Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy: Travis: use Ubuntu Bionic so we don't have to compile libsodium Downcase wiki Handle clientsCount in the local DoH handler, too Remove beta Bump deps Fix typo Bump whitelist Add some extra blacklists
This commit is contained in:
commit
4d0c5ad569
16
.travis.yml
16
.travis.yml
|
@ -1,9 +1,17 @@
|
|||
dist: bionic
|
||||
|
||||
language: go
|
||||
os:
|
||||
- linux
|
||||
go:
|
||||
- 1.x
|
||||
|
||||
before_install:
|
||||
- sudo apt-get -y install libsodium
|
||||
addons:
|
||||
apt:
|
||||
update: true
|
||||
|
||||
script:
|
||||
- gimme --list
|
||||
- echo $TRAVIS_GO_VERSION
|
||||
|
@ -216,14 +224,6 @@ deploy:
|
|||
tags: true
|
||||
|
||||
before_deploy:
|
||||
- mkdir -p /tmp/bin /tmp/lib /tmp/include
|
||||
- export LD_LIBRARY_PATH=/tmp/lib:LD_LIBRARY_PATH
|
||||
- export PATH=/tmp/bin:$PATH
|
||||
- git clone --depth 1 https://github.com/jedisct1/libsodium.git --branch=stable
|
||||
- cd libsodium
|
||||
- env ./configure --disable-dependency-tracking --prefix=/tmp
|
||||
- make -j$(nproc) install
|
||||
- cd -
|
||||
- git clone --depth 1 https://github.com/jedisct1/minisign.git
|
||||
- cd minisign/src
|
||||
- gcc -O2 -o /tmp/bin/minisign -I/tmp/include -L/tmp/lib *.c -lsodium
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
* Version 2.0.34 (not released yet)
|
||||
* Version 2.0.34
|
||||
- Blacklisted names are now also blocked if they appear in `CNAME`
|
||||
pointers.
|
||||
- `dnscrypt-proxy` can now act as a local DoH *server*. Firefox can
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://dnscrypt.info/protocol), [DNS-over-HTTPS](https://www.rfc-editor.org/rfc/rfc8484.txt) and [Anonymized DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/ANONYMIZED-DNSCRYPT.txt).
|
||||
|
||||
* [dnscrypt-proxy documentation](https://dnscrypt.info/doc) – This project's documentation (Wiki)
|
||||
* [dnscrypt-proxy documentation](https://dnscrypt.info/doc) – This project's documentation (wiki)
|
||||
* [DNSCrypt project home page](https://dnscrypt.info/)
|
||||
* [DNS-over-HTTPS and DNSCrypt resolvers](https://dnscrypt.info/public-servers)
|
||||
* [Server and client implementations](https://dnscrypt.info/implementations)
|
||||
|
|
|
@ -364,7 +364,7 @@ cache_neg_max_ttl = 600
|
|||
|
||||
|
||||
## Certificate file and key - Note that the certificate has to be trusted.
|
||||
## See the documentatio (wiki) for more information.
|
||||
## See the documentation (wiki) for more information.
|
||||
|
||||
# cert_file = "localhost.pem"
|
||||
# cert_key_file = "localhost.pem"
|
||||
|
|
|
@ -18,6 +18,11 @@ type localDoHHandler struct {
|
|||
|
||||
func (handler localDoHHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
|
||||
proxy := handler.proxy
|
||||
if !proxy.clientsCountInc() {
|
||||
dlog.Warnf("Too many incoming connections (max=%d)", proxy.maxClients)
|
||||
return
|
||||
}
|
||||
defer proxy.clientsCountDec()
|
||||
dataType := "application/dns-message"
|
||||
writer.Header().Set("Server", "dnscrypt-proxy")
|
||||
if request.URL.Path != proxy.localDoHPath {
|
||||
|
|
|
@ -15,7 +15,7 @@ import (
|
|||
)
|
||||
|
||||
const (
|
||||
AppVersion = "2.0.34-beta.1"
|
||||
AppVersion = "2.0.34"
|
||||
DefaultConfigFileName = "dnscrypt-proxy.toml"
|
||||
)
|
||||
|
||||
|
|
|
@ -264,7 +264,7 @@ func (proxy *Proxy) udpListener(clientPc *net.UDPConn) {
|
|||
go func() {
|
||||
start := time.Now()
|
||||
if !proxy.clientsCountInc() {
|
||||
dlog.Warnf("Too many connections (max=%d)", proxy.maxClients)
|
||||
dlog.Warnf("Too many incoming connections (max=%d)", proxy.maxClients)
|
||||
return
|
||||
}
|
||||
defer proxy.clientsCountDec()
|
||||
|
@ -294,7 +294,7 @@ func (proxy *Proxy) tcpListener(acceptPc *net.TCPListener) {
|
|||
start := time.Now()
|
||||
defer clientPc.Close()
|
||||
if !proxy.clientsCountInc() {
|
||||
dlog.Warnf("Too many connections (max=%d)", proxy.maxClients)
|
||||
dlog.Warnf("Too many incoming connections (max=%d)", proxy.maxClients)
|
||||
return
|
||||
}
|
||||
defer proxy.clientsCountDec()
|
||||
|
|
2
go.mod
2
go.mod
|
@ -21,7 +21,7 @@ require (
|
|||
github.com/kardianos/service v1.0.1-0.20191017145738-4df36c9fc1c6
|
||||
github.com/miekg/dns v1.1.22
|
||||
github.com/powerman/check v1.2.1
|
||||
golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1
|
||||
golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e
|
||||
golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933
|
||||
golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9
|
||||
gopkg.in/natefinch/lumberjack.v2 v2.0.0
|
||||
|
|
4
