aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/dnscrypt-proxy/README3
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild8
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.info6
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.toml38
-rw-r--r--network/dnscrypt-proxy/poly1305.patch20
5 files changed, 37 insertions, 38 deletions
diff --git a/network/dnscrypt-proxy/README b/network/dnscrypt-proxy/README
index b55a58cae97ef..3e69789b36d21 100644
--- a/network/dnscrypt-proxy/README
+++ b/network/dnscrypt-proxy/README
@@ -6,5 +6,8 @@ DNSCrypt protocol and passing them to an upstream server.
By default dnscrypt-proxy is configured to use a random DNS server; you will
definitely want to change this.
+Note that google-go-lang is a compile-time dependency and is not needed during
+run-time.
+
Be sure to read README.Slackware for information on configuring/running
dnscrypt-proxy as a daemon!
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
index 696bd0950e659..a2699a1ed34d5 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
@@ -2,7 +2,7 @@
# Slackware build script for dnscrypt-proxy
-# Copyright 2018 T3slider <t3slider@gmail.com>
+# Copyright 2019 T3slider <t3slider@gmail.com>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -27,7 +27,7 @@
# significantly improved the value of this script!
PRGNAM=dnscrypt-proxy
-VERSION=${VERSION:-2.0.16}
+VERSION=${VERSION:-2.0.21}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -75,10 +75,6 @@ find -L . \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
-# Error compiling with go 1.11; fixed in dnscrypt-proxy master but not in the
-# latest release
-patch -p1 < $CWD/poly1305.patch
-
export GOPATH="$TMP/$PRGNAM-$VERSION"
go install -a -x ./...
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.info b/network/dnscrypt-proxy/dnscrypt-proxy.info
index da40844bfa518..7a5626ce164c0 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.info
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.info
@@ -1,8 +1,8 @@
PRGNAM="dnscrypt-proxy"
-VERSION="2.0.16"
+VERSION="2.0.21"
HOMEPAGE="https://github.com/jedisct1/dnscrypt-proxy"
-DOWNLOAD="https://github.com/jedisct1/dnscrypt-proxy/archive/2.0.16/dnscrypt-proxy-2.0.16.tar.gz"
-MD5SUM="2155eff38ed4062aa3dcbb823c840a69"
+DOWNLOAD="https://github.com/jedisct1/dnscrypt-proxy/archive/2.0.21/dnscrypt-proxy-2.0.21.tar.gz"
+MD5SUM="ac306317e25e281930f1a5203ebec305"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES="google-go-lang"
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.toml b/network/dnscrypt-proxy/dnscrypt-proxy.toml
index 0341cbed712f7..2e2679c316174 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.toml
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.toml
@@ -41,14 +41,10 @@ listen_addresses = ['127.0.0.1:53', '[::1]:53']
max_clients = 250
-## Switch to a non-privileged system user after listening sockets have been created.
-## Two processes will be running.
-## The first one will keep root privileges, but is only a supervisor, that does nothing
-## except create the sockets, manage the service, and restart it if it crashes.
-## The second process is the service itself, and that one will always run as a different
-## user.
+## Switch to a different system user after listening sockets have been created.
## Note (1): this feature is currently unsupported on Windows.
## Note (2): this feature is not compatible with systemd socket activation.
+## Note (3): when using -pidfile, the PID file directory must be writable by the new user
# user_name = 'nobody'
user_name = 'dnscrypt'
@@ -80,9 +76,12 @@ require_nolog = true
# Server must not enforce its own blacklist (for parental control, ads blocking...)
require_nofilter = true
+# Server names to avoid even if they match all criteria
+disabled_server_names = []
+
## Always use TCP to connect to upstream servers.
-## This can be can be useful if you need to route everything through Tor.
+## This can be useful if you need to route everything through Tor.
## Otherwise, leave this to `false`, as it doesn't improve security
## (dnscrypt-proxy will always encrypt everything even using UDP), and can
## only increase latency.
@@ -90,13 +89,18 @@ require_nofilter = true
force_tcp = false
-## HTTP / SOCKS proxy
+## SOCKS proxy
## Uncomment the following line to route all TCP connections to a local Tor node
## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
# proxy = "socks5://127.0.0.1:9050"
+## HTTP/HTTPS proxy
+## Only for DoH servers
+
+# http_proxy = "http://127.0.0.1:8888"
+
## How long a DNS query will wait for a response, in milliseconds
@@ -108,6 +112,13 @@ timeout = 2500
keepalive = 30
+## Use the REFUSED return code for blocked responses
+## Setting this to `false` means that some responses will be lies.
+## Unfortunately, `false` appears to be required for Android 8+
+
+refused_code_in_responses = false
+
+
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
# lb_strategy = 'p2'
@@ -191,7 +202,7 @@ ignore_system_dns = false
## connectivity is not guaranteed to be immediately available.
## Use 0 to disable.
-netprobe_timeout = 30
+netprobe_timeout = 60
## Offline mode - Do not use any remote encrypted servers.
@@ -493,6 +504,15 @@ cache_neg_max_ttl = 600
refresh_delay = 72
prefix = ''
+ ## Quad9 over DNSCrypt - https://quad9.net/
+
+ # [sources.quad9-resolvers]
+ # urls = ["https://www.quad9.net/quad9-resolvers.md"]
+ # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
+ # cache_file = "quad9-resolvers.md"
+ # refresh_delay = 72
+ # prefix = "quad9-"
+
## Another example source, with resolvers censoring some websites not appropriate for children
## This is a subset of the `public-resolvers` list, so enabling both is useless
diff --git a/network/dnscrypt-proxy/poly1305.patch b/network/dnscrypt-proxy/poly1305.patch
deleted file mode 100644
index f701d6ae2100f..0000000000000
--- a/network/dnscrypt-proxy/poly1305.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff --git a/vendor/github.com/aead/poly1305/poly1305_amd64.go b/vendor/github.com/aead/poly1305/poly1305_amd64.go
-index cd1a717..41b630f 100644
---- a/vendor/github.com/aead/poly1305/poly1305_amd64.go
-+++ b/vendor/github.com/aead/poly1305/poly1305_amd64.go
-@@ -7,13 +7,11 @@
- package poly1305
-
- import (
-+ "golang.org/x/sys/cpu"
- "io"
- )
-
--var useAVX2 = supportsAVX2()
--
--//go:noescape
--func supportsAVX2() bool
-+var useAVX2 = cpu.X86.HasAVX2
-
- //go:noescape
- func initialize(state *[7]uint64, key *[32]byte)