Here is an update for net/dnscrypt-proxy 2.0.30, released on Oct. 30, 2019.
https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.0.30 Changelogs: https://github.com/DNSCrypt/dnscrypt-proxy/commit/899cd072390d9ca1344a9bde682e5d3460cf1539 https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.0.29 2.0.30 fixes a regression in 2.0.29 where DNS stopped working. Issue: https://github.com/DNSCrypt/dnscrypt-proxy/issues/998 Upstream fix in 2.0.30: https://github.com/DNSCrypt/dnscrypt-proxy/commit/37c939480d79deb9571290fbb62724d7c20f7432 The main addition in 2.0.29 is anonymized DNS. "Routes are indirect ways to reach DNSCrypt servers. A route maps a server name ("server_name") to one or more relays that will be used to connect to that server." /var/dnscrypt-proxy/relays.md is now added to the port and is populated after an initial run of dnscrypt-proxy. In /etc/dnscrypt-proxy.toml, I have the following: server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare'] routes = [ { server_name='google', via=['anon-kama', 'anon-scaleway'] }, { server_name='cloudflare', via=['anon-kama', 'anon-scaleway'] }, ] However, I am not sure how to actually confirm that the anonymous DNS relays are used. If I enable query logging: [query_log] file = '/var/dnscrypt-proxy/query.log' $ touch /var/dnscrypt-proxy/query.log $ chown _dnscrypt-proxy /var/dnscrypt-proxy/query.log I see logged queries of the form: [2019-10-30 17:57:02] 127.0.0.1 openbsd.org A PASS 59ms cloudflare with no mention of the anonymous DNS relay used. It seems that logging the relay used is not yet implemented. Overall, I tested 2.0.30 on amd64 and it works, unbreaking 2.0.29. Feedback and tests are welcome. Index: Makefile =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.45 diff -u -p -u -p -r1.45 Makefile --- Makefile 15 Oct 2019 04:18:20 -0000 1.45 +++ Makefile 31 Oct 2019 00:41:08 -0000 @@ -4,7 +4,7 @@ COMMENT = flexible DNS proxy with suppor GH_ACCOUNT = jedisct1 GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.0.28 +GH_TAGNAME = 2.0.30 CATEGORIES = net Index: distinfo =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v retrieving revision 1.21 diff -u -p -u -p -r1.21 distinfo --- distinfo 15 Oct 2019 04:18:20 -0000 1.21 +++ distinfo 31 Oct 2019 00:41:08 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.0.28.tar.gz) = K6KDQ97RUjPGnCNTzOFZqyrU5+troBjK9JXh5dMz2G0= -SIZE (dnscrypt-proxy-2.0.28.tar.gz) = 2620245 +SHA256 (dnscrypt-proxy-2.0.30.tar.gz) = 9h2vIB2AtzDdNvTH8YiLjKV3ZXL3p3nZowboxZDjiMA= +SIZE (dnscrypt-proxy-2.0.30.tar.gz) = 2622298 Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v retrieving revision 1.6 diff -u -p -u -p -r1.6 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml --- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 15 Oct 2019 04:18:20 -0000 1.6 +++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 31 Oct 2019 00:41:08 -0000 @@ -12,7 +12,7 @@ Index: dnscrypt-proxy/example-dnscrypt-p ## Require servers (from static + remote sources) to satisfy specific properties -@@ -525,7 +525,7 @@ cache_neg_max_ttl = 600 +@@ -537,7 +537,7 @@ cache_neg_max_ttl = 600 [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] @@ -21,3 +21,12 @@ Index: dnscrypt-proxy/example-dnscrypt-p minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' prefix = '' +@@ -545,7 +545,7 @@ cache_neg_max_ttl = 600 + + [sources.'relays'] + urls = ['https://github.com/DNSCrypt/dnscrypt-resolvers/raw/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md'] +- cache_file = 'relays.md' ++ cache_file = '${LOCALSTATEDIR}/dnscrypt-proxy/relays.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + refresh_delay = 72 + prefix = ''
