Mail archive
alpine-devel

[alpine-devel] [PATCH] Revised dnscrypt-proxy setup script

From: IT Offshore <developer_at_it-offshore.co.uk>
Date: Sat, 16 Nov 2013 10:16:44 +0000

I did a little more testing on the /sbin/setup-dnscrypt script (once I knew I could install
the APK's I made). This fixes previous bugs with setting up dns caching (a 2nd loopback is
created & the proxy now listens on 127.0.0.2:40 by default if caching is enabled). Errors
in setting up & starting the services are also fixed.
---
 testing/dnscrypt-proxy/dnscrypt-proxy.setup | 96 ++++++++++++++++++++++-------
 1 file changed, 73 insertions(+), 23 deletions(-)
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.setup b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
index 8fd6d56..8cb5861 100644
--- a/testing/dnscrypt-proxy/dnscrypt-proxy.setup
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
_at_@ -36,18 +36,39 @@ die() {
     exit 1
 }
 
+restart_interface(){
+
+INTERFACES=$(echo | ifconfig | grep "Link encap" | sed '/lo/d' | cut -d"L" -f1)
+print_question "\nChoose external interface to restart from the following:"
+print_question "\n\n$INTERFACES" "[ default - eth0 ]"
+read RESTART
+if [ ! $RESTART ] ;then
+        RESTART=eth0; print_green "\nInterface: $RESTART Selected\n";
+	if echo $INTERFACES | grep $RESTART 1> /dev/null; then
+		ifdown $RESTART && ifup $RESTART
+	fi
+fi
+
+}
+
 choose_ip(){
-IP=none
-IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
-until echo $IPADDR | grep -e $IP 1>/dev/null
-do
-    print_question "\nChoose dnscrypt ip from the following addresses:\n"
-    print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
-    read IP
-    if [ ! $IP ] ;then
-        IP=127.0.0.1; print_green "\nIP: 127.0.0.1 Selected";
-    fi
-done
+
+if [ ! $IP ]; then
+	IP=none
+	IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
+	until echo $IPADDR | grep -e $IP 1>/dev/null
+	do
+    		print_question "\nChoose dnscrypt ip from the following addresses:\n"
+    		print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
+    		read IP
+    		if [ ! $IP ] ;then
+        	IP=127.0.0.1; print_green "\nIP: $IP Selected";
+   		fi
+	done
+else
+	#ip already set to 2nd loopback for dns caching
+	print_green "\nIP: $IP will be configured for dnscrypt-proxy";
+fi
 }
 
 choose_port(){
_at_@ -72,24 +93,28 @@ done
 update_unbound(){
 if [ -f /etc/unbound/unbound.conf ]; then
 	if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then
-		#replace previous setting
+		#update forward zone
 		START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf)
-		LINE=$(expr $START + 5)
+		LINE=$(expr $START + 4)
 		sed "$LINE c \  forward-addr: $IP_at_$DNSPORT" /etc/unbound/unbound.conf -i
 	else
+		# allow querying of localhost
+		START=$(sed -n '/do-not-query-localhost:/=' /etc/unbound/unbound.conf)
+		sed "$START c \do-not-query-localhost: no #set by /sbin/setup-dnscrypt" /etc/unbound/unbound.conf -i
+		# create catch all forward zone
 		echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf
-		echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf
-		echo >> /etc/unbound/unbound.conf
 		echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
 		echo -e '  name: "."' >> /etc/unbound/unbound.conf
 		echo -e "  forward-addr: $IP_at_$DNSPORT" >> /etc/unbound/unbound.conf
 	fi
 print_strong "\n/etc/unbound/unbound.conf settings updated to:"
 print_green "--------------------------------------------------------"
+print_table "do-not-query-localhost: no"
+print_table ""
 print_table 'forward-zone:'
 print_table '  name: "."'
 print_table "  forward-addr: $IP_at_$DNSPORT"
-print_green "--------------------------------------------------------\n"
+print_green "--------------------------------------------------------"
 fi
 }
 
_at_@ -167,7 +192,7 @@ print_green "-------------------------------------------------------------------
 print_table "RESOLVER\t\t:" "$RESOLVER"
 print_table "PROVIDER\t\t:" "$PROVIDER"
 print_table "PUBLIC KEY :" "$PUBKEY"
-print_green "---------------------------------------------------------------------------------------------\n"
+print_green "---------------------------------------------------------------------------------------------"
 
 # install unbound
 if ! which unbound 1> /dev/null; then
_at_@ -178,9 +203,31 @@ if ! which unbound 1> /dev/null; then
    fi
 fi
 
+# check for / setup secondary loopback for dns caching
+if which unbound 1> /dev/null && ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
+	print_question "Configure DNS Caching (this will create a 2nd loopback interface _at_ 127.0.0.2) " "[ Y / N ]"
+   	read install2ndloop
+   	if [ "$install2ndloop" = "Y" ] || [ "$install2ndloop" = "y" ]; then
+      		IP=127.0.0.2
+      		echo "auto lo:1" >> /etc/network/interfaces
+		echo "iface lo:1 inet static" >> /etc/network/interfaces
+		echo "address 127.0.0.2" >> /etc/network/interfaces
+		echo "netmask 255.0.0.0" >> /etc/network/interfaces
+   		ifconfig lo:1 127.0.0.2 up
+	fi
+fi
+
+
 # choose dnscrypt ip address port
-print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
-read updateip
+if ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
+	print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
+	read updateip
+else
+	#ip is already the 2nd loopback
+	updateip=Y; IP=127.0.0.2
+	print_green "\nDNS Caching configured"
+fi
+
 if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
 		choose_ip; choose_port
 
_at_@ -200,20 +247,23 @@ if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
 
 		# update resolv.conf & unbound
 		LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
-                sed "$LINE c nameserver $IP" /etc/resolv.conf -i
+                sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i
 		update_unbound
 
+		restart_interface
+
 		# add / restart services
-		for srv in "unbound dnscrypt-proxy"; do
+		for srv in "unbound" "dnscrypt-proxy"; do
 		if which $srv 1> /dev/null; then
-			if ! rc-status | grep $srv; then
+			rc-status default | grep $srv 1> /dev/null
+			if [ "$?" != "0" ]; then
 				rc-update add $srv default
 			fi
 			rc-service $srv restart
 		fi
 		done
 
-		print_strong "/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
+		print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
 		print_green "--------------------------------------------------------"
 		print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT"
 		print_green "--------------------------------------------------------\n"
-- 
1.8.4.3
---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Sat Nov 16 2013 - 10:16:44 GMT