dnscrypt-proxy: improve instructions.

Closes Homebrew/homebrew#27999. Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
2014-03-30 17:17:44 -04:00 · 2014-03-30 17:17:44 -04:00 · e28bc6acf6
commit e28bc6acf6
parent e04510b3c1
1 changed files with 19 additions and 13 deletions
--- a/Formula/dnscrypt-proxy.rb
+++ b/Formula/dnscrypt-proxy.rb
@ -31,23 +31,30 @@ class DnscryptProxy < Formula
  end

  def caveats; <<-EOS.undent
-    Once dnscrypt-proxy is running, you will have to update your local
-    DNS server to point to 127.0.0.1 in order for it to actually work.
-    This is generally done under System Preferences > Network > Advanced.
-    Once there, you will see a "DNS" tab where you can enter a list of DNS
-    servers. You will want to make sure that 127.0.0.1 is listed there first.
+    After starting dnscrypt-proxy, you will need to point your
+    local DNS server to 127.0.0.1. You can do this by going to
+    System Preferences > "Network" and clicking the "Advanced..."
+    button for your interface. You will see a "DNS" tab where you
+    can click "+" and enter 127.0.0.1 in the "DNS Servers" section.

-    Note: By default, dnscrypt-proxy runs on 127.0.0.1:53 under the "nobody" user.
-    If you would like to change these settings, you will have to edit the plist file.
+    By default, dnscrypt-proxy runs on localhost (127.0.0.1), port 53,
+    and under the "nobody" user using the default OpenDNS DNSCrypt-enabled
+    resolver. If you would like to change these settings (e.g., switching to
+    a DNSCrypt-enabled resolver with DNSSEC support), you will have to edit the
+    plist file (e.g., --resolver-address, --provider-name, --provider-key, etc.)

-    To check that dnscrypt-proxy is running properly, open Terminal and enter this at
-    the command prompt:
+    To check that dnscrypt-proxy is working correctly, open Terminal and enter the
+    following command:

-        nslookup -type=txt debug.opendns.com
+        dig txt debug.opendns.com

-    You should see something like this in the output:
+    You should see a line in the result that looks like this:

-        debug.opendns.com text = "dnscrypt enabled (...)"
+        debug.opendns.com.	0	IN	TXT	"dnscrypt enabled (......)"
+
+    Note: This will only work if you are using the default OpenDNS DNSCrypt-enabled
+    resolver. If you are using a different resolver, you can use a tool like tcpdump
+    to verify that everything is working correctly.
    EOS
  end

@ -67,7 +74,6 @@ class DnscryptProxy < Formula
        <key>ProgramArguments</key>
        <array>
          <string>#{opt_sbin}/dnscrypt-proxy</string>
-          <string>--local-address=127.0.0.1:53</string>
          <string>--user=nobody</string>
        </array>
        <key>UserName</key>