuseConnections=Yes
OctonaryServerDoHProtocolUseWinHttp=Yes
OctonaryServerSocks5ProtocolProxyAddress=
OctonaryServerSocks5ProtocolProxyPort=
OctonaryServerDomainNameAffinityMask=
OctonaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromOctonaryServer=No
IgnoreNegativeResponsesFromOctonaryServer=No
;
; The configuration of your nonary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
NonaryServerAddress=208.67.220.220
NonaryServerPort=53
NonaryServerProtocol=UDP
NonaryServerDoHProtocolPath=
NonaryServerDoHProtocolHost=
NonaryServerDoHProtocolConnectionType=System
NonaryServerDoHProtocolReuseConnections=Yes
NonaryServerDoHProtocolUseWinHttp=Yes
NonaryServerSocks5ProtocolProxyAddress=
NonaryServerSocks5ProtocolProxyPort=
NonaryServerDomainNameAffinityMask=
NonaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromNonaryServer=No
IgnoreNegativeResponsesFromNonaryServer=No
;
; The configuration of your denary DNS server.
; For more details refer to the primary DNS server configuration comments.
;
DenaryServerAddress=127.0.0.1
DenaryServerPort=40
DenaryServerProtocol=UDP
DenaryServerDoHProtocolPath=
DenaryServerDoHProtocolHost=
DenaryServerDoHProtocolConnectionType=System
DenaryServerDoHProtocolReuseConnections=Yes
DenaryServerDoHProtocolUseWinHttp=Yes
DenaryServerSocks5ProtocolProxyAddress=
DenaryServerSocks5ProtocolProxyPort=
DenaryServerDomainNameAffinityMask=
DenaryServerQueryTypeAffinityMask=
IgnoreFailureResponsesFromDenaryServer=No
IgnoreNegativeResponsesFromDenaryServer=No
;
; You can specify below whether Acrylic should sinkhole IPv6 lookups (also known as DNS requests of AAAA type) or not.
;
SinkholeIPv6Lookups=No
;
; You can direct Acrylic to forward reverse lookups (also known as DNS requests of PTR type) for private IP ranges to
; your DNS servers by choosing Yes instead of No. Aside from protecting you and your DNS servers from the traffic of
; these usually needless queries, choosing No is usually a better choice also to avoid leaking information about your
; private address space.
;
ForwardPrivateReverseLookups=No
;
; THE ACRYLIC DNS PROXY CACHING MECHANISM EXPLAINED
;
; When Acrylic receives a DNS request from a client the hosts cache (an in-memory static cache derived from the
; AcrylicHosts.txt file) is searched first. If nothing is found there the request is then searched in the address cache
; (an in-memory dynamic cache backed up by the AcrylicCache.dat file). At this point one of the following three cases
; can happen:
;
; [1] The request is not found in the address cache or its corresponding response is older than
; “AddressCacheScavengingTime” minutes: In this case the original request is forwarded to all of the configured DNS
; servers simultaneously. The response to the client is delayed until the first one of the DNS servers comes out with a
; valid response. All the other responses coming from the other DNS servers will be discarded.
;
; [2] The request is found in the address cache and its corresponding response is older than
; “AddressCacheSilentUpdateTime” minutes but not older than “AddressCacheScavengingTime minutes”: In this case the
; response to the client is sent immediately from the address cache and the original request is also forwarded to all of
; the configured DNS servers simultaneously like in the previous case. The first valid response coming from one of the
; DNS servers will be used to silently update the address cache, while all the other responses coming from the other DNS
; servers will be discarded.
;
; [3] The request is found in the address cache and its corresponding response is younger than
; “AddressCacheSilentUpdateTime” minutes: In this case the response to the client is sent immediately from the address
; cache and no network activity with any of the configured DNS servers will occur.
;
; Be aware that to minimize disk activity the address cache is flushed from memory to disk only when Acrylic is stopped
; or the system is shut down.
;
; And now about the caching parameters:
;
; The time to live (in minutes) of a failure response in the address cache.
;
AddressCacheFailureTime=0
;
; The time to live (in minutes) of a negative response in the address cache.
;
AddressCacheNegativeTime=60
;
; The time to live (in minutes) of a positive response in the address cache.
;
AddressCacheScavengingTime=5760
;
; The time (in minutes) elapsed which an item in the address cache must be silently updated should a request occur.
;
AddressCacheSilentUpdateTime=1440
;
; The time (in minutes) elapsed which the address cache is pruned of obsolete items. A value of 0 indicates that no
; pruning of the address cache is ever done.
;
AddressCachePeriodicPruningTime=720
;
; The address cache domain name affinity mask is a list of semicolon separated values or wildcards that allows to
; restrict DNS responses for which domain names are to be cached in the address cache.
;
AddressCacheDomainNameAffinityMask=^dns.msftncsi.com;^ipv6.msftconnecttest.com;^ipv6.msftncsi.com;^www.msftconnecttest.com;^www.msftncsi.com;*
;
; The address cache query type affinity mask is list of semicolon separated values that allows to restrict DNS responses
; for which query types are to be cached in the address cache.
;
