mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-25 10:03:03 +01:00
network/dnscrypt-proxy: Updated for version 1.4.1.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
parent
7d79d34559
commit
1bbffca294
10 changed files with 542 additions and 4 deletions
|
@ -4,3 +4,8 @@ resolver or as a DNS forwarder, encrypting and authenticating requests using the
|
||||||
DNSCrypt protocol and passing them to an upstream server.
|
DNSCrypt protocol and passing them to an upstream server.
|
||||||
|
|
||||||
By default dnscrypt-proxy is configured to use OpenDNS' servers.
|
By default dnscrypt-proxy is configured to use OpenDNS' servers.
|
||||||
|
|
||||||
|
Be sure to read README.Slackware for information on configuring/running
|
||||||
|
dnscrypt-proxy as a daemon!
|
||||||
|
|
||||||
|
Optional dependency: ldns
|
||||||
|
|
56
network/dnscrypt-proxy/README.Slackware
Normal file
56
network/dnscrypt-proxy/README.Slackware
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
A. Setup
|
||||||
|
|
||||||
|
An init script and configuration file have been provided to run dnscrypt-proxy
|
||||||
|
as a daemon. To configure dnscrypt-proxy, edit /etc/default/dnscrypt-proxy with
|
||||||
|
the desired settings. By default dnscrypt-proxy will use an OpenDNS server and
|
||||||
|
will run on localhost (127.0.0.1), port 53.
|
||||||
|
|
||||||
|
The configuration file is setup to use a dnscrypt user by default, and to
|
||||||
|
chroot into that user's home directory to maximize security. In order to use
|
||||||
|
the default configuration you should create a dnscrypt user and group with the
|
||||||
|
following commands:
|
||||||
|
|
||||||
|
groupadd -g 293 dnscrypt
|
||||||
|
useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt
|
||||||
|
|
||||||
|
If you decide to use another user you should edit the CHROOTDIR and USER
|
||||||
|
options in /etc/default/dnscrypt-proxy (there are example settings provided for
|
||||||
|
the user 'nobody').
|
||||||
|
|
||||||
|
In order to send all DNS requests through dnscrypt-proxy, you will need to
|
||||||
|
update /etc/resolv.conf to point to localhost. If using dhcpcd, the easiest way
|
||||||
|
to set dnscrypt-proxy as the primary (but not exclusive) dns resolver is to
|
||||||
|
create file /etc/resolv.conf.head with the following line:
|
||||||
|
|
||||||
|
nameserver 127.0.0.1
|
||||||
|
|
||||||
|
You may also have to add the following line to enable EDNS:
|
||||||
|
|
||||||
|
options edns0
|
||||||
|
|
||||||
|
To start dnscrypt-proxy automatically at system start, add the following to
|
||||||
|
/etc/rc.d/rc.local:
|
||||||
|
|
||||||
|
if [ -x /etc/rc.d/rc.dnscrypt-proxy ]; then
|
||||||
|
/etc/rc.d/rc.dnscrypt-proxy start
|
||||||
|
fi
|
||||||
|
|
||||||
|
To properly stop dnscrypt-proxy on system shutdown, add the following to
|
||||||
|
/etc/rc.d/rc.local_shutdown:
|
||||||
|
|
||||||
|
if [ -x /etc/rc.d/rc.dnscrypt-proxy ]; then
|
||||||
|
/etc/rc.d/rc.dnscrypt-proxy stop
|
||||||
|
fi
|
||||||
|
|
||||||
|
B. DNS Cache
|
||||||
|
|
||||||
|
dnscrypt-proxy is just a DNS resolver and does not cache DNS queries. In order
|
||||||
|
to minimize the number of external DNS lookups, you can also run a local
|
||||||
|
caching DNS server. A sample configuration for dnsmasq (included with
|
||||||
|
Slackware) is provided at /usr/doc/dnscrypt-proxy-@VERSION@/dnsmasq.conf. A
|
||||||
|
sample configuration for bind/named that also does local DNSSEC validation (if
|
||||||
|
supported by the upstream DNS server) is also provided at
|
||||||
|
/usr/doc/dnscrypt-proxy-@VERSION@/named.conf. Both configurations run on port
|
||||||
|
53, forwarding lookups to dnscrypt-proxy running on port 55. In order to use
|
||||||
|
these configurations you will need to change the port dnscrypt-proxy runs on in
|
||||||
|
/etc/default/dnscrypt-proxy.
