Frank Denis
5dc66adaa9
Move disabled_server_names down
2019-02-23 14:55:23 +01:00
Frank Denis
c10fbb2aa7
+ disabled_server_names
...
Fixes #735
2019-02-23 14:54:22 +01:00
Frank Denis
2aa0b7d6a7
Add `refused_code_in_responses` to the example.
...
Fixes #738
2019-02-23 12:34:59 +01:00
Frank Denis
c52b3ef124
Bump the netprobe timeout up to 60 seconds
2018-11-22 17:24:41 +01:00
Frank Denis
2e147364e9
Add support for HTTP/HTTPS proxies
...
Fixes #638
2018-11-15 18:47:33 +01:00
iiic
4fe62bc7cc
@typo in example-dnscrypt-proxy.toml ( #628 )
...
This can be can be useful… -> This can be useful…
2018-10-29 14:16:02 +01:00
Frank Denis
dda3ca1ea3
Add dash
2018-10-10 19:38:24 +02:00
Frank Denis
4e9397d83e
Revert "Remove Quad9 example until they remove prefixes"
...
This reverts commit 5cb7d8df35
.
2018-10-10 16:32:39 +02:00
Frank Denis
bfca70000e
A note about pidfile
2018-10-03 18:17:39 +02:00
Frank Denis
5cb7d8df35
Remove Quad9 example until they remove prefixes
2018-10-03 16:36:23 +02:00
Frank Denis
9f1be6e079
killChild() is not needed any more; update config example by the way
2018-10-03 16:35:59 +02:00
Frank Denis
1019428ca0
username -> user_name
...
in case we want to add user_group and whatnot.
Remove the command-line option as it hides the caveats documented
in the configuration file.
Remove TODO. TODO statements always remain in that state forever.
2018-07-07 17:39:33 +02:00
Frank Denis
6cb43f8e4d
Of course, dropping privileges breaks with systemd sockets
2018-07-07 15:21:21 +00:00
Frank Denis
9345958d16
Better description of what username does
2018-07-05 18:12:46 +02:00
Frank Denis
c73e95256d
Implement an offline mode
...
Fixes #528
2018-07-05 18:05:24 +02:00
John Spurlock
74093a65a2
Quick typo fix in example config. ( #511 )
2018-06-20 00:55:28 +02:00
Sebastian Schmidt
8f2972845d
Note that Windows doesn't support username option ( #494 )
2018-06-14 09:35:13 +02:00
Frank Denis
fe0aa52fba
Make description more accessible in the example configuration file
...
Also don't enable this by default, as "nobody" may not exist everywhere
2018-06-13 16:54:57 +02:00
Sebastian Schmidt
aab7e6380f
Drop privileges with exec ( #467 )
...
* Drop privileges with exec and SysProcAttr
* Fix windows build
* Fix passing logfile fd
2018-06-13 16:52:41 +02:00
Frank Denis
ae54a7aafc
Revert "Do not mention systemd activation until #480 is solved"
...
This reverts commit 066345123b
.
2018-06-13 16:49:57 +02:00
Frank Denis
066345123b
Do not mention systemd activation until #480 is solved
2018-06-08 06:35:47 +02:00
Frank Denis
0166f21b27
Add built-in support for Tor
2018-06-06 15:54:51 +02:00
Frank Denis
7774d9cf05
Avoid long lines
2018-05-10 22:19:04 +02:00
Frank Denis
6f047e07b8
Bump
2018-05-10 22:17:57 +02:00
Frank Denis
ce62981c44
Wait for network connectivity before starting the proxy
2018-05-10 21:59:25 +02:00
Frank Denis
cdf5b9ce6b
IPv6 issues on macOS should be gone
2018-05-10 10:46:11 +02:00
Frank Denis
7f999f59e1
Recommend against disable_ipv6 when using chained caches
...
