Here is an update for dnscrypt-proxy version 2.0.26, released September 7, 2019.
In my testing, dnscrypt-proxy works with some resolvers enabled on amd64. I also tested blocked_query_response = refused and hinfo (default) which worked. I was not able to configure an IP blocked query response. Changelog: https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.26 "A new plugin was added to prevent Firefox from bypassing the system DNS settings." I saw in the system log that it starts up by default. (See README for how to enable logging.) dnscrypt-proxy[93248]: Firefox workaround initialized I did some research: https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_firefox.go https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https "Checking for this signaling will be implemented in Firefox when DoH is enabled by default for users. This will first happen for users in the United States in the Fall of 2019. If a user has chosen to manually enable DoH, the signal from the network will be ignored and the user’s preference will be honored." This new feature of dnscrypt-proxy will have to be tested in Fall 2019, when Firefox switches to DNS over HTTPS (DoH). In Firefox: about:config search for "network.trr" network.trr.mode = 0 Change network.trr.mode = 2 to use DoH. Because I manually changed it from the default of 0 to 2, I confirmed that Firefox's cloudflare was used instead of dnscrypt-proxy, as described in the Mozilla article. OK? Index: Makefile =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.43 diff -u -p -r1.43 Makefile --- Makefile 12 Jul 2019 20:48:25 -0000 1.43 +++ Makefile 7 Sep 2019 21:27:22 -0000 @@ -4,7 +4,7 @@ COMMENT = flexible DNS proxy with suppor GH_ACCOUNT = jedisct1 GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.0.25 +GH_TAGNAME = 2.0.26 CATEGORIES = net Index: distinfo =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v retrieving revision 1.19 diff -u -p -r1.19 distinfo --- distinfo 4 Jun 2019 10:02:45 -0000 1.19 +++ distinfo 7 Sep 2019 21:27:22 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.0.25.tar.gz) = d0aWAEyeMG4XI7TLvmapYRKKM1VD0xjQeGSSzmm5Bvo= -SIZE (dnscrypt-proxy-2.0.25.tar.gz) = 2596674 +SHA256 (dnscrypt-proxy-2.0.26.tar.gz) = m/rpucZlXTw6QKEBjWxsuLZ+I0HC9e+/VEYfDBz3rOY= +SIZE (dnscrypt-proxy-2.0.26.tar.gz) = 2653265 Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v retrieving revision 1.4 diff -u -p -r1.4 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml --- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 4 Jun 2019 10:02:45 -0000 1.4 +++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 7 Sep 2019 21:27:22 -0000 @@ -12,12 +12,12 @@ Index: dnscrypt-proxy/example-dnscrypt-p ## Require servers (from static + remote sources) to satisfy specific properties -@@ -514,7 +514,7 @@ cache_neg_max_ttl = 600 +@@ -525,7 +525,7 @@ cache_neg_max_ttl = 600 [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] - cache_file = 'public-resolvers.md' + cache_file = '${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md' minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - refresh_delay = 72 prefix = '' +
