<86>Mar 1 08:04:46 userdel[3066192]: delete user 'rooter' <86>Mar 1 08:04:46 userdel[3066192]: removed group 'rooter' owned by 'rooter' <86>Mar 1 08:04:46 userdel[3066192]: removed shadow group 'rooter' owned by 'rooter' <86>Mar 1 08:04:46 groupadd[3066230]: group added to /etc/group: name=rooter, GID=1862 <86>Mar 1 08:04:46 groupadd[3066230]: group added to /etc/gshadow: name=rooter <86>Mar 1 08:04:46 groupadd[3066230]: new group: name=rooter, GID=1862 <86>Mar 1 08:04:46 useradd[3066260]: new user: name=rooter, UID=1862, GID=1862, home=/root, shell=/bin/bash, from=none <86>Mar 1 08:04:46 userdel[3066299]: delete user 'builder' <86>Mar 1 08:04:46 userdel[3066299]: removed group 'builder' owned by 'builder' <86>Mar 1 08:04:46 userdel[3066299]: removed shadow group 'builder' owned by 'builder' <86>Mar 1 08:04:46 groupadd[3066339]: group added to /etc/group: name=builder, GID=1863 <86>Mar 1 08:04:46 groupadd[3066339]: group added to /etc/gshadow: name=builder <86>Mar 1 08:04:46 groupadd[3066339]: new group: name=builder, GID=1863 <86>Mar 1 08:04:46 useradd[3066358]: new user: name=builder, UID=1863, GID=1863, home=/usr/src, shell=/bin/bash, from=none <13>Mar 1 08:04:50 rpmi: libidn2-2.3.7-alt1 sisyphus+339505.100.1.2 1706718975 installed <13>Mar 1 08:04:50 rpmi: libnettle8-3.10.1-alt1 sisyphus+372008.100.1.1 1738078268 installed <13>Mar 1 08:04:50 rpmi: strace-6.13-alt1 sisyphus+370979.100.1.1 1737630050 installed <13>Mar 1 08:04:50 rpmi: libgdbm-1.8.3-alt10 sisyphus+346222.200.3.2 1716468406 installed <13>Mar 1 08:04:50 rpmi: libexpat-2.6.4-alt1 sisyphus+365521.100.1.1 1734700247 installed <13>Mar 1 08:04:50 rpmi: less-633-alt1 sisyphus+328181.300.2.1 1693321749 installed <13>Mar 1 08:04:50 rpmi: libtcl-8.6.13-alt1 sisyphus+310696.100.1.1 1669548256 installed <13>Mar 1 08:04:50 rpmi: libp11-kit-1:0.25.5-alt1 sisyphus+352553.100.1.1 1720622586 installed <13>Mar 1 08:04:50 rpmi: libtasn1-4.20.0-alt2 sisyphus+375829.100.1.1 1740299335 installed <13>Mar 1 08:04:50 rpmi: tcl-8.6.13-alt1 sisyphus+310696.100.1.1 1669548256 installed <13>Mar 1 08:04:50 rpmi: libhogweed6-3.10.1-alt1 sisyphus+372008.100.1.1 1738078268 installed <13>Mar 1 08:04:50 rpmi: libgnutls30-3.8.9-alt1 sisyphus+375558.200.1.1 1740143098 installed <13>Mar 1 08:04:50 rpmi: libngtcp2.16-1.11.0-alt2 sisyphus+376238.100.1.1 1740635090 installed <13>Mar 1 08:04:50 rpmi: libngtcp2_crypto_gnutls8-1.11.0-alt2 sisyphus+376238.100.1.1 1740635090 installed <13>Mar 1 08:04:50 rpmi: groff-base-1.22.3-alt2 sisyphus+346264.200.2.1 1716421485 installed <13>Mar 1 08:04:50 rpmi: libpipeline-1.5.7-alt1_1 sisyphus+312433.100.1.1 1671879776 installed <13>Mar 1 08:04:50 rpmi: sudo-1:1.9.16p2-alt1 sisyphus+366698.200.5.1 1736030462 installed <13>Mar 1 08:04:50 rpmi: libmpdec3-2.5.1-alt3 sisyphus+314490.500.5.1 1675432033 installed <13>Mar 1 08:04:50 rpmi: libb2-0.98.1-alt1_1 sisyphus+291614.100.1.1 1638962878 installed <13>Mar 1 08:04:50 rpmi: publicsuffix-list-dafsa-20250131-alt1 sisyphus+373297.100.1.1 1738767834 installed <13>Mar 1 08:04:50 rpmi: libpsl-0.21.5-alt1 sisyphus+338474.100.1.1 1705684771 installed <13>Mar 1 08:04:50 rpmi: libnghttp3.9-1.8.0-alt1 sisyphus+375942.100.1.1 1740420760 installed <13>Mar 1 08:04:50 rpmi: libnghttp2-1.64.0-alt1 sisyphus+363795.200.2.1 1733118560 installed <13>Mar 1 08:04:50 rpmi: openldap-common-2.6.9-alt2 sisyphus+367501.300.4.1 1735841751 installed <13>Mar 1 08:04:50 rpmi: libntlm-1.5-alt1 sisyphus+278100.3300.1.1 1626059663 installed <13>Mar 1 08:04:50 rpmi: libidn-1.37-alt2 sisyphus+300849.100.1.1 1653769693 installed <13>Mar 1 08:04:50 rpmi: libbrotlicommon-1.1.0-alt1 sisyphus+328501.100.1.1 1693598420 installed <13>Mar 1 08:04:50 rpmi: libbrotlidec-1.1.0-alt1 sisyphus+328501.100.1.1 1693598420 installed <13>Mar 1 08:04:50 rpmi: libxxhash-0.8.2-alt1 sisyphus+336514.200.7.1 1702672120 installed <13>Mar 1 08:04:50 rpmi: liblz4-1:1.9.4-alt1 sisyphus+309416.100.1.1 1667413000 installed <13>Mar 1 08:04:50 rpmi: libverto-0.3.2-alt1_1 sisyphus+321176.2200.10.2 1684806164 installed <13>Mar 1 08:04:50 rpmi: liblmdb-0.9.33-alt1 sisyphus+360625.100.1.1 1729819639 installed <13>Mar 1 08:04:50 rpmi: libkeyutils-1.6.3-alt1 sisyphus+346336.200.2.2 1716472658 installed <13>Mar 1 08:04:50 rpmi: libcom_err-1.47.1.0.10.ad56-alt2 sisyphus+363497.200.3.1 1732729916 installed <13>Mar 1 08:04:50 rpmi: libedit3-3.1.20230828-alt1 sisyphus+330914.200.3.1 1696922745 installed <13>Mar 1 08:04:50 rpmi: openssl-config-3.2.0-alt1 sisyphus+366659.140.4.1 1736956949 installed <13>Mar 1 08:04:50 rpmi: diffstat-1.64-alt1 sisyphus+346132.200.3.2 1716466240 installed <13>Mar 1 08:04:50 rpmi: rpm-macros-alternatives-0.5.3-alt1 sisyphus+371878.100.1.1 1737988822 installed <13>Mar 1 08:04:50 rpmi: alternatives-0.5.3-alt1 sisyphus+371878.100.1.1 1737988822 installed <13>Mar 1 08:04:50 rpmi: ca-certificates-2025.02.10-alt1 sisyphus+374228.100.4.1 1739265441 installed <13>Mar 1 08:04:50 rpmi: ca-trust-0.2.0-alt1 sisyphus+344843.100.1.1 1712743326 installed <13>Mar 1 08:04:50 rpmi: