network/dnscrypt-proxy: Updated for version 1.9.5.

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>

8 files changed, 309 insertions, 158 deletions

diff --git a/network/dnscrypt-proxy/README b/network/dnscrypt-proxy/README
index a84642b31a..5ec190cc0e 100644
--- a/network/dnscrypt-proxy/README
+++ b/network/dnscrypt-proxy/README
@@ -3,7 +3,8 @@ resolver. It provides a local service which can be used directly as your local
 resolver or as a DNS forwarder, encrypting and authenticating requests using the
 DNSCrypt protocol and passing them to an upstream server.
 
-By default dnscrypt-proxy is configured to use OpenDNS' servers.
+By default dnscrypt-proxy is configured to use a random DNS server; you will
+definitely want to change this.
 
 Be sure to read README.Slackware for information on configuring/running
 dnscrypt-proxy as a daemon!
diff --git a/network/dnscrypt-proxy/README.Slackware b/network/dnscrypt-proxy/README.Slackware
index 5fbdc46986..6af60acaab 100644
--- a/network/dnscrypt-proxy/README.Slackware
+++ b/network/dnscrypt-proxy/README.Slackware
@@ -1,9 +1,9 @@
 A. Setup
 
 An init script and configuration file have been provided to run dnscrypt-proxy
-as a daemon. To configure dnscrypt-proxy, edit /etc/default/dnscrypt-proxy with
-the desired settings. By default dnscrypt-proxy will use an OpenDNS server and
-will run on localhost (127.0.0.1), port 53.
+as a daemon. To configure dnscrypt-proxy, edit /etc/dnscrypt-proxy.conf with
+the desired settings. By default dnscrypt-proxy will use a random DNS server
+and will run on localhost (127.0.0.1), port 53.
 
 The configuration file is setup to use a dnscrypt user by default, and to
 chroot into that user's home directory to maximize security. In order to use
@@ -13,9 +13,9 @@ following commands:
     groupadd -g 293 dnscrypt
     useradd -u 293 -g 293 -c "DNSCrypt" -d /run/dnscrypt -s /bin/false dnscrypt
 
-If you decide to use another user you should edit the CHROOTDIR and USER
-options in /etc/default/dnscrypt-proxy (there are example settings provided for
-the user 'nobody').
+If you decide to use another user you should edit the CHROOTDIR option in
+/etc/default/dnscrypt-proxy and the User setting in /etc/dnscrypt-proxy.conf
+(there are example settings provided for the user 'nobody').
 
 In order to send all DNS requests through dnscrypt-proxy, you will need to
 update /etc/resolv.conf to point to localhost. If using dhcpcd, the easiest way
@@ -44,8 +44,8 @@ To properly stop dnscrypt-proxy on system shutdown, add the following to
 
 B. DNS Cache
 
-dnscrypt-proxy is just a DNS resolver and does not cache DNS queries. In order
-to minimize the number of external DNS lookups, you can also run a local
+dnscrypt-proxy provides limited control over how it caches DNS queries. In
+order to minimize the number of external DNS lookups, you can also run a local
 caching DNS server. A sample configuration for dnsmasq (included with
 Slackware) is provided at /usr/doc/dnscrypt-proxy-@VERSION@/dnsmasq.conf. A
 sample configuration for bind/named that also does local DNSSEC validation (if
@@ -53,4 +53,4 @@ supported by the upstream DNS server) is also provided at
 /usr/doc/dnscrypt-proxy-@VERSION@/named.conf. Both configurations run on port
 53, forwarding lookups to dnscrypt-proxy running on port 55. In order to use
 these configurations you will need to change the port dnscrypt-proxy runs on in
-/etc/default/dnscrypt-proxy.
+/etc/dnscrypt-proxy.conf.
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
index a7e3b1eab8..0c42db33b6 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.SlackBuild
@@ -2,7 +2,7 @@
 
 # Slackware build script for dnscrypt-proxy
 
-# Copyright 2016 T3slider <t3slider@gmail.com>
+# Copyright 2017 T3slider <t3slider@gmail.com>
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -28,7 +28,7 @@
 # value of this script!
 