; All DNS query types are supported, either explicitly using A, AAAA, ANY, CNAME, HTTPS, MX, NS, PTR, SOA, SRV and TXT
; or implicitly using their decimal values.
;
AddressCacheQueryTypeAffinityMask=A;AAAA;CNAME;HTTPS;MX;NS;PTR;SOA;SRV;TXT
;
; You can disable any disk activity related to the address cache by choosing Yes instead of No. If you do that Acrylic
; will use the address cache only in memory.
;
AddressCacheInMemoryOnly=No
;
; You can disable the address cache altogether by choosing Yes instead of No. If you do that Acrylic will work as a
; forwarding-only DNS proxy.
;
AddressCacheDisabled=No
;
; The local IPv4 address to which Acrylic binds. A value of 0.0.0.0 indicates that Acrylic should bind to all available
; addresses and as such it will be able to receive DNS requests coming from all of your network interfaces. A value
; corresponding to the IPv4 address of one of your network interfaces instead will allow Acrylic to receive DNS requests
; only from that specific network interface. An empty value instead indicates that no binding should occur on IPv4.
;
LocalIPv4BindingAddress=0.0.0.0
;
; The local UDPv4 port to which Acrylic binds. The default value of 53 is the standard port for DNS resolution. You
; should change this value only if you are using a non standard DNS client.
;
LocalIPv4BindingPort=53
;
; The local IPv6 address to which Acrylic binds. A value of 0:0:0:0:0:0:0:0 indicates that Acrylic should bind to all
; available addresses and as such it will be able to receive DNS requests coming from all of your network interfaces. A
; value corresponding to the IPv6 address of one of your network interfaces instead will allow Acrylic to receive DNS
; requests only from that specific network interface. An empty value instead indicates that no binding should occur on
; IPv6.
;
LocalIPv6BindingAddress=0:0:0:0:0:0:0:0
;
; The local UDPv6 port to which Acrylic binds. The default value of 53 is the standard port for DNS resolution. You
; should change this value only if you are using a non standard DNS client.
;
LocalIPv6BindingPort=53
;
; On Windows versions prior to Windows Vista or Windows Server 2008 the IPv6 protocol is usually not installed by
; default. For Windows 2000 there is a Microsoft IPv6 Technology Preview package available for download while for
; Windows XP the IPv6 protocol must be added to the list of available network protocols in your network connection
; Properties window.
;
; If you want to enable local IPv6 binding for Acrylic on Windows versions prior to Windows Vista or Windows Server 2008
; you can choose Yes below after having installed all the necessary prerequisites.
;
LocalIPv6BindingEnabledOnWindowsVersionsPriorToWindowsVistaOrWindowsServer2008=No
;
; The time to live (in seconds) set for DNS responses generated by Acrylic (e.g. the ones generated from mappings
; contained in the AcrylicHosts.txt file).
;
GeneratedResponseTimeToLive=300
;
; The maximum time (in milliseconds) to wait for a response coming from a DNS server configured with the UDP protocol.
;
ServerUdpProtocolResponseTimeout=3989
;
; The maximum time (in milliseconds) to wait for the first byte of a response coming from a DNS server configured with
; the TCP protocol.
;
ServerTcpProtocolResponseTimeout=3989
;
; The maximum time (in milliseconds) to wait for the other bytes of a response coming from a DNS server configured with
; the TCP protocol.
;
ServerTcpProtocolInternalTimeout=3989
;
; The maximum times (in milliseconds) to wait for the below events when communicating with an intermediary SOCKS 5 proxy
; server on behalf of a DNS server configured with the SOCKS5 protocol.
;
ServerSocks5ProtocolProxyFirstByteTimeout=3989
ServerSocks5ProtocolProxyOtherBytesTimeout=3989
ServerSocks5ProtocolProxyRemoteConnectTimeout=3989
ServerSocks5ProtocolProxyRemoteResponseTimeout=3989
;
; The hit log is a text file into which every DNS request and DNS response received by Acrylic can be logged.
;
; It is activated by specifying a non-empty value for the HitLogFileName parameter and contains lines with the following
; TAB-separated fields:
;
; [01] The timestamp of the DNS request or response in the format YYYY-MM-DD HH:MM:SS.FFF (local time).
; [02] The IP address from where the DNS request originates from or the DNS response is destined to.
; [03] The status code of the DNS request or response:
; X => Resolved directly by Acrylic
; H => Resolved using the hosts cache
; C => Resolved using the address cache
; F => Forwarded to at least one of your DNS servers
; R => Response accepted from one of your DNS servers
; U => Silent update accepted from one of your DNS servers
; [04] The index of the DNS server the DNS response is coming from.
; [05] The time it took (in milliseconds) for the DNS server to produce a DNS response.
; [06] The dissected DNS request or response.
;
; A dissected DNS request looks like:
;
; OC=0;RD=1;QDC=1;Q[1]=x.com;T[1]=A
;
; Where:
;
; [01] OC=0 means that the DNS operation code (OPCODE) is 0. Possible values are: 0 = a standard query (QUERY), 1 = an
; inverse query (IQUERY), 2 = a server status request (STATUS).
; [02] RD=1 means that the DNS response recursion desired bit (RD) is 1. If RD is set, it directs the name server to
; pursue the query recursively.
; [03] QDC=1 means that the number of queries (QDCOUNT) contained in the DNS request is 1.
