dnscrypt-proxy/ChangeLog

89 lines
4.0 KiB
Plaintext
Raw Normal View History

2018-02-19 18:42:29 +01:00
2018-04-07 23:14:15 +02:00
* Version 2.0.9
- Whitelists have been implemented: one a name matches a pattern in
the whitelist, rules from the name-based and IP-based blacklists will
be bypassed. Whitelists support the same patterns as blacklists, as
well as time-based rules, so that some website can be normally
blocked, but accessible on specific days or times of the day.
- Lists are now faster to load, and large lists require significantly
less memory than before.
- New options have been added to disable TLS session tickets as well
as use a specific cipher suite. See the example configuration file for
a recommended configuration to speed up DoH servers on ARM such as
Android devices and Raspberry Pi.
- The `-service install` command now remembers what the current
directory was when the service was installed, in order to later load
configuration files with relative paths.
- DoH: The "Cache-Control: max-age" header is now ignored.
2018-04-09 13:27:02 +02:00
- Patterns can now be prefixed with `=` to do exact matching:
`=example.com` matches `example.com` but will not match `www.example.com`.
- Patterns are now fully supported by the cloaking module.
- A new option was added to use a specific cipher suite instead of
the server's provided one. Using RSA+ChaChaPoly over ECDSA+AES-GCM has
shown to decrease CPU usage and latency when connecting to Cloudflare,
especially on Mips and ARM systems.
- The ephemeral keys mode of dnscrypt-proxy v1.x was reimplemented: this
creates a new unique key for every single query.
2018-04-07 23:14:15 +02:00
2018-03-28 14:46:20 +02:00
* Version 2.0.8
- Multiple URLs can be defined for a source in order to improve
resiliency when servers are temporarily unreachable.
- Connections over IPv6 will be preferred over IPv4 for DoH servers
when using a fallback resolver if `ipv6_servers` is set.
- Improvements have been made to the example systemd configuration
files.
- The chacha20 implementation was updated to possibly fix a bug on
Android/x86.
- `generate-domains-blacklist.py` can now parse dnsmasq-style rules.
- FreeBSD/arm builds have been added.
- `dnscrypt-proxy -list -json` and `-list-all -json` now include the
remove servers names and IP addresses.
2018-03-18 17:21:36 +01:00
* Version 2.0.7
- Bug fix: optional ports were not properly parsed with IPv6
addresses -- thanks to @bleeee for the report and fix.
- Bug fix: truncate TCP queries to the prefixed length.
- Certificates are force-refreshed after a time jump (e.g. when a
system resumes from hibernation).
2018-03-02 10:39:02 +01:00
* Version 2.0.6
- Automatic log files rotation was finally implemented.
- A new -pidfile command-line option to write the PID file was added.
2018-02-27 09:51:26 +01:00
* Version 2.0.5
- Fixes a crash occasionally happening when using DoH servers, with
stamps not containing any IP addresses, a DNSSEC-signed name, a
non-working system DNS configuration, and a fallback server supporting
DNSSEC.
2018-02-23 17:08:13 +01:00
* Version 2.0.4
- Fixes a regression with truncated packets. Thanks to @mazesy and
@the-w1nd for spotting a case triggering this!
2018-02-22 23:55:03 +01:00
* Version 2.0.3
- Load balancing: resolvers that respond promptly, but with bogus
responses are now gradually removed from the preferred pool.
- Due to popular request, Android binaries are now available! Thanks
to @sporif for his help on getting these built.
2018-02-23 02:18:47 +01:00
- Binaries are built using Go 1.10-final.
2018-02-22 23:55:03 +01:00
2018-02-21 00:23:11 +01:00
* Version 2.0.2
- Properly error out on FreeBSD and other platforms where built-in
service installation is not supported yet.
- Improved load-balancing algorithm, which should result in lower
latency.
2018-02-19 18:42:29 +01:00
* Version 2.0.1
- Cached source data were not redownloaded if the proxy was used
without interruption. This has been fixed.
2018-02-19 19:26:53 +01:00
- If the network is down at startup time, fall back to cached source
data, even if is it out of date, and schedule an immediate update
after the networks is back.
2018-02-19 18:42:29 +01:00
- RTT estimation for DNS-over-HTTP/2 servers was off. This has been
fixed.
- The generate-domains-blacklist script now has a configurable
timeout value, and can produce time-based rules.
- The timeout parameter in the example configuration file didn't had
the correct name; this has been fixed.
- Cache: TTLs are now decreasing.