p11-kit-trust-1:0.25.5-alt1 sisyphus+352553.100.1.1 1720622586 installed <13>Mar 1 08:04:50 rpmi: libcrypto3-3.3.3-alt1 sisyphus+374381.40.2.1 1739299702 installed <13>Mar 1 08:04:50 rpmi: libssl3-3.3.3-alt1 sisyphus+374381.40.2.1 1739299702 installed <86>Mar 1 08:04:50 groupadd[3091885]: group added to /etc/group: name=_keytab, GID=999 <86>Mar 1 08:04:50 groupadd[3091885]: group added to /etc/gshadow: name=_keytab <86>Mar 1 08:04:50 groupadd[3091885]: new group: name=_keytab, GID=999 <13>Mar 1 08:04:50 rpmi: libkrb5-1.21.3-alt2 sisyphus+351857.100.1.1 1719735219 installed <13>Mar 1 08:04:51 rpmi: python3-3.12.9-alt1 sisyphus+376344.100.1.1 1740742068 installed <13>Mar 1 08:04:51 rpmi: python3-base-3.12.9-alt1 sisyphus+376344.100.1.1 1740742068 installed <13>Mar 1 08:04:51 rpmi: libgsasl18-2.2.1-alt2 sisyphus+359713.200.2.1 1728905438 installed <86>Mar 1 08:04:51 groupadd[3094037]: group added to /etc/group: name=sasl, GID=998 <86>Mar 1 08:04:51 groupadd[3094037]: group added to /etc/gshadow: name=sasl <86>Mar 1 08:04:51 groupadd[3094037]: new group: name=sasl, GID=998 <13>Mar 1 08:04:51 rpmi: libsasl2-3-2.1.28-alt2.1 sisyphus+367419.100.1.1 1735482553 installed <13>Mar 1 08:04:51 rpmi: libldap2-2.6.9-alt2 sisyphus+367501.300.4.1 1735841767 installed <13>Mar 1 08:04:51 rpmi: openssh-common-9.6p1-alt3 sisyphus+375192.100.1.1 1739876271 installed <86>Mar 1 08:04:51 groupadd[3094173]: group added to /etc/group: name=sshagent, GID=997 <86>Mar 1 08:04:51 groupadd[3094173]: group added to /etc/gshadow: name=sshagent <86>Mar 1 08:04:51 groupadd[3094173]: new group: name=sshagent, GID=997 <13>Mar 1 08:04:51 rpmi: openssh-clients-9.6p1-alt3 sisyphus+375192.100.1.1 1739876271 installed <13>Mar 1 08:04:51 rpmi: rsync-3.2.7-alt3 sisyphus+372266.100.1.1 1738342244 installed <13>Mar 1 08:04:51 rpmi: libssh2-1.11.0-alt2 sisyphus+339356.100.1.1 1706593140 installed <13>Mar 1 08:04:51 rpmi: libcurl-8.12.1-alt1 sisyphus+374517.100.1.1 1739435639 installed <13>Mar 1 08:04:52 rpmi: git-core-2.42.4-alt1 sisyphus+369547.100.1.1 1736878364 installed <13>Mar 1 08:04:52 rpmi: firejail-0.9.72-alt1 sisyphus+317164.100.1.1 1679407004 installed <13>Mar 1 08:04:52 rpmi: libssl-devel-3.3.3-alt1 sisyphus+374381.40.2.1 1739299702 installed <13>Mar 1 08:04:52 rpmi: man-db-2.12.0-alt1 sisyphus+336930.2100.1.1 1703107336 installed <13>Mar 1 08:04:52 rpmi: expect-1:5.45.4-alt4 sisyphus+346181.200.2.1 1716350293 installed <13>Mar 1 08:04:52 rpmi: libseccomp-devel-2.6.0-alt1 sisyphus+371792.300.3.1 1737894568 installed Building target platforms: i586 Building for target i586 Wrote: /usr/src/in/nosrpm/fdns-0.9.72-alt1.nosrc.rpm (w1.gzdio) Installing fdns-0.9.72-alt1.src.rpm Building target platforms: i586 Building for target i586 Executing(%prep): /bin/sh -e /usr/src/tmp/rpm-tmp.54209 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + rm -rf fdns-0.9.72 + echo 'Source #0 (fdns-0.9.72.tar):' Source #0 (fdns-0.9.72.tar): + /bin/tar -xf /usr/src/RPM/SOURCES/fdns-0.9.72.tar + cd fdns-0.9.72 + echo 'Source #1 (fdns-0.9.72-etc-blocklists.tar):' Source #1 (fdns-0.9.72-etc-blocklists.tar): + /bin/tar -xf /usr/src/RPM/SOURCES/fdns-0.9.72-etc-blocklists.tar + /bin/chmod -c -Rf u+rwX,go-w . + echo 'Patch #0 (fdns-0.9.72-alt.patch):' Patch #0 (fdns-0.9.72-alt.patch): + /usr/bin/patch -p1 patching file src/fdns/fdns.h patching file src/fdns/main.c patching file src/fdns/server.c patching file src/fdns/ssl.c patching file test/fdns/all-interfaces.exp patching file test/fdns/blocklist-file.exp patching file test/fdns/blocklist.exp patching file test/fdns/dotvsh2.exp patching file test/fdns/fallback.exp patching file test/fdns/filter-doh.exp patching file test/fdns/filter.exp patching file test/fdns/forwarder.exp patching file test/fdns/help-man.exp patching file test/fdns/invalid-server.exp patching file test/fdns/ipv6.exp patching file test/fdns/keepalive.exp patching file test/fdns/list-adblocker.exp patching file test/fdns/list-all.exp patching file test/fdns/list-anycast.exp patching file test/fdns/list-family.exp patching file test/fdns/list-opennic.exp patching file test/fdns/list-security.exp patching file test/fdns/list.exp patching file test/fdns/local-doh.exp patching file test/fdns/monitor.exp patching file test/fdns/multiserver.exp patching file test/fdns/nofilter.exp patching file test/fdns/print-requests.exp patching file test/fdns/restart-workers.exp patching file test/fdns/server-anycast.exp patching file test/fdns/test-servers-anycast.exp patching file test/fdns/test-servers.exp patching file test/fdns/test-url-list.exp patching file test/fdns/test-url.exp patching file test/fdns/test-user.sh patching file test/fdns/test.sh patching file test/fdns/transport-udp.exp patching file test/fdns/transport.exp patching file test/fdns/unlisted.exp patching file test/fdns/wget.exp patching file test/fdns/whitelist-file.exp patching file test/fdns/whitelist.exp patching file test/fdns/workers.exp + exit 0 Executing(%build): /bin/sh -e /usr/src/tmp/rpm-tmp.54209 