diff options
-rw-r--r-- | network/dnscrypt-proxy/README | 3 | ||||
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild | 8 | ||||
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.info | 6 | ||||
-rw-r--r-- | network/dnscrypt-proxy/dnscrypt-proxy.toml | 38 | ||||
-rw-r--r-- | network/dnscrypt-proxy/poly1305.patch | 20 |
5 files changed, 37 insertions, 38 deletions
diff --git a/network/dnscrypt-proxy/README b/network/dnscrypt-proxy/README index b55a58cae97ef..3e69789b36d21 100644 --- a/network/dnscrypt-proxy/README +++ b/network/dnscrypt-proxy/README @@ -6,5 +6,8 @@ DNSCrypt protocol and passing them to an upstream server. By default dnscrypt-proxy is configured to use a random DNS server; you will definitely want to change this. +Note that google-go-lang is a compile-time dependency and is not needed during +run-time. + Be sure to read README.Slackware for information on configuring/running dnscrypt-proxy as a daemon! diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild index 696bd0950e659..a2699a1ed34d5 100644 --- a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild +++ b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for dnscrypt-proxy -# Copyright 2018 T3slider <t3slider@gmail.com> +# Copyright 2019 T3slider <t3slider@gmail.com> # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -27,7 +27,7 @@ # significantly improved the value of this script! PRGNAM=dnscrypt-proxy -VERSION=${VERSION:-2.0.16} +VERSION=${VERSION:-2.0.21} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -75,10 +75,6 @@ find -L . \ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; -# Error compiling with go 1.11; fixed in dnscrypt-proxy master but not in the -# latest release -patch -p1 < $CWD/poly1305.patch - export GOPATH="$TMP/$PRGNAM-$VERSION" go install -a -x ./... diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.info b/network/dnscrypt-proxy/dnscrypt-proxy.info index da40844bfa518..7a5626ce164c0 100644 --- a/network/dnscrypt-proxy/dnscrypt-proxy.info +++ b/network/dnscrypt-proxy/dnscrypt-proxy.info @@ -1,8 +1,8 @@ PRGNAM="dnscrypt-proxy" -VERSION="2.0.16" +VERSION="2.0.21" HOMEPAGE="https://github.com/jedisct1/dnscrypt-proxy" -DOWNLOAD="https://github.com/jedisct1/dnscrypt-proxy/archive/2.0.16/dnscrypt-proxy-2.0.16.tar.gz" -MD5SUM="2155eff38ed4062aa3dcbb823c840a69" +DOWNLOAD="https://github.com/jedisct1/dnscrypt-proxy/archive/2.0.21/dnscrypt-proxy-2.0.21.tar.gz" +MD5SUM="ac306317e25e281930f1a5203ebec305" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="google-go-lang" diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.toml b/network/dnscrypt-proxy/dnscrypt-proxy.toml index 0341cbed712f7..2e2679c316174 100644 --- a/network/dnscrypt-proxy/dnscrypt-proxy.toml +++ b/network/dnscrypt-proxy/dnscrypt-proxy.toml @@ -41,14 +41,10 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53'] max_clients = 250 -## Switch to a non-privileged system user after listening sockets have been created. -## Two processes will be running. -## The first one will keep root privileges, but is only a supervisor, that does nothing -## except create the sockets, manage the service, and restart it if it crashes. -## The second process is the service itself, and that one will always run as a different -## user. +## Switch to a different system user after listening sockets have been created. ## Note (1): this feature is currently unsupported on Windows. ## Note (2): this feature is not compatible with systemd socket activation. +## Note (3): when using -pidfile, the PID file directory must be writable by the new user # user_name = 'nobody' user_name = 'dnscrypt' @@ -80,9 +76,12 @@ require_nolog = true # Server must not enforce its own blacklist (for parental control, ads blocking...) require_nofilter = true +# Server names to avoid even if they match all criteria +disabled_server_names = [] + ## Always use TCP to connect to upstream servers. -## This can be can be useful if you need to route everything through Tor. +## This can be useful if you need to route everything through Tor. ## Otherwise, leave this to `false`, as it doesn't improve security ## (dnscrypt-proxy will always encrypt everything even using UDP), and can ## only increase latency. @@ -90,13 +89,18 @@ require_nofilter = true force_tcp = false -## HTTP / SOCKS proxy +## SOCKS proxy ## Uncomment the following line to route all TCP connections to a local Tor node ## Tor doesn't support UDP, so set `force_tcp` to `true` as well. # proxy = "socks5://127.0.0.1:9050" +## HTTP/HTTPS proxy +## Only for DoH servers + +# http_proxy = "http://127.0.0.1:8888" + ## How long a DNS query will wait for a response, in milliseconds @@ -108,6 +112,13 @@ timeout = 2500 keepalive = 30 +## Use the REFUSED return code for blocked responses +## Setting this to `false` means that some responses will be lies. +## Unfortunately, `false` appears to be required for Android 8+ + +refused_code_in_responses = false + + ## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random' # lb_strategy = 'p2' @@ -191,7 +202,7 @@ ignore_system_dns = false ## connectivity is not guaranteed to be immediately available. ## Use 0 to disable. -netprobe_timeout = 30 +netprobe_timeout = 60 ## Offline mode - Do not use any remote encrypted servers. @@ -493,6 +504,15 @@ cache_neg_max_ttl = 600 refresh_delay = 72 prefix = '' + ## Quad9 over DNSCrypt - https://quad9.net/ + + # [sources.quad9-resolvers] + # urls = ["https://www.quad9.net/quad9-resolvers.md"] + # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN" + # cache_file = "quad9-resolvers.md" + # refresh_delay = 72 + # prefix = "quad9-" + ## Another example source, with resolvers censoring some websites not appropriate for children ## This is a subset of the `public-resolvers` list, so enabling both is useless diff --git a/network/dnscrypt-proxy/poly1305.patch b/network/dnscrypt-proxy/poly1305.patch deleted file mode 100644 index f701d6ae2100f..0000000000000 --- a/network/dnscrypt-proxy/poly1305.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff --git a/vendor/github.com/aead/poly1305/poly1305_amd64.go b/vendor/github.com/aead/poly1305/poly1305_amd64.go -index cd1a717..41b630f 100644 ---- a/vendor/github.com/aead/poly1305/poly1305_amd64.go -+++ b/vendor/github.com/aead/poly1305/poly1305_amd64.go -@@ -7,13 +7,11 @@ - package poly1305 - - import ( -+ "golang.org/x/sys/cpu" - "io" - ) - --var useAVX2 = supportsAVX2() -- --//go:noescape --func supportsAVX2() bool -+var useAVX2 = cpu.X86.HasAVX2 - - //go:noescape - func initialize(state *[7]uint64, key *[32]byte) |