; [04] Q[1]=x.com means that DNS query 1 refers to the “x.com” domain name.
; [05] T[1]=A means that DNS query 1 is of type A (IPv4).
;
; A dissected DNS response looks like:
;
; OC=0;RC=0;TC=0;RD=1;RA=1;AA=0;QDC=1;ANC=2;NSC=0;ARC=0;Q[1]=x.com;T[1]=CNAME;A[1]=x.com>y.com;T[2]=A;A[2]=y.com>1.2.3.4
;
; Where:
;
; [01] OC=0 means that the DNS operation code (OPCODE) is 0. Possible values are: 0 = a standard query (QUERY), 1 = an
; inverse query (IQUERY), 2 = a server status request (STATUS).
; [02] RC=0 means that the DNS response code (RCODE) is 0. Possible values are: 0 = no error condition, 1 = format error
; (the name server was unable to interpret the query), 2 = server failure (the name server was unable to process this
; query due to a problem with the name server), 3 = name error (meaningful only for responses from an authoritative name
; server, this code signifies that the domain name referenced in the query does not exist), 4 = not implemented (the
; name server does not support the requested kind of query), 5 = refused (the name server refuses to perform the
; specified operation for policy reasons).
; [03] TC=0 means that the DNS response truncated bit (TC) is 0. This bit specifies that this message was truncated due
; to length greater than that permitted on the transmission channel.
; [04] RD=1 means that the DNS response recursion desired bit (RD) is 0. If RD is set, it directs the name server to
; pursue the query recursively.
; [05] RA=1 means that the DNS response recursion available bit (RA) is 0. This bit denotes whether recursive query
; support is available in the name server.
; [06] AA=0 means that the DNS response authoritative answer bit (AA) is 0. This bit specifies that the responding name
; server is an authority for the domain name in question section.
; [07] QDC=1 means that the number of queries (QDCOUNT) contained in the DNS response is 1.
; [08] ANC=2 means that the number of answers (ANCOUNT) contained in the DNS response is 2.
; [09] NSC=0 means that the number of nameserver records (NSCOUNT) contained in the DNS response is 0.
; [10] ARC=0 means that the number of additional records (ARCOUNT) contained in the DNS response is 0.
; [11] Q[1]=x.com means that the DNS query 1 refers to the “x.com” domain name.
; [12] T[1]=CNAME means that the DNS answer 1 is of type CNAME (canonical name).
; [13] A[1]=x.com>y.com means that the DNS answer 1 that refers to the “x.com” domain name is “y.com”.
; [14] T[2]=A means that the DNS answer 2 is of type A (IPv4).
; [15] A[2]=y.com>1.2.3.4 means that the DNS answer 2 that refers to the “y.com” domain name is “1.2.3.4”.
;
; Regarding the HitLogFileName you can use an absolute or a relative path and a kind of daily log rotation can be
; achieved by including the %DATE% template within the file name. A complete list of all the templates you can use
; within the file name is shown below:
;
; %DATE%
; The current date in YYYYMMDD format.
;
; %TEMP%
; The current value of the TEMP environment variable.
;
; %APPDATA%
; The current value of the APPDATA environment variable.
;
; %LOCALAPPDATA%
; The current value of the LOCALAPPDATA environment variable.
;
; Examples:
;
; HitLogFileName=HitLog.%DATE%.txt
; HitLogFileName=%TEMP%\AcrylicDNSProxyHitLog.%DATE%.txt
;
HitLogFileName=d:\LogFiles\proxy\dns\AcrylicDNSProxyHitLog.%DATE%.txt
;
; The filter (a combination of one or more of the status codes explained above) which controls what gets written into
; the hit log.
;
HitLogFileWhat=XHCF
;
; You can enable the full dump (in addition to the DNS format dissections explained above) of DNS requests and responses
; into the hit log by choosing Yes instead of No.
;
HitLogFullDump=No
;
; The maximum number of hit log items that can be kept in memory before they are flushed to disk. For performance
; reasons the hit log is flushed to disk only when the hit log memory buffer is full, when Acrylic is stopped or when
; the system is shutdown, therefore you might experience a delay from when a DNS request or response is received to when
; its details get written into the hit log.
;
HitLogMaxPendingHits=512
;
; ALLOWING REQUESTS FROM OTHER COMPUTERS
;
; Although for security reasons the default behaviour of Acrylic is to refuse to handle requests coming from other
; computers, it is possible to specify below in the AllowedAddressesSection a list of IP addresses (wildcards are
; allowed) from which can come requests that Acrylic is allowed to handle. You have to specify a different key name for
; each entry, like in the following example:
;
; [AllowedAddressesSection] ; IP1=192.168.45.254 — A single IP address
; IP2=192.168.44.100 — Another single IP address
; IP3=192.168.100.* — All addresses starting with 192.168.100
; IP4=172.16.* — All addresses starting with 172.16
;
; Although not recommended for security reasons you can also allow Acrylic to handle requests coming from any IP
; address, like in the following example:
;
; [AllowedAddressesSection] ; IP1=*
;
; You must also create a firewall rule to allow incoming traffic directed to the two Acrylic executables:
; “AcrylicService.exe” and “AcrylicConsole.exe”.
; IP9=89.142.197.202 IP8=192.168.*
[AllowedAddressesSection] IP1=192.168.*
IP2=192.168.56.1
IP3=192.168.77.1

