Here is an update to net/dnscrypt-proxy 2.0.35 released December 9, 2019. Changelog: https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.0.35/ChangeLog
To test CNAMEs being blacklisted and logged, I did the following based on the test case presented here: https://github.com/DNSCrypt/dnscrypt-proxy/issues/1067 allow logging by the _dnscrypt-proxy user: # chown _dnscrypt-proxy /var/dnscrypt-proxy in /etc/dnscrypt-proxy.toml: blacklist_file = '/var/dnscrypt-proxy/blacklist.txt' log_file = '/var/dnscrypt-proxy/blocked.log' in /var/dnscrypt-proxy/blacklist.txt: *.eulerian.net before being blacklisted: $ dig f7ds.liberation.fr ;; ANSWER SECTION: f7ds.liberation.fr. 3599 IN CNAME liberation.eulerian.net. liberation.eulerian.net. 3599 IN CNAME atc.eulerian.net. atc.eulerian.net. 3599 IN A 109.232.197.179 after being blacklisted: $ dig f7ds.liberation.fr ;; ANSWER SECTION: f7ds.liberation.fr. 1 IN HINFO "This query has been locally blocked" "by dnscrypt-proxy" in /var/dnscrypt-proxy/blocked.log: [2019-12-09 18:11:14] 127.0.0.1 liberation.eulerian.net *.eulerian.net (alias for [f7ds.liberation.fr]) Tests are welcome. It continues to work for me on amd64. Index: Makefile =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v retrieving revision 1.48 diff -u -p -r1.48 Makefile --- Makefile 6 Dec 2019 18:48:31 -0000 1.48 +++ Makefile 10 Dec 2019 02:25:19 -0000 @@ -4,7 +4,7 @@ COMMENT = flexible DNS proxy with suppor GH_ACCOUNT = jedisct1 GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.0.34 +GH_TAGNAME = 2.0.35 CATEGORIES = net Index: distinfo =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v retrieving revision 1.24 diff -u -p -r1.24 distinfo --- distinfo 6 Dec 2019 18:48:31 -0000 1.24 +++ distinfo 10 Dec 2019 02:25:19 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.0.34.tar.gz) = OOx98r3v9tCU2JdcAAXB2JamO1KcukFzgbY/z1HUIwM= -SIZE (dnscrypt-proxy-2.0.34.tar.gz) = 2741556 +SHA256 (dnscrypt-proxy-2.0.35.tar.gz) = cjOV5a+krbVQ8gUIASYK7zzJ7ZGMwmeAx0dLEQqa2dc= +SIZE (dnscrypt-proxy-2.0.35.tar.gz) = 2740595 Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v retrieving revision 1.9 diff -u -p -r1.9 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml --- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 6 Dec 2019 18:48:31 -0000 1.9 +++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 10 Dec 2019 02:25:19 -0000 @@ -12,7 +12,7 @@ Index: dnscrypt-proxy/example-dnscrypt-p ## Require servers (from static + remote sources) to satisfy specific properties -@@ -569,7 +569,7 @@ cache_neg_max_ttl = 600 +@@ -574,7 +574,7 @@ cache_neg_max_ttl = 600 [sources.'public-resolvers'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'] @@ -21,7 +21,7 @@ Index: dnscrypt-proxy/example-dnscrypt-p minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' prefix = '' -@@ -577,7 +577,7 @@ cache_neg_max_ttl = 600 +@@ -582,7 +582,7 @@ cache_neg_max_ttl = 600 [sources.'relays'] urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
