<86>Aug 22 03:04:41 userdel[1177298]: delete user 'rooter' <86>Aug 22 03:04:41 userdel[1177298]: removed group 'rooter' owned by 'rooter' <86>Aug 22 03:04:41 userdel[1177298]: removed shadow group 'rooter' owned by 'rooter' <86>Aug 22 03:04:41 groupadd[1177336]: group added to /etc/group: name=rooter, GID=1820 <86>Aug 22 03:04:41 groupadd[1177336]: group added to /etc/gshadow: name=rooter <86>Aug 22 03:04:41 groupadd[1177336]: new group: name=rooter, GID=1820 <86>Aug 22 03:04:41 useradd[1177367]: new user: name=rooter, UID=1820, GID=1820, home=/root, shell=/bin/bash, from=none <86>Aug 22 03:04:41 userdel[1177411]: delete user 'builder' <86>Aug 22 03:04:41 userdel[1177411]: removed group 'builder' owned by 'builder' <86>Aug 22 03:04:41 userdel[1177411]: removed shadow group 'builder' owned by 'builder' <86>Aug 22 03:04:41 groupadd[1177449]: group added to /etc/group: name=builder, GID=1821 <86>Aug 22 03:04:41 groupadd[1177449]: group added to /etc/gshadow: name=builder <86>Aug 22 03:04:41 groupadd[1177449]: new group: name=builder, GID=1821 <86>Aug 22 03:04:41 useradd[1177488]: new user: name=builder, UID=1821, GID=1821, home=/usr/src, shell=/bin/bash, from=none <13>Aug 22 03:04:47 rpmi: libidn2-2.3.7-alt1 sisyphus+339505.100.1.2 1706718968 installed <13>Aug 22 03:04:47 rpmi: libnettle8-3.9.1-alt1 sisyphus+322548.100.1.2 1686176879 installed <13>Aug 22 03:04:47 rpmi: strace-6.10-alt1 sisyphus+353274.100.1.1 1721556600 installed <13>Aug 22 03:04:47 rpmi: libgdbm-1.8.3-alt10 sisyphus+346222.200.3.2 1716468404 installed <13>Aug 22 03:04:47 rpmi: libexpat-2.5.0-alt1 sisyphus+346180.200.2.1 1716349835 installed <13>Aug 22 03:04:47 rpmi: less-633-alt1 sisyphus+328181.300.2.1 1693321749 installed <13>Aug 22 03:04:47 rpmi: libtcl-8.6.13-alt1 sisyphus+310696.100.1.1 1669548266 installed <13>Aug 22 03:04:47 rpmi: libp11-kit-1:0.25.5-alt1 sisyphus+352553.100.1.1 1720622573 installed <13>Aug 22 03:04:47 rpmi: libtasn1-4.19.0-alt3 sisyphus+327816.100.1.1 1692802615 installed <13>Aug 22 03:04:48 rpmi: tcl-8.6.13-alt1 sisyphus+310696.100.1.1 1669548266 installed <13>Aug 22 03:04:48 rpmi: libhogweed6-3.9.1-alt1 sisyphus+322548.100.1.2 1686176879 installed <13>Aug 22 03:04:48 rpmi: libgnutls30-3.8.4-alt1 sisyphus+343729.100.2.1 1711571288 installed <13>Aug 22 03:04:48 rpmi: libngtcp2.16-1.6.0-alt1 sisyphus+351909.200.1.1 1719836983 installed <13>Aug 22 03:04:48 rpmi: libngtcp2_crypto_gnutls8-1.6.0-alt1 sisyphus+351909.200.1.1 1719836983 installed <13>Aug 22 03:04:48 rpmi: groff-base-1.22.3-alt2 sisyphus+346264.200.2.1 1716421475 installed <13>Aug 22 03:04:48 rpmi: libpipeline-1.5.7-alt1_1 sisyphus+312433.100.1.1 1671879773 installed <13>Aug 22 03:04:48 rpmi: sudo-1:1.9.15p5-alt1 sisyphus+337671.100.2.2 1705639461 installed <13>Aug 22 03:04:48 rpmi: libmpdec3-2.5.1-alt3 sisyphus+314490.500.5.1 1675432004 installed <13>Aug 22 03:04:48 rpmi: libb2-0.98.1-alt1_1 sisyphus+291614.100.1.1 1638962877 installed <13>Aug 22 03:04:48 rpmi: publicsuffix-list-dafsa-20240701-alt1 sisyphus+352081.100.1.1 1720015477 installed <13>Aug 22 03:04:48 rpmi: libpsl-0.21.5-alt1 sisyphus+338474.100.1.1 1705684769 installed <13>Aug 22 03:04:48 rpmi: libnghttp3.9-1.4.0-alt1 sisyphus+351909.100.1.1 1719836924 installed <13>Aug 22 03:04:48 rpmi: libnghttp2-1.62.1-alt1 sisyphus+347555.100.1.1 1716185760 installed <13>Aug 22 03:04:48 rpmi: openldap-common-2.6.8-alt1 sisyphus+351621.100.1.1 1719420449 installed <13>Aug 22 03:04:48 rpmi: libntlm-1.5-alt1 sisyphus+278100.3300.1.1 1626058899 installed <13>Aug 22 03:04:48 rpmi: libidn-1.37-alt2 sisyphus+300849.100.1.1 1653769687 installed <13>Aug 22 03:04:48 rpmi: libbrotlicommon-1.1.0-alt1 sisyphus+328501.100.1.1 1693598419 installed <13>Aug 22 03:04:48 rpmi: libbrotlidec-1.1.0-alt1 sisyphus+328501.100.1.1 1693598419 installed <13>Aug 22 03:04:48 rpmi: libxxhash-0.8.2-alt1 sisyphus+336514.200.7.1 1702672118 installed <13>Aug 22 03:04:48 rpmi: liblz4-1:1.9.4-alt1 sisyphus+309416.100.1.1 1667412981 installed <13>Aug 22 03:04:48 rpmi: libverto-0.3.2-alt1_1 sisyphus+321176.2200.10.2 1684803947 installed <13>Aug 22 03:04:48 rpmi: liblmdb-0.9.32-alt1 sisyphus+342426.100.1.1 1710124288 installed <13>Aug 22 03:04:48 rpmi: libkeyutils-1.6.3-alt1 sisyphus+346336.200.2.2 1716472658 installed <13>Aug 22 03:04:48 rpmi: libcom_err-1.46.4.0.5.4cda-alt1 sisyphus+283826.100.1.1 1629975345 installed <13>Aug 22 03:04:48 rpmi: libedit3-3.1.20230828-alt1 sisyphus+330914.200.3.1 1696922743 installed <13>Aug 22 03:04:48 rpmi: diffstat-1.64-alt1 sisyphus+346132.200.3.2 1716466240 installed <13>Aug 22 03:04:48 rpmi: rpm-macros-alternatives-0.5.2-alt2 sisyphus+315270.200.2.1 1676457367 installed <13>Aug 22 03:04:48 rpmi: alternatives-0.5.2-alt2 sisyphus+315270.200.2.1 1676457367 installed <13>Aug 22 