miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,111 Commits 7 Branches 89 Tags 57 MiB
Commit Graph

22 Commits

Author SHA1 Message Date
Frank Denis 0f1e3b4ba8 error check all the rand.Read() calls 2023-06-06 09:16:44 +02:00
Frank Denis 03c6f92a5f Use crypto_rand() everywhere 2023-02-24 16:20:39 +01:00
lifenjoiner 568f54fabb
Reduce comparisons (#2148) 2022-07-08 14:11:51 +02:00
Frank Denis df3fb0c9f8 Keep lines short 
$ golines -w -m 120 --shorten-comments .
 2022-03-23 17:48:48 +01:00
Frank Denis 7f46f4820c Don't use distinct pointers for UDP and TCP relay addresses 2020-12-12 21:18:32 +01:00
Frank Denis 8b72e58656 Make key exchange behaviors consistent 2020-09-21 02:14:17 +02:00
Frank Denis 74095d38ed Remove LargerResponsesDropped 
dnsdist drops DNSCrypt queries shorter than 256 bytes, interpreting them
as not being encrypted instead. This is surprising when doing ad-hoc
testing, but absolutely fine, and we will never send shorter encrypted
queries on normal circumstances.

So, remove a useless knob.
 2020-03-26 17:20:34 +01:00
Frank Denis b3fbc2304d All dnsdist servers exhibit the same behavior re: sending truncated responses 
A 128 bytes query will not get a 200 bytes response (randomly tested on
3.tlu.dl.delivery.mp.microsoft.com), not even a truncated one.

It may be related to fragments being blocked on the server socket, or a
different issue. We can expect everything to be back to normal in dnsdist
1.5.0 no matter what.
 2020-03-26 15:19:17 +01:00
Frank Denis 7424f1a8b7 Try harder to work around Cisco and Quad9 bugs 2020-03-25 20:10:11 +01:00
Frank Denis 81c8d68462 Pad queries to 1472 bytes for implementations with broken padding 
Quad9 doesn't return TC when responses are larger than the question;
it doesn't return anything instead :(
 2020-03-25 18:06:02 +01:00
Frank Denis 230a66ea73 Add an extra byte to the padded length 
Fixes resolution of livegorouter.trafficmanager.net via Cisco
 2019-11-18 12:50:19 +01:00
Frank Denis 15b405b552 Support workarounds for ancient/broken implementations 
Fixes #984
 2019-11-16 18:51:16 +01:00
Frank Denis 661477bf09 Note 2019-10-20 01:35:27 +02:00
Frank Denis 55c6cb6c79 Crude fix for #961 2019-10-15 00:47:05 +02:00
Frank Denis 1a06806477 Revert "Use CIRCL for X25519. That makes ephemeral key computation faster." 
This reverts commit 5d130cdf0b.

Revert "Kill nacl/box"

This reverts commit dd9cf5cc9a.
 2019-09-09 17:43:30 +02:00
Frank Denis dd9cf5cc9a Kill nacl/box 2019-06-24 19:13:34 +02:00
Frank Denis 5d130cdf0b Use CIRCL for X25519. That makes ephemeral key computation faster. 2019-06-24 14:17:00 +02:00
Frank Denis 30f2a4fd6b Misc fixes 
- Set LBEstimator to true by default
- Shuffle the servers list at startup
- Add the server name to the query log
 2019-06-03 16:49:06 +02:00
Frank Denis ca80b69b3a Re-implement ephemeral keys for DNSCrypt 2018-04-09 03:12:34 +02:00
Frank Denis 9eeb799d6e Many improvements 2018-01-10 16:01:29 +01:00
Frank Denis d8f8d561c8 Synthesize a truncated response if the response wouldn't fit the local MSS 2018-01-10 02:52:09 +01:00
Frank Denis 841bf65d61 Reorganize 2018-01-09 18:32:14 +01:00