This is a diff for dnscrypt-proxy 2.0.25, released June 3, 2019.
release notes: https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.25 https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.24 The "fastest" load-balancing strategy has been renamed to "first". I noted this in the README and existing dnscrypt-proxy.toml files may have to be changed. Also, I enabled logging by specifying log_file = '${LOCALSTATEDIR}/log/dnscrypt-proxy.log'. `log_file' and `use_syslog' are mutually exclusive options. `log_file' allows you to specify a file and `use_syslog' uses /var/log/messages. Thoughts on enabling logging? If it is better to just leave logging disabled, as it is by default, let me know and I can fix the diff as needed. Lightly tested on amd64. Index: Makefile =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.41 diff -u -p -u -p -r1.41 Makefile --- Makefile 4 May 2019 21:46:17 -0000 1.41 +++ Makefile 4 Jun 2019 03:28:31 -0000 @@ -4,7 +4,7 @@ COMMENT = flexible DNS proxy with suppor GH_ACCOUNT = jedisct1 GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.0.23 +GH_TAGNAME = 2.0.25 CATEGORIES = net Index: distinfo =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v retrieving revision 1.18 diff -u -p -u -p -r1.18 distinfo --- distinfo 30 Apr 2019 08:51:13 -0000 1.18 +++ distinfo 4 Jun 2019 03:28:31 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.0.23.tar.gz) = 1AWlYrDUsBAaETR8Fke7VTUZRdgtZ1ZbOWeUur8paQU= -SIZE (dnscrypt-proxy-2.0.23.tar.gz) = 2552615 +SHA256 (dnscrypt-proxy-2.0.25.tar.gz) = d0aWAEyeMG4XI7TLvmapYRKKM1VD0xjQeGSSzmm5Bvo= +SIZE (dnscrypt-proxy-2.0.25.tar.gz) = 2596674 Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v retrieving revision 1.3 diff -u -p -u -p -r1.3 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml --- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 16 Apr 2019 15:26:11 -0000 1.3 +++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 4 Jun 2019 03:28:31 -0000 @@ -1,5 +1,9 @@ $OpenBSD: patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v 1.3 2019/04/16 15:26:11 bket Exp $ +run as _dnscrypt-proxy user +enable logging +fix directory for public-resolvers.md + Index: dnscrypt-proxy/example-dnscrypt-proxy.toml --- dnscrypt-proxy/example-dnscrypt-proxy.toml.orig +++ dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -12,7 +16,22 @@ Index: dnscrypt-proxy/example-dnscrypt-p ## Require servers (from static + remote sources) to satisfy specific properties -@@ -497,7 +497,7 @@ cache_neg_max_ttl = 600 +@@ -130,12 +130,12 @@ refused_code_in_responses = false + + ## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors) + +-# log_level = 2 ++log_level = 2 + + + ## log file for the application + +-# log_file = 'dnscrypt-proxy.log' ++log_file = '${LOCALSTATEDIR}/log/dnscrypt-proxy.log' + + + ## Use the system logger (syslog on Unix, Event Log on Windows) +@@ -514,7 +514,7 @@ cache_neg_max_ttl = 600 [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] Index: pkg/README =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/README,v retrieving revision 1.2 diff -u -p -u -p -r1.2 README --- pkg/README 30 Apr 2019 08:51:13 -0000 1.2 +++ pkg/README 4 Jun 2019 03:28:31 -0000 @@ -9,35 +9,54 @@ them to a DNSCrypt resolver over an encr To use this package, several things are required. -First, ensure that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs. +Customizing dnscrypt-proxy.toml +=============================== -Uncomment 'server_names' to have a smaller set of public resolvers to be -used for load balancing. If this line is commented, all registered -servers matching the require_* filters will be used for load balancing. +Ensure that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs. +Resolvers +--------- +Uncomment 'server_names' to have a smaller set of public resolvers to be used +for load balancing. If this line is commented, all registered servers matching +the require_* filters will be used for load balancing. Refer to +${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md for a list of all public +resolvers. + +Load balancing strategy +----------------------- Note the load balancing strategy, controlled by 'lb_strategy'. It can be set to one of the following values: - - 'fastest' (always pick the fastest server in the list) + - 'first' (always pick the fastest server in the list) - 'p2' (randomly choose between the top two fastest servers) - 'ph' (randomly choose between the top fastest half of all servers) - 'random' (just pick any random server from the list) -'p2' is the default option, and you may change this. For more -information, see +'p2' is the default option. For more information, see https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options -Second, start the daemon: +Logging +------- +Logging is enabled by default in ${LOCALSTATEDIR}/log/dnscrypt-proxy.log. +Comment out 'log_level' and 'log_file' to disable logging. + +Daemon +====== + +Start the daemon: # rcctl enable dnscrypt_proxy # rcctl start dnscrypt_proxy -Finally, set /etc/resolv.conf to perform queries from dnscrypt-proxy: +resolv.conf +=========== + +Set /etc/resolv.conf to perform queries from dnscrypt-proxy: nameserver 127.0.0.1 lookup file bind Note: If your IP address is dynamically fetched, dhclient(8) will normally -update resolv.conf with network-provided DNS servers. This can be avoided -by using "ignore domain-name, domain-name-servers;" in /etc/dhclient.conf. +update resolv.conf with network-provided DNS servers. This can be avoided by +using "ignore domain-name, domain-name-servers;" in /etc/dhclient.conf. For more information, see https://dnscrypt.info/