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd fdns-0.9.72 + CFLAGS='-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic' + export CFLAGS + CXXFLAGS='-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic' + export CXXFLAGS + FFLAGS='-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic' + export FFLAGS + FCFLAGS='-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic' + export FCFLAGS + '[' -n '' ']' ++ printf %s '-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic' ++ sed -r 's/(^|[[:space:]]+)-[^m][^[:space:]]*//g' + ASFLAGS=' -march=i586 -mtune=generic' + export ASFLAGS + export lt_cv_deplibs_check_method=pass_all + lt_cv_deplibs_check_method=pass_all + readlink -e -- ./configure + xargs -ri dirname -- '{}' + xargs -ri find '{}' -type f '(' -name config.sub -or -name config.guess ')' -printf '%h/\n' + sort -u + xargs -rn1 install -pm755 -- /usr/share/gnu-config/config.sub /usr/share/gnu-config/config.guess + configure_runstatedir_flags= + grep -qF runstatedir=DIR ./configure + configure_runstatedir_flags=--runstatedir=/var/run + ./configure --build=i586-alt-linux --host=i586-alt-linux --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/lib --localstatedir=/var/lib --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --disable-silent-rules --runstatedir=/var/run --without-included-gettext configure: WARNING: unrecognized options: --disable-dependency-tracking, --disable-silent-rules, --without-included-gettext checking for i586-alt-linux-gcc... i586-alt-linux-gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether the compiler supports GNU C... yes checking whether i586-alt-linux-gcc accepts -g... yes checking for i586-alt-linux-gcc option to enable C11 features... none needed checking for a BSD-compatible install... /usr/bin/ginstall -c checking for i586-alt-linux-ranlib... no checking for ranlib... ranlib checking whether C compiler accepts -mindirect-branch=thunk... yes checking whether C compiler accepts -mretpoline... no checking whether C compiler accepts -fstack-clash-protection... yes checking whether C compiler accepts -fstack-protector-strong... yes checking for main in -lpthread... yes checking for stdio.h... yes checking for stdlib.h... yes checking for string.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for strings.h... yes checking for sys/stat.h... yes checking for sys/types.h... yes checking for unistd.h... yes checking for pthread.h... yes checking for i586-alt-linux-pkg-config... no checking for pkg-config... pkg-config checking whether compiling and linking against OpenSSL works... yes OpenSSL library found checking for main in -lseccomp... yes checking for seccomp.h... yes configure: creating ./config.status config.status: creating Makefile config.status: creating src/common.mk config.status: creating src/fdns/Makefile config.status: creating src/nxdomain/Makefile configure: WARNING: unrecognized options: --disable-dependency-tracking, --disable-silent-rules, --without-included-gettext Configuration options: prefix: /usr sysconfdir: /etc systemd directory: /etc/fdns Spectre compiler patch: yes apparmor: seccomp: -DHAVE_SECCOMP EXTRA_LDFLAGS: EXTRA_CFLAGS: -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong fatal warnings: Gcov instrumentation: + make -j16 make -C src/fdns make -C src/nxdomain make: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72' ./mkman.sh 0.9.72 src/man/nxdomain.txt nxdomain.1 make: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72' make: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72' ./mkman.sh 0.9.72 src/man/fdns.txt fdns.1 make: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c hpack_static.c -o hpack_static.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c resolver.c -o resolver.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c dnsdb.c -o dnsdb.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c forwarder.c -o forwarder.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c log.c -o log.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c dns.c -o dns.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c cache.c -o cache.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c huffman.c -o huffman.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c h11.c -o h11.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c dot.c -o dot.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c lint.c -o lint.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c filter.c -o filter.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c nxdomain.c -o nxdomain.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition nxdomain.c: In function 'test': nxdomain.c:92:14: warning: unused variable 'buf' [-Wunused-variable] 92 | char buf[LINE_MAX]; | ^~~ make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c net.c -o net.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c h2.c -o h2.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c timetrace.c -o timetrace.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c main.c -o main.