Frank Denis
0f1e3b4ba8
error check all the rand.Read() calls
2023-06-06 09:16:44 +02:00
Frank Denis
03c6f92a5f
Use crypto_rand() everywhere
2023-02-24 16:20:39 +01:00
lifenjoiner
568f54fabb
Reduce comparisons ( #2148 )
2022-07-08 14:11:51 +02:00
Frank Denis
df3fb0c9f8
Keep lines short
...
$ golines -w -m 120 --shorten-comments .
2022-03-23 17:48:48 +01:00
Frank Denis
7f46f4820c
Don't use distinct pointers for UDP and TCP relay addresses
2020-12-12 21:18:32 +01:00
Frank Denis
8b72e58656
Make key exchange behaviors consistent
2020-09-21 02:14:17 +02:00
Frank Denis
74095d38ed
Remove LargerResponsesDropped
...
dnsdist drops DNSCrypt queries shorter than 256 bytes, interpreting them
as not being encrypted instead. This is surprising when doing ad-hoc
testing, but absolutely fine, and we will never send shorter encrypted
queries on normal circumstances.
So, remove a useless knob.
2020-03-26 17:20:34 +01:00
Frank Denis
b3fbc2304d
All dnsdist servers exhibit the same behavior re: sending truncated responses
...
A 128 bytes query will not get a 200 bytes response (randomly tested on
3.tlu.dl.delivery.mp.microsoft.com), not even a truncated one.
It may be related to fragments being blocked on the server socket, or a
different issue. We can expect everything to be back to normal in dnsdist
1.5.0 no matter what.
2020-03-26 15:19:17 +01:00
Frank Denis
7424f1a8b7
Try harder to work around Cisco and Quad9 bugs
2020-03-25 20:10:11 +01:00
Frank Denis
81c8d68462
Pad queries to 1472 bytes for implementations with broken padding
...
Quad9 doesn't return TC when responses are larger than the question;
it doesn't return anything instead :(
2020-03-25 18:06:02 +01:00
Frank Denis
230a66ea73
Add an extra byte to the padded length
...
Fixes resolution of livegorouter.trafficmanager.net via Cisco
2019-11-18 12:50:19 +01:00
Frank Denis
15b405b552
Support workarounds for ancient/broken implementations
...
Fixes #984
2019-11-16 18:51:16 +01:00
Frank Denis
661477bf09
Note
2019-10-20 01:35:27 +02:00
Frank Denis
55c6cb6c79
Crude fix for #961
2019-10-15 00:47:05 +02:00
Frank Denis
1a06806477
Revert "Use CIRCL for X25519. That makes ephemeral key computation faster."
...
This reverts commit 5d130cdf0b
.
Revert "Kill nacl/box"
This reverts commit dd9cf5cc9a
.
2019-09-09 17:43:30 +02:00
Frank Denis
dd9cf5cc9a
Kill nacl/box
2019-06-24 19:13:34 +02:00
Frank Denis
5d130cdf0b
Use CIRCL for X25519. That makes ephemeral key computation faster.
2019-06-24 14:17:00 +02:00
Frank Denis
30f2a4fd6b
Misc fixes
...
- Set LBEstimator to true by default
- Shuffle the servers list at startup
- Add the server name to the query log
2019-06-03 16:49:06 +02:00
Frank Denis
ca80b69b3a
Re-implement ephemeral keys for DNSCrypt
2018-04-09 03:12:34 +02:00
Frank Denis
9eeb799d6e
Many improvements
2018-01-10 16:01:29 +01:00
Frank Denis
d8f8d561c8
Synthesize a truncated response if the response wouldn't fit the local MSS
2018-01-10 02:52:09 +01:00
Frank Denis
841bf65d61
Reorganize
2018-01-09 18:32:14 +01:00