summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--network/dnscrypt-proxy/README5
-rw-r--r--network/dnscrypt-proxy/README.Slackware56
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild22
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.default72
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.info6
-rw-r--r--network/dnscrypt-proxy/dnscrypt-proxy.logrotate9
-rw-r--r--network/dnscrypt-proxy/dnsmasq.conf21
-rw-r--r--network/dnscrypt-proxy/doinst.sh27
-rw-r--r--network/dnscrypt-proxy/named.conf153
-rw-r--r--network/dnscrypt-proxy/rc.dnscrypt-proxy175
10 files changed, 542 insertions, 4 deletions
diff --git a/network/dnscrypt-proxy/README b/network/dnscrypt-proxy/README
index 658045cb40..a84642b31a 100644
--- a/network/dnscrypt-proxy/README
+++ b/network/dnscrypt-proxy/README
@@ -4,3 +4,8 @@ resolver or as a DNS forwarder, encrypting and authenticating requests using the
DNSCrypt protocol and passing them to an upstream server.
By default dnscrypt-proxy is configured to use OpenDNS' servers.
+
+Be sure to read README.Slackware for information on configuring/running
+dnscrypt-proxy as a daemon!
+
+Optional dependency: ldns
diff --git a/network/dnscrypt-proxy/README.Slackware b/network/dnscrypt-proxy/README.Slackware
new file mode 100644
index 0000000000..5fbdc46986
--- /dev/null
+++ b/network/dnscrypt-proxy/README.Slackware
@@ -0,0 +1,56 @@
+A. Setup
+
+An init script and configuration file have been provided to run dnscrypt-proxy
+as a daemon. To configure dnscrypt-proxy, edit /etc/default/dnscrypt-proxy with
+the desired settings. By default dnscrypt-proxy will use an OpenDNS server and
+will run on localhost (127.0.0.1), port 53.
+
+The configuration file is setup to use a dnscrypt user by default, and to
+chroot into that user's home directory to maximize security. In order to use
+the default configuration you should create a dnscrypt user and group with the
+following commands:
+
+ groupadd -g 293 dnscrypt
+ useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt
+
+If you decide to use another user you should edit the CHROOTDIR and USER
+options in /etc/default/dnscrypt-proxy (there are example settings provided for
+the user 'nobody').
+
+In order to send all DNS requests through dnscrypt-proxy, you will need to
+update /etc/resolv.conf to point to localhost. If using dhcpcd, the easiest way
+to set dnscrypt-proxy as the primary (but not exclusive) dns resolver is to
+create file /etc/resolv.conf.head with the following line:
+
+ nameserver 127.0.0.1
+
+You may also have to add the following line to enable EDNS:
+
+ options edns0
+
+To start dnscrypt-proxy automatically at system start, add the following to
+/etc/rc.d/rc.local:
+
+ if [ -x /etc/rc.d/rc.dnscrypt-proxy ]; then
+ /etc/rc.d/rc.dnscrypt-proxy start
+ fi
+
+To properly stop dnscrypt-proxy on system shutdown, add the following to
+/etc/rc.d/rc.local_shutdown:
+
+ if [ -x /etc/rc.d/rc.dnscrypt-proxy ]; then
+ /etc/rc.d/rc.dnscrypt-proxy stop
+ fi
+
+B. DNS Cache
+
+dnscrypt-proxy is just a DNS resolver and does not cache DNS queries. In order
+to minimize the number of external DNS lookups, you can also run a local
+caching DNS server. A sample configuration for dnsmasq (included with
+Slackware) is provided at /usr/doc/dnscrypt-proxy-@VERSION@/dnsmasq.conf. A
+sample configuration for bind/named that also does local DNSSEC validation (if
+supported by the upstream DNS server) is also provided at
+/usr/doc/dnscrypt-proxy-@VERSION@/named.conf. Both configurations run on port
+53, forwarding lookups to dnscrypt-proxy running on port 55. In order to use
+these configurations you will need to change the port dnscrypt-proxy runs on in
+/etc/default/dnscrypt-proxy.
