" -R, --resolver-name=<name>: name of the resolver to use, from the
list of available resolvers (see -L). Or random for a random
resolver accessible over IPv4, that doesn't log and supports
DNSSEC "
--
Vinícius Zavam
keybase.io/egypcio/key.asc
Index: net/dnscrypt-proxy/Makefile
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v
retrieving revision 1.31
diff -u -a -r1.31 Makefile
--- net/dnscrypt-proxy/Makefile 2 Aug 2017 09:32:40 -0000 1.31
+++ net/dnscrypt-proxy/Makefile 8 Nov 2017 16:39:28 -0000
@@ -4,14 +4,15 @@
COMMENT-plugins= example plugins for dnscrypt-proxy
V= 1.9.5
+REVISION-main= 1
+
DISTNAME= dnscrypt-proxy-${V}
PKGNAME-main= dnscrypt-proxy-${V}
PKGNAME-plugins= dnscrypt-proxy-plugins-${V}
CATEGORIES= net
-MASTER_SITES= https://download.dnscrypt.org/dnscrypt-proxy/ \
- https://download.dnscrypt.org/dnscrypt-proxy/old/
+MASTER_SITES= https://download.dnscrypt.org/dnscrypt-proxy/
HOMEPAGE= https://dnscrypt.org/
Index: net/dnscrypt-proxy/pkg/README-main
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/README-main,v
retrieving revision 1.8
diff -u -a -r1.8 README-main
--- net/dnscrypt-proxy/pkg/README-main 23 Jan 2017 18:00:23 -0000 1.8
+++ net/dnscrypt-proxy/pkg/README-main 8 Nov 2017 16:39:28 -0000
@@ -11,29 +11,32 @@
lookup file bind
options edns0
-DNSCrypt does _not_ cache queries, so the recommended way to use it is
-as a forwarder for a DNS cache like Unbound. The following unbound.conf
-example may be used as a guideline:
+DNSCrypt does _not_ cache queries, so the recommended way to use it is to forward
+queries and combine it with any DNS caching software like Unbound.
+The following unbound.conf example may be used as a guideline:
server:
- interface: 127.0.0.1
- interface: 192.168.1.1 # additional addresses to listen on
- access-control: 192.168.1.0/24 allow # who's allowed to make queries
+ interface: 127.0.0.1
+ # interface: 192.168.1.1 # additional addresses to listen on
+ # access-control: 192.168.1.0/24 allow # who's allowed to make queries
do-not-query-localhost: no
- hide-identity: yes
- hide-version: yes
+ hide-identity: yes
+ hide-version: yes
forward-zone:
name: "."
- forward-addr: 127.0.0.1@40
- #forward-addr: 127.0.0.1@41 # example failover server, see below
+ forward-addr: 127.0.0.1@5301
+ # forward-addr: 127.0.0.1@5302 # example failover server, see below
A list of resolvers providing DNSCrypt service is available at
${TRUEPREFIX}/share/dnscrypt-proxy/dnscrypt-resolvers.csv.
-Choose one (there is no default) and configure it, for example:
+This package picks a random resolver from its resolvers list. A random resolver
+supposedly doesn't keep logs, and supports DNSSEC, says the manpage.
+
+If you want to configure ${FULLPKGNAME} with a custom resolver, here is an example:
rcctl enable dnscrypt_proxy
-rcctl set dnscrypt_proxy flags -E -m1 -R dnscrypt.eu-nl -a 127.0.0.1:40
+rcctl set dnscrypt_proxy flags -E -m1 -R random -a 127.0.0.1:5301
rcctl start dnscrypt_proxy
The dnscrypt-proxy utility does not support failover resolvers; as described
@@ -43,7 +46,8 @@
ln -s dnscrypt_proxy /etc/rc.d/dnscrypt_proxy2
rcctl enable dnscrypt_proxy2
-rcctl set dnscrypt_proxy2 flags -E -m1 -R dnscrypt.eu-dk -a 127.0.0.1:41
+rcctl set dnscrypt_proxy2 flags -E -m1 -R random -a 127.0.0.1:5302
rcctl start dnscrypt_proxy2
For more information, see https://dnscrypt.org/
+
Index: net/dnscrypt-proxy/pkg/dnscrypt_proxy.rc
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/dnscrypt_proxy.rc,v
retrieving revision 1.3
diff -u -a -r1.3 dnscrypt_proxy.rc
--- net/dnscrypt-proxy/pkg/dnscrypt_proxy.rc 4 Feb 2016 14:29:25 -0000 1.3
+++ net/dnscrypt-proxy/pkg/dnscrypt_proxy.rc 8 Nov 2017 16:39:28 -0000
@@ -4,6 +4,10 @@
daemon="${TRUEPREFIX}/sbin/dnscrypt-proxy -d --user=_dnscrypt-proxy"
+# defaults to use a random resolver;
+# supposedly doesn't keep logs, and supports DNSSEC.
+daemon_flags="-R random"
+
. /etc/rc.d/rc.subr
rc_reload=NO
