1fd8aa9304
- Update to version 2.0.45 * Configuration changes (to be required in versions 2.1.x): - [blacklist] has been renamed to [blocked_names] - [ip_blacklist] has been renamed to [blocked_ips] - [whitelist] has been renamed to [allowed_names] - generate-domains-blacklist.py has been renamed to generate-domains-blocklist.py, and the configuration files have been renamed as well. * dnscrypt-proxy -resolve has been completely revamped, and now requires the configuration file to be accessible. It will send a query to an IP address of the dnscrypt-proxy server by default. Sending queries to arbitrary servers is also supported with the new -resolve name,address syntax. * Relay lists can be set to * for automatic relay selection. When a wildcard is used, either for the list of servers or relays, the proxy ensures that relays and servers are on distinct networks. * Lying resolvers are detected and reported. * New return code: NOT_READY for queries received before the proxy has been initialized. * Server lists can't be older than a week any more, even if directory permissions are incorrect and cache files cannot be written. * New feature: allowed_ips, to configure a set of IP addresses to never block no matter what DNS name resolves to them. * Hard-coded IP addresses can be immediately returned for test queries sent by operating systems in order to check for connectivity and captive portals. Such responses can be sent even before an interface is considered as enabled by the operating system. This can be configured in a new section called [captive_portals]. * On Linux, OpenBSD and FreeBSD, listen_addresses can now include IP addresses that haven't been assigned to an interface yet. * generate-domains-blocklist.py: regular expressions are now ignored in time-based entries. OBS-URL: https://build.opensuse.org/request/show/860171 OBS-URL: https://build.opensuse.org/package/show/server:dns/dnscrypt-proxy?expand=0&rev=30 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
dnscrypt-proxy-2.0.45.tar.gz | ||
dnscrypt-proxy.changes | ||
dnscrypt-proxy.service | ||
dnscrypt-proxy.socket | ||
dnscrypt-proxy.socket.conf | ||
dnscrypt-proxy.spec | ||
example-dnscrypt-proxy.toml.sed | ||
find_licenses.sh | ||
install_licenses.sh | ||
README.openSUSE |
*************************************************************************** * * * README.openSUSE last edited for version 2.0.44 * * * *************************************************************************** Some hints: ----------- Configure /etc/dnscrypt-proxy/dnscrypt-proxy.toml for your use case first! A. If dnscrypt-proxy should act as your primary resolver and only listen at 127.0.0.1:53, start as root once with $ systemctl start dnscrypt-proxy.socket and if you don't want to repeat this after next boots, do $ systemctl enable dnscrypt-proxy.socket B. If you have some other resolver listening on 127.0.0.1:53 that should forward queries to dnscrypt-proxy it is recommended to create as root the directory /etc/systemd/system/dnscrypt-proxy.socket.d and copy the file dnscrypt-proxy.socket.conf into the created directory. An example file should be available in this doc directory: /usr/share/doc/packages/dnscrypt-proxy Afterwards you have to start/enable the socket unit as described above in A. Additionally your primary resolver has to be configured to forward requests to the address specified in file dnscrypt-proxy.socket.conf - 127.0.0.1:5353 for example. C. Alternatively the unit dnscrypt-proxy.service can be used the same way as the socket unit described in A for starting and enabling. This will require you to set "listen_addresses" in file /etc/dnscrypt-proxy/dnscrypt-proxy.toml In this case dnscrypt-proxy has to setup the sockets itself and because it is by default executed as user "dnscrypt" it is not allowed to listen on ports < 1024. If dnscrypt-proxy should listen on these lower ports a) the socket unit should be used or b) the program has to be started directly by root or c) the user settings in the service unit have to be overridden as described in B with files ending with ".conf" in a to be created directory at /etc/systemd/system/dnscrypt-proxy.service.d D. The socket OR the service unit should be started/enabled - not both. If the socket unit is used, it will start the service unit when queries are sent to one of its configured addresses. If using systemd, the PID should be available in file /run/dnscrypt-proxy/dnscrypt-proxy.pid