This is a diff for dnscrypt-proxy 2.0.25, released June 3, 2019.
release notes:
https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.25
https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.24
The "fastest" load-balancing strategy has been renamed to "first". I
noted this in the README and existing dnscrypt-proxy.toml files may have
to be changed.
Also, I enabled logging by specifying log_file =
'${LOCALSTATEDIR}/log/dnscrypt-proxy.log'. `log_file' and `use_syslog'
are mutually exclusive options. `log_file' allows you to specify a file
and `use_syslog' uses /var/log/messages.
Thoughts on enabling logging? If it is better to just leave logging
disabled, as it is by default, let me know and I can fix the diff as
needed.
Lightly tested on amd64.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v
retrieving revision 1.41
diff -u -p -u -p -r1.41 Makefile
--- Makefile 4 May 2019 21:46:17 -0000 1.41
+++ Makefile 4 Jun 2019 03:28:31 -0000
@@ -4,7 +4,7 @@ COMMENT = flexible DNS proxy with suppor
GH_ACCOUNT = jedisct1
GH_PROJECT = dnscrypt-proxy
-GH_TAGNAME = 2.0.23
+GH_TAGNAME = 2.0.25
CATEGORIES = net
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v
retrieving revision 1.18
diff -u -p -u -p -r1.18 distinfo
--- distinfo 30 Apr 2019 08:51:13 -0000 1.18
+++ distinfo 4 Jun 2019 03:28:31 -0000
@@ -1,2 +1,2 @@
-SHA256 (dnscrypt-proxy-2.0.23.tar.gz) = 1AWlYrDUsBAaETR8Fke7VTUZRdgtZ1ZbOWeUur8paQU=
-SIZE (dnscrypt-proxy-2.0.23.tar.gz) = 2552615
+SHA256 (dnscrypt-proxy-2.0.25.tar.gz) = d0aWAEyeMG4XI7TLvmapYRKKM1VD0xjQeGSSzmm5Bvo=
+SIZE (dnscrypt-proxy-2.0.25.tar.gz) = 2596674
Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
--- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 16 Apr 2019 15:26:11 -0000 1.3
+++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 4 Jun 2019 03:28:31 -0000
@@ -1,5 +1,9 @@
$OpenBSD: patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v 1.3 2019/04/16 15:26:11 bket Exp $
+run as _dnscrypt-proxy user
+enable logging
+fix directory for public-resolvers.md
+
Index: dnscrypt-proxy/example-dnscrypt-proxy.toml
--- dnscrypt-proxy/example-dnscrypt-proxy.toml.orig
+++ dnscrypt-proxy/example-dnscrypt-proxy.toml
@@ -12,7 +16,22 @@ Index: dnscrypt-proxy/example-dnscrypt-p
## Require servers (from static + remote sources) to satisfy specific properties
-@@ -497,7 +497,7 @@ cache_neg_max_ttl = 600
+@@ -130,12 +130,12 @@ refused_code_in_responses = false
+
+ ## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
+
+-# log_level = 2
++log_level = 2
+
+
+ ## log file for the application
+
+-# log_file = 'dnscrypt-proxy.log'
++log_file = '${LOCALSTATEDIR}/log/dnscrypt-proxy.log'
+
+
+ ## Use the system logger (syslog on Unix, Event Log on Windows)
+@@ -514,7 +514,7 @@ cache_neg_max_ttl = 600
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
Index: pkg/README
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/README,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 README
--- pkg/README 30 Apr 2019 08:51:13 -0000 1.2
+++ pkg/README 4 Jun 2019 03:28:31 -0000
@@ -9,35 +9,54 @@ them to a DNSCrypt resolver over an encr
To use this package, several things are required.
-First, ensure that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs.
+Customizing dnscrypt-proxy.toml
+===============================
-Uncomment 'server_names' to have a smaller set of public resolvers to be
-used for load balancing. If this line is commented, all registered
-servers matching the require_* filters will be used for load balancing.
+Ensure that ${SYSCONFDIR}/dnscrypt-proxy.toml fits your needs.
+Resolvers
+---------
+Uncomment 'server_names' to have a smaller set of public resolvers to be used
+for load balancing. If this line is commented, all registered servers matching
+the require_* filters will be used for load balancing. Refer to
+${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md for a list of all public
+resolvers.
+
+Load balancing strategy
+-----------------------
Note the load balancing strategy, controlled by 'lb_strategy'. It can be
set to one of the following values:
- - 'fastest' (always pick the fastest server in the list)
+ - 'first' (always pick the fastest server in the list)
- 'p2' (randomly choose between the top two fastest servers)
- 'ph' (randomly choose between the top fastest half of all servers)
- 'random' (just pick any random server from the list)
-'p2' is the default option, and you may change this. For more
-information, see
+'p2' is the default option. For more information, see
https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options
-Second, start the daemon:
+Logging
+-------
+Logging is enabled by default in ${LOCALSTATEDIR}/log/dnscrypt-proxy.log.
+Comment out 'log_level' and 'log_file' to disable logging.
+
+Daemon
+======
+
+Start the daemon:
# rcctl enable dnscrypt_proxy
# rcctl start dnscrypt_proxy
-Finally, set /etc/resolv.conf to perform queries from dnscrypt-proxy:
+resolv.conf
+===========
+
+Set /etc/resolv.conf to perform queries from dnscrypt-proxy:
nameserver 127.0.0.1
lookup file bind
Note: If your IP address is dynamically fetched, dhclient(8) will normally
-update resolv.conf with network-provided DNS servers. This can be avoided
-by using "ignore domain-name, domain-name-servers;" in /etc/dhclient.conf.
+update resolv.conf with network-provided DNS servers. This can be avoided by
+using "ignore domain-name, domain-name-servers;" in /etc/dhclient.conf.
For more information, see https://dnscrypt.info/
No comments:
Post a Comment