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
index 17334bf201..ae10eaeb15 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
@@ -22,8 +22,13 @@
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# Thanks to Larry Hajali for work on README.Slackware, some configure options,
+# the basis for the sample dnsmasq configuration, the logrotate configuration,
+# and the idea for an init script. His contributions significantly improved the
+# value of this script!
+
PRGNAM=dnscrypt-proxy
-VERSION=${VERSION:-1.4.0}
+VERSION=${VERSION:-1.4.1}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -78,6 +83,11 @@ CXXFLAGS="$SLKCFLAGS" \
--localstatedir=/var \
--mandir=/usr/man \
--docdir=/usr/doc/$PRGNAM-$VERSION \
+ --enable-plugins \
+ --enable-plugins-root \
+ --enable-static=no \
+ --disable-ltdl-install \
+ --without-included-ltdl \
--build=$ARCH-slackware-linux
make
@@ -86,14 +96,24 @@ make install-strip DESTDIR=$PKG
find $PKG/usr/man -type f -exec gzip -9 {} \;
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+mkdir -p $PKG/var/{run,log}/$PRGNAM $PKG/etc/default
+chmod 0700 $PKG/var/{run,log}/$PRGNAM
+sed "s/@VERSION@/$VERSION/" $CWD/$PRGNAM.default > $PKG/etc/default/$PRGNAM.new
+install -D -m 0755 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new
+install -D -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new
+
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a \
AUTHORS ChangeLog COPYING INSTALL NEWS README README-PLUGINS.markdown README.markdown TECHNOTES THANKS \
$PKG/usr/doc/$PRGNAM-$VERSION
+sed "s/@VERSION@/$VERSION/g" $CWD/README.Slackware > $PKG/usr/doc/$PRGNAM-$VERSION/README.Slackware
+cat $CWD/dnsmasq.conf > $PKG/usr/doc/$PRGNAM-$VERSION/dnsmasq.conf
+cat $CWD/named.conf > $PKG/usr/doc/$PRGNAM-$VERSION/named.conf
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.default b/network/dnscrypt-proxy/dnscrypt-proxy.default
new file mode 100644
index 0000000000..b1b70406be
--- /dev/null
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.default
@@ -0,0 +1,72 @@
+# /etc/default/dnscrypt-proxy
+
+# This file contains the configuration settings for dnscrypt-proxy. This file
+# supports configuring and running multiple instances (see the bottom of this
+# file for a sample secondary configuration).
+
+# CHROOTDIR should be the same path as the USER's home directory.
+# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody,
+# this should be "/".
+CHROOTDIR[0]="/run/dnscrypt"
+#CHROOTDIR[0]="/"
+
+# The local address and (optional) port to listen on. The default port is 53.
+LOCALADDRESS[0]="127.0.0.1:53"
+
+# The pid file for this instance. PIDFILE must always be specified for each
+# instance!
+PIDFILE[0]="/var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid"
+
+# Runs the daemon as the following user and chroots to that user's home
+# directory (this is a security feature -- it is best not to change this!)
+USER[0]="dnscrypt"
+#USER[0]="nobody"
+
+# If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and
+# PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver
+# from RESOLVERSLIST (the first column).
+RESOLVERNAME[0]="opendns"
+
+# Specify the location of the resolver list, used if RESOLVERNAME is set.
+RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
+
+# If RESOLVERNAME is unset, RESOLVERADDRESS, PROVIDERNAME and PROVIDERKEY are
+# the settings of the remote DNSCrypt provider.
+#RESOLVERADDRESS[0]="208.67.220.220:443"
+#PROVIDERNAME[0]="2.dnscrypt-cert.opendns.com"
+#PROVIDERKEY[0]="B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79"
+
+# Transparently add an OPT pseudo-RR to outgoing queries in order to enable
+# the EDNS0 extension mechanism. The payload size is the size of the largest
+# response we accept from the resolver before retrying over TCP. This feature
+# is enabled by default, with a payload size of 1252 bytes. Any value below
+# 512 disables it.
+#EDNSPAYLOADSIZE[0]="1252"
+
+# Set the maximum number of simultaneous active requests (default 250).
+#MAXACTIVEREQUESTS[0]="250"
+
+# Use TCP instead of UDP. This is slower than UDP, and this workaround should
+# never be used except when bypassing a filter is actually required. Moreover,
+# multiple queries over a single TCP connection aren't supported yet.