 PRGNAM=dnscrypt-proxy
-VERSION=${VERSION:-1.7.0}
+VERSION=${VERSION:-1.9.5}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}
 
@@ -100,11 +100,13 @@ mkdir -p $PKG/var/{run,log}/$PRGNAM $PKG/etc/default
 chmod 0700 $PKG/var/{run,log}/$PRGNAM
 sed "s/@VERSION@/$VERSION/" $CWD/$PRGNAM.default > $PKG/etc/default/$PRGNAM.new
 install -D -m 0755 $CWD/rc.$PRGNAM $PKG/etc/rc.d/rc.$PRGNAM.new
+rm -f $PKG/etc/$PRGNAM.conf
+install -D -m 0644 $CWD/$PRGNAM.conf $PKG/etc/$PRGNAM.conf.new
 install -D -m 0644 $CWD/$PRGNAM.logrotate $PKG/etc/logrotate.d/$PRGNAM.new
 
 mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
 cp -a \
-  AUTHORS ChangeLog COPYING DNSCRYPT-V2-PROTOCOL.txt INSTALL NEWS README README-PLUGINS.markdown README.markdown THANKS \
+  AUTHORS ChangeLog INSTALL NEWS README THANKS \
   $PKG/usr/doc/$PRGNAM-$VERSION
 sed "s/@VERSION@/$VERSION/g" $CWD/README.Slackware > $PKG/usr/doc/$PRGNAM-$VERSION/README.Slackware
 cat $CWD/dnsmasq.conf > $PKG/usr/doc/$PRGNAM-$VERSION/dnsmasq.conf
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.conf b/network/dnscrypt-proxy/dnscrypt-proxy.conf
new file mode 100644
index 0000000000..cfd6a750d5
--- /dev/null
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.conf
@@ -0,0 +1,244 @@
+######################################################
+#                                                    #
+#    Sample configuration file for dnscrypt-proxy    #
+#                                                    #
+######################################################
+
+
+############## Resolver settings ##############
+
+## [CHANGE THIS] Short name of the resolver to use
+## Usually the only thing you need to change in this configuration file.
+## This corresponds to the first column in the dnscrypt-resolvers.csv file.
+## Alternatively, "random" (without quotes) picks a random random resolver
+## accessible over IPv4, that doesn't log and supports DNSSEC.
+
+ResolverName random
+
+
+## Full path to the list of available DNSCrypt resolvers (dnscrypt-resolvers.csv)
+## An up-to-date list is available here:
+## https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-resolvers.csv
+## and the dnscrypt-update-resolvers.sh script can be used in order to
+## automatically download and verify updates.
+
+# ResolversList /usr/local/share/dnscrypt-proxy/dnscrypt-resolvers.csv
+
+
+## Manual settings, only for a custom resolver not present in the CSV file
+
+# ProviderName    2.dnscrypt.resolver.example
+# ProviderKey     E801:B84E:A606:BFB0:BAC0:CE43:445B:B15E:BA64:B02F:A3C4:AA31:AE10:636A:0790:324D
+# ResolverAddress 203.0.113.1:443
+
+
+
+############## Process options ##############
+
+## [NOT AVAILABLE ON WINDOWS] Run the proxy as a background process.
+## Unless you are using systemd, you probably want to change this to "yes"
+## after having verified that the rest of the configuration works as expected.
+
+Daemonize yes
+
+
+## Write the PID number to a file
+
+PidFile /var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid
+
+
+## [NOT AVAILABLE ON WINDOWS] Start the process, bind the required ports, and
+## run the server as a less-privileged system user.
+## The value for this parameter is a user name.
+
+# User nobody
+User dnscrypt
+
+
+
+############## Network/protocol settings ##############
+
+## Local address and port to listen to.
+## A 127.0.0.x address is recommended for local use, but 0.0.0.0 or
+## a specific interface address can be used on a router, or to
+## configure a single machine to act as a DNS proxy for different
+## devices.
+## If the socket is created by systemd, the proxy cannot change the address
+## using this option. You should edit systemd's dnscrypt-proxy.socket file
+## instead.
+
+LocalAddress 127.0.0.1:53
+
+
+## Cache DNS responses to avoid outgoing traffic when the same queries
+## are repeated multiple times in a row.
+
+LocalCache on
+
+
+## Creates a new key pair for every query.
+## This prevents logging servers from correlating client public keys with
+## IP addresses. However, this option implies extra CPU load, and is not
+## very useful with trusted/non-logging servers.
+
+EphemeralKeys off
+
+
+## Maximum number of active requests waiting for a response.
+## Keep it reasonable relative to the expected number of clients.
+
+# MaxActiveRequests 250
+
+
+## This is the maximum payload size allowed when using the UDP protocol.
+## The default is safe, and rarely needs to be changed.
+
+# EDNSPayloadSize 1252
+
+
+## Ignore the time stamps when checking the certificates
+## Do not enable this option ever, unless you know that you need it.
+
+# IgnoreTimestamps no
+
+
+## Do not send queries using UDP. Only use TCP.
+## Even if some resolvers mitigate this, DNS over TCP is almost always slower
+## than UDP and doesn't offer additional security.
+## Only enable this option if UDP doesn't work on your network.
+
+# TCPOnly no
+
+
+## Forward queries for specific zones to one or more non-DNSCrypt resolvers.
+## For instance, this can be used to redirect queries for local domains to
+## the router, or queries for an internal domain to an internal DNS server.
+## Multiple whitespace-delimited zones and IP addresses can be specified.
+## Do not enable this unless you absolutely know you need it.
+## If you see useless queries to these zones, you'd better block them with