# IF YOU MAKE ANY CHANGES TO THIS FILE YOU HAVE TO RESTART THE ACRYLIC DNS PROXY SERVICE OR CONSOLE IN ORDER TO SEE
# THEIR EFFECTS.
#
# This is the AcrylicHosts.txt file.
#
# It contains predefined mappings between domain names and addresses the same way the native Windows HOSTS file does but
# with a few upgrades.
#
# The standard format is: IPADDRESS DOMAINNAME1 [DOMAINNAME2] [DOMAINNAME3] …
#
# Where IPADDRESS is in dotted-quad notation for IPv4 or in colon-separated groups for IPv6 and DOMAINNAME1, DOMAINNAME2
# and DOMAINNAME3 are strings.
#
# A line starting with the ‘#’ character (and everything after it if it’s found within a line) is considered a comment
# and therefore ignored.
#
# Domain names can contain wildcard characters ‘*’ (matches zero or more characters) and ‘?’ (matches exactly one
# character):
#
# 127.0.0.1 ad.* ads.*
#
# Domain names can also be regular expressions if starting with a ‘/’ character:
#
# 127.0.0.1 /^ads?\..*$
#
# Note that there’s no final ‘/’ at the end of a regular expression. More info about the regular expression engine and
# its syntax can be found at:
#
# http://www.pcre.org/
#
# A ‘>’ character at the beginning of a domain name is a convenient shortcut for representing all domain names ending
# with what follows after that character. For example an entry like this one:
#
# 127.0.0.1 >google.com
#
# Is equivalent to:
#
# 127.0.0.1 google.com *.google.com
#
# NXDOMAIN (or negative) responses and FORWARD entries can also be mapped to domain names using all of the possibilities
# (i.e. wildcard characters & regular expressions) already explained above:
#
# NX www.google.com
# NX >google.com
# NX /^ads?\..*$
#
# FORWARD entries in particular are always evaluated first and can be used to specify exceptions to the other rules. For
# example a configuration like this:
#
# FW >apple.com
# FW >google.com
# FW >microsoft.com
# NX *
#
# Instructs Acrylic to forward to your DNS servers requests for domain names ending with “apple.com”, “google.com” and
# “microsoft.com” and to return a NXDOMAIN response for all the other ones, thus effectively blocking every domain
# except the ones you explicitly allow.
#
# For easier maintenance of entries coming from multiple sources it is also possible to “include” external HOSTS files
# using the following syntax (the line must start with a ‘@’ character followed by a space and then by a relative or an
# absolute file name):
#
# @ AcrylicHostsGroup1.txt
# @ AcrylicHostsGroup2.txt