+# Don't use this unless you have to. Defaults to off ("no").
+#TCPONLY[0]="no"
+
+# Load the following plugins. None are loaded by default. See
+# /usr/doc/dnscrypt-proxy-@VERSION@/README-PLUGINS.markdown for more
+# information.
+#PLUGINS[0]="libdcplugin_example,--ips=/etc/blk-ips,--domains=/etc/blk-names \
+#libdcplugin_example_logging,/var/log/dns.log"
+
+# Where and what to log. The default LOGLEVEL is LOG_INFO.
+#LOGLEVEL[0]="LOG_INFO"
+LOGFILE[0]="/var/log/dnscrypt-proxy/dnscrypt-proxy.log"
+
+# A simple example configuration for a second instance
+#CHROOTDIR[1]="/run/dnscrypt"
+#LOCALADDRESS[1]="127.0.0.2:53"
+#PIDFILE[1]="/var/run/dnscrypt-proxy/dnscrypt-proxy-1.pid"
+#USER[1]="dnscrypt"
+#RESOLVERNAME[1]="cloudns-can"
+#RESOLVERSLIST[1]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
+#LOGFILE[1]="/var/log/dnscrypt-proxy/dnscrypt-proxy-1.log"
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.info b/network/dnscrypt-proxy/dnscrypt-proxy.info
index fe317649bd..7b415c0f40 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.info
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.info
@@ -1,8 +1,8 @@
PRGNAM="dnscrypt-proxy"
-VERSION="1.4.0"
+VERSION="1.4.1"
HOMEPAGE="http://dnscrypt.org/"
-DOWNLOAD="http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.0.tar.bz2"
-MD5SUM="40b5b73f5042330b86084460d7c839c6"
+DOWNLOAD="http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.4.1.tar.bz2"
+MD5SUM="f9d59b23fcad864af7db7d6304fda77f"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES="libsodium"
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.logrotate b/network/dnscrypt-proxy/dnscrypt-proxy.logrotate
new file mode 100644
index 0000000000..884ad989e1
--- /dev/null
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.logrotate
@@ -0,0 +1,9 @@
+/var/log/dnscrypt-proxy/*log {
+ weekly
+ rotate 7
+ copytruncate
+ delaycompress
+ compress
+ notifempty
+ missingok
+}
diff --git a/network/dnscrypt-proxy/dnsmasq.conf b/network/dnscrypt-proxy/dnsmasq.conf
new file mode 100644
index 0000000000..9700cb2df9
--- /dev/null
+++ b/network/dnscrypt-proxy/dnsmasq.conf
@@ -0,0 +1,21 @@
+# Use dnsmasq as a caching DNS forwarder to dnscrypt-proxy. This configuration
+# assumes dnscrypt-proxy is running on port 55.
+
+# Never forward plain names (without a dot or domain part)
+domain-needed
+
+# Never forward addresses in the non-routed address spaces.
+bogus-priv
+
+# Don't use /etc/resolv.conf. Forward all queries to dnscrypt-proxy.
+no-resolv
+
+# Use the resolver on localhost port 55 (dnscrypt-proxy)
+server=127.0.0.1#55
+
+# Listen on localhost. Default port 53
+listen-address=127.0.0.1
+
+# Pass on the upstream DNSSEC flag. Only enable this if you trust the upstream
+# resolver.
+#proxy-dnssec
diff --git a/network/dnscrypt-proxy/doinst.sh b/network/dnscrypt-proxy/doinst.sh
new file mode 100644
index 0000000000..11fd7612c2
--- /dev/null
+++ b/network/dnscrypt-proxy/doinst.sh
@@ -0,0 +1,27 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+ # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ if [ -e $OLD ]; then
+ cp -a $OLD ${NEW}.incoming
+ cat $NEW > ${NEW}.incoming
+ mv ${NEW}.incoming $NEW
+ fi
+ config $NEW
+}
+
+preserve_perms etc/rc.d/rc.dnscrypt-proxy.new
+config etc/default/dnscrypt-proxy.new
+config etc/logrotate.d/dnscrypt-proxy.new
diff --git a/network/dnscrypt-proxy/named.conf b/network/dnscrypt-proxy/named.conf
new file mode 100644
index 0000000000..b416855f26
--- /dev/null
+++ b/network/dnscrypt-proxy/named.conf
@@ -0,0 +1,153 @@
+options {
+ directory "/var/named";
+ /*
+ * If there is a firewall between you and nameservers you want
+ * to talk to, you might need to uncomment the query-source
+ * directive below. Previous versions of BIND always asked
+ * questions using port 53, but BIND 8.1 uses an unprivileged
+ * port by default.
