From: Stuart Cardall <developer@it-offshore.co.uk>
To: alpine-devel@lists.alpinelinux.org
Cc: Stuart Cardall <developer@it-offshore.co.uk>
Subject: [alpine-devel] [PATCH] testing/dnscrypt-proxy: Updated DNS Server Script
Date: Sun, 27 Apr 2014 02:22:16 +0000
Message-Id: <1398565336-23194-1-git-send-email-developer@it-offshore.co.uk>
Precedence: list

/sbin/setup-dnscrypt revised to download the current list of
public DNS Resolvers from github. Input validation re-written.
DNS caching with Unbound can now be added & removed.

Combined with the namecoin package I sent on the 22nd - Alpine
can be used to run DNSChain for surveillance free communication
http://okturtles.com/
---
 testing/dnscrypt-proxy/APKBUILD             |  12 +-
 testing/dnscrypt-proxy/dnscrypt-proxy.setup | 379 ++++++++++++++++++----------
 2 files changed, 246 insertions(+), 145 deletions(-)

diff --git a/testing/dnscrypt-proxy/APKBUILD b/testing/dnscrypt-proxy/APKBUILD
index e319076..866b7fa 100644
--- a/testing/dnscrypt-proxy/APKBUILD
+++ b/testing/dnscrypt-proxy/APKBUILD
@@ -5,7 +5,7 @@ pkgver=1.3.3
 pkgrel=2
 pkgdesc="A tool for securing communications between a client and a DNS resolver"
 url="http://dnscrypt.org/"
-arch="all"
+arch="x86"
 license="custom"
 depends="libsodium"
 depends_dev="libtool automake autoconf libsodium-dev"
@@ -44,9 +44,9 @@ package() {
 	mkdir -p "$pkgdir"/var/run/$pkgname
 	mkdir -p $pkgdir/usr/share/licenses/$pkgname
         install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
-	install -m755 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
 	install -m755 -D "$srcdir"/$pkgname.setup "$pkgdir"/sbin/setup-dnscrypt
-	install -m 644 COPYING $pkgdir/usr/share/licenses/$pkgname
+	install -m644 COPYING $pkgdir/usr/share/licenses/$pkgname
 	chown dnscrypt "$pkgdir"/var/log/$pkgname
 	chown dnscrypt "$pkgdir"/var/run/$pkgname
 	rm -rf $pkgdir/usr/lib/*.la
@@ -55,12 +55,12 @@ package() {
 md5sums="6a10b1d6018bfeed9a6dbc3b49cc39d8  dnscrypt-proxy-1.3.3.tar.gz
 fc51d5d38e7f3066221300fff821d81f  dnscrypt-proxy.initd
 223bc3032b229ca961bec2a3f3c44d4d  dnscrypt-proxy.confd
-b24f47765020c342ba6df8c65f4f593d  dnscrypt-proxy.setup"
+b09abb720e277b9faa81aeaf573e11a8  dnscrypt-proxy.setup"
 sha256sums="b797b1cc2ce6b7a01bc8a8d119367971f0cff20beea506cd0aeaa613fd5eaa24  dnscrypt-proxy-1.3.3.tar.gz
 a56cb07b4bcedd0e9bb994f93f5f721c276ba61b576c3059a1bfad4e56c786ac  dnscrypt-proxy.initd
 8291300235a79932ce753f948f850d0817f374159f28bfbbf527f8a3dcefb1c7  dnscrypt-proxy.confd
-1b07365a4859ba94fa39cf1ed017744995876f75cbfc62b9865401b41723f96e  dnscrypt-proxy.setup"
+908a65309fa563c1ae484af91d32798c30c338d5414c8939f0585591ad5a8da3  dnscrypt-proxy.setup"
 sha512sums="e0d668446eaf65dce358b6d90fc7cf9905e49e267f0ff6c4d399c54b4ccc13d1c9f9622ac68f5fd992ce0b0c275b4e07bd98bc35404c822f521f20a244287dce  dnscrypt-proxy-1.3.3.tar.gz
 e5516c7e1fd6baf391059407aee65a837c7324698f15a675d0368fd34de10f023fe39671e95bc951bee260254fb4e3613fde6045cdf2faf085f322b769969864  dnscrypt-proxy.initd
 70be47b2954bb95341a678b3e6d68c8684e16644b8162b52c736fbac314928e1fa1d7fa9f97b4034b38d443808526fecd833b1d356df1a5e74a443e96e97d8e5  dnscrypt-proxy.confd
-9161f14bee77b935fd12fa36ed60a2dd5c74c761eb75804ddb661eabc8f1cf7dd2b6506665dbc2e0f2f92540cb18e56463409c5ec5a9ceb55635bd0aba28d949  dnscrypt-proxy.setup"
+be8bd445af5d72f75bb1b0f73db8d8655a5e40f4fccd83111496eb804969025229b8f346dc52ddc53946c094a76a2c18bff54637616cd756c5d32dbe07da262d  dnscrypt-proxy.setup"
diff --git a/testing/dnscrypt-proxy/dnscrypt-proxy.setup b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
index 736d94d..3fb58ad 100644
--- a/testing/dnscrypt-proxy/dnscrypt-proxy.setup
+++ b/testing/dnscrypt-proxy/dnscrypt-proxy.setup
@@ -1,7 +1,13 @@
 #!/bin/sh
-# Contributor: IT Offshore <developer@it-offshore.co.uk>
-# dnscrypt-proxy setup script to choose DNS Resolver / install & configure DNS Caching
-############################################################################################
+# Contributor: Stuart Cardall <developer@it-offshore.co.uk>
+# dnscrypt-proxy setup script to choose DNS Resolver & install / configure / remove DNS Caching
+###############################################################################################
+
+config='/etc/conf.d/dnscrypt-proxy'
+dhcpconfig='/etc/dhcp/dhclient.conf'
+unboundconfig='/etc/unbound/unbound.conf'
+
+SCRIPT=$(echo "`basename $0`")
 
