diff options
| author | Ian Bashford <ianbashford@gmail.com> | 2019-09-09 22:02:51 +0100 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2019-09-09 17:08:36 -0300 |
| commit | ad341ea26d9bbf6dc8e278709b1b82bc99a2cd6b (patch) | |
| tree | e5c57d71b75068e7e6bdd0e47041726d6439ce16 /community/dnscrypt-proxy/config-full-paths.patch | |
| parent | 3e744744af410d750529be217d4429af3623fc77 (diff) | |
| download | aports-ad341ea26d9bbf6dc8e278709b1b82bc99a2cd6b.tar.bz2 aports-ad341ea26d9bbf6dc8e278709b1b82bc99a2cd6b.tar.xz | |
community/dnscrypt-proxy upgrade to 2.0.27
Upgrade to 2.0.27 and inclusion of new config options
Diffstat (limited to 'community/dnscrypt-proxy/config-full-paths.patch')
| -rw-r--r-- | community/dnscrypt-proxy/config-full-paths.patch | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch index 841afbee5a..4d46d65918 100644 --- a/community/dnscrypt-proxy/config-full-paths.patch +++ b/community/dnscrypt-proxy/config-full-paths.patch @@ -1,9 +1,9 @@ diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml new file mode 100644 -index 0000000..d1f55b0 +index 0000000..8455f8d --- /dev/null +++ b/dnscrypt-proxy/dnscrypt-proxy.toml -@@ -0,0 +1,547 @@ +@@ -0,0 +1,556 @@ + +############################################## +# # @@ -98,13 +98,13 @@ index 0000000..d1f55b0 +## Uncomment the following line to route all TCP connections to a local Tor node +## Tor doesn't support UDP, so set `force_tcp` to `true` as well. + -+# proxy = "socks5://127.0.0.1:9050" ++# proxy = 'socks5://127.0.0.1:9050' + + +## HTTP/HTTPS proxy +## Only for DoH servers + -+# http_proxy = "http://127.0.0.1:8888" ++# http_proxy = 'http://127.0.0.1:8888' + + +## How long a DNS query will wait for a response, in milliseconds @@ -117,11 +117,12 @@ index 0000000..d1f55b0 +keepalive = 30 + + -+## Use the REFUSED return code for blocked responses -+## Setting this to `false` means that some responses will be lies. -+## Unfortunately, `false` appears to be required for Android 8+ ++## Response for blocked queries. Options are `refused`, `hinfo` (default) or ++## an IP response. To give an IP response, use the format `a:<IPv4>,aaaa:<IPv6>`. ++## Using the `hinfo` option means that some responses will be lies. ++## Unfortunately, the `hinfo` option appears to be required for Android 8+ + -+refused_code_in_responses = false ++# blocked_query_response = 'refused' + + +## Load-balancing strategy: 'p2' (default), 'ph', 'first' or 'random' @@ -171,6 +172,8 @@ index 0000000..d1f55b0 +## 49195 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +## 52392 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 +## 52393 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 ++## 4865 = TLS_AES_128_GCM_SHA256 ++## 4867 = TLS_CHACHA20_POLY1305_SHA256 +## +## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...), +## the following suite improves performance. @@ -209,7 +212,7 @@ index 0000000..d1f55b0 +## initializing the proxy. +## Useful if the proxy is automatically started at boot, and network +## connectivity is not guaranteed to be immediately available. -+## Use 0 to not test for connectivity at all, ++## Use 0 to not test for connectivity at all (not recommended), +## and -1 to wait as much as possible. + +netprobe_timeout = 60 @@ -223,7 +226,7 @@ index 0000000..d1f55b0 +## On other operating systems, the connection will be initialized +## but nothing will be sent at all. + -+netprobe_address = "9.9.9.9:53" ++netprobe_address = '9.9.9.9:53' + + +## Offline mode - Do not use any remote encrypted servers. @@ -233,6 +236,14 @@ index 0000000..d1f55b0 +# offline_mode = false + + ++## Additional data to attach to outgoing queries. ++## These strings will be added as TXT records to queries. ++## Do not use, except on servers explicitly asking for extra data ++## to be present. ++ ++# query_meta = ["key1:value1", "key2:value2", "key3:value3"] ++ ++ +## Automatic log files rotation + +# Maximum log files size in MB @@ -522,17 +533,15 @@ index 0000000..d1f55b0 + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] + cache_file = '/var/cache/dnscrypt-proxy/public-resolvers.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' -+ refresh_delay = 72 + prefix = '' + + ## Quad9 over DNSCrypt - https://quad9.net/ + + # [sources.quad9-resolvers] -+ # urls = ["https://www.quad9.net/quad9-resolvers.md"] -+ # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN" -+ # cache_file = "/var/cache/dnscrypt-proxy/quad9-resolvers.md" -+ # refresh_delay = 72 -+ # prefix = "quad9-" ++ # urls = ['https://www.quad9.net/quad9-resolvers.md'] ++ # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' ++ # cache_file = '/var/cache/dnscrypt-proxy/quad9-resolvers.md' ++ # prefix = 'quad9-' + + ## Another example source, with resolvers censoring some websites not appropriate for children + ## This is a subset of the `public-resolvers` list, so enabling both is useless @@ -549,5 +558,5 @@ index 0000000..d1f55b0 + +[static] + -+ # [static.'google'] -+ # stamp = 'sdns://AgUAAAAAAAAAAAAOZG5zLmdvb2dsZS5jb20NL2V4cGVyaW1lbnRhbA' ++ # [static.'myserver'] ++ # stamp = 'sdns:AQcAAAAAAAAAAAAQMi5kbnNjcnlwdC1jZXJ0Lg' |