Fixes #398
2018-04-27 16:20:24 +02:00
Frank Denis
dd878d4c60
Clarify that UDP is no less secure than TCP
2018-04-20 23:17:48 +02:00
Frank Denis
b1447160a0
Add cache_neg_min_ttl and cache_neg_max_ttl
2018-04-17 00:24:49 +02:00
Frank Denis
0f349c793e
Clarify
...
Fixes #356
2018-04-16 22:24:45 +02:00
Frank Denis
ace955fd9f
More accurate description
2018-04-16 02:25:59 +02:00
Frank Denis
c33ebd229b
Avoid empty examples files
...
Fixes #348
Keep the ciphers list commented out by default to be safe
2018-04-11 14:03:25 +02:00
Frank Denis
6b3212d3d7
Note that the cipher suite also affects source retrieval
2018-04-11 11:42:10 +02:00
Frank Denis
3d34027aeb
Double the example cache size
2018-04-10 13:23:51 +02:00
Frank Denis
40d492f93a
Go has only X25519 optimized for x86_64
2018-04-10 11:28:59 +02:00
Zhuoyun Wei
6d2330eaf0
Minor typo fixes in config files ( #338 )
2018-04-10 09:06:19 +02:00
Frank Denis
8bebb50d49
Nits
2018-04-09 23:58:36 +02:00
Frank Denis
7d10628a5f
New syntax for blocking/whitelisting rules: exact matching
...
Example: =example.com
Matches `example.com` but not `api.example.com`
2018-04-09 13:02:42 +02:00
Frank Denis
de6a8d230e
Use PolyChaCha, but more importantly, RSA by default
...
Even on non-ARM systems, this makes a difference in CPU usage/latency
2018-04-09 12:45:42 +02:00
Frank Denis
ca80b69b3a
Re-implement ephemeral keys for DNSCrypt
2018-04-09 03:12:34 +02:00
Frank Denis
70dca19326
Clarify
2018-04-09 02:57:30 +02:00
Frank Denis
10baa245b2
Clarify
2018-04-07 23:27:57 +02:00
Frank Denis
517538bdb2
Less ###
2018-04-07 23:05:29 +02:00
Frank Denis
65e6b8569e
Implement whitelists
...
Fixes #293
2018-04-07 23:02:40 +02:00
Frank Denis
dee7960be6
Bump keepalive up
2018-04-07 22:26:46 +02:00
Frank Denis
1fa3e5d7f3
Add options to set the cipher suite as well as disable session tickets
2018-04-07 22:23:29 +02:00
Frank Denis
d4367393c4
Add some links
2018-04-02 01:55:22 +02:00
Frank Denis
308ffff739
Make the keepalive configurable
...
Fixes #300
2018-04-02 01:49:09 +02:00
Frank Denis
2dcf5fe01a
Skip the signature in the example Google stamp
...
Example configuration files are updated less often than sources
2018-04-01 03:50:10 +02:00
Frank Denis
d812a9bdc3
Revert to 9.9.9.9 as the example fallback resolver
...
Just in case some networks do stupid things with 1.1.1.1 already.
2018-03-30 22:24:19 +02:00
Frank Denis
a2160189af
Welcome to 1.1.1.1
2018-03-30 21:30:06 +02:00
Frank Denis
ede564ccf7
Support multiple URLs for a given source
...
Fixes #265
2018-03-28 13:36:19 +02:00
Frank Denis
0983a86b40
Mention that log_files_max_backups = 0 means "keep all backups"
...
Fixes #268
2018-03-28 00:14:07 +02:00
David Runge
fa2c95084e
Adding DynamicUser to systemd service file, enhancing socket and service ( #261 )
...
* Adding nss-lookup.target to the socket Before and Wants directive. Adding current upstream wiki as documentation to service and socket file.