 NORMAL="\033[1;0m"
 STRONG="\033[1;1m"
@@ -18,7 +24,6 @@ print_strong() {
         printf "${prompt} %s\n"
 }
 
-
 print_green() {
         local prompt="${GREEN}${STRONG}$1 ${NORMAL}"
         printf "${prompt} %s\n"
@@ -28,7 +33,7 @@ print_table() {
         local choice="${RED}${STRONG}$1${NORMAL}"
 	local resolver="${STRONG}$2"
 	local location="${GREEN}$3"
-	 printf "${choice} ${resolver} ${location} %s\n"
+	printf "${choice} ${resolver} ${location} %s\n"
 }
 
 die() {
@@ -41,156 +46,237 @@ restart_interface(){
 INTERFACES=$(echo | ifconfig | grep "Link encap" | sed '/lo/d' | cut -d"L" -f1)
 print_question "\nChoose external interface to restart from the following:"
 print_question "\n\n$INTERFACES" "[ default - eth0 ]"
-read RESTART
-if [ ! $RESTART ] ;then
-        RESTART=eth0; print_green "\nInterface: $RESTART Selected\n";
-	if echo $INTERFACES | grep $RESTART 1> /dev/null; then
-		ifdown $RESTART && ifup $RESTART
+
+while :
+do
+	read RESTART
+	# Sanitize input
+	export RESTART_CLEAN="`echo "${RESTART}" | tr -cd '[:[alnum]:]'`"
+
+	if [ ! $RESTART ] ;then
+        	RESTART_CLEAN=eth0
 	fi
-fi
 
+ 	# tr will strip invalid input to nothing which passes grep
+	if [ "$RESTART_CLEAN" != "" ] && echo "$INTERFACES" | grep -e "$RESTART_CLEAN" 1>/dev/null; then
+		break
+	else
+		#move the cursor & clear the line
+		echo -en "\033[1A\033[28C\022[K"
+	fi
+done
 }
 
