community/dnscrypt-proxy upgrade to 2.0.21 Support for all latest features Update for golang v1.11 modules

1 files changed, 29 insertions, 5 deletions

diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch
index b9eac807d4..3b0258fd3f 100644
--- a/community/dnscrypt-proxy/config-full-paths.patch
+++ b/community/dnscrypt-proxy/config-full-paths.patch
@@ -1,9 +1,9 @@
 diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml
 new file mode 100644
-index 0000000..ceb9308
+index 0000000..cabf679
 --- /dev/null
 +++ b/dnscrypt-proxy/dnscrypt-proxy.toml
-@@ -0,0 +1,506 @@
+@@ -0,0 +1,530 @@
 +
 +##############################################
 +#                                            #
@@ -81,9 +81,12 @@ index 0000000..ceb9308
 +# Server must not enforce its own blacklist (for parental control, ads blocking...)
 +require_nofilter = true
 +
++# Server names to avoid even if they match all criteria
++disabled_server_names = []
++
 +
 +## Always use TCP to connect to upstream servers.
-+## This can be can be useful if you need to route everything through Tor.
++## This can be useful if you need to route everything through Tor.
 +## Otherwise, leave this to `false`, as it doesn't improve security
 +## (dnscrypt-proxy will always encrypt everything even using UDP), and can
 +## only increase latency.
@@ -91,13 +94,18 @@ index 0000000..ceb9308
 +force_tcp = false
 +
 +
-+## HTTP / SOCKS proxy
++## SOCKS proxy
 +## Uncomment the following line to route all TCP connections to a local Tor node
 +## Tor doesn't support UDP, so set `force_tcp` to `true` as well.
 +
 +# proxy = "socks5://127.0.0.1:9050"
 +
 +
++## HTTP/HTTPS proxy
++## Only for DoH servers
++
++# http_proxy = "http://127.0.0.1:8888"
++
 +
 +## How long a DNS query will wait for a response, in milliseconds
 +
@@ -109,6 +117,13 @@ index 0000000..ceb9308
 +keepalive = 30
 +
 +
++## Use the REFUSED return code for blocked responses
++## Setting this to `false` means that some responses will be lies.
++## Unfortunately, `false` appears to be required for Android 8+
++
++refused_code_in_responses = false
++
++
 +## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
 +
 +# lb_strategy = 'p2'
@@ -191,7 +206,7 @@ index 0000000..ceb9308
 +## connectivity is not guaranteed to be immediately available.
 +## Use 0 to disable.
 +
-+netprobe_timeout = 30
++netprobe_timeout = 60
 +
 +
 +## Offline mode - Do not use any remote encrypted servers.
@@ -493,6 +508,15 @@ index 0000000..ceb9308
 +  refresh_delay = 72
 +  prefix = ''
 +
++  ## Quad9 over DNSCrypt - https://quad9.net/
++
++  # [sources.quad9-resolvers]
++  # urls = ["https://www.quad9.net/quad9-resolvers.md"]
++  # minisign_key = "RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN"
++  # cache_file = "/var/cache/dnscrypt-proxy/quad9-resolvers.md"
++  # refresh_delay = 72
++  # prefix = "quad9-"
++
 +  ## Another example source, with resolvers censoring some websites not appropriate for children
 +  ## This is a subset of the `public-resolvers` list, so enabling both is useless
 +