03:04:48 rpmi: ca-certificates-2024.07.01-alt1 sisyphus+351897.100.1.1 1719826350 installed <13>Aug 22 03:04:48 rpmi: ca-trust-0.2.0-alt1 sisyphus+344843.100.1.1 1712743326 installed <13>Aug 22 03:04:48 rpmi: p11-kit-trust-1:0.25.5-alt1 sisyphus+352553.100.1.1 1720622573 installed <13>Aug 22 03:04:48 rpmi: libcrypto3-3.1.6-alt1 sisyphus+350419.100.1.1 1717605656 installed <13>Aug 22 03:04:48 rpmi: libssl3-3.1.6-alt1 sisyphus+350419.100.1.1 1717605656 installed <86>Aug 22 03:04:48 groupadd[1208128]: group added to /etc/group: name=_keytab, GID=999 <86>Aug 22 03:04:48 groupadd[1208128]: group added to /etc/gshadow: name=_keytab <86>Aug 22 03:04:48 groupadd[1208128]: new group: name=_keytab, GID=999 <13>Aug 22 03:04:48 rpmi: libkrb5-1.21.3-alt2 sisyphus+351857.100.1.1 1719735141 installed <13>Aug 22 03:04:48 rpmi: python3-3.12.5-alt1 sisyphus+355289.200.2.1 1723833848 installed <13>Aug 22 03:04:49 rpmi: python3-base-3.12.5-alt1 sisyphus+355289.200.2.1 1723833848 installed <13>Aug 22 03:04:49 rpmi: libgsasl-2.2.0-alt1 sisyphus+333173.100.1.1 1698696954 installed <86>Aug 22 03:04:49 groupadd[1211356]: group added to /etc/group: name=sasl, GID=998 <86>Aug 22 03:04:49 groupadd[1211356]: group added to /etc/gshadow: name=sasl <86>Aug 22 03:04:49 groupadd[1211356]: new group: name=sasl, GID=998 <13>Aug 22 03:04:49 rpmi: libsasl2-3-2.1.28-alt2 sisyphus+343335.100.1.1 1711112544 installed <13>Aug 22 03:04:49 rpmi: libldap2-2.6.8-alt1 sisyphus+351621.100.1.1 1719420449 installed <13>Aug 22 03:04:49 rpmi: openssh-common-9.6p1-alt2 sisyphus+351911.100.1.1 1719838544 installed <86>Aug 22 03:04:49 groupadd[1211537]: group added to /etc/group: name=sshagent, GID=997 <86>Aug 22 03:04:49 groupadd[1211537]: group added to /etc/gshadow: name=sshagent <86>Aug 22 03:04:49 groupadd[1211537]: new group: name=sshagent, GID=997 <13>Aug 22 03:04:49 rpmi: openssh-clients-9.6p1-alt2 sisyphus+351911.100.1.1 1719838544 installed <13>Aug 22 03:04:49 rpmi: rsync-3.2.7-alt1 sisyphus+325006.2000.1.1 1689497333 installed <13>Aug 22 03:04:49 rpmi: libssh2-1.11.0-alt2 sisyphus+339356.100.1.1 1706593137 installed <13>Aug 22 03:04:49 rpmi: libcurl-8.9.1-alt1 sisyphus+353987.100.1.1 1722417670 installed <13>Aug 22 03:04:49 rpmi: git-core-2.42.2-alt1 sisyphus+348068.100.1.1 1715721632 installed <13>Aug 22 03:04:49 rpmi: firejail-0.9.72-alt1 sisyphus+317164.100.1.1 1679407004 installed <13>Aug 22 03:04:49 rpmi: libssl-devel-3.1.6-alt1 sisyphus+350419.100.1.1 1717605656 installed <13>Aug 22 03:04:49 rpmi: man-db-2.12.0-alt1 sisyphus+336930.2100.1.1 1703107121 installed <13>Aug 22 03:04:49 rpmi: expect-1:5.45.4-alt4 sisyphus+346181.200.2.1 1716350293 installed <13>Aug 22 03:04:49 rpmi: libseccomp-devel-2.5.5-alt1 sisyphus+335558.200.2.1 1701474989 installed Building target platforms: x86_64 Building for target x86_64 Wrote: /usr/src/in/nosrpm/fdns-0.9.72-alt1.nosrc.rpm (w1.gzdio) Installing fdns-0.9.72-alt1.src.rpm Building target platforms: x86_64 Building for target x86_64 Executing(%prep): /bin/sh -e /usr/src/tmp/rpm-tmp.44972 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + rm -rf fdns-0.9.72 + echo 'Source #0 (fdns-0.9.72.tar):' Source #0 (fdns-0.9.72.tar): + /bin/tar -xf /usr/src/RPM/SOURCES/fdns-0.9.72.tar + cd fdns-0.9.72 + echo 'Source #1 (fdns-0.9.72-etc-blocklists.tar):' Source #1 (fdns-0.9.72-etc-blocklists.tar): + /bin/tar -xf /usr/src/RPM/SOURCES/fdns-0.9.72-etc-blocklists.tar + /bin/chmod -c -Rf u+rwX,go-w . + echo 'Patch #0 (fdns-0.9.72-alt.patch):' Patch #0 (fdns-0.9.72-alt.patch): + /usr/bin/patch -p1 patching file src/fdns/fdns.h patching file src/fdns/main.c patching file src/fdns/server.c patching file src/fdns/ssl.c patching file test/fdns/all-interfaces.exp patching file test/fdns/blocklist-file.exp patching file test/fdns/blocklist.exp patching file test/fdns/dotvsh2.exp patching file test/fdns/fallback.exp patching file test/fdns/filter-doh.exp patching file test/fdns/filter.exp patching file test/fdns/forwarder.exp patching file test/fdns/help-man.exp patching file test/fdns/invalid-server.exp patching file test/fdns/ipv6.exp patching file test/fdns/keepalive.exp patching file test/fdns/list-adblocker.exp patching file test/fdns/list-all.exp patching file test/fdns/list-anycast.exp patching file test/fdns/list-family.exp patching file test/fdns/list-opennic.exp patching file test/fdns/list-security.exp patching file test/fdns/list.exp patching file test/fdns/local-doh.exp patching file test/fdns/monitor.exp patching file test/fdns/multiserver.exp patching file test/fdns/nofilter.exp patching file test/fdns/print-requests.exp patching file test/fdns/restart-workers.exp patching file test/fdns/server-anycast.exp patching file test/fdns/test-servers-anycast.exp patching file test/fdns/test-servers.exp