 choose_ip(){
 
-if [ ! $IP ]; then
-	IP=none
-	IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F: '{ print $1 ": " $3 }')
-	until echo $IPADDR | grep -e $IP 1>/dev/null
-	do
-		print_question "\nChoose dnscrypt ip from the following addresses:\n"
-		print_question "\n$IPADDR\t" "[ default - 127.0.0.1 ]"
-		read IP
-		if [ ! $IP ] ;then
-		IP=127.0.0.1; print_green "\nIP: $IP Selected";
-		fi
-	done
+IPADDR=$(ifconfig |grep -B1 "inet addr" |awk '{ if ( $1 == "inet" ) { print $2 } else if ( $2 == "Link" ) { printf "%s:" ,$1 } }' |awk -F" " '{ print $1 ": " $3 }'| sed 's/addr//')
+if echo "$IPADDR" | grep -e "127.0.0.2" 1>/dev/null; then
+        defaultip='127.0.0.2'
+	IPADDR_CHOICE=$(echo "$IPADDR" | sed '/lo::127.0.0.1:/d')
 else
-	#ip already set to 2nd loopback for dns caching
-	print_green "\nIP: $IP will be configured for dnscrypt-proxy";
+        defaultip='127.0.0.1'
+	IPADDR_CHOICE=$(echo "$IPADDR" | sed '/lo:1::127.0.0.2:/d')
+fi
+
+if [ "$removecache" = "Y" ] || [ "$removecache" = "y" ]; then
+        defaultip='127.0.0.1'
+        IPADDR_CHOICE=$(echo "$IPADDR" | sed '/lo:1::127.0.0.2:/d')
 fi
+
+print_question "\nChoose Dnscrypt IP from the following addresses:\n"
+print_question "\n$IPADDR_CHOICE\t" "[ default - $defaultip ]"
+
+while :
+do
+	read IP
+	# Sanitize input
+        export IP_CLEAN="`echo "${IP}" | tr -cd '[:xdigit:] [:\::] [:\.:]'`"
+	if [ ! $IP ]; then
+		IP_CLEAN=$defaultip
+	fi
+	# tr will strip invalid input to nothing which passes grep
+	if [ "$IP_CLEAN" != "" ] && echo "$IPADDR_CHOICE" | grep -e "$IP_CLEAN" 1>/dev/null; then
+		print_green "\nIP: $IP_CLEAN Selected"; break
+	else
+		#move the cursor & clear the line
+		echo -en "\033[1A\033[49C\033[K"
+	fi
+done
 }
 
 choose_port(){
-print_question "\nChoose dnscrypt port:" "[ default = 40 ]"
-until [ "$DNSPORT" -gt 0 ] 2>/dev/null
+
+if grep -e "127.0.0.2" /etc/network/interfaces 1>/dev/null; then
+	defaultport=40
+else
+	defaultport=53
+fi
+
+print_question "\nChoose Dnscrypt Port:" "[ default = $defaultport ]"
+while :
 do
         read DNSPORT
+	# Sanitize input to an integer and assign to new variable
+	export DNSPORT_CLEAN="`echo "${DNSPORT}" | tr -cd '[:[0-9]:]'`"
         if [ ! $DNSPORT ]; then
-             DNSPORT=40; print_green "\nPort: 40 Selected"
+             DNSPORT_CLEAN=$defaultport
         fi
 
-        case $DNSPORT in
-        ''|*[!0-9]*) print_question "\nChoose NUMERIC dnscrypt port:" "[ default = 40 ]" ;;
-        *) if [ "$DNSPORT" -gt 65535 ]; then
-                                print_question "\nPlease choose a valid port" "[1 - 65535]";
-                                DNSPORT=0;
-           fi;;
-        esac
+	if [ $DNSPORT_CLEAN -gt 0 2>/dev/null ] && [ $DNSPORT_CLEAN -le 65535 2>/dev/null ]; then
+		print_green "\nPort: $DNSPORT_CLEAN Selected"; break
+	else
+		#move the cursor & clear the line
+        	echo -en "\033[1A\033[39C\033[K"
+	fi
 done
 }
 
