From e26137a875f8edc4764aa92b16faea73d538fe7b Mon Sep 17 00:00:00 2001
From: levelad <47079419+levelad@users.noreply.github.com>
Date: Sat, 30 Nov 2024 10:16:57 +0100
Subject: [PATCH 1/7] Update General.xml
Adding dnscrypt-proxy variable "odoh_servers".
---
.../mvc/app/models/OPNsense/Dnscryptproxy/General.xml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
index f7a64b9072..997a58d860 100644
--- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
+++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
@@ -38,6 +38,10 @@
1
Y
+
+ 0
+ Y
+
0
Y
From ed4a26843753442ad5774a154e3b998ea60f2856 Mon Sep 17 00:00:00 2001
From: levelad <47079419+levelad@users.noreply.github.com>
Date: Sat, 30 Nov 2024 10:51:27 +0100
Subject: [PATCH 2/7] Update general.xml
Adding dnscrypt variable "odoh_servers".
---
.../controllers/OPNsense/Dnscryptproxy/forms/general.xml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
index 7f5d0e8538..af91c5a171 100644
--- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
+++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
@@ -49,6 +49,12 @@
checkbox
Let DNSCrypt-Proxy use servers with DNS-over-HTTPS protocol enabled.
+
+ general.odoh_servers
+
+ checkbox
+ Let DNSCrypt-Proxy use servers with Oblivious-DNS-over-HTTPS protocol enabled.
+
general.require_dnssec
From 042ada479d2e51ee63f62dee626edea7563d02df Mon Sep 17 00:00:00 2001
From: levelad <47079419+levelad@users.noreply.github.com>
Date: Sat, 30 Nov 2024 10:53:15 +0100
Subject: [PATCH 3/7] Update dnscrypt-proxy.toml
Adding dnscrypt variable "odoh_servers".
---
.../templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
index ce67f33cd2..fe1a1c1275 100644
--- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
+++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
@@ -40,6 +40,12 @@ doh_servers = true
doh_servers = false
{% endif %}
+{% if helpers.exists('OPNsense.dnscryptproxy.general.odoh_servers') and OPNsense.dnscryptproxy.general.odoh_servers == '1' %}
+doh_servers = true
+{% else %}
+doh_servers = false
+{% endif %}
+
{% if helpers.exists('OPNsense.dnscryptproxy.general.require_dnssec') and OPNsense.dnscryptproxy.general.require_dnssec == '1' %}
require_dnssec = true
{% else %}
From 4cf9e53903ec9acb458186d7cb86b070cedc3205 Mon Sep 17 00:00:00 2001
From: levelad <47079419+levelad@users.noreply.github.com>
Date: Sat, 30 Nov 2024 11:09:35 +0100
Subject: [PATCH 4/7] Update dnscrypt-proxy.toml
Fixup.
---
.../templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
index fe1a1c1275..1c63e4953b 100644
--- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
+++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
@@ -41,9 +41,9 @@ doh_servers = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.odoh_servers') and OPNsense.dnscryptproxy.general.odoh_servers == '1' %}
-doh_servers = true
+odoh_servers = true
{% else %}
-doh_servers = false
+odoh_servers = false
{% endif %}
{% if helpers.exists('OPNsense.dnscryptproxy.general.require_dnssec') and OPNsense.dnscryptproxy.general.require_dnssec == '1' %}
From 371789e1e98e6af25ee6105d916cce8bcdce0048 Mon Sep 17 00:00:00 2001
From: levelad <47079419+levelad@users.noreply.github.com>
Date: Sat, 30 Nov 2024 12:16:51 +0100
Subject: [PATCH 5/7] Update General.xml
Version update 0.1.2->0.1.3
---
.../opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
index 997a58d860..772a971092 100644
--- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
+++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
@@ -1,7 +1,7 @@
//OPNsense/dnscryptproxy/general
dnscrypt-proxy configuration
- 0.1.2
+ 0.1.3
0
From 0eac44b0249b2732ce8e4fefe0158e10ef0825df Mon Sep 17 00:00:00 2001
From: levelad <47079419+levelad@users.noreply.github.com>
Date: Sat, 30 Nov 2024 15:10:37 +0100
Subject: [PATCH 6/7] Update dnscrypt-proxy.toml
Adding ODoH target and relay servers and fixing up some URLs.
---
.../Dnscryptproxy/dnscrypt-proxy.toml | 22 +++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
index 1c63e4953b..84d98ff086 100644
--- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
+++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
@@ -152,7 +152,7 @@ cache = false
[sources]
[sources.'public-resolvers']
- urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
+ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
cache_file = 'public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
@@ -161,12 +161,30 @@ cache = false
## Anonymized DNS relays
[sources.'relays']
- urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/relays.md']
+ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md']
cache_file = 'relays.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
prefix = ''
+ ## Oblivious DoH servers
+
+ [sources.'odoh-servers']
+ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md']
+ cache_file = 'odoh-servers.md'
+ minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+ refresh_delay = 72
+ prefix = ''
+
+ ## Oblivious DoH relays
+
+ [sources.'odoh-relays']
+ urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md']
+ cache_file = 'odoh-relays.md'
+ minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+ refresh_delay = 72
+ prefix = ''
+
[anonymized_dns]
{% if helpers.exists('OPNsense.dnscryptproxy.general.relaylist') and OPNsense.dnscryptproxy.general.relaylist != '' %}
From 42f2e7cbff81b25ab1709866d6726bc878e6f45c Mon Sep 17 00:00:00 2001
From: levelad <47079419+levelad@users.noreply.github.com>
Date: Sat, 30 Nov 2024 15:14:31 +0100
Subject: [PATCH 7/7] Update general.xml
Adding note that ODoH target and relay servers are not chosen automatically.
---
.../app/controllers/OPNsense/Dnscryptproxy/forms/general.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
index af91c5a171..02b73663a2 100644
--- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
+++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
@@ -53,7 +53,7 @@
general.odoh_servers
checkbox
- Let DNSCrypt-Proxy use servers with Oblivious-DNS-over-HTTPS protocol enabled.
+ Let DNSCrypt-Proxy use servers with Oblivious-DNS-over-HTTPS protocol enabled. Note: If checked you must provide ODoH target and relay servers manually!
general.require_dnssec