community/dnscrypt-proxy: upgrade to 2.0.36

1 files changed, 19 insertions, 9 deletions

diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
index 017da3c555..1af5089c52 100644
--- a/community/dnscrypt-proxy/config-full-paths.patch
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@@ -206,7 +206,7 @@ index 0000000..736ec29
 +fallback_resolver = '9.9.9.9:53'
 +
 +
-+## Always use the fallback resolver before the system DNS settings
++## Always use the fallback resolver before the system DNS settings.
 +
 +ignore_system_dns = true
 +
@@ -264,11 +264,15 @@ index 0000000..736ec29
 +#        Filters        #
 +#########################
 +
++## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you
++## configure dnscrypt-proxy to do any kind of filtering (including the filters
++## below and blacklists).
++## But you can still choose resolvers that do DNSSEC validation.
++
++
 +## Immediately respond to IPv6-related queries with an empty response
 +## This makes things faster when there is no IPv6 connectivity, but can
 +## also cause reliability issues with some stub resolvers.
-+## Do not enable if you added a validating resolver such as dnsmasq in front
-+## of the proxy.
 +
 +block_ipv6 = false
 +
@@ -278,6 +282,12 @@ index 0000000..736ec29
 +block_unqualified = true
 +
 +
++## Immediately respond to queries for local zones instead of leaking them to
++## upstream resolvers (always causing errors or timeouts).
++
++block_undelegated = true
++
++
 +## TTL for synthetic responses sent when a request has been blocked (due to
 +## IPv6 or blacklists).
 +
@@ -390,7 +400,7 @@ index 0000000..736ec29
 +
 +[query_log]
 +
-+  ## Path to the query log file (absolute, or relative to the same directory as the executable file)
++  ## Path to the query log file (absolute, or relative to the same directory as the config file)
 +  ## Can be /dev/stdout to log to the standard output (and set log_files_max_size to 0)
 +
 +  # file = '/var/log/dnscrypt-proxy/query.log'
@@ -417,7 +427,7 @@ index 0000000..736ec29
 +
 +[nx_log]
 +
-+  ## Path to the query log file (absolute, or relative to the same directory as the executable file)
++  ## Path to the query log file (absolute, or relative to the same directory as the config file)
 +
 +  # file = '/var/log/dnscrypt-proxy/nx.log'
 +
@@ -447,7 +457,7 @@ index 0000000..736ec29
 +
 +[blacklist]
 +
-+  ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
++  ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
 +
 +  # blacklist_file = '/etc/dnscrypt-proxy/blacklist.txt'
 +
@@ -475,7 +485,7 @@ index 0000000..736ec29
 +
 +[ip_blacklist]
 +
-+  ## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
++  ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file)
 +
 +  # blacklist_file = '/etc/dnscrypt-proxy/ip-blacklist.txt'
 +
@@ -503,7 +513,7 @@ index 0000000..736ec29
 +
 +[whitelist]
 +
-+  ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the executable file)
++  ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file)
 +
 +  # whitelist_file = '/etc/dnscrypt-proxy/whitelist.txt'
 +
@@ -643,7 +653,7 @@ index 0000000..736ec29
 +## A relay can be specified as a DNS Stamp (either a relay stamp, or a
 +## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
 +##
-+## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2``,
++## The following example routes "example-server-1" via `anon-example-1` or `anon-example-2`,
 +## and "example-server-2" via the relay whose relay DNS stamp
 +## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
 +##