 update_unbound(){
-if [ -f /etc/unbound/unbound.conf ]; then
-	if grep 'Settings from /sbin/setup-dnscrypt' /etc/unbound/unbound.conf 1>/dev/null; then
+if [ -f $unboundconfig ]; then
+	if grep "Settings from "$SCRIPT"" $unboundconfig 1>/dev/null; then
 		#update forward zone
-		START=$(sed -n '/Settings from \/sbin\/setup-dnscrypt/=' /etc/unbound/unbound.conf)
-		LINE=$(expr $START + 4)
-		sed "$LINE c \  forward-addr: $IP@$DNSPORT" /etc/unbound/unbound.conf -i
+		START=$(sed -n "\%Settings from $SCRIPT%=" $unboundconfig)
+		LINE=$(expr $START + 3 )
+		sed "$LINE c \  forward-addr: $IP_CLEAN@$DNSPORT_CLEAN" $unboundconfig -i
+
 	else
 		# allow querying of localhost
-		START=$(sed -n '/do-not-query-localhost:/=' /etc/unbound/unbound.conf)
-		sed "$START c \do-not-query-localhost: no #set by /sbin/setup-dnscrypt" /etc/unbound/unbound.conf -i
+		START=$(sed -n '/do-not-query-localhost:/=' $unboundconfig)
+		sed "$START c \do-not-query-localhost: no #set by $SCRIPT" $unboundconfig -i
 		# create catch all forward zone
-		echo -e '##### Settings from /sbin/setup-dnscrypt #####' >> /etc/unbound/unbound.conf
-		echo -e 'forward-zone:' >> /etc/unbound/unbound.conf
-		echo -e '  name: "."' >> /etc/unbound/unbound.conf
-		echo -e "  forward-addr: $IP@$DNSPORT" >> /etc/unbound/unbound.conf
+		echo -e "##### Settings from $SCRIPT #####" >> $unboundconfig
+		echo -e 'forward-zone:' >> $unboundconfig
+		echo -e '  name: "."' >> $unboundconfig
+		echo -e "  forward-addr: $IP_CLEAN@$DNSPORT_CLEAN" >> $unboundconfig
 	fi
-print_strong "\n/etc/unbound/unbound.conf settings updated to:"
+print_strong "\n$unboundconfig settings updated to:"
 print_green "--------------------------------------------------------"
 print_table "do-not-query-localhost: no"
 print_table ""
 print_table 'forward-zone:'
 print_table '  name: "."'
-print_table "  forward-addr: $IP@$DNSPORT"
+print_table "  forward-addr: $IP_CLEAN@$DNSPORT_CLEAN"
 print_green "--------------------------------------------------------"
 fi
 }
 
+# END Functions ###################################################################################
+
 # Do some sanity checking.
 if [ $(/usr/bin/id -u) != "0" ]; then
-   die 'Must be run by root user'
+   die 'DNScrypt Setup must be run by root'
+fi
+
+##### Download DNS Resolver details ################################################################
+
+starttag='<thead>'
+endtag='<\/table>'
+url='https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv'
+output='/tmp/dnscrypt.list'
+IFS="|"
+
+echo -e "Retrieving current list of free DNS Resolvers\n"
+curl -k --compressed -o $output -s $url; sed -i -n "/$starttag/,/$endtag/p" $output
+
+# remove leading & trailing whitespace
+sed -i 's/^[ \t]*//;s/[ \t]*$//' $output
+
+deletetags='<thead>|<tr id=|<td class=|<span id=|<tbody>|<th>|<\/tr>|<\/thead>|<\/tbody>|<\/table>'
+# remove rows without data (& the headers in <th>)
+for tags in $deletetags
+do
+        sed -i '/'$tags'/d' $output
+done
+
+#remove stray </td>
+sed -i "s/^<\/td>//g" $output
+# delete empty lines
+sed -i '/^$/d' $output
+# change rows to columns
+awk 'ORS=NR%14?" ":"\n"' $output > $output.table
+# replace closing tags with pipe
+sed -i 's/<\/td>/|/g' $output.table
+sed -i 's/<\/th>/|/g' $output.table
+# remove remaining html tags
+sed -i 's/<[^>]\+>//g' $output.table
+# number rows
+awk '{ print FNR "|" $0 }' $output.table > $output; rm $output.table
+# tidy up after AWK
+sed -i "s/&#39;/'/g" $output
+# remove whitespace after pipe
+sed -i 's/| */|/g' $output
+
+totalservers=$(awk 'END{print NR}' $output)
+
+if [ $totalservers = 0 ]; then
+	die "Could not contact $url"
 fi
 
