config stubby 'global'
       option manual '0'
       option trigger 'wan'
       # option triggerdelay '2'
       list dns_transport 'GETDNS_TRANSPORT_TLS'
       option tls_authentication '1'
       option tls_query_padding_blocksize '128'
       # option tls_connection_retries '2'
       # option tls_backoff_time '3600'
       # option timeout '5000'
       # option dnssec_return_status '0'
       option appdata_dir '/var/lib/stubby'
       # option trust_anchors_backoff_time 2500
       # option dnssec_trust_anchors '/var/lib/stubby/getdns-root.key'
       option edns_client_subnet_private '1'
       option idle_timeout '10000'
       option round_robin_upstreams '1'
       list listen_address '127.0.0.1@5353'
       list listen_address '0::1@5353'
       # option log_level '7'
       # option command_line_arguments ''
       # option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
       # option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
       option tls_min_version '1.2'
       option tls_max_version '1.3'
       option openssl_cryptodev 0

## NON BLOCKING ###
config resolver
       option address '45.XX.XX.0'
       option tls_auth_name 'XX.dns.nextdns.io'
       option tls_port 853

config resolver
       option address '2a07:XX::0'
       option tls_auth_name 'XX.dns.nextdns.io'
       option tls_port 853

config resolver
       option address '9.9.9.11'
       option tls_auth_name 'dns11.quad9.net'
       option tls_port 853

config resolver
       option address '2620:fe::11'
       option tls_auth_name 'dns11.quad9.net'
       option tls_port 853

config resolver
       option address '76.76.2.1'
       option tls_auth_name 'p1.freedns.controld.com'
       option tls_port 853

config resolver
       option address '2606:1a40::1'
       option tls_auth_name 'p1.freedns.controld.com'
       option tls_port 853

config resolver
       option address '9.9.9.11'
       option tls_auth_name 'ada.openbld.net'
       option tls_port 853

config resolver
       option address '2620:fe::11'
       option tls_auth_name 'ada.openbld.net'
       option tls_port 853

config resolver
       option address '9.9.9.11'
       option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com'
       option tls_port 853

config resolver
       option address '2620:fe::11'
       option tls_auth_name '1-iabqabaqaaaae.max.rethinkdns.com'
       option tls_port 853

### Block smarttv + notrack
#config resolver
#       option address '9.9.9.11'
#       option tls_auth_name '1-iabqabaqacaae.max.rethinkdns.com'
#       option tls_port 853
#
#config resolver
#       option address '2620:fe::11'
#       option tls_auth_name '1-iabqabaqacaae.max.rethinkdns.com'
#       option tls_port 853