|
|
@ -22,8 +22,13 @@
|
||||||
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||||
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
# Thanks to Larry Hajali for work on README.Slackware, some configure options,
|
||||||
|
# the basis for the sample dnsmasq configuration, the logrotate configuration,
|
||||||
|
# and the idea for an init script. His contributions significantly improved the
|
||||||
|
# value of this script!
|
||||||
|
|
||||||
PRGNAM=dnscrypt-proxy
|
PRGNAM=dnscrypt-proxy
|
||||||
VERSION=${VERSION:-1.4.0}
|
VERSION=${VERSION:-1.4.1}
|
||||||
BUILD=${BUILD:-1}
|
BUILD=${BUILD:-1}
|
||||||
TAG=${TAG:-_SBo}
|
TAG=${TAG:-_SBo}
|
||||||
|
|
||||||
|
@ -78,6 +83,11 @@ CXXFLAGS="$SLKCFLAGS" \
|
||||||
--localstatedir=/var \
|
--localstatedir=/var \
|
||||||
--mandir=/usr/man \
|
--mandir=/usr/man \
|
||||||
--docdir=/usr/doc/$PRGNAM-$VERSION \
|
--docdir=/usr/doc/$PRGNAM-$VERSION \
|
||||||
|
--enable-plugins \
|
||||||
|
--enable-plugins-root \
|
||||||
|
--enable-static=no \
|
||||||
|
--disable-ltdl-install \
|
||||||
|
--without-included-ltdl \
|
||||||
--build=$ARCH-slackware-linux
|
--build=$ARCH-slackware-linux
|
||||||
|
|
||||||
make
|
make
|
||||||
|
@ -86,14 +96,24 @@ make install-strip DESTDIR=$PKG
|
||||||
find $PKG/usr/man -type f -exec gzip -9 {} \;
|
find $PKG/usr/man -type f -exec gzip -9 {} \;
|
||||||
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
|
||||||
|
|
||||||
|
mkdir -p $PKG/var/{run,log}/$PRGNAM $PKG/etc/default
|
||||||
|
chmod 0700 $PKG/var/{run,log}/$PRGNAM
|
||||||
|
sed "s/@VERSION@/$VERSION/" $CWD/$PRGNAM.default > $PKG/etc/default/$PRGNAM.new
|
||||||
|
install -D -m 0755 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new
|
||||||
|
install -D -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new
|
||||||
|
|
||||||
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
|
||||||
cp -a \
|
cp -a \
|
||||||
AUTHORS ChangeLog COPYING INSTALL NEWS README README-PLUGINS.markdown README.markdown TECHNOTES THANKS \
|
AUTHORS ChangeLog COPYING INSTALL NEWS README README-PLUGINS.markdown README.markdown TECHNOTES THANKS \
|
||||||
$PKG/usr/doc/$PRGNAM-$VERSION
|
$PKG/usr/doc/$PRGNAM-$VERSION
|
||||||
|
sed "s/@VERSION@/$VERSION/g" $CWD/README.Slackware > $PKG/usr/doc/$PRGNAM-$VERSION/README.Slackware