+## the BlackList feature instead of sending them in clear text to the router.
+## This uses a plugin that requires dnscrypt-proxy to be compiled with
+## the ldns library.
+
+# Forward domains:"test private localdomain lan" to:"192.168.100.254"
+
+
+############## Logging ##############
+
+## Log the received DNS queries to a file, so you can watch in real-time what
+## is happening on the network.
+## The value for this parameter is a full path to the log file.
+## The file name can be prefixed with ltsv: in order to store logs using the
+## LTSV format (ex: ltsv:/tmp/dns-queries.log).
+
+# QueryLogFile /tmp/dns-queries.log
+
+
+## Log file to write server errors and information to.
+## If you use this tool for privacy, keeping logs of any kind is usually not
+## a good idea.
+
+LogFile /var/log/dnscrypt-proxy/dnscrypt-proxy.log
+
+
+## Don't log events with priority above this log level after the service has
+## been started up. Default is 6.
+## Valid values are between 0 (critical) to 7 (debug-level messages).
+
+# LogLevel 6
+
+
+## [NOT AVAILABLE ON WINDOWS] Send server logs to the syslog daemon
+## Log entries can optionally be prefixed with a string.
+
+# Syslog       off
+# SyslogPrefix dnscrypt
+
+
+
+############## Local filtering ##############
+
+## If your network doesn't support IPv6, chances are that your
+## applications are still constantly trying to resolve IPv6 addresses,
+## causing unnecessary slowdowns.
+## This causes the proxy to immediately reply to IPv6 requests,
+## without having to send a useless request to upstream resolvers, and
+## having to wait for a response.
+## This uses a plugin that requires dnscrypt-proxy to be compiled with
+## the ldns library.
+
+BlockIPv6 no
+
+
+## Want to filter ads, malware, sensitive or inappropriate websites and
+## domain names? This feature can block lists of IP addresses and names
+## matching a list of patterns. The list of rules remains private, and
+## the filtering process directly happens on your own network. In order
+## to filter IP addresses, the list of IPs has to be put into a text
+## file, with one IP address per line. Lists of domain names can also be
+## blocked as well. Put the list into a text file, one domain per line.
+## Domains can include wildcards (*) in order to match patterns. For
+## example *sex* will match any name that contains the sex substring, and
+## ads.* will match anything starting with ads. The Internet has plenty
+## of free feeds of IP addresses and domain names used for malware,
+## phishing and spam that you can use with this feature.
+##
+## This uses a plugin that requires dnscrypt-proxy to be compiled with
+## the ldns library.
+##
+## To enable, uncomment one of the following definitions:
+
+## Block query names matching the rules stored in that file:
+# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt"
+
+## Block responses whose IP addresses match IPs stored in that file:
+# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt"
+
+## Block both domain names and IP addresses:
+# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt"
+
+## Same as the above + log the blocked queries in a file.
+## The log file can be prefixed with ltsv: (ex: ltsv:/tmp/log.txt) in order to
+## store logs using the LTSV format.
+# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" logfile:"/var/log/dnscrypt-blocked.log"
+# BlackList ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log"
+# BlackList domains:"/etc/dnscrypt-blacklist-domains.txt" ips:"/etc/dnscrypt-blacklist-ips.txt" logfile:"/var/log/dnscrypt-blocked.log"
+
+
+
+############## User identification ##############
+
+## Use a client public key for identification
+## By default, the client uses a randomized key pair in order to make tracking
+## more difficult. This option does the opposite and uses a static key pair, so
+## that DNS providers can offer premium services to queries signed with a known
+## set of public keys. A client cannot decrypt the received responses without
+## also knowing the secret key.
+## The value for this property is the path to a file containing the secret key,
+## encoded as a hexadecimal string. The corresponding public key is computed
+## automatically.
+
+# ClientKey /etc/dnscrypt-client-secret.key
+
+
+
+############## Monitoring ##############
+
+## Do not actually start the proxy, but check that a valid certificate can be
+## retrieved from the server and that it will remain valid for the specified
+## time period. The process exit code is 0 if a valid certificate can be used,
+## 2 if no valid certificates can be used, 3 if a timeout occurred, and 4 if a
+## currently valid certificate is going to expire before the given margin.
+## Useful in a cron job to monitor your own dnscrypt-servers.
+## The margin is specified in minutes.
+
+# Test 2880
+
+
+
+############## Recursive configuration ##############
+
+## A configuration file can include other configuration files by inserting
+## the `Include` directive anywhere (the full path required, no quotes):
+
+# Include /etc/dnscrypt-proxy-common.conf
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.default b/network/dnscrypt-proxy/dnscrypt-proxy.default
index 1f8408ffe2..3979212ade 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.default
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.default
@@ -1,85 +1,22 @@
 # /etc/default/dnscrypt-proxy
 