-clear;
-print_table "\n   DNSCRYPT-PROXY MANAGER"
-print_green "-----------------------------------------------------------------"
-print_table "1:" "OpenDNS"
-print_table "2:" "Cloud NS\t\t : Canberra, Australia" "(No Logs, DNSSEC)"
-print_table "3:" "Cloud NS\t\t : Canberra" "(over TOR .onion:443)"
-print_table "4:" "Cloud NS\t\t : Sydney, Australia" "(No Logs, DNSSEC)"
-print_table "5:" "Cloud NS\t\t : Sydney" "(over TOR .onion:443)"
-print_table "6:" "OpenNIC\t\t : Japan" "(No Logs)"
-print_table "7:" "DNSCrypt.eu\t\t : Holland" "(No logs, DNSSEC)"
-print_table "8:" "Soltysiak.com\t : Poland" "(No logs, DNSSEC)"
-print_green "-----------------------------------------------------------------"
-print_question "Please choose a DNS Resolver for dnscrypt-proxy to query" "[1 - 8]:"
-
-
-until [ "$DNS" -gt 0 ] 2>/dev/null
+clear
+
+# colour table ##################################################################################
+
+colourheading=$(awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s%s\n"
+	printf format, "#", "Name", "Location", "DNSSEC", "No Logs", "Namecoin", "Resolver Address" }')
+
+colourline=$(awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s%s\n"
+	printf format, "---", "----------------------------------------", "------------------", "----------",\
+			"----------", "----------", "------------------------------------------" }')
+
+print_green "$colourheading"
+print_green "$colourline"
+
+awk 'BEGIN { format = "%-3s%-40s%-18s%-10s%-10s%-10s%-25s%s\n" }
+        { printf format,$1,$3,$5,$9,$10,$11,$12 }' FS=\| $output
+
+print_green "$colourline"
+print_question "Please choose a DNS Resolver for dnscrypt-proxy to query:" "[1 - $totalservers]"
+
+###### Process Input #############################################################################
+
+while :
 do
 
 read DNS
 
-case $DNS in
-    1) RESOLVER=208.67.220.220:443;
-       PROVIDER=2.dnscrypt-cert.opendns.com
-       PUBKEY=B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79;;
-    2) RESOLVER=113.20.6.2:443;
-       PROVIDER=2.dnscrypt-cert.cloudns.com.au;
-       PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
-    3) RESOLVER=gc2tzw6lbmeagrp3.onion:443;
-       PROVIDER=2.dnscrypt-cert.cloudns.com.au;
-       PUBKEY=1971:7C1A:C550:6C09:F09B:ACB1:1AF7:C349:6425:2676:247F:B738:1C5A:243A:C1CC:89F4;;
-    4) RESOLVER=113.20.8.17:443;
-       PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
-       PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
-    5) RESOLVER=l65q62lf7wnfme7m.onion:443;
-       PROVIDER=2.dnscrypt-cert-2.cloudns.com.au;
-       PUBKEY=67A4:323E:581F:79B9:BC54:825F:54FE:1025:8B4F:37EB:0D07:0BCE:4010:6195:D94F:E330;;
-    6) RESOLVER=106.186.17.181:2053;
-       PROVIDER=2.dnscrypt-cert.ns2.jp.dns.opennic.glue;
-       PUBKEY=8768:C3DB:F70A:FBC6:3B64:8630:8167:2FD4:EE6F:E175:ECFD:46C9:22FC:7674:A1AC:2E2A;;
-    7) RESOLVER=176.56.237.171:443;
-       PROVIDER=2.dnscrypt-cert.dnscrypt.eu;
-       PUBKEY=67C0:0F2C:21C5:5481:45DD:7CB4:6A27:1AF2:EB96:9931:40A3:09B6:2B8D:1653:1185:9C66;;
-    8) RESOLVER=178.216.201.222:2053;
-       PROVIDER=2.dnscrypt-cert.soltysiak.com;
-       PUBKEY=25C4:E188:2915:4697:8F9C:2BBD:B6A7:AFA4:01ED:A051:0508:5D53:03E7:1928:C066:8F21;;
-       #check for numerical input
-    ''|0|*[!0-9]*) print_question "Please choose a NUMERIC option:" "[1 - 8]" ;;
-    *) if [ "$DNS" -gt 8 ]; then
-	  print_question "Please choose an option:" "[1 - 8]";
-	  DNS=0;
-       fi;;
-esac
+# Sanitize input to an integer
+export DNS_CLEAN="`echo "${DNS}" | tr -cd '[:[0-9]:]'`"
+
+if [ $DNS_CLEAN -gt 0 2>/dev/null ] && [ $DNS_CLEAN -le $totalservers 2>/dev/null ]; then
+	break
+else
+	#move the cursor & clear the line
+	echo -en "\033[1A\033[67C\033[K"
+fi
+
 done
 
