diff options
| author | Ian Bashford <ianbashford@gmail.com> | 2019-11-24 17:10:54 +0000 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2019-11-29 02:51:37 +0100 |
| commit | 4383e7d62e8e90d76d0990d8dbac2e2811682922 (patch) | |
| tree | dcae35fba21fd71acd039a320158814bfbd73373 /community/dnscrypt-proxy | |
| parent | 1bfbb7e75c7c4d11f320ca6af233b40b1ef9e45c (diff) | |
| download | aports-4383e7d62e8e90d76d0990d8dbac2e2811682922.tar.bz2 aports-4383e7d62e8e90d76d0990d8dbac2e2811682922.tar.xz | |
community/dnscrypt-proxy: sync config file with latest cahnges
Diffstat (limited to 'community/dnscrypt-proxy')
| -rw-r--r-- | community/dnscrypt-proxy/APKBUILD | 4 | ||||
| -rw-r--r-- | community/dnscrypt-proxy/config-full-paths.patch | 36 |
2 files changed, 29 insertions, 11 deletions
diff --git a/community/dnscrypt-proxy/APKBUILD b/community/dnscrypt-proxy/APKBUILD index 4972371ecf..2354187860 100644 --- a/community/dnscrypt-proxy/APKBUILD +++ b/community/dnscrypt-proxy/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Ian Bashford <ianbashford@gmail.com> pkgname=dnscrypt-proxy pkgver=2.0.33 -pkgrel=0 +pkgrel=1 pkgdesc="A tool for securing communications between a client and a DNS resolver" url="https://dnscrypt.info" arch="all" @@ -56,4 +56,4 @@ sha512sums="5c6eb655aa70457889253cbf630e7e37011a461a7f181f0a667694d53146ad9dee88 e0a72d39d47dc24b889d08beedbd9fdf21615f42fbab79980debdfd2c3feaa83dc3f776351f7dd13533cc85905ce4e01812e4ff8a80a9ccc0b21e9db7d6cb232 dnscrypt-proxy.initd c001ae39da1b2db71764cab568f9ed18e4de0cea3d1a4e7bd6dd01a5668b81a888ea9eef99de6beac08857ad7f8eb1a32d730e946ac3563e4dcfa27147e35052 dnscrypt-proxy.confd 66dd43d84117a0151ae41f34d82b716760382a5a491424bf6418228ffd21f0dfbc88e34cc5074e11f97f006335d97b85367bb9ab1d96747a48e893c022ad52d0 dnscrypt-proxy.setup -1352d05e5862a11ad7e751a188aab153e916889b8134e8c09b2e8db7e9a2e04b7f3de609b04a195ce67a9b77aedfb11feef4717af4cbc5b4d3ac61d39410922a config-full-paths.patch" +1d9cf44ec92dfe1efb092e2b214730932b3f5b9c75907c37429e3eadfdc77e1d9aa54480ed856d1c9e08c9a5c9c5c91d3c110e0307963745d43c6c0f65b2b6c9 config-full-paths.patch" diff --git a/community/dnscrypt-proxy/config-full-paths.patch b/community/dnscrypt-proxy/config-full-paths.patch index ccd80ecc58..b2149acfde 100644 --- a/community/dnscrypt-proxy/config-full-paths.patch +++ b/community/dnscrypt-proxy/config-full-paths.patch @@ -1,9 +1,9 @@ diff --git a/./dnscrypt-proxy.toml b/dnscrypt-proxy/dnscrypt-proxy.toml new file mode 100644 -index 0000000..8455f8d +index 0000000..736ec29 --- /dev/null +++ b/dnscrypt-proxy/dnscrypt-proxy.toml -@@ -0,0 +1,610 @@ +@@ -0,0 +1,628 @@ + +############################################## +# # @@ -196,7 +196,7 @@ index 0000000..8455f8d +## It will never be used if lists have already been cached, and if stamps +## don't include host names without IP addresses. +## It will not be used if the configured system DNS works. -+## A resolver supporting DNSSEC is recommended. This may become mandatory. ++## A resolver supporting DNSSEC is recommended. +## +## People in China may need to use 114.114.114.114:53 here. +## Other popular options include 8.8.8.8 and 1.1.1.1. @@ -204,10 +204,9 @@ index 0000000..8455f8d +fallback_resolver = '9.9.9.9:53' + + -+## Never let dnscrypt-proxy try to use the system DNS settings; -+## unconditionally use the fallback resolver. ++## Always use the fallback resolver before the system DNS settings + -+ignore_system_dns = false ++ignore_system_dns = true + + +## Maximum time (in seconds) to wait for network connectivity before @@ -321,12 +320,12 @@ index 0000000..8455f8d + +## Cache size + -+cache_size = 512 ++cache_size = 1024 + + +## Minimum TTL for cached entries + -+cache_min_ttl = 600 ++cache_min_ttl = 2400 + + +## Maximum TTL for cached entries @@ -550,7 +549,7 @@ index 0000000..8455f8d + ## Anonymized DNS relays + + [sources.'relays'] -+ urls = ['https://github.com/DNSCrypt/dnscrypt-resolvers/raw/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md'] ++ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md'] + cache_file = '/var/cache/dnscrypt-proxy/relays.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + refresh_delay = 72 @@ -573,6 +572,25 @@ index 0000000..8455f8d + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + + ++ ++ ++######################################### ++# Servers with known bugs # ++######################################### ++ ++[broken_implementations] ++ ++# Cisco servers currently cannot handle queries larger than 1472 bytes, and don't ++# truncate reponses larger than questions as expected by the DNSCrypt protocol. ++# This prevents large responses from being received, and breaks relaying. ++# A workaround for the first issue will be applied to servers in list below. ++# Do not change that list until the bugs are fixed server-side. ++ ++broken_query_padding = ['cisco', 'cisco-ipv6', 'cisco-familyshield'] ++ ++ ++ ++ +################################ +# Anonymized DNS # +################################ |