[Resolvconf-devel] Bug#709258: Please automagically handle dnscrypt-proxy correctly

[Thomas Hood]

Package: resolvconf
Version: 1.71
Severity: wishlist

OpenDNS's DNSCrypt client for Linux (called 'dnscrypt-proxy')[0] is not yet
packaged for Debian but some people are already installing it from source
and it is of course possible that it will eventually be packaged. (It is
free software and there's an ITP for it, bug report #692320.) This is a
request that the resolvconf package be enhanced to make it easy to use
dnscrypt-proxy.

Dnscrypt-proxy doesn't cache. So it makes sense to run a local caching
forwarding nameserver configured to forward queries to dnscrypt-proxy at a
loopback address. The request is that resolvconf automagically handle both
the situation where dnscrypt-proxy is installed, in which case its listen
address should be listed exclusively in resolv.conf, and the situation
where both dnscrypt-proxy and a local caching forwarding nameserver are
installed, in which case the loopback address of the local caching
forwarding nameserver should be listed exclusively in resolv.conf and the
address of dnscrypt-proxy not.

Dnscrypt-proxy's record will probably be called 'lo.dnscrypt'.

Libc's resolvconf hook script should see to it that:

* if lo.dnscrypt is present but lo.dnsmasq et al are not present, only the
address from lo.dnscrypt will be written to /run/resolvconf/resolv.conf.
* if lo.dnscrypt is present and some lo.LOCALCACHINGFORWARDINGNAMESERVER is
also present, only the address
from lo.LOCALCACHINGFORWARDINGNAMESERVER will be written to
/run/resolvconf/resolv.conf. LOCALCACHINGFORWARDINGNAMESERVER is expected
then to forward to dnscrypt-proxy.

[0]https://github.com/opendns/dnscrypt-proxy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/resolvconf-devel/attachments/20130522/c259af8c/attachment.html>