patching file test/fdns/test-url-list.exp patching file test/fdns/test-url.exp patching file test/fdns/test-user.sh patching file test/fdns/test.sh patching file test/fdns/transport-udp.exp patching file test/fdns/transport.exp patching file test/fdns/unlisted.exp patching file test/fdns/wget.exp patching file test/fdns/whitelist-file.exp patching file test/fdns/whitelist.exp patching file test/fdns/workers.exp + exit 0 Executing(%build): /bin/sh -e /usr/src/tmp/rpm-tmp.44972 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd fdns-0.9.72 + CFLAGS='-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto' + export CFLAGS + CXXFLAGS='-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto' + export CXXFLAGS + FFLAGS='-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto' + export FFLAGS + FCFLAGS='-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto' + export FCFLAGS + '[' -n '' ']' ++ printf %s '-pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto' ++ sed -r 's/(^|[[:space:]]+)-[^m][^[:space:]]*//g' + ASFLAGS= + export ASFLAGS + export lt_cv_deplibs_check_method=pass_all + lt_cv_deplibs_check_method=pass_all + readlink -e -- ./configure + xargs -ri dirname -- '{}' + xargs -ri find '{}' -type f '(' -name config.sub -or -name config.guess ')' -printf '%h/\n' + sort -u + xargs -rn1 install -pm755 -- /usr/share/gnu-config/config.sub /usr/share/gnu-config/config.guess + configure_runstatedir_flags= + grep -qF runstatedir=DIR ./configure + configure_runstatedir_flags=--runstatedir=/var/run + ./configure --build=x86_64-alt-linux --host=x86_64-alt-linux --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/lib --localstatedir=/var/lib --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --disable-dependency-tracking --disable-silent-rules --runstatedir=/var/run --without-included-gettext configure: WARNING: unrecognized options: --disable-dependency-tracking, --disable-silent-rules, --without-included-gettext checking for x86_64-alt-linux-gcc... x86_64-alt-linux-gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether the compiler supports GNU C... yes checking whether x86_64-alt-linux-gcc accepts -g... yes checking for x86_64-alt-linux-gcc option to enable C11 features... none needed checking for a BSD-compatible install... /usr/bin/ginstall -c checking for x86_64-alt-linux-ranlib... no checking for ranlib... ranlib checking whether C compiler accepts -mindirect-branch=thunk... yes checking whether C compiler accepts -mretpoline... no checking whether C compiler accepts -fstack-clash-protection... yes checking whether C compiler accepts -fstack-protector-strong... yes checking for main in -lpthread... yes checking for stdio.h... yes checking for stdlib.h... yes checking for string.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for strings.h... yes checking for sys/stat.h... yes checking for sys/types.h... yes checking for unistd.h... yes checking for pthread.h... yes checking for x86_64-alt-linux-pkg-config... no checking for pkg-config... pkg-config checking whether compiling and linking against OpenSSL works... yes OpenSSL library found checking for main in -lseccomp... yes checking for seccomp.h... yes configure: creating ./config.status config.status: creating Makefile config.status: creating src/common.mk config.status: creating src/fdns/Makefile config.status: creating src/nxdomain/Makefile configure: WARNING: unrecognized options: --disable-dependency-tracking, --disable-silent-rules, --without-included-gettext Configuration options: prefix: /usr sysconfdir: /etc systemd directory: /etc/fdns Spectre compiler patch: yes apparmor: seccomp: -DHAVE_SECCOMP EXTRA_LDFLAGS: EXTRA_CFLAGS: -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong fatal warnings: Gcov instrumentation: + make -j16 make -C src/fdns make -C src/nxdomain make: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72' ./mkman.sh 0.9.72 src/man/fdns.txt fdns.1 make: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72' make: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72' ./mkman.sh 0.9.72 src/man/nxdomain.txt nxdomain.1 make: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c hpack_static.c -o hpack_static.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c resolver.c -o resolver.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c dnsdb.c -o dnsdb.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c cache.c -o cache.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c dns.c -o dns.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c nxdomain.c -o nxdomain.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition nxdomain.c: In function 'test': nxdomain.c:92:14: warning: unused variable 'buf' [-Wunused-variable] 92 | char buf[LINE_MAX]; | ^~~ make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c dot.c -o dot.