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c frontend.c -o frontend.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition frontend.c: In function 'frontend': frontend.c:489:121: warning: left-hand operand of comma expression has no effect [-Wunused-value] 489 | stats.query_time = (s.query_time * 0.18) + (stats.query_time * 0,82); | ^ make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c procs.c -o procs.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c security.c -o security.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c whitelist.c -o whitelist.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c shmem.c -o shmem.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c resolver.c -o resolver.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c server.c -o server.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -march=i586 -mtune=generic -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c ssl.c -o ssl.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' i586-alt-linux-gcc -pie -Wl,-z,relro -Wl,-z,now -lpthread -lseccomp -o nxdomain nxdomain.o resolver.o make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' i586-alt-linux-gcc -pie -Wl,-z,relro -Wl,-z,now -lpthread -lseccomp -o fdns cache.o dns.o dnsdb.o dot.o filter.o forwarder.o frontend.o h11.o h2.o hpack_static.o huffman.o lint.o log.o main.o net.o procs.o resolver.o security.o server.o shmem.o ssl.o timetrace.o whitelist.o -lssl -lcrypto -lrt -lseccomp make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' + exit 0 Executing(%install): /bin/sh -e /usr/src/tmp/rpm-tmp.46369 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + /bin/chmod -Rf u+rwX -- /usr/src/tmp/fdns-buildroot + : + /bin/rm -rf -- /usr/src/tmp/fdns-buildroot + PATH=/usr/libexec/rpm-build:/usr/src/bin:/usr/bin:/bin:/usr/local/bin:/usr/games + cd fdns-0.9.72 + make 'INSTALL=/usr/libexec/rpm-build/install -p' install DESTDIR=/usr/src/tmp/fdns-buildroot SYSTEMD_DIR=/usr/lib/systemd/system make: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72' make -C src/fdns make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make -C src/nxdomain make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make realinstall make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72' # fdns executable install -m 0755 -d /usr/src/tmp/fdns-buildroot//usr/bin install -c -m 0755 src/fdns/fdns /usr/src/tmp/fdns-buildroot//usr/bin/. install -c -m 0755 src/nxdomain/nxdomain /usr/src/tmp/fdns-buildroot//usr/bin/. # documents install -m 0755 -d /usr/src/tmp/fdns-buildroot//usr/share/doc/fdns install -c -m 0644 COPYING /usr/src/tmp/fdns-buildroot//usr/share/doc/fdns/. install -c -m 0644 README /usr/src/tmp/fdns-buildroot//usr/share/doc/fdns/. install -c -m 0644 RELNOTES /usr/src/tmp/fdns-buildroot//usr/share/doc/fdns/. # etc files install -m 0755 -d /usr/src/tmp/fdns-buildroot/etc/fdns install -m 0644 -t /usr/src/tmp/fdns-buildroot/etc/fdns etc/list.adblocker etc/list.coinblocker etc/list.fp-trackers etc/list.phishing etc/list.tld-blacklist etc/resolver.seccomp install -m 0644 -t /usr/src/tmp/fdns-buildroot/etc/fdns etc/servers etc/list.trackers # install server cusomization file sh -c "if [ ! -f /usr/src/tmp/fdns-buildroot//etc/fdns/servers.local ]; then install -c -m 0644 etc/servers.local /usr/src/tmp/fdns-buildroot//etc/fdns/servers.local; fi;" # systemd service unit install -Dm0644 etc/fdns.service /usr/src/tmp/fdns-buildroot/usr/lib/systemd/system/fdns.service # man pages echo "**********************************" ********************************** echo fdns.1 nxdomain.1 fdns.1 nxdomain.1 echo "**********************************" ********************************** install -m 0755 -d /usr/src/tmp/fdns-buildroot//usr/share/man/man1 for man in fdns.1 nxdomain.1; do \ rm -f $man.gz; \ gzip -9n $man; \ case "$man" in \ *.1) install -c -m 0644 $man.gz /usr/src/tmp/fdns-buildroot//usr/share/man/man1/; ;; \ esac; \ done rm -f fdns.1 nxdomain.1 fdns.1.gz nxdomain.1.gz # bash completion install -m 0755 -d /usr/src/tmp/fdns-buildroot//usr/share/bash-completion/completions install -c -m 0644 src/bash_completion/fdns.bash_completion /usr/src/tmp/fdns-buildroot//usr/share/bash-completion/completions/fdns make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72' make: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72' + /usr/lib/rpm/brp-alt Cleaning files in /usr/src/tmp/fdns-buildroot (auto) Verifying and fixing files in /usr/src/tmp/fdns-buildroot (binconfig,pkgconfig,libtool,desktop,gnuconfig) Checking contents of files in /usr/src/tmp/fdns-buildroot/ (default) Compressing files in /usr/src/tmp/fdns-buildroot (auto) Verifying systemd units in /usr/src/tmp/fdns-buildroot Adjusting library links in /usr/src/tmp/fdns-buildroot ./usr/lib: (from :0) Verifying ELF objects in /usr/src/tmp/fdns-buildroot (arch=normal,fhs=normal,lfs=relaxed,lint=relaxed,rpath=normal,stack=normal,textrel=normal,unresolved=normal) verify-elf: WARNING: ./usr/bin/fdns: uses non-LFS functions: