X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@mail.alpinelinux.org Received: from apollo.thewebhostserver.com (apollomail.thewebhostserver.com [46.23.65.248]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 7CED6DC0171 for ; Sat, 16 Nov 2013 10:15:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=it-offshore.co.uk; s=default; h=Message-Id:Date:Subject:Cc:To:From; bh=0RYf3mVquCdJAge5Rt+SshBh4Pp+gcdkJLV8tn8bIvU=; b=m12nqpMfxZ2RuOu81w+WQ+Lgg/3WfWz7VfRdD/D2WXCf8KrF3IfCIbcvyASNIxv7INytWfZODRNNiej60T4XZss+NuEUNP5xINuUsraVkfm4WzB8MNVu2saWrBqNARIv; Received: from [81.4.121.188] (port=35178 helo=alpine.my.domain) by apollo.thewebhostserver.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1VhcuM-000qma-L9; Sat, 16 Nov 2013 10:15:18 +0000 From: IT Offshore To: alpine-devel@lists.alpinelinux.org Cc: IT Offshore Subject: [alpine-devel] [PATCH] Revised dnscrypt-proxy setup script Date: Sat, 16 Nov 2013 10:16:44 +0000 Message-Id: <1384597004-1576-1-git-send-email-developer@it-offshore.co.uk> X-Mailer: git-send-email 1.8.4.3 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - apollo.thewebhostserver.com X-AntiAbuse: Original Domain - lists.alpinelinux.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - it-offshore.co.uk X-Get-Message-Sender-Via: apollo.thewebhostserver.com: authenticated_id: developer@it-offshore.co.uk X-Source: X-Source-Args: X-Source-Dir: X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: I did a little more testing on the /sbin/setup-dnscrypt script (once I knew I could install the APK's I made). This fixes previous bugs with setting up dns caching (a 2nd loopback is created & the proxy now listens on 127.0.0.2:40 by default if caching is enabled). Errors in setting up & starting the services are also fixed. --- testing/dnscrypt-proxy/dnscrypt-proxy.setup | 96 ++++++++++++++++++++++------- 1 file changed, 73 insertions(+), 23 deletions(-) diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.setup b/testing/dnscrypt-proxy/dnscrypt-proxy.setup index 8fd6d56..8cb5861 100644 --- a/testing/dnscrypt-proxy/dnscrypt-proxy.setup +++ b/testing/dnscrypt-proxy/dnscrypt-proxy.setup @@ -36,18 +36,39 @@ die() { exit 1 } +restart_interface(){ + +INTERFACES=$(echo | ifconfig | grep "Link encap" | sed '/lo/d' | cut -d"L" -f1) +print_question "\nChoose external interface to restart from the following:" +print_question "\n\n$INTERFACES" "[ default - eth0 ]" +read RESTART +if [ ! $RESTART ] ;then + RESTART=eth0; print_green "\nInterface: $RESTART Selected\n"; + if echo $INTERFACES | grep $RESTART 1> /dev/null; then + ifdown $RESTART && ifup $RESTART + fi +fi + +} + choose_ip(){ -IP=none -IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }') -until echo $IPADDR | grep -e $IP 1>/dev/null -do - print_question "\nChoose dnscrypt ip from the following addresses:\n" - print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]" - read IP - if [ ! $IP ] ;then - IP=127.0.0.1; print_green "\nIP: 127.0.0.1 Selected"; - fi -done + +if [ ! $IP ]; then + IP=none + IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }') + until echo $IPADDR | grep -e $IP 1>/dev/null + do + print_question "\nChoose dnscrypt ip from the following addresses:\n" + print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]" + read IP + if [ ! $IP ] ;then + IP=127.0.0.1; print_green "\nIP: $IP Selected"; + fi + done +else + #ip already set to 2nd loopback for dns caching + print_green "\nIP: $IP will be configured for dnscrypt-proxy"; +fi } choose_port(){ @@ -72,24 +93,28 @@ done update_unbound(){ if [ -f /etc/unbound/unbound.conf ]; then if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then - #replace previous setting + #update forward zone START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf) - LINE=$(expr $START + 5) + LINE=$(expr $START + 4) sed "$LINE c \ forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i else + # allow querying of localhost + START=$(sed -n '/do-not-query-localhost:/=' /etc/unbound/unbound.conf) + sed "$START c \do-not-query-localhost: no #set by /sbin/setup-dnscrypt" /etc/unbound/unbound.conf -i + # create catch all forward zone echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf - echo -e 'do-not-query-localhost: no' >> /etc/unbound/unbound.conf - echo >> /etc/unbound/unbound.conf echo -e 'forward-zone:' >> /etc/unbound/unbound.conf echo -e ' name: "."' >> /etc/unbound/unbound.conf echo -e " forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf fi print_strong "\n/etc/unbound/unbound.conf settings updated to:" print_green "--------------------------------------------------------" +print_table "do-not-query-localhost: no" +print_table "" print_table 'forward-zone:' print_table ' name: "."' print_table " forward-addr: $IP@$DNSPORT" -print_green "--------------------------------------------------------\n" +print_green "--------------------------------------------------------" fi } @@ -167,7 +192,7 @@ print_green "------------------------------------------------------------------- print_table "RESOLVER\t\t:" "$RESOLVER" print_table "PROVIDER\t\t:" "$PROVIDER" print_table "PUBLIC KEY :" "$PUBKEY" -print_green "---------------------------------------------------------------------------------------------\n" +print_green "---------------------------------------------------------------------------------------------" # install unbound if ! which unbound 1> /dev/null; then @@ -178,9 +203,31 @@ if ! which unbound 1> /dev/null; then fi fi +# check for / setup secondary loopback for dns caching +if which unbound 1> /dev/null && ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then + print_question "Configure DNS Caching (this will create a 2nd loopback interface @ 127.0.0.2) " "[ Y / N ]" + read install2ndloop + if [ "$install2ndloop" = "Y" ] || [ "$install2ndloop" = "y" ]; then + IP=127.0.0.2 + echo "auto lo:1" >> /etc/network/interfaces + echo "iface lo:1 inet static" >> /etc/network/interfaces + echo "address 127.0.0.2" >> /etc/network/interfaces + echo "netmask 255.0.0.0" >> /etc/network/interfaces + ifconfig lo:1 127.0.0.2 up + fi +fi + + # choose dnscrypt ip address port -print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]" -read updateip +if ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then + print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]" + read updateip +else + #ip is already the 2nd loopback + updateip=Y; IP=127.0.0.2 + print_green "\nDNS Caching configured" +fi + if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then choose_ip; choose_port @@ -200,20 +247,23 @@ if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then # update resolv.conf & unbound LINE=$(sed -n '/nameserver/=' /etc/resolv.conf) - sed "$LINE c nameserver $IP" /etc/resolv.conf -i + sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i update_unbound + restart_interface + # add / restart services - for srv in "unbound dnscrypt-proxy"; do + for srv in "unbound" "dnscrypt-proxy"; do if which $srv 1> /dev/null; then - if ! rc-status | grep $srv; then + rc-status default | grep $srv 1> /dev/null + if [ "$?" != "0" ]; then rc-update add $srv default fi rc-service $srv restart fi done - print_strong "/etc/conf.d/dnscrypt-proxy Listening Address updated to:" + print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:" print_green "--------------------------------------------------------" print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT" print_green "--------------------------------------------------------\n" -- 1.8.4.3 --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---