From 32e4f8fe807178737b213763fd749a090ba7236a Mon Sep 17 00:00:00 2001
From: schreibubi <schreibubi@users.noreply.github.com>
Date: Mon, 9 May 2022 12:05:57 +0530
Subject: [PATCH] dns/dnscrypt-proxy: Support specifying relays for anonymous
 DNS (#2548)

---
 dns/dnscrypt-proxy/pkg-descr                   |  4 ++++
 .../OPNsense/Dnscryptproxy/forms/general.xml   |  8 ++++++++
 .../models/OPNsense/Dnscryptproxy/General.xml  |  3 +++
 .../OPNsense/Dnscryptproxy/dnscrypt-proxy.toml | 18 ++++++++++++++++++
 4 files changed, 33 insertions(+)

diff --git a/dns/dnscrypt-proxy/pkg-descr b/dns/dnscrypt-proxy/pkg-descr
index cbe2d972b..0be7fb48e 100644
--- a/dns/dnscrypt-proxy/pkg-descr
+++ b/dns/dnscrypt-proxy/pkg-descr
@@ -5,6 +5,10 @@ such as DNSCrypt v2 and DNS-over-HTTPS.
 Plugin Changelog
 ================
 
+1.12
+
+* Support specifying relays for anonymous DNS
+
 1.11
 
 * Fix DNSBL update due to FreeBSD13 upgrade (sed syntax)
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
index 41d4d57d2..9243e2372 100644
--- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
+++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/controllers/OPNsense/Dnscryptproxy/forms/general.xml
@@ -179,4 +179,12 @@
         <allownew>true</allownew>
         <help><![CDATA[Exclude servers from automatic selection. Add any specific server names here if you do not want to use them for any reason.]]></help>
     </field>
+    <field>
+        <id>general.relaylist</id>
+        <label>Relay List</label>
+        <type>select_multiple</type>
+        <style>tokenize</style>
+        <allownew>true</allownew>
+        <help><![CDATA[Set a list of <a href="https://github.com/DNSCrypt/dnscrypt-resolvers#list-of-dnscrypt-relays">relays</a>. Will be used for relaying to all configured servers.]]></help>
+    </field>
 </form>
diff --git a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
index 85826254e..3d47b93fd 100644
--- a/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
+++ b/dns/dnscrypt-proxy/src/opnsense/mvc/app/models/OPNsense/Dnscryptproxy/General.xml
@@ -147,5 +147,8 @@
             <FieldSeparator>,</FieldSeparator>
             <asList>Y</asList>
         </disabled_serverlist>
+        <relaylist type="CSVListField">
+            <Required>N</Required>
+        </relaylist>
     </items>
 </model>
diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
index 96dd4718e..61260c00e 100644
--- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
+++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml
@@ -152,6 +152,24 @@ cache = false
   refresh_delay = 72
   prefix = ''
 
+  ## Anonymized DNS relays
+
+  [sources.'relays']
+  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/relays.md']
+  cache_file = 'relays.md'
+  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+  refresh_delay = 72
+  prefix = ''
+
+[anonymized_dns]
+
+{% if helpers.exists('OPNsense.dnscryptproxy.general.relaylist') and OPNsense.dnscryptproxy.general.relaylist != '' %}
+ routes = [
+    { server_name='*', via=[{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.relaylist.split(','))) + "'" }}] }
+ ]
+{% endif %}
+
+
 [static]
 {% if helpers.exists('OPNsense.dnscryptproxy.server.servers.server') %}
 {%   for server_list in helpers.toList('OPNsense.dnscryptproxy.server.servers.server') %}