From 305a6f6b6a94670519521aead9f00cdc70bdcada Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Thu, 1 Jun 2017 15:43:09 +0100 Subject: [PATCH] 1) Add a stubby-setdns script (for MAC OS X only at the moment) to support Homebrew formula 2) Remove the OARC server from the default config. So now only include the servers that commit to not logging user data. Can make this clearer once we have a yaml config file. 3) Update makefile to include stubby.conf and stubby-setdns in dist tarball --- Makefile.in | 1 + src/tools/stubby-setdns.sh | 67 ++++++++++++++++++++++++++++++++++++++ src/tools/stubby.conf | 12 ------- 3 files changed, 68 insertions(+), 12 deletions(-) create mode 100755 src/tools/stubby-setdns.sh diff --git a/Makefile.in b/Makefile.in index 8282d4a4..fc741fce 100644 --- a/Makefile.in +++ b/Makefile.in @@ -243,6 +243,7 @@ $(distdir): cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools cp $(srcdir)/src/tools/stubby.conf $(distdir)/src/tools + cp $(srcdir)/src/tools/stubby-setdns.sh $(distdir)/src/tools cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn diff --git a/src/tools/stubby-setdns.sh b/src/tools/stubby-setdns.sh new file mode 100755 index 00000000..6a0c9903 --- /dev/null +++ b/src/tools/stubby-setdns.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# Stubby helper file to set DNS servers on OSX. +# Must run as root. + +usage () { + echo + echo "Update the system DNS resolvers so that Stubby is used for all DNS" + echo "queries. (Stubby must already be running)" + echo "This must be run as root, and is currently only supported on MAC OS X." + echo + echo "Usage: $0 options" + echo + echo "Supported options:" + echo " -r Reset DNS resolvers to the default ones (e.g. from DHCP)" + echo " -l List the current DNS settings for all interfaces" + echo " -h Show this help." +} + +RESET=0 +LIST=0 +SERVERS="127.0.0.1 ::1" +OS_X=`uname -a | grep -c 'Darwin'` + +while getopts ":rlh" opt; do + case $opt in + r ) RESET=1 ;; + l ) LIST=1 ;; + h ) usage + exit 1 ;; + \? ) usage + exit 1 ;; + esac +done + + +if [[ $OS_X -eq 0 ]]; then + echo "Sorry - This script is currenlty only supported on MAC OS X." + exit 1 +fi + +if [[ $LIST -eq 1 ]]; then + echo "** Current DNS settings **" + networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do + RESULT=`networksetup -getdnsservers "$x"` + RESULT=`echo $RESULT` + printf '%-30s %s\n' "$x:" "$RESULT" + done + exit 1 +fi + +if [ "$USER" != "root" ]; then + echo "Must be root to update system resolvers. Retry using 'sudo stubby-setdns'" + exit 1 +fi + +if [[ $RESET -eq 1 ]]; then + SERVERS="empty" + echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service." +else + echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running." +fi + +### Set the DNS settings via networksetup ### +networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do + networksetup -setdnsservers "$x" $SERVERS +done + diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf index 67a5233c..56fffaff 100644 --- a/src/tools/stubby.conf +++ b/src/tools/stubby.conf @@ -49,18 +49,6 @@ , value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q= } ] }, - { address_data: 184.105.193.78 - , tls_pubkey_pinset: - [ { digest: "sha256" - , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI= - } ] - }, - { address_data: 2620:ff:c000:0:1::64:25 - , tls_pubkey_pinset: - [ { digest: "sha256" - , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI= - } ] - }, { address_data: 89.233.43.71 , tls_auth_name: "unicast.censurfridns.dk" },