+ */
+ // query-source address * port 53;
+ forwarders { 127.0.0.1 port 55; };
+ forward only;
+ dnssec-enable yes;
+ dnssec-validation auto;
+ dnssec-lookaside auto;
+ allow-transfer { "none"; };
+ allow-query { 127.0.0.1; };
+ listen-on { 127.0.0.1; };
+};
+
+//
+// a caching only nameserver config
+//
+zone "." IN {
+ type hint;
+ file "caching-example/named.root";
+};
+
+zone "localhost" IN {
+ type master;
+ file "caching-example/localhost.zone";
+ allow-update { none; };
+};
+
+zone "0.0.127.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+// RFC 1918. These shouldn't be necessary but empty-zones-enable isn't
+// working properly...
+zone "10.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "16.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "17.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "18.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "19.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "20.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "21.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "22.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "23.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "24.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "25.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "26.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "27.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "28.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "29.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "30.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "31.172.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+zone "168.192.in-addr.arpa" IN {
+ type master;
+ file "caching-example/named.local";
+ allow-update { none; };
+};
+
+logging {
+ category edns-disabled { null; };
+};
diff --git a/network/dnscrypt-proxy/rc.dnscrypt-proxy b/network/dnscrypt-proxy/rc.dnscrypt-proxy
new file mode 100644
index 0000000000..84eb12c74d
--- /dev/null
+++ b/network/dnscrypt-proxy/rc.dnscrypt-proxy
@@ -0,0 +1,175 @@
+#!/bin/bash
+
+CONFIGFILE="/etc/default/dnscrypt-proxy"
+DAEMON="/usr/sbin/dnscrypt-proxy"
+
+. $CONFIGFILE
+
+start_instance() {
+ if [ -z ${PIDFILE[$1]} ]; then
+ echo "No configuration for instance $1 found!"
+ return
+ fi
+ if [ -r ${PIDFILE[$1]} ]; then
+ echo "dnscrypt-proxy (instance $1) already running!"
+ return
+ fi
+
+ # dnscrypt-proxy will work without this, but it drops privileges before
+ # seeding the PRNG. libevent tries to work around a missing /dev/urandom
+ # but it's safer just to make sure it is available in the chroot.
+ if [ -n "${CHROOTDIR[$1]}" ]; then
+ if [ "$(readlink -f ${CHROOTDIR[$1]})" != "/" ]; then
+ if [ ! -d ${CHROOTDIR[$1]} ]; then
+ mkdir -p ${CHROOTDIR[$1]}
+ chmod 755 ${CHROOTDIR[$1]}
+ fi
+ if [ ! -d ${CHROOTDIR[$1]}/dev ]; then
+ mkdir -p ${CHROOTDIR[$1]}/dev
+ chmod 755 ${CHROOTDIR[$1]}/dev
+ fi
+ if [ ! -c ${CHROOTDIR[$1]}/dev/urandom ]; then
+ mknod -m 666 ${CHROOTDIR[$1]}/dev/urandom c 1 9
+ fi
+ fi
+ fi
+
+ OPTIONS="-d"
+ if [ -n "${LOCALADDRESS[$1]}" ]; then
+ OPTIONS="${OPTIONS} --local-address=${LOCALADDRESS[$1]}"
+ fi
+ if [ -n "${PIDFILE[$1]}" ]; then
+ OPTIONS="${OPTIONS} --pidfile=${PIDFILE[$1]}"
+ fi