@ AcrylicHostsGroup1.txt

@ AcrylicHostsGroup2.txt

@ AcrylicHostsGroup3.txt

@ AcrylicHostsGroup4.txt

#
# Using a large number of patterns or regular expressions may cause Acrylic to slow down significantly. From a purely
# performance perspective it is better to use a large list of domain names rather than a lot of patterns and regexes.
# Patterns and regexes should be used to ease manual maintenance when the full list of domain names is either unknown or
# too variable. A domain name is free, a pattern is relatively cheap and a regular expression is rather expensive.
#
127.0.0.1 localhost localhost.localdomain

::1 localhost localhost.localdomain

127.0.0.1 local

127.0.0.1 localhost.localdomain

127.0.0.1 *.local

::1 local

::1 *.localhost

::1 *.local

89.142.197.202 pcsnet.mywire.org psmedia.mywire.org pcsnet.freeddns.org psmedia.freeddns.org pcsnet.ddnsgeek.com psmedia.ddnsgeek.com pcsnet.myftp.org pcs.sytes.net obala.hopto.org oglasi.hopto.org perc.ddns.net piramide.zapto.org bsn-142-197-202.static.siol.net pcsnet.dyn.ts.si pcsnetmedia.quickconnect.to pcsnetmedia.direct.quickconnect.to psmedia.myds.me

RECIMO DA IMATE ROUTER OZ. SVIČER IP 192.198.1.1 ALI KATERIKOLI DRUGI IP ZA DOSTOP DO ROUTERJA ODVISNO OD MODELA VPIŠETE KJER JE MOJ IP ROUTERJA VAŠ IP ROUTERJA.

Prva nastavitev Config:

PrimaryServerAddress=IP VAŠEGA ROUTERJA

ZDAJ DEFINIRAJTE VSEH DEVET DNS STREŽNIKOV LAHKO PUSTITE PRAZNO IN PRIPOROČLJIVO NPR. ČE UPORABLJATE TELEKOM SLOVENIJE DAJTE PRVA DVA DNS STREŽNIKA OD TELEKOM POL OSTALE LAHKO DRUGE PO ŽELJI.

Driga mastevotev Hosts:

Tukaj lahko definirate kje se nahaja blok lista se pravi odkomentirate in dodate še extra liste po želji:

# @ AcrylicHostsGroup1.txt
# @ AcrylicHostsGroup2.txt

@ AcrylicHostsGroup1.txt

@ AcrylicHostsGroup2.txt

@ AcrylicHostsGroup3.txt

@ AcrylicHostsGroup4.txt

Datoteko AcrylicHostsGroup1.txt itd… kopirajte kjer ste namestili program in zdaj lahko z shell skriptom avtomatizirate blokade tukaj objavljam enkrat dnevno TXT datoteka https://pcsnet.mywire.org/iplist-combined.txt katero lahko integrirate direkt v požarni zid Windows ali si generirate sami datoteke AcrylicHostsGroup1.txt in AcrylicHostsGroup2.txt po vaši želji. Primer tukaj https://pcsnet.mywire.org/iskalnik/#search=acrylicdnsproxy prenesi blokade in odkomentiraj po želji kaj želiš blokirati.