update dnscrypt-proxy 2.0.26

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

update dnscrypt-proxy 2.0.26

Nam Nguyen
Here is an update for dnscrypt-proxy version 2.0.26, released September
7, 2019.

In my testing, dnscrypt-proxy works with some resolvers enabled on
amd64. I also tested blocked_query_response = refused and hinfo
(default) which worked. I was not able to configure an IP blocked query
response.

Changelog:
https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.26

"A new plugin was added to prevent Firefox from bypassing the system DNS
settings."

I saw in the system log that it starts up by default. (See README for
how to enable logging.)

dnscrypt-proxy[93248]: Firefox workaround initialized

I did some research:

https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_firefox.go
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https

"Checking for this signaling will be implemented in Firefox when DoH is
enabled by default for users. This will first happen for users in the
United States in the Fall of 2019. If a user has chosen to manually
enable DoH, the signal from the network will be ignored and the user’s
preference will be honored."

This new feature of dnscrypt-proxy will have to be tested in Fall 2019,
when Firefox switches to DNS over HTTPS (DoH).

In Firefox: about:config
search for "network.trr"
network.trr.mode = 0

Change network.trr.mode = 2 to use DoH.

Because I manually changed it from the default of 0 to 2, I confirmed
that Firefox's cloudflare was used instead of dnscrypt-proxy, as
described in the Mozilla article.

OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v
retrieving revision 1.43
diff -u -p -r1.43 Makefile
--- Makefile 12 Jul 2019 20:48:25 -0000 1.43
+++ Makefile 7 Sep 2019 21:27:22 -0000
@@ -4,7 +4,7 @@ COMMENT = flexible DNS proxy with suppor
 
 GH_ACCOUNT = jedisct1
 GH_PROJECT = dnscrypt-proxy
-GH_TAGNAME = 2.0.25
+GH_TAGNAME = 2.0.26
 
 CATEGORIES = net
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo 4 Jun 2019 10:02:45 -0000 1.19
+++ distinfo 7 Sep 2019 21:27:22 -0000
@@ -1,2 +1,2 @@
-SHA256 (dnscrypt-proxy-2.0.25.tar.gz) = d0aWAEyeMG4XI7TLvmapYRKKM1VD0xjQeGSSzmm5Bvo=
-SIZE (dnscrypt-proxy-2.0.25.tar.gz) = 2596674
+SHA256 (dnscrypt-proxy-2.0.26.tar.gz) = m/rpucZlXTw6QKEBjWxsuLZ+I0HC9e+/VEYfDBz3rOY=
+SIZE (dnscrypt-proxy-2.0.26.tar.gz) = 2653265
Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v
retrieving revision 1.4
diff -u -p -r1.4 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
--- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 4 Jun 2019 10:02:45 -0000 1.4
+++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 7 Sep 2019 21:27:22 -0000
@@ -12,12 +12,12 @@ Index: dnscrypt-proxy/example-dnscrypt-p
 
 
  ## Require servers (from static + remote sources) to satisfy specific properties
-@@ -514,7 +514,7 @@ cache_neg_max_ttl = 600
+@@ -525,7 +525,7 @@ cache_neg_max_ttl = 600
 
    [sources.'public-resolvers']
    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
 -  cache_file = 'public-resolvers.md'
 +  cache_file = '${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md'
    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-   refresh_delay = 72
    prefix = ''
+

Reply | Threaded
Open this post in threaded view
|

Re: update dnscrypt-proxy 2.0.26

Nam Nguyen
Another update, this time to 2.0.27, was just released on Sep. 9, 2019.

Changelog:
https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.27

Nam Nguyen writes:

> Here is an update for dnscrypt-proxy version 2.0.26, released September
> 7, 2019.
>
> In my testing, dnscrypt-proxy works with some resolvers enabled on
> amd64. I also tested blocked_query_response = refused and hinfo
> (default) which worked. I was not able to configure an IP blocked query
> response.
>
> Changelog:
> https://github.com/jedisct1/dnscrypt-proxy/releases/tag/2.0.26
>
> "A new plugin was added to prevent Firefox from bypassing the system DNS
> settings."
>
> I saw in the system log that it starts up by default. (See README for
> how to enable logging.)
>
> dnscrypt-proxy[93248]: Firefox workaround initialized
>
> I did some research:
>
> https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-proxy/plugin_firefox.go
> https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
>
> "Checking for this signaling will be implemented in Firefox when DoH is
> enabled by default for users. This will first happen for users in the
> United States in the Fall of 2019. If a user has chosen to manually
> enable DoH, the signal from the network will be ignored and the user’s
> preference will be honored."
>
> This new feature of dnscrypt-proxy will have to be tested in Fall 2019,
> when Firefox switches to DNS over HTTPS (DoH).
>
> In Firefox: about:config
> search for "network.trr"
> network.trr.mode = 0
>
> Change network.trr.mode = 2 to use DoH.
>
> Because I manually changed it from the default of 0 to 2, I confirmed
> that Firefox's cloudflare was used instead of dnscrypt-proxy, as
> described in the Mozilla article.
>
> OK?

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v
retrieving revision 1.43
diff -u -p -r1.43 Makefile
--- Makefile 12 Jul 2019 20:48:25 -0000 1.43
+++ Makefile 10 Sep 2019 01:42:48 -0000
@@ -4,7 +4,7 @@ COMMENT = flexible DNS proxy with suppor
 
 GH_ACCOUNT = jedisct1
 GH_PROJECT = dnscrypt-proxy
-GH_TAGNAME = 2.0.25
+GH_TAGNAME = 2.0.27
 
 CATEGORIES = net
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v
retrieving revision 1.19
diff -u -p -r1.19 distinfo
--- distinfo 4 Jun 2019 10:02:45 -0000 1.19
+++ distinfo 10 Sep 2019 01:42:48 -0000
@@ -1,2 +1,2 @@
-SHA256 (dnscrypt-proxy-2.0.25.tar.gz) = d0aWAEyeMG4XI7TLvmapYRKKM1VD0xjQeGSSzmm5Bvo=
-SIZE (dnscrypt-proxy-2.0.25.tar.gz) = 2596674
+SHA256 (dnscrypt-proxy-2.0.27.tar.gz) = pQH0SvOctD4ASJ755meKqK26K8mPkELdYc5g6a0HTVo=
+SIZE (dnscrypt-proxy-2.0.27.tar.gz) = 2478887
Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
===================================================================
RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v
retrieving revision 1.4
diff -u -p -r1.4 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml
--- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 4 Jun 2019 10:02:45 -0000 1.4
+++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 10 Sep 2019 01:42:48 -0000
@@ -12,12 +12,12 @@ Index: dnscrypt-proxy/example-dnscrypt-p
 
 
  ## Require servers (from static + remote sources) to satisfy specific properties
-@@ -514,7 +514,7 @@ cache_neg_max_ttl = 600
+@@ -525,7 +525,7 @@ cache_neg_max_ttl = 600
 
    [sources.'public-resolvers']
    urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
 -  cache_file = 'public-resolvers.md'
 +  cache_file = '${LOCALSTATEDIR}/dnscrypt-proxy/public-resolvers.md'
    minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
-   refresh_delay = 72
    prefix = ''
+

Reply | Threaded
Open this post in threaded view
|

Re: update dnscrypt-proxy 2.0.26

Björn Ketelaars
On Mon 09/09/2019 18:48, Nam Nguyen wrote:
> Another update, this time to 2.0.27, was just released on Sep. 9, 2019.

Diff looks good, and works for me on amd64. OK bket@

I will commit your diff later today...unless someone beats me to it.