diff options
| author | IT Offshore <developer@it-offshore.co.uk> | 2013-11-16 10:16:44 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-11-19 15:50:25 +0000 |
| commit | 5213bcabac50e596826baefa6e5f92819798dab9 (patch) | |
| tree | 5814bff260545e2e60ae5a8fdf7fb237983e425b /testing/dnscrypt-proxy/dnscrypt-proxy.setup | |
| parent | d6ffa09d6da76ad0d758d16be8273d669594fa02 (diff) | |
| download | aports-5213bcabac50e596826baefa6e5f92819798dab9.tar.bz2 aports-5213bcabac50e596826baefa6e5f92819798dab9.tar.xz | |
Revised dnscrypt-proxy setup script
I did a little more testing on the /sbin/setup-dnscrypt script (once I
knew I could install the APK's I made). This fixes previous bugs with
setting up dns caching (a 2nd loopback is created & the proxy now
listens on 127.0.0.2:40 by default if caching is enabled). Errors in
setting up & starting the services are also fixed.
Diffstat (limited to 'testing/dnscrypt-proxy/dnscrypt-proxy.setup')
| -rw-r--r-- | testing/dnscrypt-proxy/dnscrypt-proxy.setup | 96 |
1 files changed, 73 insertions, 23 deletions
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.setup b/testing/dnscrypt-proxy/dnscrypt-proxy.setup index 8fd6d56f27..736d94db91 100644 --- a/testing/dnscrypt-proxy/dnscrypt-proxy.setup +++ b/testing/dnscrypt-proxy/dnscrypt-proxy.setup @@ -36,18 +36,39 @@ die() { exit 1 } +restart_interface(){ + +INTERFACES=$(echo | ifconfig | grep "Link encap" | sed '/lo/d' | cut -d"L" -f1) +print_question "\nChoose external interface to restart from the following:" +print_question "\n\n$INTERFACES" "[ default - eth0 ]" +read RESTART +if [ ! $RESTART ] ;then + RESTART=eth0; print_green "\nInterface: $RESTART Selected\n"; + if echo $INTERFACES | grep $RESTART 1> /dev/null; then + ifdown $RESTART && ifup $RESTART + fi +fi + +} + choose_ip(){ -IP=none -IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }') -until echo $IPADDR | grep -e $IP 1>/dev/null -do - print_question "\nChoose dnscrypt ip from the following addresses:\n" - print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]" - read IP - if [ ! $IP ] ;then - IP=127.0.0.1; print_green "\nIP: 127.0.0.1 Selected"; - fi -done + +if [ ! $IP ]; then + IP=none + IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }') + until echo $IPADDR | grep -e $IP 1>/dev/null + do + print_question "\nChoose dnscrypt ip from the following addresses:\n" + print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]" + read IP + if [ ! $IP ] ;then + IP=127.0.0.1; print_green "\nIP: $IP Selected"; + fi + done +else + #ip already set to 2nd loopback for dns caching + print_green "\nIP: $IP will be configured for dnscrypt-proxy"; +fi } choose_port(){ @@ -72,24 +93,28 @@ done update_unbound(){ if [ -f /etc/unbound/unbound.conf ]; then if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then - #replace previous setting + #update forward zone START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf) - LINE=$(expr $START + 5) + LINE=$(expr $START + 4) sed "$LINE c \ forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i else + # allow querying of localhost + START=$(sed -n '/do-not-query-localhost:/=' /etc/unbound/unbound.conf) + sed "$START c \do-not-query-localhost: no #set by /sbin/setup-dnscrypt" /etc/unbound/unbound.conf -i + # create catch all forward zone echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf - echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf - echo >> /etc/unbound/unbound.conf echo -e 'forward-zone:' >> /etc/unbound/unbound.conf echo -e ' name: "."' >> /etc/unbound/unbound.conf echo -e " forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf fi print_strong "\n/etc/unbound/unbound.conf settings updated to:" print_green "--------------------------------------------------------" +print_table "do-not-query-localhost: no" +print_table "" print_table 'forward-zone:' print_table ' name: "."' print_table " forward-addr: $IP@$DNSPORT" -print_green "--------------------------------------------------------\n" +print_green "--------------------------------------------------------" fi } @@ -167,7 +192,7 @@ print_green "------------------------------------------------------------------- print_table "RESOLVER\t\t:" "$RESOLVER" print_table "PROVIDER\t\t:" "$PROVIDER" print_table "PUBLIC KEY :" "$PUBKEY" -print_green "---------------------------------------------------------------------------------------------\n" +print_green "---------------------------------------------------------------------------------------------" # install unbound if ! which unbound 1> /dev/null; then @@ -178,9 +203,31 @@ if ! which unbound 1> /dev/null; then fi fi +# check for / setup secondary loopback for dns caching +if which unbound 1> /dev/null && ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then + print_question "Configure DNS Caching (this will create a 2nd loopback interface @ 127.0.0.2) " "[ Y / N ]" + read install2ndloop + if [ "$install2ndloop" = "Y" ] || [ "$install2ndloop" = "y" ]; then + IP=127.0.0.2 + echo "auto lo:1" >> /etc/network/interfaces + echo "iface lo:1 inet static" >> /etc/network/interfaces + echo "address 127.0.0.2" >> /etc/network/interfaces + echo "netmask 255.0.0.0" >> /etc/network/interfaces + ifconfig lo:1 127.0.0.2 up + fi +fi + + # choose dnscrypt ip address port -print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]" -read updateip +if ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then + print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]" + read updateip +else + #ip is already the 2nd loopback + updateip=Y; IP=127.0.0.2 + print_green "\nDNS Caching configured" +fi + if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then choose_ip; choose_port @@ -200,20 +247,23 @@ if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then # update resolv.conf & unbound LINE=$(sed -n '/nameserver/=' /etc/resolv.conf) - sed "$LINE c nameserver $IP" /etc/resolv.conf -i + sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i update_unbound + restart_interface + # add / restart services - for srv in "unbound dnscrypt-proxy"; do + for srv in "unbound" "dnscrypt-proxy"; do if which $srv 1> /dev/null; then - if ! rc-status | grep $srv; then + rc-status default | grep $srv 1> /dev/null + if [ "$?" != "0" ]; then rc-update add $srv default fi rc-service $srv restart fi done - print_strong "/etc/conf.d/dnscrypt-proxy Listening Address updated to:" + print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:" print_green "--------------------------------------------------------" print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT" print_green "--------------------------------------------------------\n" |