|
||||||
|
cat $CWD/dnsmasq.conf > $PKG/usr/doc/$PRGNAM-$VERSION/dnsmasq.conf
|
||||||
|
cat $CWD/named.conf > $PKG/usr/doc/$PRGNAM-$VERSION/named.conf
|
||||||
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
|
||||||
|
|
||||||
mkdir -p $PKG/install
|
mkdir -p $PKG/install
|
||||||
cat $CWD/slack-desc > $PKG/install/slack-desc
|
cat $CWD/slack-desc > $PKG/install/slack-desc
|
||||||
|
cat $CWD/doinst.sh > $PKG/install/doinst.sh
|
||||||
|
|
||||||
cd $PKG
|
cd $PKG
|
||||||
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
|
||||||
|
|
72
network/dnscrypt-proxy/dnscrypt-proxy.default
Normal file
72
network/dnscrypt-proxy/dnscrypt-proxy.default
Normal file
|
@ -0,0 +1,72 @@
|
||||||
|
# /etc/default/dnscrypt-proxy
|
||||||
|
|
||||||
|
# This file contains the configuration settings for dnscrypt-proxy. This file
|
||||||
|
# supports configuring and running multiple instances (see the bottom of this
|
||||||
|
# file for a sample secondary configuration).
|
||||||
|
|
||||||
|
# CHROOTDIR should be the same path as the USER's home directory.
|
||||||
|
# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody,
|
||||||
|
# this should be "/".
|
||||||
|
CHROOTDIR[0]="/run/dnscrypt"
|
||||||
|
#CHROOTDIR[0]="/"
|
||||||
|
|
||||||
|
# The local address and (optional) port to listen on. The default port is 53.
|
||||||
|
LOCALADDRESS[0]="127.0.0.1:53"
|
||||||
|
|
||||||
|
# The pid file for this instance. PIDFILE must always be specified for each
|
||||||
|
# instance!
|
||||||
|
PIDFILE[0]="/var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid"
|
||||||
|
|
||||||
|
# Runs the daemon as the following user and chroots to that user's home
|
||||||
|
# directory (this is a security feature -- it is best not to change this!)
|
||||||
|
USER[0]="dnscrypt"
|
||||||
|
#USER[0]="nobody"
|
||||||
|
|
||||||
|
# If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and
|
||||||
|
# PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver
|
||||||
|
# from RESOLVERSLIST (the first column).
|
||||||
|
RESOLVERNAME[0]="opendns"
|
||||||
|
|
||||||
|
# Specify the location of the resolver list, used if RESOLVERNAME is set.
|
||||||
|
RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
|
||||||
|
|
||||||
|
# If RESOLVERNAME is unset, RESOLVERADDRESS, PROVIDERNAME and PROVIDERKEY are
|
||||||
|
# the settings of the remote DNSCrypt provider.
|
||||||
|
#RESOLVERADDRESS[0]="208.67.220.220:443"
|
||||||
|
#PROVIDERNAME[0]="2.dnscrypt-cert.opendns.com"
|
||||||
|
#PROVIDERKEY[0]="B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79"
|
||||||
|
|
||||||
|
# Transparently add an OPT pseudo-RR to outgoing queries in order to enable
|
||||||
|
# the EDNS0 extension mechanism. The payload size is the size of the largest
|
||||||
|
# response we accept from the resolver before retrying over TCP. This feature
|
||||||
|
# is enabled by default, with a payload size of 1252 bytes. Any value below
|
||||||
|
# 512 disables it.
|
||||||
|
#EDNSPAYLOADSIZE[0]="1252"
|
||||||
|
|
||||||
|
# Set the maximum number of simultaneous active requests (default 250).
|
||||||
|
#MAXACTIVEREQUESTS[0]="250"
|
||||||
|
|
||||||
|
# Use TCP instead of UDP. This is slower than UDP, and this workaround should
|
||||||
|
# never be used except when bypassing a filter is actually required. Moreover,
|
||||||
|
# multiple queries over a single TCP connection aren't supported yet.
|
||||||
|
# Don't use this unless you have to. Defaults to off ("no").
|
||||||
|
#TCPONLY[0]="no"
|
||||||
|
|
||||||
|
# Load the following plugins. None are loaded by default. See
|
||||||
|
# /usr/doc/dnscrypt-proxy-@VERSION@/README-PLUGINS.markdown for more
|
||||||
|
# information.
|
||||||
|
#PLUGINS[0]="libdcplugin_example,--ips=/etc/blk-ips,--domains=/etc/blk-names \
|
||||||
|
#libdcplugin_example_logging,/var/log/dns.log"