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c forwarder.c -o forwarder.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c huffman.c -o huffman.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c h11.c -o h11.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c log.c -o log.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c filter.c -o filter.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c lint.c -o lint.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c h2.c -o h2.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c frontend.c -o frontend.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition frontend.c: In function 'frontend': frontend.c:489:121: warning: left-hand operand of comma expression has no effect [-Wunused-value] 489 | stats.query_time = (s.query_time * 0.18) + (stats.query_time * 0,82); | ^ make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c timetrace.c -o timetrace.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c net.c -o net.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c procs.c -o procs.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c main.c -o main.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c security.c -o security.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c whitelist.c -o whitelist.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c shmem.c -o shmem.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c resolver.c -o resolver.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c server.c -o server.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pipe -frecord-gcc-switches -Wall -g -O2 -flto=auto -ggdb -O2 -DVERSION='"0.9.72"' -DHAVE_SECCOMP -DPREFIX='"/usr"' -DSYSCONFDIR='"/etc/fdns"' -DLIBDIR='"/usr/lib64"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk -fstack-clash-protection -fstack-protector-strong -c ssl.c -o ssl.o : warning: "_FORTIFY_SOURCE" redefined : note: this is the location of the previous definition make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' x86_64-alt-linux-gcc -pie -Wl,-z,relro -Wl,-z,now -lpthread -lseccomp -o nxdomain nxdomain.o resolver.o make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' x86_64-alt-linux-gcc -pie -Wl,-z,relro -Wl,-z,now -lpthread -lseccomp -o fdns cache.o dns.o dnsdb.o dot.o filter.o forwarder.o frontend.o h11.o h2.o hpack_static.o huffman.o lint.o log.o main.o net.o procs.o resolver.o security.o server.o shmem.o ssl.o timetrace.o whitelist.o -lssl -lcrypto -lrt -lseccomp make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' + exit 0 Executing(%install): /bin/sh -e /usr/src/tmp/rpm-tmp.85346 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + /bin/chmod -Rf u+rwX -- /usr/src/tmp/fdns-buildroot + : + /bin/rm -rf -- /usr/src/tmp/fdns-buildroot + PATH=/usr/libexec/rpm-build:/usr/src/bin:/usr/bin:/bin:/usr/local/bin:/usr/games + cd fdns-0.9.72 + make 'INSTALL=/usr/libexec/rpm-build/install -p' install DESTDIR=/usr/src/tmp/fdns-buildroot SYSTEMD_DIR=/usr/lib/systemd/system make: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72' make -C src/fdns make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/fdns' make -C src/nxdomain make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72/src/nxdomain' make realinstall make[1]: Entering directory '/usr/src/RPM/BUILD/fdns-0.9.72' # fdns executable install -m 0755 -d /usr/src/tmp/fdns-buildroot//usr/bin install -c -m 0755 src/fdns/fdns /usr/src/tmp/fdns-buildroot//usr/bin/. install -c -m 0755 src/nxdomain/nxdomain /usr/src/tmp/fdns-buildroot//usr/bin/. # documents install -m 0755 -d /usr/src/tmp/fdns-buildroot//usr/share/doc/fdns install -c -m 0644 COPYING /usr/src/tmp/fdns-buildroot//usr/share/doc/fdns/. install -c -m 0644 README /usr/src/tmp/fdns-buildroot//usr/share/doc/fdns/. install -c -m 0644 RELNOTES /usr/src/tmp/fdns-buildroot//usr/share/doc/fdns/. # etc files install -m 0755 -d /usr/src/tmp/fdns-buildroot/etc/fdns install -m 0644 -t /usr/src/tmp/fdns-buildroot/etc/fdns etc/list.adblocker etc/list.coinblocker etc/list.fp-trackers etc/list.phishing etc/list.tld-blacklist etc/resolver.seccomp install -m 0644 -t /usr/src/tmp/fdns-buildroot/etc/fdns etc/servers etc/list.trackers # install server cusomization file sh -c "if [ ! -f /usr/src/tmp/fdns-buildroot//etc/fdns/servers.local ]; then install -c -m 0644 etc/servers.local /usr/src/tmp/fdns-buildroot//etc/fdns/servers.local; fi;" # systemd service unit install -Dm0644 etc/fdns.service /usr/src/tmp/fdns-buildroot/usr/lib/systemd/system/fdns.service # man pages echo "**********************************" ********************************** echo fdns.1 nxdomain.1 fdns.1 nxdomain.1 echo "**********************************" ********************************** install -m 0755 -d /usr/src/tmp/fdns-buildroot//usr/share/man/man1 for man in fdns.1 nxdomain.1; do \ rm -f $man.gz; \ gzip -9n $man; \ case "$man" in \ *.1) install -c -m 0644 $man.gz /usr/src/tmp/fdns-buildroot//usr/share/man/man1/; ;; \ esac; \ done rm -f fdns.1 nxdomain.1 fdns.1.gz nxdomain.1.gz # bash completion install -m 0755 -d /usr/src/tmp/fdns-buildroot//usr/share/bash-completion/completions install -c -m 0644 src/bash_completion/fdns.bash_completion /usr/src/tmp/fdns-buildroot//usr/share/bash-completion/completions/fdns make[1]: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72' make: Leaving directory '/usr/src/RPM/BUILD/fdns-0.9.72' + /usr/lib/rpm/brp-alt Cleaning files in /usr/src/tmp/fdns-buildroot (auto) Verifying and fixing files in /usr/src/tmp/fdns-buildroot (binconfig,pkgconfig,libtool,desktop,gnuconfig) Checking contents of files in /usr/src/tmp/fdns-buildroot/ (default) Compressing files in /usr/src/tmp/fdns-buildroot (auto) Verifying systemd units in /usr/src/tmp/fdns-buildroot Adjusting library links in /usr/src/tmp/fdns-buildroot ./usr/lib: (from :0) Verifying ELF objects in /usr/src/tmp/fdns-buildroot (arch=normal,fhs=normal,lfs=relaxed,lint=relaxed,rpath=normal,stack=normal,textrel=normal,unresolved=normal) Splitting links to aliased files under /{,s}bin in /usr/src/tmp/fdns-buildroot Executing(%check): /bin/sh -e /usr/src/tmp/rpm-tmp.19097 + umask 022 + /bin/mkdir -p /usr/src/RPM/BUILD + cd /usr/src/RPM/BUILD + cd fdns-0.9.72 + export PATH=/usr/src/bin:/usr/bin:/bin:/usr/local/bin:/usr/games:/usr/src/tmp/fdns-buildroot/usr/bin + PATH=/usr/src/bin:/usr/bin:/bin:/usr/local/bin:/usr/games:/usr/src/tmp/fdns-buildroot/usr/bin + export SHELL + export SERVER_LIST=/usr/src/tmp/fdns-buildroot/etc/fdns/servers + SERVER_LIST=/usr/src/tmp/fdns-buildroot/etc/fdns/servers + cd test/fdns + ./test-user.sh TESTING: help/man (test/fdns/help-man.exp) spawn /bin/bash fdns --server-list=/usr/src/tmp/fdns-buildroot/etc/fdns/servers --help [builder@localhost fdns]$ tmp [builder@localhost fdns]$ cat tmp FDNS(1) fdns man page FDNS(1) NAME fdns - Firejail DNS over HTTPS/TLS proxy SYNOPSIS Start the server (root user): fdns [OPTIONS] Start the monitor (regular user): fdns --monitor DESCRIPTION FDNS is an encrypted DNS proxy server for small networks and Linux desktops. To speed up the name resolution FDNS caches the responses, and uses a configurable adblocker and privacy filter to cut down the unnecessary traffic. We preconfigure FDNS with a large list of DoH/DoT service providers. For privacy reasons we use only services from non-logging providers. We prefer servers run out-of-pocket by students, engineers, open-source enthusiasts, privacy-oriented non-profit organizations, etc. Currently there are more than 100 such servers on our list. We also track a corporate category with several providers: Adguard, CleanBrowsing, Cloudflare, and Quad9. All have a non-logging privacy policy that will work in most parts of the world. The servers are organized using a simple geographically-aware tagging system. This allows the user to request specialized services such as adblocking, security, family filters, etc. Once started, FDNS chooses a server at random, as close geographically as possible. We derive the computer location from the timezone set- ting. There are no IP packets sent out to geolocation services. Three geographical zones are defined so far: Americas, AsiaPacific and Europe. Use --list=all option to print all the servers and the corre- sponding tags. OPTIONS --allow-all-queries Allow all DNS query types; by default only A queries are allowed. In case --ipv6 is set, AAAA queries are also allowed. --allow-expired-certs Allow expired SSL certificates during SSL connection. --allow-self-signed-certs Allow self-signed SSL certificates during SSL connection. Use this option for bringing up new servers. --blocklist=domain Block domain and return NXDOMAIN. Note: Blocking domains can also be requested in /etc/fdns/hosts file. This setting is global, and it will block the domains in all fdns instances running on your computer. Use --blocklist when you have multiple fdns proxies running, each instance with a different blocklist. Example: $ fdns --blocklist=fonts.googleaps.com --blocklist-file=filename Block all domains listed in the file. --cache-ttl=seconds Change DNS cache TTL, in seconds. By default we use a fixed cache TTL of 40 minutes. --certfile=filename Use an SSL certificate file in PEM format. By default we use the certificates installed by OpenSSL. Example: $ sudo fdns --certfile=/etc/ssl/certs/ca-certificates.crt --daemonize Detach from the controlling terminal and run as a Unix daemon. The typical way to start FDNS as network