fopen ftruncate mmap readdir stat verify-elf: WARNING: ./usr/bin/nxdomain: uses non-LFS functions: fopen mkstemp Splitting links to aliased files under /{,s}bin in /usr/src/tmp/fdns-buildroot Executing(%check): /bin/sh -e /usr/src/tmp/rpm-tmp.97025 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd fdns-0.9.72 + export PATH=/usr/src/bin:/usr/bin:/bin:/usr/local/bin:/usr/games:/usr/src/tmp/fdns-buildroot/usr/bin + PATH=/usr/src/bin:/usr/bin:/bin:/usr/local/bin:/usr/games:/usr/src/tmp/fdns-buildroot/usr/bin + export SHELL + export SERVER_LIST=/usr/src/tmp/fdns-buildroot/etc/fdns/servers + SERVER_LIST=/usr/src/tmp/fdns-buildroot/etc/fdns/servers + cd test/fdns + ./test-user.sh TESTING: help/man (test/fdns/help-man.exp) spawn /bin/bash fdns --server-list=/usr/src/tmp/fdns-buildroot/etc/fdns/servers --help [builder@localhost fdns]$ tmp [builder@localhost fdns]$ cat tmp FDNS(1) fdns man page FDNS(1) NAME fdns - Firejail DNS over HTTPS/TLS proxy SYNOPSIS Start the server (root user): fdns [OPTIONS] Start the monitor (regular user): fdns --monitor DESCRIPTION FDNS is an encrypted DNS proxy server for small networks and Linux desktops. To speed up the name resolution FDNS caches the responses, and uses a configurable adblocker and privacy filter to cut down the unnecessary traffic. We preconfigure FDNS with a large list of DoH/DoT service providers. For privacy reasons we use only services from non-logging providers. We prefer servers run out-of-pocket by students, engineers, open-source enthusiasts, privacy-oriented non-profit organizations, etc. Currently there are more than 100 such servers on our list. We also track a corporate category with several providers: Adguard, CleanBrowsing, Cloudflare, and Quad9. All have a non-logging privacy policy that will work in most parts of the world. The servers are organized using a simple geographically-aware tagging system. This allows the user to request specialized services such as adblocking, security, family filters, etc. Once started, FDNS chooses a server at random, as close geographically as possible. We derive the computer location from the timezone set- ting. There are no IP packets sent out to geolocation services. Three geographical zones are defined so far: Americas, AsiaPacific and Europe. Use --list=all option to print all the servers and the corre- sponding tags. OPTIONS --allow-all-queries Allow all DNS query types; by default only A queries are allowed. In case --ipv6 is set, AAAA queries are also allowed. --allow-expired-certs Allow expired SSL certificates during SSL connection. --allow-self-signed-certs Allow self-signed SSL certificates during SSL connection. Use this option for bringing up new servers. --blocklist=domain Block domain and return NXDOMAIN. Note: Blocking domains can also be requested in /etc/fdns/hosts file. This setting is global, and it will block the domains in all fdns instances running on your computer. Use --blocklist when you have multiple fdns proxies running, each instance with a different blocklist. Example: $ fdns --blocklist=fonts.googleaps.com --blocklist-file=filename Block all domains listed in the file. --cache-ttl=seconds Change DNS cache TTL, in seconds. By default we use a fixed cache TTL of 40 minutes. --certfile=filename Use an SSL certificate file in PEM format. By default we use the certificates installed by OpenSSL. Example: $ sudo fdns --certfile=/etc/ssl/certs/ca-certificates.crt --daemonize Detach from the controlling terminal and run as a Unix daemon. The typical way to start FDNS as network proxy is $ sudo fdns --proxy-addr-any --daemonize --debug Print debug messages. --debug-transport Print HTTP2 debug messages. --debug-ssl Print SSL/TLS debug messages. --details SSL connection information, HTTP headers and network traces are printed on the screen during the testing phase of the connec- tion. Example: $ fdns --test-server=cloudflare --details Testing server cloudflare Tags: anycast, Americas, AsiaPacific, Europe URL: https://cloudflare-dns.com/dns-query Bootstrap IP address: 1.1.1.1 Port: 443 TLSv1.3, ALPN h2, SNI no HTTP Header: ----------------------------- | (HPACK dynamic table size: 4096) | :status: 200 | server: cloudflare | date: Mon, 19 Jun 2023 11:20:53 GMT | content-type: application/dns-message | access-control-allow-origin: * | content-length: 77 | cf-ray: 7d9b62a62ff3ff84-BOS ----------------------------- SSL/TLS connection: 519.42 ms Network Trace: -----> rx 60 bytes: IP + TCP + TLS + H2-WINDOW-UPDATE -----> rx 187 bytes: IP + TCP + TLS + H2-HEADERS + H2-DATA (end stream) DoH query average: 64.38 ms Header uncompressed | compressed | ratio: 185 | 28 | 6.61:1 DoH/Do53 bandwidth ratio: 2.50 Keepalive: 40 seconds Testing completed --disable-local-doh Disable DoH services for applications running on the local net- work. NOTE: Applications can still use an external DoH server if they have a hardcoded IP-Address. If you realy want to block other DoH connection you must use your firewall. --disable-syslog Disable