+RESOLVER=$(sed -n "$DNS_CLEAN"p $output | awk -F'|' '{ print $12 }')
+PROVIDER=$(sed -n "$DNS_CLEAN"p $output | awk -F'|' '{ print $13 }')
+PUBKEY=$(sed -n "$DNS_CLEAN"p $output | awk -F'|' '{ print $14 }')
+
+######## END Changes ###########################################################################
+
+if [ ! -f "$config" ]; then
+	touch $config
+	echo "DNSCRYPT_LOGFILE=/var/log/dnscrypt-proxy/dnscrypt-proxy.log" >> $config
+	echo "DNSCRYPT_LOCALIP=127.0.0.1:53" >> $config
+fi
+
 # remove existing Resolver config
-if grep "RESOLVER" /etc/conf.d/dnscrypt-proxy 1> /dev/null; then
-   sed -e '/RESOLVER/d' -e '/PROVIDER/d' -e '/PUBKEY/d' /etc/conf.d/dnscrypt-proxy -i
+if grep "RESOLVER" $config 1> /dev/null; then
+   sed -e '/RESOLVER/d' -e '/PROVIDER/d' -e '/PUBKEY/d' $config -i
 fi
 
 # update Resolver config
-echo "RESOLVER=$RESOLVER" >> /etc/conf.d/dnscrypt-proxy
-echo "PROVIDER=$PROVIDER" >> /etc/conf.d/dnscrypt-proxy
-echo "PUBKEY=$PUBKEY" >> /etc/conf.d/dnscrypt-proxy
+echo "RESOLVER=$RESOLVER" >> $config
+echo "PROVIDER=$PROVIDER" >> $config
+echo "PUBKEY=$PUBKEY" >> $config
 
-print_strong "\n/etc/conf.d/dnscrypt-proxy Resolver Settings updated to:"
+print_strong "\nResolver Settings updated in:" "$config"
 print_green "---------------------------------------------------------------------------------------------"
-print_table "RESOLVER\t\t:" "$RESOLVER"
-print_table "PROVIDER\t\t:" "$PROVIDER"
+print_table "RESOLVER   :" "$RESOLVER"
+print_table "PROVIDER   :" "$PROVIDER"
 print_table "PUBLIC KEY :" "$PUBKEY"
 print_green "---------------------------------------------------------------------------------------------"
 
@@ -200,76 +286,91 @@ if ! which unbound 1> /dev/null; then
    read installsrv
    if [ "$installsrv" = "Y" ] || [ "$installsrv" = "y" ]; then
       apk add -q unbound
+   else
+      echo "nameserver 127.0.0.1" > /etc/resolv.conf
+      exit 0
    fi
 fi
 
 # check for / setup secondary loopback for dns caching
 if which unbound 1> /dev/null && ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
-	print_question "Configure DNS Caching (this will create a 2nd loopback interface @ 127.0.0.2) " "[ Y / N ]"
+	print_question "Configure DNS Caching (create a 2nd loopback interface @ 127.0.0.2) " "[ Y / N ]"
 	read install2ndloop
 	if [ "$install2ndloop" = "Y" ] || [ "$install2ndloop" = "y" ]; then
 		IP=127.0.0.2
+		echo "##### Settings from $SCRIPT #####" >> /etc/network/interfaces
 		echo "auto lo:1" >> /etc/network/interfaces
 		echo "iface lo:1 inet static" >> /etc/network/interfaces
-		echo "address 127.0.0.2" >> /etc/network/interfaces
+		echo "address $IP" >> /etc/network/interfaces
 		echo "netmask 255.0.0.0" >> /etc/network/interfaces
-		ifconfig lo:1 127.0.0.2 up
+		ifconfig lo:1 $IP up
 	fi
 fi
 