proxy is $ sudo fdns --proxy-addr-any --daemonize --debug Print debug messages. --debug-transport Print HTTP2 debug messages. --debug-ssl Print SSL/TLS debug messages. --details SSL connection information, HTTP headers and network traces are printed on the screen during the testing phase of the connec- tion. Example: $ fdns --test-server=cloudflare --details Testing server cloudflare Tags: anycast, Americas, AsiaPacific, Europe URL: https://cloudflare-dns.com/dns-query Bootstrap IP address: 1.1.1.1 Port: 443 TLSv1.3, ALPN h2, SNI no HTTP Header: ----------------------------- | (HPACK dynamic table size: 4096) | :status: 200 | server: cloudflare | date: Mon, 19 Jun 2023 11:20:53 GMT | content-type: application/dns-message | access-control-allow-origin: * | content-length: 77 | cf-ray: 7d9b62a62ff3ff84-BOS ----------------------------- SSL/TLS connection: 519.42 ms Network Trace: -----> rx 60 bytes: IP + TCP + TLS + H2-WINDOW-UPDATE -----> rx 187 bytes: IP + TCP + TLS + H2-HEADERS + H2-DATA (end stream) DoH query average: 64.38 ms Header uncompressed | compressed | ratio: 185 | 28 | 6.61:1 DoH/Do53 bandwidth ratio: 2.50 Keepalive: 40 seconds Testing completed --disable-local-doh Disable DoH services for applications running on the local net- work. NOTE: Applications can still use an external DoH server if they have a hardcoded IP-Address. If you realy want to block other DoH connection you must use your firewall. --disable-syslog Disable system logging. --forwarder=domain@address Conditional domain forwarding to a different DNS server. Example: $ sudo fdns --forwarder=libre@66.70.228.164 The proxy will forward all .libre domains to OpenNIC server at 66.70.228.164. --help, -?, -h Print command-line options and exit. --ipv6 Allow AAAA requests. Use this option if you have Internet IPv6 connectivity. By default IPv6 queries are disabled. --keepalive=value Use this session keepalive value instead of the one in the server file. A query for example.com domain is initiated if there is no DNS query activity in order to keep the HTTP 2 con- nection open. For most servers we are using values between 25 and 40 seconds. In many cases you can bump the keepalive above 120 seconds. Example: $ sudo fdns --keepalive=120 --server=coudflare --list List the DoH service providers available in your current zone. Example: $ fdns --list Current zone: Europe 42l - France, Europe https://42l.fr aaflalo - Netherlands, Europe, adblocker https://www.aaflalo.me appliedprivacy - Austria, Europe https://appliedprivacy.net bortzmeyer - France, Europe https://www.bortzmeyer.org/doh-bortzmeyer-fr-policy.html cznic - Czechia, Europe https://www.nic.cz/odvr/ [...] --list=server-name|tag|all List the available DoH service providers based on a tag, server name, or all. --log-timeout=minutes Amount of time queries are kept in the log for monitoring pur- poses, default 10 minutes, maximum 1140 (one day). After the timeout expires, the queries are removed from the log. Example: $ sudo fdns --log-timeout=60 --monitor Start the stats monitor. Without specifying an IP address (see below), the monitor is looking for a proxy at 127.1.1.1. If it fails, it looks for a proxy on the regular loopback address 127.0.0.1. If it fails again, it will display a proxy found on any other addresses. Example: $ fdns --monitor --monitor=proxy-address Start the stats monitor for a specific FDNS instance. Run this command as a regular user in a terminal. Example: $ fdns --monitor=127.2.2.2 --nofilter No DNS request filtering. This disables all domain filters (adblocker, trackersetc.) and the user hosts file installed in /etc/fdns directory. --proxies List all running instances of FDNS. Example: $ fdns --proxies pid 4900, address 127.3.3.3 pid 4893, address 127.2.2.2 pid 4883, address 127.1.1.1 (default) --proxy-addr=address Configure the IP address the proxy listens on for DNS queries coming from the local clients. The default is 127.1.1.1. Example: $ sudo fdns --proxy-addr=127.0.0.1 --proxy-addr-any Listen on all available system interfaces and 127.0.0.1 for loopback interface. --qps=number Queries per second rate limit for resolver processes, default 5. When the limit is reached, incoming packets from the local net- work are dropped. --resolvers=number The number of resolver processes, between 1 and 10, default 3. --server=server-name|tag|all|url Connect to a specific server, or to a random one based on the tag and your geographical location. Using "all" will instruct FDNS to chose a server at random from the list, regardless where the server is located. You can also specify a DoH URL for servers not yet supported by FDNS. Examples: $ sudo fdns --server=cloudflare $ sudo fdns --server=security $ sudo fdns --server=family $ sudo fdns --server=https://dns.google/dns-query $ sudo fdns --server=dot://dot1.applied-privacy.net --test-server Test all the servers from your geographical zone. Example: $ fdns --test-server Testing server aaflalo-adblocker SSL connection opened in 309.55 ms DoH response average 64.92 ms Testing server adguard SSL connection opened in 281.80 ms DoH response average 55.44 ms Testing server cleanbrowsing SSL connection opened in 281.73 ms DoH response average 57.90 ms Testing server cloudflare SSL connection opened in 251.37 ms DoH response average 58.23 ms Testing server dnscrypt-ca SSL connection opened in 421.59 ms DoH response average 83.51 ms --test-server=server-name|tag|all Test the servers based on a tag, server name, or all. Specifying a URL allows you to test servers not yet supported by FDNS. Example: $ fdns --test-server=digital-society SSL connection opened in 640.53 ms DoH response average 155.22 ms $ fdns --test-server=https://dns.google/dns-query SSL connection opened in 405.68 ms DoH response average 78.86 ms $ fdns --test-server=dot://dot1.applied-privacy.net SSL/TLS connection: 770.46 ms DoT query average: 137.26 ms --test-url=URL Check if URL is dropped by the adblock/tracker filters. Example: $ fdns --test-url=amazon-adsystem.com URL amazon-adsystem.com dropped by "amazon-adsystem.com" rule --test-url-list Check URLs as they are introduced on STDIN. Example: $ cat biglist.txt | fdns --test-url-list --unlist=server Remove the server from the list for this FDNS instance. Example: $ fdns --unlist=quad9 --unlist=quad9-2 FDNS will not attempt to connect to quad9 and quad9-2 in the example above. --version Print program version and exit. --whitelist=domain Whitelist mode: resolve only the specified domains and drop everything else. Example: $ sudo fdns --whitelist=gentoo.org \ --whitelist=assets.gentoo.org \ --whitelist=security.gentoo.org \ --whitelist=wiki.gentoo.org --whitelist-file=file-name Similar to --whitelist above, it gets the domains from a file. If running under AppArmor, put the file under /etc/fdns direc- tory. This is the only directory allowed by our AppArmor pro- file. Example: $ cat /etc/fdns/whitelist-gentoo # whitelist file for gentoo.org gentoo.org assets.gentoo.org security.gentoo.org wiki.gentoo.org $ sudo fdns --whitelist-file=/etc/fdns/whitelist-gentoo Setup FDNS on a workstation You would need to set FDNS as your DNS server in /etc/resolv.conf: $ cat /etc/resolv.conf nameserver 127.1.1.1 You can also use Firejail security sandbox to redirect all the DNS traffic to 127.1.1.1, where FDNS listens by default. Firejail decouples the DNS functionality, allowing each sandbox to have its own DNS set- ting. Your system DNS configuration is not touched. If things go wrong, you won't lose your Internet connectivity. Here are the steps: Start FDNS: $ sudo fdns Start your applications in Firejail: $ firejail --dns=127.1.1.1 firefox $ firejail --dns=127.1.1.1 transmission-qt Start the monitor: $ fdns --monitor Setup FDNS as a network server all done TESTING: list (test/fdns/list.exp) spawn /bin/bash fdns --server-list=/usr/src/tmp/fdns-buildroot/etc/fdns/servers --list=Americas [builder@localhost fdns]$ = set:qnGrzyfd3jHZqSZFS8l8ebHc4, libcrypto.so.3(OPENSSL_3.0.0)(64bit), libseccomp.so.2()(64bit) >= set:if7f4J0jiklXcvnd, libssl.so.3()(64bit) >= set:niBO2kc09mkc4KYpwhoW303K4Zu7NRYbJdVtHN8G4RkUpKaxnJZc, libssl.so.3(OPENSSL_3.0.0)(64bit), rtld(GNU_HASH) Requires(rpmlib): rpmlib(SetVersions) Finding debuginfo files (using /usr/lib/rpm/find-debuginfo-files) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.jxAKxT Creating fdns-debuginfo package Processing files: fdns-debuginfo-0.9.72-alt1 Finding Provides (using /usr/lib/rpm/find-provides) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.cpFtjQ find-provides: running scripts (debuginfo) Finding Requires (using /usr/lib/rpm/find-requires) Executing: /bin/sh -e /usr/src/tmp/rpm-tmp.ask5Fp find-requires: running scripts (debuginfo) Requires: fdns = 0.9.72-alt1, /usr/lib/debug/lib64/ld-linux-x86-64.so.2.debug, debug64(libc.so.6), debug64(libcrypto.so.3), debug64(libseccomp.so.2), debug64(libssl.so.3) Adding to fdns-debuginfo a strict dependency on fdns Wrote: /usr/src/RPM/RPMS/x86_64/fdns-0.9.72-alt1.x86_64.rpm (w2T16.xzdio) Wrote: /usr/src/RPM/RPMS/x86_64/fdns-debuginfo-0.9.72-alt1.x86_64.rpm (w2.lzdio) 5.14user 4.04system 0:14.97elapsed 61%CPU (0avgtext+0avgdata 66184maxresident)k 0inputs+0outputs (0major+601117minor)pagefaults 0swaps 5.25user 3.07system 0:34.25elapsed 24%CPU (0avgtext+0avgdata 135112maxresident)k 7808inputs+0outputs (0major+243764minor)pagefaults 0swaps --- fdns-0.9.72-alt1.x86_64.rpm.repo 2024-03-25 06:42:59.000000000 +0000 +++ fdns-0.9.72-alt1.x86_64.rpm.hasher 2024-08-22 03:05:12.345015692 +0000 @@ -10,5 +10,5 @@ /etc/fdns/servers.local 100644 root:root -/lib/systemd/system/fdns.service 100644 root:root /usr/bin/fdns 100755 root:root /usr/bin/nxdomain 100755 root:root +/usr/lib/systemd/system/fdns.service 100644 root:root /usr/share/bash-completion/completions/fdns 100644 root:root @@ -55,5 +55,5 @@ File: /etc/fdns/servers.local 100644 root:root 1d77a2d2ecc4ac5b43b42cda18ffb670 -File: /lib/systemd/system/fdns.service 100644 root:root 39e16dbfa974fbe9a39ec59d1651bd9a -File: /usr/bin/fdns 100755 root:root 3440b1c88144de375ca9dbf4570a7693 -File: /usr/bin/nxdomain 100755 root:root 4d0b18306201aeba9c55389fcdecb701 +File: /usr/bin/fdns 100755 root:root a073a19c1afa67e6e9b82360a88afaab +File: /usr/bin/nxdomain 100755 root:root 3fac83dfaf089210bad2441f87e902b7 +File: /usr/lib/systemd/system/fdns.service 100644 root:root 39e16dbfa974fbe9a39ec59d1651bd9a File: /usr/share/bash-completion/completions/fdns 100644 root:root 0823108aa87de1ac4d0c101994660229 @@ -69,2 +69,2 @@ File: /usr/share/man/man1/nxdomain.1.xz 100644 root:root ae55a8998367541e41bcbbf50bb7cbc3 -RPMIdentity: e0a6aa296e5c968516e845e9e888b0c7bbc03161d684399f52c64a67820f5e9f411a72b6ee65d534f2cc467689f24ffa776f7a7b36ec5b8acae081dcb77b74d1 +RPMIdentity: b6c5c3a5c7340ee0256c6cbd63762a876200eaf0493e39019cd37a940dd7539269a0aee09e8c4d9d1ad8da5d63ebe23780f034c80ec883905dd4fcd7042b53ed --- fdns-debuginfo-0.9.72-alt1.x86_64.rpm.repo 2024-03-25 06:42:59.000000000 +0000 +++ fdns-debuginfo-0.9.72-alt1.x86_64.rpm.hasher 2024-08-22 03:05:13.660034315 +0000 @@ -1,7 +1,7 @@ -/usr/lib/debug/.build-id/89 40755 root:root -/usr/lib/debug/.build-id/89/d2b2fd1328cb3ca5a12c5260f2409c7044c657 120777 root:root ../../../../bin/nxdomain -/usr/lib/debug/.build-id/89/d2b2fd1328cb3ca5a12c5260f2409c7044c657.debug 120777 root:root ../../usr/bin/nxdomain.debug -/usr/lib/debug/.build-id/bf 40755 root:root -/usr/lib/debug/.build-id/bf/daf33bb040e0eaa11276e750f5d1d33cf48a22 120777 root:root ../../../../bin/fdns -/usr/lib/debug/.build-id/bf/daf33bb040e0eaa11276e750f5d1d33cf48a22.debug 120777 root:root ../../usr/bin/fdns.debug +/usr/lib/debug/.build-id/10 40755 root:root +/usr/lib/debug/.build-id/10/ebd5cdfd62e67dbcc3c4b3d4fb9543ef3c1c19 120777 root:root ../../../../bin/fdns +/usr/lib/debug/.build-id/10/ebd5cdfd62e67dbcc3c4b3d4fb9543ef3c1c19.debug 120777 root:root ../../usr/bin/fdns.debug +/usr/lib/debug/.build-id/38 40755 root:root +/usr/lib/debug/.build-id/38/736eef8ac5acd0412547641c41ff76853629ce 120777 root:root ../../../../bin/nxdomain +/usr/lib/debug/.build-id/38/736eef8ac5acd0412547641c41ff76853629ce.debug 120777 root:root ../../usr/bin/nxdomain.debug /usr/lib/debug/usr/bin/fdns.debug 100644 root:root @@ -51,10 +51,10 @@ Provides: fdns-debuginfo = 0.9.72-alt1:sisyphus+342503.1.8.1 -File: /usr/lib/debug/.build-id/89 40755 root:root -File: /usr/lib/debug/.build-id/89/d2b2fd1328cb3ca5a12c5260f2409c7044c657 120777 root:root ../../../../bin/nxdomain -File: /usr/lib/debug/.build-id/89/d2b2fd1328cb3ca5a12c5260f2409c7044c657.debug 120777 root:root ../../usr/bin/nxdomain.debug -File: /usr/lib/debug/.build-id/bf 40755 root:root -File: /usr/lib/debug/.build-id/bf/daf33bb040e0eaa11276e750f5d1d33cf48a22 120777 root:root ../../../../bin/fdns -File: /usr/lib/debug/.build-id/bf/daf33bb040e0eaa11276e750f5d1d33cf48a22.debug 120777 root:root ../../usr/bin/fdns.debug -File: /usr/lib/debug/usr/bin/fdns.debug 100644 root:root 3b9f087c252ae16eede7a0d722fd7a62 -File: /usr/lib/debug/usr/bin/nxdomain.debug 100644 root:root a5c3c5d470dbe30c8a459c7a57f976e8 +File: /usr/lib/debug/.build-id/10 40755 root:root +File: /usr/lib/debug/.build-id/10/ebd5cdfd62e67dbcc3c4b3d4fb9543ef3c1c19 120777 root:root ../../../../bin/fdns +File: /usr/lib/debug/.build-id/10/ebd5cdfd62e67dbcc3c4b3d4fb9543ef3c1c19.debug 120777 root:root ../../usr/bin/fdns.debug +File: /usr/lib/debug/.build-id/38 40755 root:root +File: /usr/lib/debug/.build-id/38/736eef8ac5acd0412547641c41ff76853629ce 120777 root:root ../../../../bin/nxdomain +File: /usr/lib/debug/.build-id/38/736eef8ac5acd0412547641c41ff76853629ce.debug 120777 root:root ../../usr/bin/nxdomain.debug +File: /usr/lib/debug/usr/bin/fdns.debug 100644 root:root 5c16c926247c5e3d205e620905275124 +File: /usr/lib/debug/usr/bin/nxdomain.debug 100644 root:root adbd958d1bd585c5e6c7d1e384e39204 File: /usr/src/debug/fdns-0.9.72 40755 root:root @@ -94,2 +94,2 @@ File: /usr/src/debug/fdns-0.9.72/src/nxdomain/resolver.c 100644 root:root 6fba9990c7eaff72304bbf67b64f8b08 -RPMIdentity: 35ba772043468ff413704e987355507b5fff2531685f527947977ffc89ca519e1fad6113db0a51ae5222e2c8dafc8f6dd5326d5fce224095a55df00e72d8bce7 +RPMIdentity: 0d46c77f60563bf81c06c3de5745927239d1137b6da30b049174722110a61ed38ffc3e85a9b8c257e6196cba2688392ff0480d65244465edb74b0f6e9bd97c17