system logging. --forwarder=domain@address Conditional domain forwarding to a different DNS server. Example: $ sudo fdns --forwarder=libre@66.70.228.164 The proxy will forward all .libre domains to OpenNIC server at 66.70.228.164. --help, -?, -h Print command-line options and exit. --ipv6 Allow AAAA requests. Use this option if you have Internet IPv6 connectivity. By default IPv6 queries are disabled. --keepalive=value Use this session keepalive value instead of the one in the server file. A query for example.com domain is initiated if there is no DNS query activity in order to keep the HTTP 2 con- nection open. For most servers we are using values between 25 and 40 seconds. In many cases you can bump the keepalive above 120 seconds. Example: $ sudo fdns --keepalive=120 --server=coudflare --list List the DoH service providers available in your current zone. Example: $ fdns --list Current zone: Europe 42l - France, Europe https://42l.fr aaflalo - Netherlands, Europe, adblocker https://www.aaflalo.me appliedprivacy - Austria, Europe https://appliedprivacy.net bortzmeyer - France, Europe https://www.bortzmeyer.org/doh-bortzmeyer-fr-policy.html cznic - Czechia, Europe https://www.nic.cz/odvr/ [...] --list=server-name|tag|all List the available DoH service providers based on a tag, server name, or all. --log-timeout=minutes Amount of time queries are kept in the log for monitoring pur- poses, default 10 minutes, maximum 1140 (one day). After the timeout expires, the queries are removed from the log. Example: $ sudo fdns --log-timeout=60 --monitor Start the stats monitor. Without specifying an IP address (see below), the monitor is looking for a proxy at 127.1.1.1. If it fails, it looks for a proxy on the regular loopback address 127.0.0.1. If it fails again, it will display a proxy found on any other addresses. Example: $ fdns --monitor --monitor=proxy-address Start the stats monitor for a specific FDNS instance. Run this command as a regular user in a terminal. Example: $ fdns --monitor=127.2.2.2 --nofilter No DNS request filtering. This disables all domain filters (adblocker, trackersetc.) and the user hosts file installed in /etc/fdns directory. --proxies List all running instances of FDNS. Example: $ fdns --proxies pid 4900, address 127.3.3.3 pid 4893, address 127.2.2.2 pid 4883, address 127.1.1.1 (default) --proxy-addr=address Configure the IP address the proxy listens on for DNS queries coming from the local clients. The default is 127.1.1.1. Example: $ sudo fdns --proxy-addr=127.0.0.1 --proxy-addr-any Listen on all available system interfaces and 127.0.0.1 for loopback interface. --qps=number Queries per second rate limit for resolver processes, default 5. When the limit is reached, incoming packets from the local net- work are dropped. --resolvers=number The number of resolver processes, between 1 and 10, default 3. --server=server-name|tag|all|url Connect to a specific server, or to a random one based on the tag and your geographical location. Using "all" will instruct FDNS to chose a server at random from the list, regardless where the server is located. You can also specify a DoH URL for servers not yet supported by FDNS. Examples: $ sudo fdns --server=cloudflare $ sudo fdns --server=security $ sudo fdns --server=family $ sudo fdns --server=https://dns.google/dns-query $ sudo fdns --server=dot://dot1.applied-privacy.net --test-server Test all the servers from your geographical zone. Example: $ fdns --test-server Testing server aaflalo-adblocker SSL connection opened in 309.55 ms DoH response average 64.92 ms Testing server adguard SSL connection opened in 281.80 ms DoH response average 55.44 ms Testing server cleanbrowsing SSL connection opened in 281.73 ms DoH response average 57.90 ms Testing server cloudflare SSL connection opened in 251.37 ms DoH response average 58.23 ms Testing server dnscrypt-ca SSL connection opened in 421.59 ms DoH response average 83.51 ms --test-server=server-name|tag|all Test the servers based on a tag, server name, or all. Specifying a URL allows you to test servers not yet supported by FDNS. Example: $ fdns --test-server=digital-society SSL connection opened in 640.53 ms DoH response average 155.22 ms $ fdns --test-server=https://dns.google/dns-query SSL connection opened in 405.68 ms DoH response average 78.86 ms $ fdns --test-server=dot://dot1.applied-privacy.net SSL/TLS connection: 770.46 ms DoT query average: 137.26 ms --test-url=URL Check if URL is dropped by the adblock/tracker filters. Example: $ fdns --test-url=amazon-adsystem.com URL amazon-adsystem.com dropped by "amazon-adsystem.com" rule --test-url-list Check URLs as they are introduced on STDIN. Example: $ cat biglist.txt | fdns --test-url-list --unlist=server Remove the server from the list for this FDNS instance. Example: $ fdns --unlist=quad9 --unlist=quad9-2 FDNS will not attempt to connect to quad9 and quad9-2 in the example above. --version Print program version and exit. --whitelist=domain Whitelist mode: resolve only the