|
||||||
|
|
||||||
|
# Where and what to log. The default LOGLEVEL is LOG_INFO.
|
||||||
|
#LOGLEVEL[0]="LOG_INFO"
|
||||||
|
LOGFILE[0]="/var/log/dnscrypt-proxy/dnscrypt-proxy.log"
|
||||||
|
|
||||||
|
# A simple example configuration for a second instance
|
||||||
|
#CHROOTDIR[1]="/run/dnscrypt"
|
||||||
|
#LOCALADDRESS[1]="127.0.0.2:53"
|
||||||
|
#PIDFILE[1]="/var/run/dnscrypt-proxy/dnscrypt-proxy-1.pid"
|
||||||
|
#USER[1]="dnscrypt"
|
||||||
|
#RESOLVERNAME[1]="cloudns-can"
|
||||||
|
#RESOLVERSLIST[1]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
|
||||||
|
#LOGFILE[1]="/var/log/dnscrypt-proxy/dnscrypt-proxy-1.log"
|
|
@ -1,8 +1,8 @@
|
||||||
PRGNAM="dnscrypt-proxy"
|
PRGNAM="dnscrypt-proxy"
|
||||||
VERSION="1.4.0"
|
VERSION="1.4.1"
|
||||||
HOMEPAGE="http://dnscrypt.org/"
|
HOMEPAGE="http://dnscrypt.org/"
|
||||||
DOWNLOAD="http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.0.tar.bz2"
|
DOWNLOAD="http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.1.tar.bz2"
|
||||||
MD5SUM="40b5b73f5042330b86084460d7c839c6"
|
MD5SUM="f9d59b23fcad864af7db7d6304fda77f"
|
||||||
DOWNLOAD_x86_64=""
|
DOWNLOAD_x86_64=""
|
||||||
MD5SUM_x86_64=""
|
MD5SUM_x86_64=""
|
||||||
REQUIRES="libsodium"
|
REQUIRES="libsodium"
|
||||||
|
|
9
network/dnscrypt-proxy/dnscrypt-proxy.logrotate
Normal file
9
network/dnscrypt-proxy/dnscrypt-proxy.logrotate
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
/var/log/dnscrypt-proxy/*log {
|
||||||
|
weekly
|
||||||
|
rotate 7
|
||||||
|
copytruncate
|
||||||
|
delaycompress
|
||||||
|
compress
|
||||||
|
notifempty
|
||||||
|
missingok
|
||||||
|
}
|
21
network/dnscrypt-proxy/dnsmasq.conf
Normal file
21
network/dnscrypt-proxy/dnsmasq.conf
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Use dnsmasq as a caching DNS forwarder to dnscrypt-proxy. This configuration
|
||||||
|
# assumes dnscrypt-proxy is running on port 55.
|
||||||
|
|
||||||
|
# Never forward plain names (without a dot or domain part)
|
||||||
|
domain-needed
|
||||||
|
|
||||||
|
# Never forward addresses in the non-routed address spaces.
|
||||||
|
bogus-priv
|
||||||
|
|
||||||
|
# Don't use /etc/resolv.conf. Forward all queries to dnscrypt-proxy.
|
||||||
|
no-resolv
|
||||||
|
|
||||||
|
# Use the resolver on localhost port 55 (dnscrypt-proxy)
|
||||||
|
server=127.0.0.1#55
|
||||||
|
|
||||||
|
# Listen on localhost. Default port 53
|
||||||
|
listen-address=127.0.0.1
|
||||||
|
|
||||||
|
# Pass on the upstream DNSSEC flag. Only enable this if you trust the upstream
|
||||||
|
# resolver.
|
||||||
|
#proxy-dnssec
|
27
network/dnscrypt-proxy/doinst.sh
Normal file
27
network/dnscrypt-proxy/doinst.sh
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
config() {
|
||||||
|
NEW="$1"
|
||||||
|
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||||
|
# If there's no config file by that name, mv it over:
|
||||||
|
if [ ! -r $OLD ]; then
|
||||||
|
mv $NEW $OLD
|
||||||
|
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
|
||||||
|
# toss the redundant copy
|
||||||
|
rm $NEW
|
||||||
|
fi
|
||||||
|
# Otherwise, we leave the .new copy for the admin to consider...
|
||||||
|
}
|
||||||
|
|
||||||
|
preserve_perms() {
|
||||||
|
NEW="$1"
|
||||||
|
OLD="$(dirname $NEW)/$(basename $NEW .new)"
|
||||||
|
if [ -e $OLD ]; then
|
||||||
|
cp -a $OLD ${NEW}.incoming
|
||||||
|
cat $NEW > ${NEW}.incoming
|
||||||
|
mv ${NEW}.incoming $NEW
|
||||||
|
fi
|
||||||
|
config $NEW
|
||||||
|
}
|
||||||
|
|
||||||
|
preserve_perms etc/rc.d/rc.dnscrypt-proxy.new
|
||||||
|
config etc/default/dnscrypt-proxy.new
|
||||||
|
config etc/logrotate.d/dnscrypt-proxy.new
|
153
network/dnscrypt-proxy/named.conf
Normal file
153
network/dnscrypt-proxy/named.conf
Normal file
|
@ -0,0 +1,153 @@
|
||||||
|
options {
|
||||||
|
directory "/var/named";
|
||||||
|
/*
|
||||||
|
* If there is a firewall between you and nameservers you want
|
||||||
|
* to talk to, you might need to uncomment the query-source
|
||||||
|
* directive below. Previous versions of BIND always asked
|
||||||
|
* questions using port 53, but BIND 8.1 uses an unprivileged
|
||||||
|
* port by default.
