"Igor Zornik" writes:
> The upstream was cooperative enough to consider my idea of keeping > manual reloading always enabled so now we can use this without a > disclaimer. Thanks for the diff. Sorry for not responding to your previous updates. The only tweak I have is taking the descriptions of the load balancing like for wp2 from /etc/dnscrypt-proxy.toml. I was wondering why I couldn't kill -HUP when testing an update I had made. I see that you had to remove rc_reload=NO. > As far as the configuration file goes, we can keep it as > is, as the web monitoring UI isn't enabled by default. It's up to you > to secure if you include any sensitive information in it. This sounds reasonable to me considering your earlier updates bringing up whether to make the config file not world-readable. I tested: 1) monitoring UI https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Monitoring-UI 2) reloading with kill -HUP - ensure the default: # enable_hot_reload = false - blocked_names_file = '/var/dnscrypt-proxy/blocked-names.txt' - log_file = '/var/dnscrypt-proxy/blocked-names.log' - add domain to blocked-names.txt - kill -HUP 123 (PID of dnscrypt-proxy) - domain will not load in private browser tab. sometimes browser cache or dnscrypt's cache messes with it but it mostly works. Please find inline a tweaked diff with the README changes. The biggest change to pay attention to is removing rc_reload=NO to allow kill -HUP to reload blocked-names.txt even if enable_hot_reload is set to false, which it is by default. OK? Index: Makefile =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/Makefile,v diff -u -p -u -p -r1.70 Makefile --- Makefile 4 Apr 2025 09:33:41 -0000 1.70 +++ Makefile 2 Sep 2025 00:07:03 -0000 @@ -2,7 +2,7 @@ COMMENT = flexible DNS proxy with suppor GH_ACCOUNT = DNSCrypt GH_PROJECT = dnscrypt-proxy -GH_TAGNAME = 2.1.8 +GH_TAGNAME = 2.1.13 CATEGORIES = net Index: distinfo =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/distinfo,v diff -u -p -u -p -r1.39 distinfo --- distinfo 4 Apr 2025 09:33:41 -0000 1.39 +++ distinfo 2 Sep 2025 00:07:03 -0000 @@ -1,2 +1,2 @@ -SHA256 (dnscrypt-proxy-2.1.8.tar.gz) = 2y1ZPQhNA0I1+q8JdDMYtAOftb4tOm4XywFXCR0j9Ns= -SIZE (dnscrypt-proxy-2.1.8.tar.gz) = 4185376 +SHA256 (dnscrypt-proxy-2.1.13.tar.gz) = f2o9JhP5Gs5ALy9oKSlSlWWlTW1+QhNAPn5qDbRIvdw= +SIZE (dnscrypt-proxy-2.1.13.tar.gz) = 4180107 Index: patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml,v diff -u -p -u -p -r1.17 patch-dnscrypt-proxy_example-dnscrypt-proxy_toml --- patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 11 Mar 2022 19:45:54 -0000 1.17 +++ patches/patch-dnscrypt-proxy_example-dnscrypt-proxy_toml 2 Sep 2025 00:07:03 -0000 @@ -1,7 +1,7 @@ Index: dnscrypt-proxy/example-dnscrypt-proxy.toml --- dnscrypt-proxy/example-dnscrypt-proxy.toml.orig +++ dnscrypt-proxy/example-dnscrypt-proxy.toml -@@ -52,7 +52,7 @@ max_clients = 250 +@@ -50,7 +50,7 @@ max_clients = 250 ## Note (2): this feature is not compatible with systemd socket activation. ## Note (3): when using -pidfile, the PID file directory must be writable by the new user @@ -9,4 +9,4 @@ Index: dnscrypt-proxy/example-dnscrypt-p +user_name = '_dnscrypt-proxy' - ## Require servers (from remote sources) to satisfy specific properties + ############################################################################### Index: pkg/DESCR =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/DESCR,v diff -u -p -u -p -r1.3 DESCR --- pkg/DESCR 18 Jan 2025 04:32:55 -0000 1.3 +++ pkg/DESCR 2 Sep 2025 00:07:03 -0000 @@ -12,6 +12,7 @@ DNSCrypt and ODoH (Oblivious DoH), and f Compatible with all DNS services - Time-based filtering, with a flexible weekly schedule - Transparent redirection of specific domains to specific resolvers +- Optional hot-reloading of configuration files - DNS caching, to reduce latency and improve privacy - Local IPv6 blocking to reduce latency on IPv4-only networks - Load balancing: pick a set of resolvers, dnscrypt-proxy will Index: pkg/README =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/README,v diff -u -p -u -p -r1.6 README --- pkg/README 11 Jul 2024 16:09:29 -0000 1.6 +++ pkg/README 2 Sep 2025 00:07:03 -0000 @@ -24,12 +24,16 @@ Load balancing strategy ----------------------- Note the load balancing strategy, controlled by 'lb_strategy'. It can be set to one of the following values: - - 'first' (always pick the fastest server in the list) - - 'p2' (randomly choose between the top two fastest servers) - - 'ph' (randomly choose between the top fastest half of all servers) - - 'random' (just pick any random server from the list) + - 'wp2' (default): Weighted Power of Two - selects the better + performing server from two random candidates based on real-time RTT + and success rates. + - 'p2': Randomly choose 1 of the fastest 2 servers by latency. + - 'ph': Randomly choose from fastest half of servers. + - 'p<n>': Randomly choose from fastest n servers (e.g., 'p3' for fastest 3). + - 'first': Always use the fastest server. + - 'random': Randomly choose from all servers. -'p2' is the default option. For more information, see +For more information, see https://github.com/jedisct1/dnscrypt-proxy/wiki/Load-Balancing-Options Logging Index: pkg/dnscrypt_proxy.rc =================================================================== RCS file: /cvs/ports/net/dnscrypt-proxy/pkg/dnscrypt_proxy.rc,v diff -u -p -u -p -r1.7 dnscrypt_proxy.rc --- pkg/dnscrypt_proxy.rc 18 Jan 2025 04:32:55 -0000 1.7 +++ pkg/dnscrypt_proxy.rc 2 Sep 2025 00:07:03 -0000 @@ -8,7 +8,6 @@ daemon_flags="-config ${SYSCONFDIR}/dnsc pexp="${daemon}${daemon_flags:+ ${daemon_flags}}.*" rc_bg=YES -rc_reload=NO rc_configtest() { ${daemon} ${daemon_flags} -check