specified domains and drop everything else. Example: $ sudo fdns --whitelist=gentoo.org \ --whitelist=assets.gentoo.org \ --whitelist=security.gentoo.org \ --whitelist=wiki.gentoo.org --whitelist-file=file-name Similar to --whitelist above, it gets the domains from a file. If running under AppArmor, put the file under /etc/fdns direc- tory. This is the only directory allowed by our AppArmor pro- file. Example: $ cat /etc/fdns/whitelist-gentoo # whitelist file for gentoo.org gentoo.org assets.gentoo.org security.gentoo.org wiki.gentoo.org $ sudo fdns --whitelist-file=/etc/fdns/whitelist-gentoo Setup FDNS on a workstation You would need to set FDNS as your DNS server in /etc/resolv.conf: $ cat /etc/resolv.conf nameserver 127.1.1.1 You can also use Firejail security sandbox to redirect all the DNS traffic to 127.1.1.1, where FDNS listens by default. Firejail decouples the DNS functionality, allowing each sandbox to have its own DNS set- ting. Your system DNS configuration is not touched. If things go wrong, you won't lose your Internet connectivity. Here are the steps: Start FDNS: $ sudo fdns Start your applications in Firejail: $ firejail --dns=127.1.1.1 firefox $ firejail --dns=127.1.1.1 transmission-qt Start the monitor: $ fdns --monitor Setup FDNS as a network server Install FDNS and set "nameserver 127.0.0.1" in /etc/resolv.conf. Start FDNS using --proxy-addr-any. The proxy will listen on all system inter- faces, and 127.0.0.1 for loopback interface. The default 127.1.1.1 is not used in this case. $ sudo fdns --proxy-addr-any --daemonize Or you can run it only on a specific interface. Example assuming 192.168.1.44 is the IP address of eth0: $ sudo fdns --proxy-addr=192.168.1.44 --daemonize When using --daemonize, errors and warnings are posted to syslog. Running multiple FDNS proxies on the same computer On your computer, start a proxy for the all the kids on your network, and make the proxy available on interface eth0 on your computer at address 192.168.1.44: $ sudo fdns --proxy-addr=192.168.1.44 --server=family --daemo- nize Start a regular proxy for yourself: $ sudo fdns --server=security --daemonize Check the proxies status: $ fdns --proxies pid 11890, address 192.168.1.44 pid 12062, address 127.1.1.1 (default) Monitor kids proxy: $ fdns --monitor=192.168.1.44 Monitor your proxy: $ fdns --monitor Use the PID number from "fdns --proxies" to shutdown one proxy or another: $ sudo kill -9 11890 In about 30 seconds all processes associated with this specific proxy will exit. FAQ How do I start FDNS when I power-on the computer? The command you need to run at startup is # /usr/bin/fdns --daemonize Include this command in your system startup scripts. If your system uses Systemd (Debian/.Ubuntu/Arch/RedHat etc.), enable the fdns.service unit provided in /etc/fdns/fdns.service. $ sudo systemctl enable --now fdns.service How do I configure Firejail to send all the DNS traffic to FDNS by default? As root user, add the following two lines in /etc/firejail/glob- als.local. If the file doesn't exist, create it: $ cat /etc/firejail/globals.local dns 127.1.1.1 ignore dns How do I save a list with all the DNS requests? Start FDNS this way: $ sudo fdns | tee dnslist.txt How do I check FDNS is running in the background? Use "--proxies" command to list all FDNS proxies running on your computer: all done TESTING: list (test/fdns/list.exp) spawn /bin/bash fdns --server-list=/usr/src/tmp/fdns-buildroot/etc/fdns/servers --list=Americas [builder@localhost fdns]$ = set:qnGrzyfd3jHZqSZFS8l8ebHc4, libcrypto.so.3(OPENSSL_3.0.0), libseccomp.so.2 >= set:jgnqqiOGq7udNfQN4, libssl.so.3 >= set:niBO2kc09mkc4KYpwhoW303K4Zu7NRYbJdVtHN8G4RkUpKaxnJZc, libssl.so.3(OPENSSL_3.0.0), rtld(GNU_HASH) Requires(rpmlib): rpmlib(SetVersions) Finding debuginfo files (using /usr/lib/rpm/find-debuginfo-files) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.RdqziX Creating fdns-debuginfo package Processing files: fdns-debuginfo-0.9.72-alt1 Finding Provides (using /usr/lib/rpm/find-provides) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.4tsuDh find-provides: running scripts (debuginfo) Finding Requires (using /usr/lib/rpm/find-requires) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.H8Qeli find-requires: running scripts (debuginfo) Requires: fdns = 0.9.72-alt1, /usr/lib/debug/lib/ld-linux.so.2.debug, debug(libc.so.6), debug(libcrypto.so.3), debug(libseccomp.so.2), debug(libssl.so.3) Adding to fdns-debuginfo a strict dependency on fdns Wrote: /usr/src/RPM/RPMS/i586/fdns-0.9.72-alt1.i586.rpm (w2T16.xzdio) Wrote: /usr/src/RPM/RPMS/i586/fdns-debuginfo-0.9.72-alt1.i586.rpm (w2.lzdio) 6.16user 2.82system 0:15.02elapsed 59%CPU (0avgtext+0avgdata 53600maxresident)k 0inputs+0outputs (0major+573364minor)pagefaults 0swaps 3.67user 2.57system 0:30.50elapsed 20%CPU (0avgtext+0avgdata 136868maxresident)k 3624inputs+0outputs (0major+228318minor)pagefaults 0swaps --- fdns-0.9.72-alt1.i586.rpm.repo 2024-03-25 06:43:00.000000000 +0000 +++ fdns-0.9.72-alt1.i586.rpm.hasher 