smartdns: bump to v2019.11.02

package/ctcgfw/luci-app-unblockneteasemusic-mini/root/etc/init.d/unblockneteasemusic-mini

@@ -24,7 +24,7 @@ ipset=/interface.music.163.com/music
 ipset=/interface3.music.163.com/music
 ipset=/apm.music.163.com/music
 ipset=/apm3.music.163.com/music
-EOF
+		EOF
 		/etc/init.d/dnsmasq restart >/dev/null 2>&1
 
 		if ! ipset list music >/dev/null; then ipset create music hash:ip; fi

package/jsda/smartdns/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=smartdns
-PKG_VERSION:=1
+PKG_VERSION:=2019.11.02
 PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk
@@ -14,8 +14,6 @@ define Package/$(PKG_NAME)
     SECTION:=net
     CATEGORY:=Network
     TITLE:=smartdns
-    URL:=
-    DEPENDS:=+libopenssl
 endef
 
 define Package/$(PKG_NAME)/description
@@ -46,9 +44,6 @@ endif
 ifeq ($(ARCH),aarch64)
 	PKG_ARCH_SMARTDNS:=arm64
 endif
-ifeq ($(BOARD),bcm53xx)
-	PKG_ARCH_SMARTDNS:=bcm53xx
-endif
 
 define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/usr/sbin

package/jsda/smartdns/files/etc/init.d/smartdns

@@ -160,6 +160,7 @@ load_server()
 	config_get "port" "$section" "port" ""
 	config_get "type" "$section" "type" "udp"
 	config_get "ip" "$section" "ip" ""
+	config_get "tls_host_verify" "$section" "tls_host_verify" ""
 	config_get "host_name" "$section" "host_name" ""
 	config_get "http_host" "$section" "http_host" ""
 	config_get "server_group" "$section" "server_group" ""
@@ -191,6 +192,10 @@ load_server()
 		fi
 	fi
 
+	if [ ! -z "$tls_host_verify" ]; then
+		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -tls-host-verify $tls_host_verify"
+	fi
+
 	if [ ! -z "$host_name" ]; then
 		ADDITIONAL_ARGS="$ADDITIONAL_ARGS -host-name $host_name"
 	fi
@@ -228,7 +233,75 @@ load_server()
 	conf_append "$SERVER" "$DNS_ADDRESS $ADDITIONAL_ARGS $addition_arg"
 }
 
-load_service() {
+load_second_server() 
+{
+	local section="$1"
+	local ARGS=""
+	local ADDR=""
+
+	config_get_bool "seconddns_enabled" "$section" "seconddns_enabled" "0"
+	if [ "$seconddns_enabled" = "0" ]; then
+		return
+	fi
+
+	config_get "seconddns_port" "$section" "seconddns_port" "7053"
+
+	config_get_bool "seconddns_no_speed_check" "$section" "seconddns_no_speed_check" "0"
+	if [ "$seconddns_no_speed_check" = "1" ]; then
+		ARGS="$ARGS -no-speed-check"
+	fi
+
+	config_get "seconddns_server_group" "$section" "seconddns_server_group" ""
+	if [ ! -z "$seconddns_server_group" ]; then
+		ARGS="$ARGS -group $seconddns_server_group"
+	fi
+
+	config_get_bool "seconddns_no_rule_addr" "$section" "seconddns_no_rule_addr" "0"
+	if [ "$seconddns_no_rule_addr" = "1" ]; then
+		ARGS="$ARGS -no-rule-addr"
+	fi
+
+	config_get_bool "seconddns_no_rule_nameserver" "$section" "seconddns_no_rule_nameserver" "0"
+	if [ "$seconddns_no_rule_nameserver" = "1" ]; then
+		ARGS="$ARGS -no-rule-nameserver"
+	fi
+
+	config_get_bool "seconddns_no_rule_ipset" "$section" "seconddns_no_rule_ipset" "0"
+	if [ "$seconddns_no_rule_ipset" = "1" ]; then
+		ARGS="$ARGS -no-rule-ipset"
+	fi
+
+	config_get_bool "seconddns_no_rule_soa" "$section" "seconddns_no_rule_soa" "0"
+	if [ "$seconddns_no_rule_soa" = "1" ]; then
+		ARGS="$ARGS -no-rule-soa"
+	fi
+
+	config_get_bool "seconddns_no_dualstack_selection" "$section" "seconddns_no_dualstack_selection" "0"
+	if [ "$seconddns_no_dualstack_selection" = "1" ]; then
+		ARGS="$ARGS -no-dualstack-selection"
+	fi
+
+	config_get_bool "seconddns_no_cache" "$section" "seconddns_no_cache" "0"
+	if [ "$seconddns_no_cache" = "1" ]; then
+		ARGS="$ARGS -no-cache"
+	fi
+
+	config_get "ipv6_server" "$section" "ipv6_server" "1"
+	if [ "$ipv6_server" = "1" ]; then
+		ADDR="[::]"
+	else
+		ADDR=""
+	fi
+
+	conf_append "bind" "$ADDR:$seconddns_port $ARGS"
+	config_get_bool "seconddns_tcp_server" "$section" "seconddns_tcp_server" "1"
+	if [ "$seconddns_tcp_server" = "1" ]; then
+		conf_append "bind-tcp" "$ADDR:$seconddns_port $ARGS"
+	fi
+}
+
+load_service() 
+{
 	local section="$1"
 	args=""
 