-
-# choose dnscrypt ip address port
-if ! grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null; then
-	print_question "Modify dnscrypt-proxy ip / port ?" "[ Y / N ]"
-	read updateip
-else
-	#ip is already the 2nd loopback
-	updateip=Y; IP=127.0.0.2
-	print_green "\nDNS Caching configured"
+# modify caching / ports
+if grep "address 127.0.0.2" /etc/network/interfaces 1> /dev/null && [ ! $install2ndloop ]; then
+	print_question "\nRemove DNS Caching (Unbound) / Secondary loopback device ?" "[ Y / N ]"; read removecache
+		if [ "$removecache" = "Y" ] || [ "$removecache" = "y" ]; then
+			# remove loopback settings
+			START=$(sed -n "\%Settings from $SCRIPT%=" /etc/network/interfaces)
+                	LINE=$(expr $START + 4)
+			sed -i ''$START','$LINE'd' /etc/network/interfaces
+			echo -e ""; rc-service unbound stop; apk del unbound
+		else
+			print_green "\nSecondary Loopback for DNS Caching configured @ 127.0.0.2\n"
+			IP=127.0.0.2
+		fi
 fi
 
+print_question "\nModify dnscrypt-proxy ip / port ?" "[ Y / N ]"; read updateip
+
+# choose dnscrypt ip address port
 if [ "$updateip" = "Y" ] || [ "$updateip" = "y" ]; then
 		choose_ip; choose_port
 
 		# update dnscrypt listening ip & port
-		LINE=$(sed -n '/DNSCRYPT_LOCALIP=/=' /etc/conf.d/dnscrypt-proxy)
-		sed "$LINE c DNSCRYPT_LOCALIP=$IP:$DNSPORT" /etc/conf.d/dnscrypt-proxy -i
+		LINE=$(sed -n '/DNSCRYPT_LOCALIP=/=' $config)
+		sed "$LINE c DNSCRYPT_LOCALIP=$IP_CLEAN:$DNSPORT_CLEAN" $config -i
 
 		# update dhclient.conf
-		if [ -f /etc/dhcp/dhclient.conf ]; then
-			if grep 'supersede domain-name-servers' /etc/dhcp/dhclient.conf 1>/dev/null; then
-			LINE=$(sed -n '/supersede domain-name-servers/=' /etc/dhcp/dhclient.conf)
-			sed "$LINE c supersede domain-name-servers $IP" /etc/dhcp/dhclient.conf -i
+		if [ -f $dhcpconfig ]; then
+			if grep 'supersede domain-name-servers' $dhcpconfig 1>/dev/null; then
+			LINE=$(sed -n '/supersede domain-name-servers/=' $dhcpconfig)
+			sed "$LINE c supersede domain-name-servers $IP" $dhcpconfig -i
 			else
-				echo "supersede domain-name-servers $IP" >> /etc/dhcp/dhclient.conf
+				echo "supersede domain-name-servers $IP" >> $dhcpconfig
 			fi
 		fi
 
 		# update resolv.conf & unbound
 		LINE=$(sed -n '/nameserver/=' /etc/resolv.conf)
-                sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i
-		update_unbound
-
-		restart_interface
-
-		# add / restart services
-		for srv in "unbound" "dnscrypt-proxy"; do
-		if which $srv 1> /dev/null; then
-			rc-status default | grep $srv 1> /dev/null
-			if [ "$?" != "0" ]; then
-				rc-update add $srv default
-			fi
-			rc-service $srv restart
+		sed "$LINE c nameserver 127.0.0.1" /etc/resolv.conf -i
+		if [ "$removecache" != "Y" ] && [ "$removecache" != "y" ]; then
+			update_unbound
 		fi
-		done
+		restart_interface
 
 		print_strong "\n/etc/conf.d/dnscrypt-proxy Listening Address updated to:"
 		print_green "--------------------------------------------------------"
-		print_table "DNSCRYPT_LOCALIP=$IP:$DNSPORT"
+		print_table "DNSCRYPT_LOCALIP=$IP_CLEAN:$DNSPORT_CLEAN"
 		print_green "--------------------------------------------------------\n"
 fi
 
+# add / restart services - dnscrypt must be restarted first
+for srv in "dnscrypt-proxy" "unbound"; do
+	if which $srv 1> /dev/null; then
+		rc-status default | grep $srv 1> /dev/null
+        	if [ "$?" != "0" ]; then
+        		print_green "Adding $srv to Default Run Level"
+                	rc-update add $srv default
+        	fi
+        	rc-service $srv restart
+	fi
+done
 
+ifdown $RESTART_CLEAN && ifup $RESTART_CLEAN
+print_green "\nInterface $RESTART_CLEAN restarted\n"
+exit 0
 
 
 
-- 
1.9.1



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---