-# This file contains the configuration settings for dnscrypt-proxy. This file
-# supports configuring and running multiple instances (see the bottom of this
-# file for a sample secondary configuration).
-
-# CHROOTDIR should be the same path as the USER's home directory.
-# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody,
-# this should be "/".
+# This file contains additional configuration settings for dnscrypt-proxy
+# (primary configuration belongs in the dnscrypt-proxy configuration file).
+# This file supports configuring and running multiple instances (see the bottom
+# of this file for a sample secondary configuration).
+
+# CHROOTDIR should be the same path as the daemon user's home directory. For
+# the standard dnscrypt user this should be "/run/dnscrypt". For nobody, this
+# should be "/".
 CHROOTDIR[0]="/run/dnscrypt"
 #CHROOTDIR[0]="/"
 
-# The local address and (optional) port to listen on. The default port is 53.
-LOCALADDRESS[0]="127.0.0.1:53"
-
-# The pid file for this instance. PIDFILE must always be specified for each
-# instance!
-PIDFILE[0]="/var/run/dnscrypt-proxy/dnscrypt-proxy-0.pid"
-
-# Runs the daemon as the following user and chroots to that user's home
-# directory (this is a security feature -- it is best not to change this!)
-USER[0]="dnscrypt"
-#USER[0]="nobody"
-
-# If RESOLVERNAME is set, then RESOLVERADDRESS, PROVIDERNAME, and
-# PROVIDERKEY will be ignored. RESOLVERNAME should be the name of a resolver
-# from RESOLVERSLIST (the first column).
-RESOLVERNAME[0]="cisco"
-
-# Specify the location of the resolver list, used if RESOLVERNAME is set.
-RESOLVERSLIST[0]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
-
-# If RESOLVERNAME is unset, RESOLVERADDRESS, PROVIDERNAME and PROVIDERKEY are
-# the settings of the remote DNSCrypt provider.
-#RESOLVERADDRESS[0]="208.67.220.220:443"
-#PROVIDERNAME[0]="2.dnscrypt-cert.opendns.com"
-#PROVIDERKEY[0]="B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79"
-
-# By default, queries are always sent with the same public key, allowing
-# providers to link this public key to the different IP addresses you
-# are using. Enabling ephemeral keys requires extra CPU cycles, but
-# mitigates this by computing an ephemeral key pair for every query.
-#EPHEMERALKEYS[0]="no"
-
-# Use client authentication (ie. a static client key) instead of randomly
-# generating one. This should point to a private file. Its content does *not*
-# need to be known by the DNS service provider. See
-# /usr/doc/dnscrypt-proxy-@VERSION@/README.markdown for more information. This
-# option conflicts with EPHEMERALKEYS.
-#CLIENTKEY[0]="/etc/dnscrypt.clientkey"
-
-# Transparently add an OPT pseudo-RR to outgoing queries in order to enable
-# the EDNS0 extension mechanism. The payload size is the size of the largest