@@ -347,6 +420,8 @@ load_service() {
 		set_forward_dnsmasq "$SMARTDNS_PORT"
 	fi
 
+	load_second_server $section
+
 	config_foreach load_server "server"
 
 	echo "conf-file $ADDRESS_CONF" >> $SMARTDNS_CONF_TMP
@@ -373,12 +448,14 @@ load_service() {
 	procd_close_instance
 }
 
-start_service() {
+start_service() 
+{
 	config_load "smartdns"
 	config_foreach load_service "smartdns"
 }
 
-reload_service(){
+reload_service()
+{
 	stop
 	start
 }

package/jsda/smartdns/files/etc/smartdns/smartdns.conf

@@ -8,14 +8,27 @@
 # conf-file [file]
 # conf-file blacklist-ip.conf
 
-# dns server bind ip and port, default dns server port is 53.
-# bind [IP]:port, udp server
-# bind-tcp [IP]:port, tcp server
+# dns server bind ip and port, default dns server port is 53, support binding multi ip and port
+# bind udp server
+#   bind [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
+# bind tcp server
+#   bind-tcp [IP]:[port] [-group [group]] [-no-rule-addr] [-no-rule-nameserver] [-no-rule-ipset] [-no-speed-check] [-no-cache] [-no-rule-soa] [-no-dualstack-selection]
+# option:
+#   -group: set domain request to use the appropriate server group.
+#   -no-rule-addr: skip address rule.
+#   -no-rule-nameserver: skip nameserver rule.
+#   -no-rule-ipset: skip ipset rule.
+#   -no-speed-check: do not check speed.
+#   -no-cache: skip cache.
+#   -no-rule-soa: Skip address SOA(#) rules.
+#   -no-dualstack-selection: Disable dualstack ip selection.
 # example: 
-#   IPV4: :53
-#   IPV6  [::]:53
-# bind-tcp [::]:53
-
+#  IPV4: 
+#    bind :53
+#    bind :6053 -group office -no-speed-check
+#  IPV6:
+#    bind [::]:53
+#    bind-tcp [::]:53
 bind [::]:6053
 
 # tcp connection idle timeout
@@ -42,6 +55,13 @@ cache-size 512
 # List of IPs that will be ignored
 # ignore-ip [ip/subnet]
 
+# speed check mode
+# speed-check-mode [ping|tcp:port|none|,]
+# example:
+#   speed-check-mode ping,tcp:80
+#   speed-check-mode tcp:443,ping
+#   speed-check-mode none
+
 # force AAAA query return SOA
 # force-AAAA-SOA [yes|no]
 
@@ -75,8 +95,9 @@ log-level info
 # log-num 2
 
 # dns audit
-# audit-enable: enable or disable audit [yes|no]
+# audit-enable [yes|no]: enable or disable audit.
 # audit-enable yes
+# audit-SOA [yes|no]: enable or disalbe log soa result.
 # audit-size size of each audit file, support k,m,g
 # audit-file /var/log/smartdns-audit.log
 # audit-size 128k
@@ -100,6 +121,8 @@ log-level info
 # remote tls dns server list
 # server-tls [IP]:[PORT] [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
 #   -spki-pin: TLS spki pin to verify.
+#   -tls-host-check: cert hostname to verify.
+#   -hostname: TLS sni hostname.
 # Get SPKI with this command:
 #    echo | openssl s_client -connect '[ip]:853' | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
 # default port is 853
@@ -109,6 +132,9 @@ log-level info
 # remote https dns server list
 # server-https https://[host]:[port]/path [-blacklist-ip] [-whitelist-ip] [-spki-pin [sha256-pin]] [-group [group] ...] [-exclude-default-group]
 #   -spki-pin: TLS spki pin to verify.
+#   -tls-host-check: cert hostname to verify.
+#   -hostname: TLS sni hostname.
+#   -http-host: http host.
 # default port is 443
 # server-https https://cloudflare-dns.com/dns-query