Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #6707 from guidosarducci/master-fixup-stubby

Browse source 
stubby: some fixes, cleanup, and improvements
This commit is contained in:
Dirk Brenken 2018-10-14 18:47:16 +02:00 committed by GitHub
commit 46a35a82c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 31 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
net/stubby/Makefile
View file

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=stubby PKG_NAME:=stubby
PKG_VERSION:=0.2.3 PKG_VERSION:=0.2.3
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING PKG_LICENSE_FILES:=COPYING
@ -29,12 +29,6 @@ define Package/stubby/Default
URL:=https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby URL:=https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby
endef endef
define Package/stubby/description
This package contains the Stubby daemon (which utilizes the getdns library).
See https://github.com/openwrt/packages/blob/master/net/stubby/files/README.md for more details.
endef
define Package/stubby define Package/stubby
$(call Package/stubby/Default) $(call Package/stubby/Default)
SECTION:=net SECTION:=net
@ -45,6 +39,16 @@ define Package/stubby
DEPENDS:= +libyaml +getdns +ca-certificates DEPENDS:= +libyaml +getdns +ca-certificates
endef endef
define Package/stubby/description
This package contains the Stubby daemon (which utilizes the getdns library).
See https://github.com/openwrt/packages/blob/master/net/stubby/files/README.md for more details.
endef
define Package/stubby/conffiles
/etc/stubby/stubby.yml
endef
define Package/stubby/install define Package/stubby/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/stubby $(1)/usr/sbin/stubby $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/stubby $(1)/usr/sbin/stubby
@ -55,9 +59,4 @@ define Package/stubby/install
$(INSTALL_DATA) ./files/stubby.yml $(1)/etc/stubby/stubby.yml $(INSTALL_DATA) ./files/stubby.yml $(1)/etc/stubby/stubby.yml
endef endef
define Package/stubby/conffiles
/etc/stubby/stubby.yml
endef
$(eval $(call BuildPackage,stubby)) $(eval $(call BuildPackage,stubby))

6
net/stubby/files/README.md
View file

@ -20,10 +20,10 @@ This package has some modifications that makes it differ from the default upstre
### General Cleanup ### General Cleanup
Comments are removed, etc. Comments are removed, etc.
### EDNS Client-Subnet Option Changed to 0 ### EDNS Client-Subnet Option
The value of "edns_client_subnet_private" is '1' in the upstream default config. This informs the upstream resolver to NOT forward your connection's IP to any other upstream servers. This is good for privacy, but could result in sub-optimal routing to CDNs, etc. The value of "edns_client_subnet_private" is '1' in the upstream default config. This informs the upstream resolver to NOT forward your connection's IP to any other upstream servers. This is good for privacy, but could result in sub-optimal routing to CDNs, etc.
To give a more "comparable" DNS experience similar to google/opendns, this package disables this option. We retain the upstream value since privacy is a key user motivation for using DNS-over-TLS, but note users encountering poor routing may consider changing it.
### Default Listening Ports Changed ### Default Listening Ports Changed
The value of "listen_addresses" in the default config does not list port numbers, which will cause stubby to default to port 53. However, Openwrt defaults to dnsmasq as the main name server daemon, which runs on port 53. By setting the listening ports to non-standard values, this allows users to keep the main name server daemon in place (dnsmasq/unbound/etc.) and have that name server forward to stubby. The value of "listen_addresses" in the default config does not list port numbers, which will cause stubby to default to port 53. However, Openwrt defaults to dnsmasq as the main name server daemon, which runs on port 53. By setting the listening ports to non-standard values, this allows users to keep the main name server daemon in place (dnsmasq/unbound/etc.) and have that name server forward to stubby.
@ -43,4 +43,4 @@ Cloudflare is an Anycast DNS service. This should take care of any needed "failo
Most of the default resolvers for stubby are in Europe. To provide a better experience for a larger number of users, this package defaults to using Cloudflare's DNS service. Cloudflare's DNS service has been ranked number one in speed against many other top resolvers. Most of the default resolvers for stubby are in Europe. To provide a better experience for a larger number of users, this package defaults to using Cloudflare's DNS service. Cloudflare's DNS service has been ranked number one in speed against many other top resolvers.
https://developers.Cloudflare.com/1.1.1.1/commitment-to-privacy/ https://developers.Cloudflare.com/1.1.1.1/commitment-to-privacy/
https://www.dnsperf.com/dns-resolver/1-1-1-1 https://www.dnsperf.com/dns-resolver/1-1-1-1

2
net/stubby/files/stubby.init
View file

@ -13,8 +13,6 @@ start_service() {
procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
procd_set_param limits core="unlimited"
procd_set_param file /etc/stubby/stubby.yml procd_set_param file /etc/stubby/stubby.yml
procd_set_param stdout 1 procd_set_param stdout 1

18
net/stubby/files/stubby.yml
View file

@ -9,7 +9,7 @@ tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
tls_query_padding_blocksize: 128 tls_query_padding_blocksize: 128
edns_client_subnet_private : 0 edns_client_subnet_private : 1
round_robin_upstreams: 0 round_robin_upstreams: 0
@ -24,6 +24,14 @@ upstream_recursive_servers:
# # Cloudflare IPv6 # # Cloudflare IPv6
- address_data: 2606:4700:4700::1111 - address_data: 2606:4700:4700::1111
tls_auth_name: "cloudflare-dns.com" tls_auth_name: "cloudflare-dns.com"
tls_pubkey_pinset:
- digest: "sha256"
value: yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=
- address_data: 2606:4700:4700::1001
tls_auth_name: "cloudflare-dns.com"
tls_pubkey_pinset:
- digest: "sha256"
value: yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=
# # Quad 9 IPv6 # # Quad 9 IPv6
# - address_data: 2620:fe::10 # - address_data: 2620:fe::10
@ -33,6 +41,14 @@ upstream_recursive_servers:
# # Cloudflare servers # # Cloudflare servers
- address_data: 1.1.1.1 - address_data: 1.1.1.1
tls_auth_name: "cloudflare-dns.com" tls_auth_name: "cloudflare-dns.com"
tls_pubkey_pinset:
- digest: "sha256"
value: yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=
- address_data: 1.0.0.1
tls_auth_name: "cloudflare-dns.com"
tls_pubkey_pinset:
- digest: "sha256"
value: yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=
# Quad 9 service # Quad 9 service
# - address_data: 9.9.9.10 # - address_data: 9.9.9.10