From 305a6f6b6a94670519521aead9f00cdc70bdcada Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Thu, 1 Jun 2017 15:43:09 +0100 Subject: [PATCH 1/2] 1) Add a stubby-setdns script (for MAC OS X only at the moment) to support Homebrew formula 2) Remove the OARC server from the default config. So now only include the servers that commit to not logging user data. Can make this clearer once we have a yaml config file. 3) Update makefile to include stubby.conf and stubby-setdns in dist tarball --- Makefile.in | 1 + src/tools/stubby-setdns.sh | 67 ++++++++++++++++++++++++++++++++++++++ src/tools/stubby.conf | 12 ------- 3 files changed, 68 insertions(+), 12 deletions(-) create mode 100755 src/tools/stubby-setdns.sh diff --git a/Makefile.in b/Makefile.in index 8282d4a4..fc741fce 100644 --- a/Makefile.in +++ b/Makefile.in @@ -243,6 +243,7 @@ $(distdir): cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools cp $(srcdir)/src/tools/stubby.conf $(distdir)/src/tools + cp $(srcdir)/src/tools/stubby-setdns.sh $(distdir)/src/tools cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn diff --git a/src/tools/stubby-setdns.sh b/src/tools/stubby-setdns.sh new file mode 100755 index 00000000..6a0c9903 --- /dev/null +++ b/src/tools/stubby-setdns.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# Stubby helper file to set DNS servers on OSX. +# Must run as root. + +usage () { + echo + echo "Update the system DNS resolvers so that Stubby is used for all DNS" + echo "queries. (Stubby must already be running)" + echo "This must be run as root, and is currently only supported on MAC OS X." + echo + echo "Usage: $0 options" + echo + echo "Supported options:" + echo " -r Reset DNS resolvers to the default ones (e.g. from DHCP)" + echo " -l List the current DNS settings for all interfaces" + echo " -h Show this help." +} + +RESET=0 +LIST=0 +SERVERS="127.0.0.1 ::1" +OS_X=`uname -a | grep -c 'Darwin'` + +while getopts ":rlh" opt; do + case $opt in + r ) RESET=1 ;; + l ) LIST=1 ;; + h ) usage + exit 1 ;; + \? ) usage + exit 1 ;; + esac +done + + +if [[ $OS_X -eq 0 ]]; then + echo "Sorry - This script is currenlty only supported on MAC OS X." + exit 1 +fi + +if [[ $LIST -eq 1 ]]; then + echo "** Current DNS settings **" + networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do + RESULT=`networksetup -getdnsservers "$x"` + RESULT=`echo $RESULT` + printf '%-30s %s\n' "$x:" "$RESULT" + done + exit 1 +fi + +if [ "$USER" != "root" ]; then + echo "Must be root to update system resolvers. Retry using 'sudo stubby-setdns'" + exit 1 +fi + +if [[ $RESET -eq 1 ]]; then + SERVERS="empty" + echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service." +else + echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running." +fi + +### Set the DNS settings via networksetup ### +networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do + networksetup -setdnsservers "$x" $SERVERS +done + diff --git a/src/tools/stubby.conf b/src/tools/stubby.conf index 67a5233c..56fffaff 100644 --- a/src/tools/stubby.conf +++ b/src/tools/stubby.conf @@ -49,18 +49,6 @@ , value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q= } ] }, - { address_data: 184.105.193.78 - , tls_pubkey_pinset: - [ { digest: "sha256" - , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI= - } ] - }, - { address_data: 2620:ff:c000:0:1::64:25 - , tls_pubkey_pinset: - [ { digest: "sha256" - , value: pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI= - } ] - }, { address_data: 89.233.43.71 , tls_auth_name: "unicast.censurfridns.dk" }, From d2e8ac9e6117d90c45cc51c38c9630f1a1d47e81 Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Wed, 7 Jun 2017 17:00:21 +0100 Subject: [PATCH 2/2] =?UTF-8?q?Change=20script=20name=20so=20it=20is=20spe?= =?UTF-8?q?cific=20for=20macOS=20(which=20is=20the=20new=20=E2=80=98offici?= =?UTF-8?q?al=E2=80=99=20name=20for=20Mac=20OS=20X!)=20Add=20the=20copyrig?= =?UTF-8?q?ht=20statement=20to=20the=20stubby-setdns-macos.sh=20file?