-# response we accept from the resolver before retrying over TCP. This feature
-# is enabled by default, with a payload size  of  1252 bytes. Any value below
-# 512 disables it.
-#EDNSPAYLOADSIZE[0]="1252"
-
-# Set the maximum number of simultaneous active requests (default 250).
-#MAXACTIVEREQUESTS[0]="250"
-
-# Use TCP instead of UDP. This is slower than UDP, and this workaround should
-# never be used except when bypassing a filter is actually required. Moreover,
-# multiple queries over a single TCP connection aren't supported yet.
-# Don't use this unless you have to. Defaults to off ("no").
-#TCPONLY[0]="no"
-
-# Load the following plugins. None are loaded by default. See
-# /usr/doc/dnscrypt-proxy-@VERSION@/README-PLUGINS.markdown for more
-# information.
-#PLUGINS[0]="libdcplugin_example,--ips=/etc/blk-ips,--domains=/etc/blk-names \
-#libdcplugin_example_logging,/var/log/dns.log"
-
-# Where and what to log. The default LOGLEVEL is LOG_INFO.
-#LOGLEVEL[0]="LOG_INFO"
-LOGFILE[0]="/var/log/dnscrypt-proxy/dnscrypt-proxy.log"
+# DNSCRYPTCONFIG should be the path to the dnscrypt-proxy configuration file
+# for the given instance. Note that PidFile must be defined in the config for
+# the rc.dnscrypt start/stop script to function properly!
+DNSCRYPTCONFIG[0]="/etc/dnscrypt-proxy.conf"
 
-# A simple example configuration for a second instance
+# A simple example configuration for a second instance (note that this would
+# require a new dnscrypt-proxy configuration file)
 #CHROOTDIR[1]="/run/dnscrypt"
-#LOCALADDRESS[1]="127.0.0.2:53"
-#PIDFILE[1]="/var/run/dnscrypt-proxy/dnscrypt-proxy-1.pid"
-#USER[1]="dnscrypt"
-#RESOLVERNAME[1]="cloudns-can"
-#RESOLVERSLIST[1]="/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
-#LOGFILE[1]="/var/log/dnscrypt-proxy/dnscrypt-proxy-1.log"
+#DNSCRYPTCONFIG[1]="/etc/dnscrypt-proxy-1.conf"
diff --git a/network/dnscrypt-proxy/dnscrypt-proxy.info b/network/dnscrypt-proxy/dnscrypt-proxy.info
index 87a6bcc644..f25f91b36c 100644
--- a/network/dnscrypt-proxy/dnscrypt-proxy.info
+++ b/network/dnscrypt-proxy/dnscrypt-proxy.info
@@ -1,8 +1,8 @@
 PRGNAM="dnscrypt-proxy"
-VERSION="1.7.0"
+VERSION="1.9.5"
 HOMEPAGE="https://dnscrypt.org/"
-DOWNLOAD="https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.7.0.tar.bz2"
-MD5SUM="e8049148b5401c6bc76cfaf11dcde635"
+DOWNLOAD="https://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.9.5.tar.bz2"
+MD5SUM="0c356411ae4b1d984eacc452d033ff76"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 REQUIRES="libsodium"
diff --git a/network/dnscrypt-proxy/doinst.sh b/network/dnscrypt-proxy/doinst.sh
index 11fd7612c2..0dffe8a4a8 100644
--- a/network/dnscrypt-proxy/doinst.sh
+++ b/network/dnscrypt-proxy/doinst.sh
@@ -24,4 +24,5 @@ preserve_perms() {
 