Adding DynamicUser=yes to the service file, alongside various hardening settings (Protect{ControlGroups,KernelModules}. Allowing the service to bind to ports below 1024 by setting CAP_NET_BIND_SERVICE. Adding {Cache,Logs,Runtime}Directory for dnscrypt-proxy. Removing (default) Type=simple. Adding a more default ExecStart location and usage of configuration.
* systemd/dnscrypt-proxy.socket: Adding back ipv6 functionality.
* systemd/dnscrypt-proxy.service: Updating Description to match project name.
Explicitely setting ProtectHome=yes. Adding information on the DynamicUser settings.
* systemd/dnscrypt-proxy.socket: Updating description to match project name.
* systemd/dnscrypt-proxy.service: Adding Requires= and Also= for dnscrypt-proxy.socket in favor of CAP_NET_BIND_SERVICE capabilities.
* dnscrypt-proxy/example-dnscrypt-proxy.toml: Clarifying how to set listen_addresses, when using systemd socket activation.
2018-03-26 20:48:22 +02:00
Frank Denis
0026a20e08
Mention that people in China may need to use Quad114
2018-03-22 07:44:06 +01:00
Frank Denis
2568ea0b0c
Revert "Switch to Quad114 as the default resolver"
...
This reverts commit 91f97833a3
.
The Internet has become a sad place.
People in China need to use resolvers in China.
People in the US would not trust resolvers in China.
People in the EU would not trust resolvers in the US.
Revert to Quad9 for now, and add some documentation about why
that might be changed (especially in China) later.
2018-03-22 02:43:03 +01:00
Frank Denis
91f97833a3
Switch to Quad114 as the default resolver
...
Quad9 current returns SERVFAIL for dnscrypt.info and there have
been reports of it not working as expected in some countries as well.
2018-03-21 08:30:36 +01:00
Frank Denis
fd51ff8fb6
Clarify
...
Fixes #221
2018-03-11 08:15:02 -07:00
Frank Denis
a6ce630897
log_files_max_backups
2018-03-02 10:49:21 +01:00
Frank Denis
38942f62b0
log file rotation example config
2018-03-02 10:38:31 +01:00
Frank Denis
82825f46e9
Typos
2018-02-26 19:38:02 +01:00
Frank Denis
2068975780
Clarify
2018-02-26 19:05:12 +01:00
Frank Denis
db0ed1b67f
Mention that urls are optional, but recommended
2018-02-24 19:35:37 +01:00
Frank Denis
8fc135ad79
...
2018-02-19 15:15:20 +01:00
Frank Denis
dfe68118c6
Don't suggest that URLs are optional in the example config file
...
This is confusing, and virtually everybody needs to specify
URLs no matter what.
Fixes #101
2018-02-07 10:48:41 +01:00
Frank Denis
d644cf0c41
Move servers down
2018-02-06 16:11:53 +01:00
Frank Denis
404c21816e
Use a more permanent URLm even if it's a redirect
2018-02-06 14:27:45 +01:00
Frank Denis
f6b6d70615
Add knobs to filter by protocol
2018-02-06 14:11:58 +01:00
Frank Denis
a43352e160
Make the load-balancing strategy configurable
2018-02-04 21:23:39 +01:00
Frank Denis
1e066e69b3
Import a cloaking example file
2018-02-04 01:57:18 +01:00
Frank Denis
033931a13a
Add a new powerful plugin: DNS cloaking
2018-02-04 01:43:37 +01:00
Frank Denis
e62dd27593
Use https for the remote source example
...
This can be changed back to http on platforms that don't have a clock
2018-02-03 22:01:09 +01:00
Frank Denis
93810e60d7
Set the default source refresh delay to 3 days
2018-02-03 18:55:46 +01:00
Frank Denis
dc070d56a4
Add nofilter to Google
2018-02-02 15:08:33 +01:00
Frank Denis
fe2bb3847b
Update Travis for the new example file names
2018-02-01 19:01:02 +01:00
Frank Denis
c2fb372112
Rename example files
2018-02-01 18:28:53 +01:00