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/tools/stubby-setdns-macos.sh | 96 ++++++++++++++++++++++++++++++++ src/tools/stubby-setdns.sh | 67 ---------------------- 2 files changed, 96 insertions(+), 67 deletions(-) create mode 100755 src/tools/stubby-setdns-macos.sh delete mode 100755 src/tools/stubby-setdns.sh diff --git a/src/tools/stubby-setdns-macos.sh b/src/tools/stubby-setdns-macos.sh new file mode 100755 index 00000000..90f1e45f --- /dev/null +++ b/src/tools/stubby-setdns-macos.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# +# Copyright (c) 2017, Verisign, Inc., NLnet Labs +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the names of the copyright holders nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +# Stubby helper file to set DNS servers on macOS. +# Note - this script doesn't detect or handle network events, simply changes the +# current resolvers +# Must run as root. + +usage () { + echo + echo "Update the system DNS resolvers so that Stubby is used for all DNS" + echo "queries on macOS. (Stubby must already be running)" + echo "This must be run as root." + echo + echo "Usage: $0 options" + echo + echo "Supported options:" + echo " -r Reset DNS resolvers to the default ones (e.g. from DHCP)" + echo " -l List the current DNS settings for all interfaces" + echo " -h Show this help." +} + +RESET=0 +LIST=0 +SERVERS="127.0.0.1 ::1" +OS_X=`uname -a | grep -c 'Darwin'` + +while getopts ":rlh" opt; do + case $opt in + r ) RESET=1 ;; + l ) LIST=1 ;; + h ) usage + exit 1 ;; + \? ) usage + exit 1 ;; + esac +done + + +if [[ $OS_X -eq 0 ]]; then + echo "Sorry - This script only works on macOS and you are on a different OS." + exit 1 +fi + +if [[ $LIST -eq 1 ]]; then + echo "** Current DNS settings **" + networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do + RESULT=`networksetup -getdnsservers "$x"` + RESULT=`echo $RESULT` + printf '%-30s %s\n' "$x:" "$RESULT" + done + exit 1 +fi + +if [ "$USER" != "root" ]; then + echo "Must be root to update system resolvers. Retry using 'sudo stubby-setdns'" + exit 1 +fi + +if [[ $RESET -eq 1 ]]; then + SERVERS="empty" + echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service." +else + echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running." +fi + +### Set the DNS settings via networksetup ### +networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do + networksetup -setdnsservers "$x" $SERVERS +done + diff --git a/src/tools/stubby-setdns.sh b/src/tools/stubby-setdns.sh deleted file mode 100755 index 6a0c9903..00000000 --- a/src/tools/stubby-setdns.sh +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/bash -# Stubby helper file to set DNS servers on OSX. -# Must run as root. - -usage () { - echo - echo "Update the system DNS resolvers so that Stubby is used for all DNS" - echo "queries. (Stubby must already be running)" - echo "This must be run as root, and is currently only supported on MAC OS X." - echo - echo "Usage: $0 options" - echo - echo "Supported options:" - echo " -r Reset DNS resolvers to the default ones (e.g. from DHCP)" - echo " -l List the current DNS settings for all interfaces" - echo " -h Show this help." -} - -RESET=0 -LIST=0 -SERVERS="127.0.0.1 ::1" -OS_X=`uname -a | grep -c 'Darwin'` - -while getopts ":rlh" opt; do - case $opt in - r ) RESET=1 ;; - l ) LIST=1 ;; - h ) usage - exit 1 ;; - \? ) usage - exit 1 ;; - esac -done - - -if [[ $OS_X -eq 0 ]]; then - echo "Sorry - This script is currenlty only supported on MAC OS X." - exit 1 -fi - -if [[ $LIST -eq 1 ]]; then - echo "** Current DNS settings **" - networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do - RESULT=`networksetup -getdnsservers "$x"` - RESULT=`echo $RESULT` - printf '%-30s %s\n' "$x:" "$RESULT" - done - exit 1 -fi - -if [ "$USER" != "root" ]; then - echo "Must be root to update system resolvers. Retry using 'sudo stubby-setdns'" - exit 1 -fi - -if [[ $RESET -eq 1 ]]; then - SERVERS="empty" - echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service." -else - echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running." -fi - -### Set the DNS settings via networksetup ### -networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do - networksetup -setdnsservers "$x" $SERVERS -done -