+ if [ -n "${USER[$1]}" ]; then
+ OPTIONS="${OPTIONS} --user=${USER[$1]}"
+ fi
+ if [ -n "${RESOLVERNAME[$1]}" ]; then
+ OPTIONS="${OPTIONS} --resolver-name=${RESOLVERNAME[$1]}"
+ fi
+ if [ -n "${RESOLVERSLIST[$1]}" ]; then
+ OPTIONS="${OPTIONS} --resolvers-list=${RESOLVERSLIST[$1]}"
+ fi
+ if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${RESOLVERADDRESS[$1]}" ]; then
+ OPTIONS="${OPTIONS} --resolver-address=${RESOLVERADDRESS[$1]}"
+ fi
+ if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERNAME[$1]}" ]; then
+ OPTIONS="${OPTIONS} --provider-name=${PROVIDERNAME[$1]}"
+ fi
+ if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERKEY[$1]}" ]; then
+ OPTIONS="${OPTIONS} --provider-key=${PROVIDERKEY[$1]}"
+ fi
+ if [ -n "${EDNSPAYLOADSIZE[$1]}" ]; then
+ OPTIONS="${OPTIONS} --edns-payload-size=${EDNSPAYLOADSIZE[$1]}"
+ fi
+ if [ -n "${MAXACTIVEREQUESTS[$1]}" ]; then
+ OPTIONS="${OPTIONS} --max-active-requests=${MAXACTIVEREQUESTS[$1]}"
+ fi
+ if [ "${TCPONLY[$1]}" == "yes" ]; then
+ OPTIONS="${OPTIONS} --tcp-only"
+ fi
+ if [ -n "${PLUGINS[$1]}" ]; then
+ for plugin in ${PLUGINS[$1]}
+ do
+ OPTIONS="${OPTIONS} --plugin=${plugin}"
+ done
+ fi
+ if [ -n "${LOGLEVEL[$1]}" ]; then
+ OPTIONS="${OPTIONS} --loglevel=${LOGLEVEL[$1]}"
+ fi
+ if [ -n "${LOGFILE[$1]}" ]; then
+ OPTIONS="${OPTIONS} --logfile=${LOGFILE[$1]}"
+ fi
+ $DAEMON $OPTIONS
+}
+
+stop_instance() {
+ if [ -z ${PIDFILE[$1]} ]; then
+ echo "No configuration for instance $1 found!"
+ return
+ fi
+ if [ ! -r ${PIDFILE[$1]} ]; then
+ echo "dnscrypt-proxy (instance $1) is not running!"
+ return
+ fi
+ echo "Stopping dnscrypt-proxy (instance $1)..."
+ kill $(cat ${PIDFILE[$1]})
+}
+
+status_instance() {
+ if [ -z ${PIDFILE[$1]} ]; then
+ echo "No configuration for instance $1 found!"
+ return
+ fi
+ if [ ! -r ${PIDFILE[$1]} ]; then
+ echo "dnscrypt-proxy (instance $1) is not running."
+ return
+ fi
+ PID=$(cat ${PIDFILE[$1]})
+ if [ -z "$PID" ]; then
+ echo "PID file is empty! dnscrypt-proxy (instance $1) does not appear to be running, but there is a stale PID file."
+ elif kill -0 $PID ; then
+ echo "dnscrypt-proxy (instance $1) is running."
+ else
+ echo "dnscrypt-proxy (instance $1) is not running, but there is a stale PID file."
+ fi
+}
+
+start() {
+ for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
+ do
+ start_instance $i
+ done
+}
+
+stop() {
+ for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
+ do
+ stop_instance $i
+ done
+}
+
+status() {
+ for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
+ do
+ status_instance $i
+ done
+}
+
+case "$1" in
+ 'start')
+ start
+ ;;
+ 'stop')
+ stop
+ ;;
+ 'restart')
+ stop
+ start
+ ;;
+ 'status')
+ status
+ ;;
+ *_start)
+ INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
+ start_instance $INSTANCE
+ ;;
+ *_stop)
+ INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
+ stop_instance $INSTANCE
+ ;;
+ *_restart)
+ INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
+ stop_instance $INSTANCE
+ sleep 1
+ start_instance $INSTANCE
+ ;;
+ *_status)
+ INSTANCE=`echo $1 | /bin/cut -d '_' -f 1`
+ status_instance $INSTANCE
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|status|#_start|#_stop|#_restart}"
+ exit 1
+ ;;
+esac