upstream:
  default:
    - https://cloudflare-dns.com/dns-query
    - https://dns.adguard.com/dns-query
upstreamTimeout: 2s
bootstrapDns: tcp+udp:1.1.1.1
startVerifyUpstream: false
connectIPVersion: dual

# optional: custom IP address(es) for domain name (with all sub-domains). Multiple addresses must be separated by a comma
# example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
customDNS:
  customTTL: 1h
  filterUnmappedTypes: true
  mapping:
    unifi: 192.168.86.1
    ...

# optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
blocking:
  # definition of blacklist groups. Can be external link (http/https) or local file
  blackLists:
    ads:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
      - http://sbc.io/hosts/hosts
      - https://adaway.org/hosts.txt
      - https://v.firebog.net/hosts/AdguardDNS.txt
      - https://v.firebog.net/hosts/Admiral.txt
      - https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
      - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
      - https://v.firebog.net/hosts/Easylist.txt
      - https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
      - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts
      - https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts
    trackers:
      - https://v.firebog.net/hosts/Easyprivacy.txt
      - https://v.firebog.net/hosts/Prigent-Ads.txt
      - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts
      - https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
      - https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt
    malware:
      - https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt
      - https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt
      - https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
      - https://v.firebog.net/hosts/Prigent-Crypto.txt
      - https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts
      - https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt
      - https://phishing.army/download/phishing_army_blocklist_extended.txt
      - https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
      - https://v.firebog.net/hosts/RPiList-Malware.txt
      - https://v.firebog.net/hosts/RPiList-Phishing.txt
      - https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt
      - https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts
      - https://urlhaus.abuse.ch/downloads/hostfile/
    fakenews:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
      - http://sbc.io/hosts/alternates/fakenews/hosts
    gambling:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling/hosts
      - http://sbc.io/hosts/alternates/gambling/hosts
    nsfw:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/porn/hosts
      - http://sbc.io/hosts/alternates/porn/hosts
    social:
      - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/social/hosts
      - http://sbc.io/hosts/alternates/social/hosts
  whiteLists:
    ads:
      - /etc/blocky/whitelist.txt
  clientGroupsBlock:
    default:
      - ads
      - trackers
      - malware
      - fakenews
  blockType: zeroIp
  blockTTL: 10m
  refreshPeriod: 12h
  downloadTimeout: 4m
  downloadAttempts: 5
  downloadCooldown: 10s
  startStrategy: fast

caching:
  minTime: 5m
  maxTime: 30m
  maxItemsCount: 0
  prefetching: true
  prefetchExpires: 2h
  prefetchThreshold: 5
  prefetchMaxItemsCount: 0
  cacheTimeNegative: 30m

clientLookup:
  clients:
    secur-t:
      - 10.0.0.1
      - 192.168.86.197
    brainiac:
      - 10.0.0.21
      - 192.168.86.197
    bender:
      - 10.0.0.25
      - 192.168.86.88

# optional: write query information (question, answer, client, duration etc.) to daily csv file
queryLog:
  type: csv
  target: /var/log/blocky/queries/
  logRetentionDays: 21
  creationAttempts: 1
  creationCooldown: 2s

port: "{{ blocky.route }}"
{% if blocky.http is defined %}
httpPort: 127.0.0.1:{{ blocky.http.port }}
{% endif %}
minTlsServeVersion: 1.3

# optional: if path defined, use this file for query resolution (A, AAAA and rDNS). Default: empty
hostsFile:
  filePath: /etc/hosts
  hostsTTL: 20m
  refreshPeriod: 10m
  filterLoopback: false

log:
  level: debug
  format: text
  timestamp: true
  privacy: false