 preserve_perms etc/rc.d/rc.dnscrypt-proxy.new
 config etc/default/dnscrypt-proxy.new
+config etc/dnscrypt-proxy.conf.new
 config etc/logrotate.d/dnscrypt-proxy.new
diff --git a/network/dnscrypt-proxy/rc.dnscrypt-proxy b/network/dnscrypt-proxy/rc.dnscrypt-proxy
index 221df34842..fd747759d1 100644
--- a/network/dnscrypt-proxy/rc.dnscrypt-proxy
+++ b/network/dnscrypt-proxy/rc.dnscrypt-proxy
@@ -6,11 +6,16 @@ DAEMON="/usr/sbin/dnscrypt-proxy"
 . $CONFIGFILE
 
 start_instance() {
-    if [ -z ${PIDFILE[$1]} ]; then
+    if [ ! -r ${DNSCRYPTCONFIG[$1]} ]; then
         echo "No configuration for instance $1 found!"
         return
     fi
-    if [ -r ${PIDFILE[$1]} ]; then
+    PIDFILE=$(grep -i "^[[:space:]]*PidFile[[:space:]]\+." ${DNSCRYPTCONFIG[$1]} | awk '{print $2}')
+    if [ -z ${PIDFILE} ]; then
+        echo "No PID configuration for instance $1 found!"
+        return
+    fi
+    if [ -r ${PIDFILE} ]; then
         echo "dnscrypt-proxy (instance $1) already running!"
         return
     fi
@@ -31,87 +36,48 @@ start_instance() {
             if [ ! -c ${CHROOTDIR[$1]}/dev/urandom ]; then
                 mknod -m 666 ${CHROOTDIR[$1]}/dev/urandom c 1 9
             fi
+            if [ ! -c ${CHROOTDIR[$1]}/dev/random ]; then
+                mknod -m 666 ${CHROOTDIR[$1]}/dev/random c 1 8
+            fi
         fi
     fi
 
-    OPTIONS="-d"
-    if [ -n "${LOCALADDRESS[$1]}" ]; then
-        OPTIONS="${OPTIONS} --local-address=${LOCALADDRESS[$1]}"
-    fi
-    if [ -n "${PIDFILE[$1]}" ]; then
-        OPTIONS="${OPTIONS} --pidfile=${PIDFILE[$1]}"
-    fi
-    if [ -n "${USER[$1]}" ]; then
-        OPTIONS="${OPTIONS} --user=${USER[$1]}"
-    fi
-    if [ -n "${RESOLVERNAME[$1]}" ]; then
-        OPTIONS="${OPTIONS} --resolver-name=${RESOLVERNAME[$1]}"
-    fi
-    if [ -n "${RESOLVERSLIST[$1]}" ]; then
-        OPTIONS="${OPTIONS} --resolvers-list=${RESOLVERSLIST[$1]}"
-    fi
-    if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${RESOLVERADDRESS[$1]}" ]; then
-        OPTIONS="${OPTIONS} --resolver-address=${RESOLVERADDRESS[$1]}"
-    fi
-    if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERNAME[$1]}" ]; then
-        OPTIONS="${OPTIONS} --provider-name=${PROVIDERNAME[$1]}"
-    fi
-    if [ -z "${RESOLVERNAME[$1]}" ] && [ -n "${PROVIDERKEY[$1]}" ]; then
-        OPTIONS="${OPTIONS} --provider-key=${PROVIDERKEY[$1]}"
-    fi
-    if [ "${EPHEMERALKEYS[$1]}" == "yes" ]; then
-        OPTIONS="${OPTIONS} --ephemeral-keys"
-    fi
-    if [ -n "${CLIENTKEY[$1]}" ]; then
-        OPTIONS="${OPTIONS} --client-key=${CLIENTKEY[$1]}"
-    fi
-    if [ -n "${EDNSPAYLOADSIZE[$1]}" ]; then
-        OPTIONS="${OPTIONS} --edns-payload-size=${EDNSPAYLOADSIZE[$1]}"
-    fi
-    if [ -n "${MAXACTIVEREQUESTS[$1]}" ]; then
-        OPTIONS="${OPTIONS} --max-active-requests=${MAXACTIVEREQUESTS[$1]}"
-    fi
-    if [ "${TCPONLY[$1]}" == "yes" ]; then
-        OPTIONS="${OPTIONS} --tcp-only"
-    fi
-    if [ -n "${PLUGINS[$1]}" ]; then
-        for plugin in ${PLUGINS[$1]}
-        do
-            OPTIONS="${OPTIONS} --plugin=${plugin}"
-        done
-    fi
-    if [ -n "${LOGLEVEL[$1]}" ]; then
-        OPTIONS="${OPTIONS} --loglevel=${LOGLEVEL[$1]}"
-    fi
-    if [ -n "${LOGFILE[$1]}" ]; then
-        OPTIONS="${OPTIONS} --logfile=${LOGFILE[$1]}"
-    fi
-    $DAEMON $OPTIONS
+    $DAEMON ${DNSCRYPTCONFIG[$1]}
 }
 