|
||||||
|
*/
|
||||||
|
// query-source address * port 53;
|
||||||
|
forwarders { 127.0.0.1 port 55; };
|
||||||
|
forward only;
|
||||||
|
dnssec-enable yes;
|
||||||
|
dnssec-validation auto;
|
||||||
|
dnssec-lookaside auto;
|
||||||
|
allow-transfer { "none"; };
|
||||||
|
allow-query { 127.0.0.1; };
|
||||||
|
listen-on { 127.0.0.1; };
|
||||||
|
};
|
||||||
|
|
||||||
|
//
|
||||||
|
// a caching only nameserver config
|
||||||
|
//
|
||||||
|
zone "." IN {
|
||||||
|
type hint;
|
||||||
|
file "caching-example/named.root";
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "localhost" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/localhost.zone";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "0.0.127.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
// RFC 1918. These shouldn't be necessary but empty-zones-enable isn't
|
||||||
|
// working properly...
|
||||||
|
zone "10.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "16.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "17.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "18.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "19.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "20.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "21.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "22.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "23.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "24.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "25.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "26.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "27.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "28.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "29.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "30.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "31.172.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zone "168.192.in-addr.arpa" IN {
|
||||||
|
type master;
|
||||||
|
file "caching-example/named.local";
|
||||||
|
allow-update { none; };
|
||||||
|
};
|
||||||
|
|
||||||
|
logging {
|
||||||
|
category edns-disabled { null; };
|
||||||
|
};
|
175
network/dnscrypt-proxy/rc.dnscrypt-proxy
Normal file
175
network/dnscrypt-proxy/rc.dnscrypt-proxy
Normal file
|
@ -0,0 +1,175 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
CONFIGFILE="/etc/default/dnscrypt-proxy"
|
||||||
|
DAEMON="/usr/sbin/dnscrypt-proxy"
|
||||||
|
|
||||||
|
. $CONFIGFILE
|
||||||
|
|
||||||
|
start_instance() {
|
||||||
|
if [ -z ${PIDFILE[$1]} ]; then
|
||||||
|
echo "No configuration for instance $1 found!"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if [ -r ${PIDFILE[$1]} ]; then
|
||||||
|
echo "dnscrypt-proxy (instance $1) already running!"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