go.sum
4
go.sum
|
@ -62,8 +62,8 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9
|
|||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20190909091759-094676da4a83/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
|
||||
golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1 h1:anGSYQpPhQwXlwsu5wmfq0nWkCNaMEMUwAv13Y92hd8=
|
||||
golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e h1:egKlR8l7Nu9vHGWbcUV8lqR4987UfUbBd7GbhqGzNYU=
|
||||
golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
##################################################################################
|
||||
# #
|
||||
# Generate a black list of domains using public data sources, and the local #
|
||||
|
@ -93,6 +92,15 @@ https://someonewhocares.org/hosts/hosts
|
|||
# NoTracking's list - blocking ads, trackers and other online garbage
|
||||
https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt
|
||||
|
||||
# NextDNS CNAME cloaking list
|
||||
https://raw.githubusercontent.com/nextdns/cname-cloaking-blocklist/master/domains
|
||||
|
||||
# Minimal Hosts
|
||||
https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts
|
||||
|
||||
# AdGuard Simplified Domain Names filter
|
||||
https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
|
||||
|
||||
# CoinBlockerLists: blocks websites serving cryptocurrency miners - https://gitlab.com/ZeroDot1/CoinBlockerLists/ - Contains false positives
|
||||
# https://gitlab.com/ZeroDot1/CoinBlockerLists/raw/master/list_browser.txt
|
||||
|
||||
|
@ -105,12 +113,32 @@ https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt
|
|||
# Quidsup Malware Blocklist - Contains too many false positives to be enabled by default
|
||||
# https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt
|
||||
|
||||
# AntiSocial Blacklist is an extensive collection of potentially malicious domains
|
||||
# https://theantisocialengineer.com/AntiSocial_Blacklist_Community_V1.txt
|
||||
|
||||
# Steven Black hosts file
|
||||
# https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
|
||||
|
||||
# A list of adserving and tracking sites maintained by @anudeepND
|
||||
# https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
|
||||
|
||||
# Anudeep's Blacklist (CoinMiner) - Blocks cryptojacking sites
|
||||
# https://raw.githubusercontent.com/anudeepND/blacklist/master/CoinMiner.txt
|
||||
|
||||
# Block Spotify ads
|
||||
# https://raw.githubusercontent.com/CHEF-KOCH/Spotify-Ad-free/master/filter/Spotify-HOSTS.txt
|
||||
|
||||
# Energized Ultimate
|
||||
# https://raw.githubusercontent.com/EnergizedProtection/block/master/ultimate/formats/domains.txt
|
||||
|
||||
# Dynamic DNS services, sadly often used by malware
|
||||
# https://mirror1.malwaredomains.com/files/dynamic_dns.txt
|
||||
|
||||
# Block pornography
|
||||
# https://raw.githubusercontent.com/Clefspeare13/pornhosts/master/0.0.0.0/hosts
|
||||
# https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/pornography-hosts
|
||||
# https://raw.githubusercontent.com/cbuijs/shallalist/master/porn/domains
|
||||
# https://raw.githubusercontent.com/olbat/ut1-blacklists/master/blacklists/adult/domains
|
||||
|
||||
# Block gambling sites
|
||||
# https://raw.githubusercontent.com/Sinfonietta/hostfiles/master/gambling-hosts
|
||||
|
|
|
@ -1,15 +1,21 @@
|
|||
163.com
|
||||
a-msedge.net
|
||||
amazon.com
|
||||
app.link
|
||||
appsflyer.com
|
||||
azurewebsites.net
|
||||
cdn.optimizely.com
|
||||
cdnetworks.com
|
||||
cdninstagram.com
|
||||
cloudapp.net
|
||||
download.dnscrypt.info
|
||||
edgekey.net
|
||||
elasticbeanstalk.com
|
||||
github.com
|
||||
github.io
|
||||
raw.githubusercontent.com
|
||||
googleadservices.com
|
||||
gvt1.com
|
||||
gvt2.com
|
||||
invalid
|
||||
j.mp
|
||||
l-msedge.net
|
||||
|
@ -19,11 +25,14 @@ localdomain
|
|||
microsoft.com
|
||||
msedge.net
|
||||
nsatc.net
|
||||
ocsp.apple.com
|
||||
ovh.net
|
||||
polyfill.io
|
||||
pusher.com
|
||||
pusherapp.com
|
||||
raw.githubusercontent.com
|
||||
revinate.com
|
||||
s.youtube.com
|
||||
spotify.com
|
||||
tagcommander.com
|
||||
windows.net
|
||||
|
|
|
@ -52,7 +52,7 @@ github.com/powerman/check
|
|||
# github.com/smartystreets/goconvey v1.6.4
|
||||
github.com/smartystreets/goconvey/convey/gotest
|
||||
github.com/smartystreets/goconvey/convey/reporting
|
||||
# golang.org/x/crypto v0.0.0-20191128160524-b544559bb6d1
|
||||
# golang.org/x/crypto v0.0.0-20191202143827-86a70503ff7e
|
||||
golang.org/x/crypto/curve25519
|
||||
golang.org/x/crypto/ed25519
|
||||
golang.org/x/crypto/ed25519/internal/edwards25519
|
||||
|
|
Loading…
Reference in New Issue