dns/dnscrypt-proxy: fix bootstrap_resolvers with multiple comma-separated servers#5163
Open
hodorogandrei wants to merge 1 commit intoopnsense:masterfrom
Open
Conversation
…ated servers When multiple bootstrap resolvers are configured in the "Fallback Resolver" field (e.g., "1.1.1.1:53,9.9.9.9:53"), the generated config incorrectly places the comma inside a single string: bootstrap_resolvers = ['1.1.1.1:53,9.9.9.9:53'] This causes dnscrypt-proxy to fail with: [FATAL] Bootstrap resolver [...]: Host does not parse as IP '1.1.1.1:53,9.9.9.9:53' The fix applies the same split/join pattern already used for listen_addresses, server_names, disabled_server_names, and relaylist in the same template: bootstrap_resolvers = ['1.1.1.1:53','9.9.9.9:53'] This bug was introduced in commit 1eec51a which renamed fallback_resolver to bootstrap_resolvers but did not update the template syntax from a single string to a TOML array format.
3 tasks
fichtner
reviewed
Jan 23, 2026
| {% endif %} | ||
|
|
||
| bootstrap_resolvers = ['{{ OPNsense.dnscryptproxy.general.fallback_resolver }}'] | ||
| bootstrap_resolvers = [{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.fallback_resolver.split(','))) + "'" }}] |
Member
There was a problem hiding this comment.
can we do this to keep closer to the original and move join to the end?
Suggested change
| bootstrap_resolvers = [{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.fallback_resolver.split(','))) + "'" }}] | |
| bootstrap_resolvers = ['{{ OPNsense.dnscryptproxy.general.fallback_resolver.split(',') | join("','") }}'] |
Author
There was a problem hiding this comment.
@fichtner Thank you for the suggestion! 🙏 The Jinja2 filter syntax is indeed more readable and idiomatic:
bootstrap_resolvers = ['{{ OPNsense.dnscryptproxy.general.fallback_resolver.split(',') | join("','") }}']However, I intentionally matched the existing pattern used elsewhere in this template for consistency.
Line 4:
server_names = [{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.serverlist.split(','))) + "'" }}]Line 8:
disabled_server_names = [{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.disabled_serverlist.split(','))) + "'" }}]Line 12:
listen_addresses = [{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.listen_addresses.split(','))) + "'" }}]Line 192:
via=[{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.relaylist.split(','))) + "'" }}]Options (I'm happy to go either way):
-
Option A — Keep current syntax for consistency with existing code
-
Option B — Use the suggested Jinja2 filter syntax and update all occurrences (lines 4, 8, 12, 98, 192) to standardise
NOTE: If you prefer Option B, I can submit a follow-up commit refactoring all five occurrences to the cleaner filter syntax.
Please let me know your preference!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR aims to address #5162
Problem
When multiple bootstrap resolvers are configured in the "Fallback Resolver" field (e.g.,
1.1.1.1:53,9.9.9.9:53), the template generates invalid TOML:This causes dnscrypt-proxy to fail to start with:
[FATAL] Bootstrap resolver [...]: Host does not parse as IP '1.1.1.1:53,9.9.9.9:53'Root Cause
This bug seems to have been introduced introduced in commit 1eec51a which renamed
fallback_resolver(a single string) tobootstrap_resolvers(a TOML array) but did not update the template syntax.Solution
Applied the same split/join pattern already used for
listen_addresses,server_names,disabled_server_names, andrelaylistin the same template file.Testing
Tested on OPNsense 25.7.10 with os-dnscrypt-proxy 1.16 - dnscrypt-proxy starts successfully with multiple bootstrap resolvers.