# dnscrypt-proxy will work without this, but it drops privileges before
|
||||||
|
# seeding the PRNG. libevent tries to work around a missing /dev/urandom
|
||||||
|
# but it's safer just to make sure it is available in the chroot.
|
||||||
|
if [ -n "${CHROOTDIR[$1]}" ]; then
|
||||||
|
if [ "$(readlink -f ${CHROOTDIR[$1]})" != "/" ]; then
|
||||||
|
if [ ! -d ${CHROOTDIR[$1]} ]; then
|
||||||
|
mkdir -p ${CHROOTDIR[$1]}
|
||||||
|
chmod 755 ${CHROOTDIR[$1]}
|
||||||
|
fi
|
||||||
|
if [ ! -d ${CHROOTDIR[$1]}/dev ]; then
|
||||||
|
mkdir -p ${CHROOTDIR[$1]}/dev
|
||||||
|
chmod 755 ${CHROOTDIR[$1]}/dev
|
||||||
|
fi
|
||||||
|
if [ ! -c ${CHROOTDIR[$1]}/dev/urandom ]; then
|
||||||
|
mknod -m 666 ${CHROOTDIR[$1]}/dev/urandom c 1 9
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
OPTIONS="-d"
|
||||||
|
if [ -n "${LOCALADDRESS[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --local-address=${LOCALADDRESS[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -n "${PIDFILE[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --pidfile=${PIDFILE[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -n "${USER[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --user=${USER[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -n "${RESOLVERNAME[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --resolver-name=${RESOLVERNAME[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -n "${RESOLVERSLIST[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --resolvers-list=${RESOLVERSLIST[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${RESOLVERADDRESS[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --resolver-address=${RESOLVERADDRESS[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERNAME[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --provider-name=${PROVIDERNAME[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERKEY[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --provider-key=${PROVIDERKEY[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -n "${EDNSPAYLOADSIZE[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --edns-payload-size=${EDNSPAYLOADSIZE[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -n "${MAXACTIVEREQUESTS[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --max-active-requests=${MAXACTIVEREQUESTS[$1]}"
|
||||||
|
fi
|
||||||
|
if [ "${TCPONLY[$1]}" == "yes" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --tcp-only"
|
||||||
|
fi
|
||||||
|
if [ -n "${PLUGINS[$1]}" ]; then
|
||||||
|
for plugin in ${PLUGINS[$1]}
|
||||||
|
do
|
||||||
|
OPTIONS="${OPTIONS} --plugin=${plugin}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
if [ -n "${LOGLEVEL[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --loglevel=${LOGLEVEL[$1]}"
|
||||||
|
fi
|
||||||
|
if [ -n "${LOGFILE[$1]}" ]; then
|
||||||
|
OPTIONS="${OPTIONS} --logfile=${LOGFILE[$1]}"
|
||||||
|
fi
|
||||||
|
$DAEMON $OPTIONS
|
||||||
|
}
|
||||||
|
|
||||||
|
stop_instance() {
|
||||||
|
if [ -z ${PIDFILE[$1]} ]; then
|
||||||
|
echo "No configuration for instance $1 found!"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if [ ! -r ${PIDFILE[$1]} ]; then
|
||||||
|
echo "dnscrypt-proxy (instance $1) is not running!"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
echo "Stopping dnscrypt-proxy (instance $1)..."
|
||||||
|
kill $(cat ${PIDFILE[$1]})
|
||||||
|
}
|
||||||
|
|
||||||
|
status_instance() {
|
||||||
|
if [ -z ${PIDFILE[$1]} ]; then
|
||||||
|
echo "No configuration for instance $1 found!"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
if [ ! -r ${PIDFILE[$1]} ]; then
|
||||||
|
echo "dnscrypt-proxy (instance $1) is not running."
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
PID=$(cat ${PIDFILE[$1]})
|
||||||
|
if [ -z "$PID" ]; then
|
||||||
|
echo "PID file is empty! dnscrypt-proxy (instance $1) does not appear to be running, but there is a stale PID file."
|
||||||
|
elif kill -0 $PID ; then
|
||||||
|
echo "dnscrypt-proxy (instance $1) is running."
|
||||||
|
else
|
||||||
|
echo "dnscrypt-proxy (instance $1) is not running, but there is a stale PID file."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
start() {
|
||||||
|
for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
|
||||||
|
do
|
||||||
|
start_instance $i
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
|
||||||
|
do
|
||||||
|
stop_instance $i
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
status() {
|
||||||
|
for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
|
||||||
|
do
|
||||||
|
status_instance $i
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
'start')
|
||||||
|
start
|
||||||
|
;;
|
||||||
|
'stop')
|
||||||
|
stop
|
||||||
|
;;
|
||||||
|
'restart')
|
||||||
|
stop
|
||||||
|
start
|
||||||
|
;;
|
||||||
|
'status')
|
||||||
|
status
|
||||||
|
;;
|
||||||
|
*_start)
|
||||||
|
INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
|
||||||
|
start_instance $INSTANCE
|
||||||
|
;;
|
||||||
|
*_stop)
|
||||||
|
INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
|
||||||
|
stop_instance $INSTANCE
|
||||||
|
;;
|
||||||
|
*_restart)
|
||||||
|
INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
|
||||||
|
stop_instance $INSTANCE
|
||||||
|
sleep 1
|
||||||
|
start_instance $INSTANCE
|
||||||
|
;;
|
||||||
|
*_status)
|
||||||
|
INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
|
||||||
|
status_instance $INSTANCE
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 {start|stop|restart|status|#_start|#_stop|#_restart}"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
Loading…
Reference in a new issue