2025-03-01 08:05:13.514701537 +0000 @@ -10,5 +10,5 @@ /etc/fdns/servers.local 100644 root:root -/lib/systemd/system/fdns.service 100644 root:root /usr/bin/fdns 100755 root:root /usr/bin/nxdomain 100755 root:root +/usr/lib/systemd/system/fdns.service 100644 root:root /usr/share/bash-completion/completions/fdns 100644 root:root @@ -40,3 +40,3 @@ Requires: libcrypto.so.3(OPENSSL_3.0.0) -Requires: libseccomp.so.2 >= set:if7f4J0jiklXcvnd +Requires: libseccomp.so.2 >= set:jgnqqiOGq7udNfQN4 Requires: libssl.so.3 >= set:niBO2kc09mkc4KYpwhoW303K4Zu7NRYbJdVtHN8G4RkUpKaxnJZc @@ -56,5 +56,5 @@ File: /etc/fdns/servers.local 100644 root:root 1d77a2d2ecc4ac5b43b42cda18ffb670 -File: /lib/systemd/system/fdns.service 100644 root:root 39e16dbfa974fbe9a39ec59d1651bd9a -File: /usr/bin/fdns 100755 root:root 2f0b32234a6ede5b69f3ad616db6d5fe -File: /usr/bin/nxdomain 100755 root:root f375238eabf93f2675db0ad084661943 +File: /usr/bin/fdns 100755 root:root 867328025a3ac4bca7d3ffe4bba5373d +File: /usr/bin/nxdomain 100755 root:root db55427e756246562bf25e2ef618a787 +File: /usr/lib/systemd/system/fdns.service 100644 root:root 39e16dbfa974fbe9a39ec59d1651bd9a File: /usr/share/bash-completion/completions/fdns 100644 root:root 0823108aa87de1ac4d0c101994660229 @@ -70,2 +70,2 @@ File: /usr/share/man/man1/nxdomain.1.xz 100644 root:root ae55a8998367541e41bcbbf50bb7cbc3 -RPMIdentity: cc71d918313cdd72f8a0f349a2c78204daf71358388a55354b18f4d77bfa960ad78ce3fde099248b1aeefc47024c41674c9a8809f3045aa248d3719625be05f8 +RPMIdentity: dd4d85d38c1e919a24ab75b224b7b14e0a3dbe452ff2afc5e223dcc25fc7d4f8ac397ec669d68b3197ebe3734317be62cd2e370cb15a116f2e009b27ba7d0f5f --- fdns-debuginfo-0.9.72-alt1.i586.rpm.repo 2024-03-25 06:43:00.000000000 +0000 +++ fdns-debuginfo-0.9.72-alt1.i586.rpm.hasher 2025-03-01 08:05:13.587702976 +0000 @@ -1,7 +1,7 @@ -/usr/lib/debug/.build-id/20 40755 root:root -/usr/lib/debug/.build-id/20/b1251ea251891d6fd9a6141b9e56a474965622 120777 root:root ../../../../bin/fdns -/usr/lib/debug/.build-id/20/b1251ea251891d6fd9a6141b9e56a474965622.debug 120777 root:root ../../usr/bin/fdns.debug -/usr/lib/debug/.build-id/6b 40755 root:root -/usr/lib/debug/.build-id/6b/8a7c43a48c159c6966ecd1fc437ed8743c63bf 120777 root:root ../../../../bin/nxdomain -/usr/lib/debug/.build-id/6b/8a7c43a48c159c6966ecd1fc437ed8743c63bf.debug 120777 root:root ../../usr/bin/nxdomain.debug +/usr/lib/debug/.build-id/38 40755 root:root +/usr/lib/debug/.build-id/38/37845467c78b3ce152c0353e82796054b51661 120777 root:root ../../../../bin/nxdomain +/usr/lib/debug/.build-id/38/37845467c78b3ce152c0353e82796054b51661.debug 120777 root:root ../../usr/bin/nxdomain.debug +/usr/lib/debug/.build-id/ff 40755 root:root +/usr/lib/debug/.build-id/ff/dcf9b3cc0e0588cf361a351533ed282bd388ed 120777 root:root ../../../../bin/fdns +/usr/lib/debug/.build-id/ff/dcf9b3cc0e0588cf361a351533ed282bd388ed.debug 120777 root:root ../../usr/bin/fdns.debug /usr/lib/debug/usr/bin/fdns.debug 100644 root:root @@ -51,10 +51,10 @@ Provides: fdns-debuginfo = 0.9.72-alt1:sisyphus+342503.1.8.1 -File: /usr/lib/debug/.build-id/20 40755 root:root -File: /usr/lib/debug/.build-id/20/b1251ea251891d6fd9a6141b9e56a474965622 120777 root:root ../../../../bin/fdns -File: /usr/lib/debug/.build-id/20/b1251ea251891d6fd9a6141b9e56a474965622.debug 120777 root:root ../../usr/bin/fdns.debug -File: /usr/lib/debug/.build-id/6b 40755 root:root -File: /usr/lib/debug/.build-id/6b/8a7c43a48c159c6966ecd1fc437ed8743c63bf 120777 root:root ../../../../bin/nxdomain -File: /usr/lib/debug/.build-id/6b/8a7c43a48c159c6966ecd1fc437ed8743c63bf.debug 120777 root:root ../../usr/bin/nxdomain.debug -File: /usr/lib/debug/usr/bin/fdns.debug 100644 root:root a1dc12fd0e352a52b834d3e3887e1d0c -File: /usr/lib/debug/usr/bin/nxdomain.debug 100644 root:root 21a04e1592904d313b3483012a64183c +File: /usr/lib/debug/.build-id/38 40755 root:root +File: /usr/lib/debug/.build-id/38/37845467c78b3ce152c0353e82796054b51661 120777 root:root ../../../../bin/nxdomain +File: /usr/lib/debug/.build-id/38/37845467c78b3ce152c0353e82796054b51661.debug 120777 root:root ../../usr/bin/nxdomain.debug +File: /usr/lib/debug/.build-id/ff 40755 root:root +File: /usr/lib/debug/.build-id/ff/dcf9b3cc0e0588cf361a351533ed282bd388ed 120777 root:root ../../../../bin/fdns +File: /usr/lib/debug/.build-id/ff/dcf9b3cc0e0588cf361a351533ed282bd388ed.debug 120777 root:root ../../usr/bin/fdns.debug +File: /usr/lib/debug/usr/bin/fdns.debug 100644 root:root df072264a8cbba0fa5d63929789bfd72 +File: /usr/lib/debug/usr/bin/nxdomain.debug 100644 root:root b6ae93aa91ec2d0e6db38c62eab8d0bc File: /usr/src/debug/fdns-0.9.72 40755 root:root @@ -94,2 +94,2 @@ File: /usr/src/debug/fdns-0.9.72/src/nxdomain/resolver.c 100644 root:root 6fba9990c7eaff72304bbf67b64f8b08 -RPMIdentity: dc37db4d1f465cce6042fe79583863975effd4736866bda72d39d4a771ee76b4cc5e124baa87d1cb9d0744aa38e420d144e59f7761b17d319a5e3d480bc7c56b +RPMIdentity: 7d5b19d15272be63ef2b79379ddfcd1e446fff7b38246e4040de022ba135f8cbd5039a33b78ea9e3d600be80143dbe4292a342c86a90c75ca47bca25cdef29ec