From 8f5146f61006a3b49a941ce3056b0103cdc625af Mon Sep 17 00:00:00 2001 From: Andrei Hodorog Date: Fri, 23 Jan 2026 05:42:18 +0000 Subject: [PATCH] dns/dnscrypt-proxy: fix bootstrap_resolvers with multiple comma-separated servers When multiple bootstrap resolvers are configured in the "Fallback Resolver" field (e.g., "1.1.1.1:53,9.9.9.9:53"), the generated config incorrectly places the comma inside a single string: bootstrap_resolvers = ['1.1.1.1:53,9.9.9.9:53'] This causes dnscrypt-proxy to fail with: [FATAL] Bootstrap resolver [...]: Host does not parse as IP '1.1.1.1:53,9.9.9.9:53' The fix applies the same split/join pattern already used for listen_addresses, server_names, disabled_server_names, and relaylist in the same template: bootstrap_resolvers = ['1.1.1.1:53','9.9.9.9:53'] This bug was introduced in commit 1eec51a65 which renamed fallback_resolver to bootstrap_resolvers but did not update the template syntax from a single string to a TOML array format. --- .../templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml index 84d98ff086..d4824427cd 100644 --- a/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml +++ b/dns/dnscrypt-proxy/src/opnsense/service/templates/OPNsense/Dnscryptproxy/dnscrypt-proxy.toml @@ -95,7 +95,7 @@ tls_disable_session_tickets = true tls_disable_session_tickets = false {% endif %} -bootstrap_resolvers = ['{{ OPNsense.dnscryptproxy.general.fallback_resolver }}'] +bootstrap_resolvers = [{{ "'" + ("','".join(OPNsense.dnscryptproxy.general.fallback_resolver.split(','))) + "'" }}] {% if helpers.exists('OPNsense.dnscryptproxy.general.ignore_system_dns') and OPNsense.dnscryptproxy.general.ignore_system_dns == '1' %} ignore_system_dns = true