 stop_instance() {
-    if [ -z ${PIDFILE[$1]} ]; then
+    if [ ! -r ${DNSCRYPTCONFIG[$1]} ]; then
         echo "No configuration for instance $1 found!"
         return
     fi
-    if [ ! -r ${PIDFILE[$1]} ]; then
+    PIDFILE=$(grep -i "^[[:space:]]*PidFile[[:space:]]\+." ${DNSCRYPTCONFIG[$1]} | awk '{print $2}')
+    if [ -z ${PIDFILE} ]; then
+        echo "No PID configuration for instance $1 found!"
+        return
+    fi
+    if [ ! -r ${PIDFILE} ]; then
         echo "dnscrypt-proxy (instance $1) is not running!"
         return
     fi
     echo "Stopping dnscrypt-proxy (instance $1)..."
-    kill $(cat ${PIDFILE[$1]})
+    kill $(cat ${PIDFILE})
 }
 
 status_instance() {
-    if [ -z ${PIDFILE[$1]} ]; then
+    if [ ! -r ${DNSCRYPTCONFIG[$1]} ]; then
         echo "No configuration for instance $1 found!"
         return
     fi
-    if [ ! -r ${PIDFILE[$1]} ]; then
+    PIDFILE=$(grep -i "^[[:space:]]*PidFile[[:space:]]\+." ${DNSCRYPTCONFIG[$1]} | awk '{print $2}')
+    if [ -z ${PIDFILE} ]; then
+        echo "No PID configuration for instance $1 found!"
+        return
+    fi
+    if [ ! -r ${PIDFILE} ]; then
         echo "dnscrypt-proxy (instance $1) is not running."
         return
     fi
-    PID=$(cat ${PIDFILE[$1]})
+    PID=$(cat ${PIDFILE})
     if [ -z "$PID" ]; then
         echo "PID file is empty! dnscrypt-proxy (instance $1) does not appear to be running, but there is a stale PID file."
     elif kill -0 $PID ; then
@@ -122,21 +88,21 @@ status_instance() {
 }
 
 start() {
-    for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
+    for i in `/usr/bin/seq 0 $((${#DNSCRYPTCONFIG[@]}-1))`
     do
         start_instance $i
     done
 }
 
 stop() {
-    for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
+    for i in `/usr/bin/seq 0 $((${#DNSCRYPTCONFIG[@]}-1))`
     do
         stop_instance $i
     done
 }
 
 status() {
-    for i in `/usr/bin/seq 0 $((${#PIDFILE[@]}-1))`
+    for i in `/usr/bin/seq 0 $((${#DNSCRYPTCONFIG[@]}-1))`
     do
         status_instance $i
     done