Here is a diff for dnscrypt-proxy 2.0.23, released April 28, 2019. https://github.com/jedisct1/dnscrypt-proxy/releases
Frank Denis has allowed me to take $MAINTAINER. Thank you, Frank. --8<---------------cut here---------------start------------->8--- Sure, go ahead :) I maintain the proxy itself, but the port not so much, so your help would be more than welcome! --8<---------------cut here---------------end--------------->8--- Changes: - Updated maintainer - Changed DESCR and README grammar and shortened some parts - Added notes in README about `server_names' and `lb_strategy' I have successfully tested it with the default .toml file. diff: --8<---------------cut here---------------start------------->8--- Index: Makefile =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.39 diff -u -p -r1.39 Makefile --- Makefile 16 Apr 2019 15:26:10 -0000 1.39 +++ Makefile 30 Apr 2019 00:42:48 -0000 @@ -1,16 +1,16 @@ # $OpenBSD: Makefile,v 1.39 2019/04/16 15:26:10 bket Exp $ -COMMENT = flexible DNS proxy, with support for encrypted DNS protocols +COMMENT = flexible DNS proxy with support for encrypted DNS protocols GH_ACCOUNT = jedisct1 GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.0.22 +GH_TAGNAME = 2.0.23 CATEGORIES = net HOMEPAGE = https://dnscrypt.info/ -MAINTAINER = Frank Denis <dnscr...@pureftpd.org> +MAINTAINER = Nam Nguyen <n...@berkeley.edu> # ISC PERMIT_PACKAGE_CDROM = Yes Index: distinfo =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v retrieving revision 1.17 diff -u -p -r1.17 distinfo --- distinfo 16 Apr 2019 15:26:11 -0000 1.17 +++ distinfo 30 Apr 2019 00:42:48 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.0.22.tar.gz) = rIrTJrbaR7seUV0po1RRGo3Jpev89L6Ba2eRUy0C1WQ= -SIZE (dnscrypt-proxy-2.0.22.tar.gz) = 2192330 +SHA256 (dnscrypt-proxy-2.0.23.tar.gz) = 1AWlYrDUsBAaETR8Fke7VTUZRdgtZ1ZbOWeUur8paQU= +SIZE (dnscrypt-proxy-2.0.23.tar.gz) = 2552615 Index: pkg/DESCR =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/DESCR,v retrieving revision 1.1 diff -u -p -r1.1 DESCR --- pkg/DESCR 16 Oct 2018 14:55:02 -0000 1.1 +++ pkg/DESCR 30 Apr 2019 00:42:48 -0000 @@ -1,24 +1,23 @@ -dnscrypt-proxy is a flexible DNS proxy, with support for modern encrypted DNS -protocols such as DNSCrypt v2 and DNS-over-HTTPS, which features: +dnscrypt-proxy is a flexible DNS proxy with support for modern encrypted DNS +protocols, such as DNSCrypt v2 and DNS-over-HTTPS, and features: - DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) and DNSCrypt. -- DNS query monitoring, with separate log files for regular and suspicious - queries -- Filtering: block ads, malware, and other unwanted content. Compatible with - all DNS services -- Time-based filtering, with a flexible weekly schedule -- Transparent redirection of specific domains to specific resolvers -- DNS caching, to reduce latency and improve privacy -- Local IPv6 blocking to reduce latency on IPv4-only networks -- Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically - measure and keep track of their speed, and balance the traffic across the - fastest available ones. -- Cloaking: like a HOSTS file on steroids, that can return preconfigured - addresses for specific names, or resolve and return the IP address of other - names. This can be used for local development as well as to enforce safe - search results on Google, Yahoo and Bing. -- Automatic background updates of resolvers lists -- Can force outgoing connections to use TCP -- Supports SOCKS proxies -- Compatible with DNSSEC +- DNS query monitoring with separate log files for regular and suspicious + queries. +- Filtering: block ads, malware and other unwanted content. Compatible with all + DNS services. +- Time-based filtering with a flexible weekly schedule. +- Transparent redirection of specific domains to specific resolvers. +- DNS caching to reduce latency and improve privacy. +- Local IPv6 blocking to reduce latency on IPv4-only networks. +- Load balancing: pick a set of resolvers, and dnscrypt-proxy will automatically + measure their speeds in order to balance traffic among the fastest available. +- Cloaking: like a HOSTS file on steroids that can return preconfigured + addresses for specific names or resolve and return the IP addresses of + other names. This can be used for local development, as well as to + enforce safe search results on Google, Yahoo and Bing. +- Automatic background updates of resolvers lists. +- Can force outgoing connections to use TCP. +- Supports SOCKS proxies. +- Compatible with DNSSEC. Index: pkg/README =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/README,v retrieving revision 1.1 diff -u -p -r1.1 README --- pkg/README 16 Oct 2018 14:55:02 -0000 1.1 +++ pkg/README 30 Apr 2019 00:42:48 -0000 @@ -7,20 +7,36 @@ $OpenBSD: README,v 1.1 2018/10/16 14:55: dnscrypt-proxy listens for DNS queries on a local address and forwards them to a DNSCrypt resolver over an encrypted channel. -To use this package, two things are required. +To use this package, several things are required. -Firstly, validate that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs, -and start the daemon: +First, ensure that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs. + +Uncomment 'server_names' to have a smaller set of public resolvers to be +used for load balancing. If this line is commented, all registered +servers matching the require_* filters will be used for load balancing. + +Note the load balancing strategy, controlled by 'lb_strategy'. It can be +set to one of the following values: + - 'fastest' (always pick the fastest server in the list) + - 'p2' (randomly choose between the top two fastest servers) + - 'ph' (randomly choose between the top fastest half of all servers) + - 'random' (just pick any random server from the list) + +'p2' is the default option, and you may change this. For more +information, see +https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options + +Second, start the daemon: # rcctl enable dnscrypt_proxy # rcctl start dnscrypt_proxy -Secondly, set /etc/resolv.conf to perform queries from dnscrypt-proxy: +Finally, set /etc/resolv.conf to perform queries from dnscrypt-proxy: nameserver 127.0.0.1 lookup file bind -Note: If fetching your IP address dynamically, dhclient(8) will normally +Note: If your IP address is dynamically fetched, dhclient(8) will normally update resolv.conf with network-provided DNS servers. This can be avoided by using "ignore domain-name, domain-name-servers;" in /etc/dhclient.conf. --8<---------------cut here---------------end--------------->8---
