miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,117 Commits 7 Branches 89 Tags 58 MiB
Commit Graph

226 Commits

Author SHA1 Message Date
Frank Denis 5dc66adaa9 Move disabled_server_names down 2019-02-23 14:55:23 +01:00
Frank Denis c10fbb2aa7 + disabled_server_names 
Fixes #735
 2019-02-23 14:54:22 +01:00
Frank Denis 2aa0b7d6a7 Add `refused_code_in_responses` to the example. 
Fixes #738
 2019-02-23 12:34:59 +01:00
Frank Denis c52b3ef124 Bump the netprobe timeout up to 60 seconds 2018-11-22 17:24:41 +01:00
Frank Denis 2e147364e9 Add support for HTTP/HTTPS proxies 
Fixes #638
 2018-11-15 18:47:33 +01:00
iiic 4fe62bc7cc @typo in example-dnscrypt-proxy.toml (#628) 
This can be can be useful… -> This can be useful…
 2018-10-29 14:16:02 +01:00
Frank Denis dda3ca1ea3 Add dash 2018-10-10 19:38:24 +02:00
Frank Denis 4e9397d83e Revert "Remove Quad9 example until they remove prefixes" 
This reverts commit 5cb7d8df35.
 2018-10-10 16:32:39 +02:00
Frank Denis bfca70000e A note about pidfile 2018-10-03 18:17:39 +02:00
Frank Denis 5cb7d8df35 Remove Quad9 example until they remove prefixes 2018-10-03 16:36:23 +02:00
Frank Denis 9f1be6e079 killChild() is not needed any more; update config example by the way 2018-10-03 16:35:59 +02:00
Frank Denis 1019428ca0 username -> user_name 
in case we want to add user_group and whatnot.

Remove the command-line option as it hides the caveats documented
in the configuration file.

Remove TODO. TODO statements always remain in that state forever.
 2018-07-07 17:39:33 +02:00
Frank Denis 6cb43f8e4d Of course, dropping privileges breaks with systemd sockets 2018-07-07 15:21:21 +00:00
Frank Denis 9345958d16 Better description of what username does 2018-07-05 18:12:46 +02:00
Frank Denis c73e95256d Implement an offline mode 
Fixes #528
 2018-07-05 18:05:24 +02:00
John Spurlock 74093a65a2 Quick typo fix in example config. (#511) 2018-06-20 00:55:28 +02:00
Sebastian Schmidt 8f2972845d Note that Windows doesn't support username option (#494) 2018-06-14 09:35:13 +02:00
Frank Denis fe0aa52fba Make description more accessible in the example configuration file 
Also don't enable this by default, as "nobody" may not exist everywhere
 2018-06-13 16:54:57 +02:00
Sebastian Schmidt aab7e6380f Drop privileges with exec (#467) 
* Drop privileges with exec and SysProcAttr

* Fix windows build

* Fix passing logfile fd
 2018-06-13 16:52:41 +02:00
Frank Denis ae54a7aafc Revert "Do not mention systemd activation until #480 is solved" 
This reverts commit 066345123b.
 2018-06-13 16:49:57 +02:00
Frank Denis 066345123b Do not mention systemd activation until #480 is solved 2018-06-08 06:35:47 +02:00
Frank Denis 0166f21b27 Add built-in support for Tor 2018-06-06 15:54:51 +02:00
Frank Denis 7774d9cf05 Avoid long lines 2018-05-10 22:19:04 +02:00
Frank Denis 6f047e07b8 Bump 2018-05-10 22:17:57 +02:00
Frank Denis ce62981c44 Wait for network connectivity before starting the proxy 2018-05-10 21:59:25 +02:00
Frank Denis cdf5b9ce6b IPv6 issues on macOS should be gone 2018-05-10 10:46:11 +02:00
Frank Denis 7f999f59e1 Recommend against disable_ipv6 when using chained caches 
Fixes #398
 2018-04-27 16:20:24 +02:00
Frank Denis dd878d4c60 Clarify that UDP is no less secure than TCP 2018-04-20 23:17:48 +02:00
Frank Denis b1447160a0 Add cache_neg_min_ttl and cache_neg_max_ttl 2018-04-17 00:24:49 +02:00
Frank Denis 0f349c793e Clarify 
Fixes #356
 2018-04-16 22:24:45 +02:00
Frank Denis ace955fd9f More accurate description 2018-04-16 02:25:59 +02:00
Frank Denis c33ebd229b Avoid empty examples files 
Fixes #348

Keep the ciphers list commented out by default to be safe
 2018-04-11 14:03:25 +02:00
Frank Denis 6b3212d3d7 Note that the cipher suite also affects source retrieval 2018-04-11 11:42:10 +02:00
Frank Denis 3d34027aeb Double the example cache size 2018-04-10 13:23:51 +02:00
Frank Denis 40d492f93a Go has only X25519 optimized for x86_64 2018-04-10 11:28:59 +02:00
Zhuoyun Wei 6d2330eaf0 Minor typo fixes in config files (#338) 2018-04-10 09:06:19 +02:00
Frank Denis 8bebb50d49 Nits 2018-04-09 23:58:36 +02:00
Frank Denis 7d10628a5f New syntax for blocking/whitelisting rules: exact matching 
Example: =example.com

Matches `example.com` but not `api.example.com`
 2018-04-09 13:02:42 +02:00
Frank Denis de6a8d230e Use PolyChaCha, but more importantly, RSA by default 
Even on non-ARM systems, this makes a difference in CPU usage/latency
 2018-04-09 12:45:42 +02:00
Frank Denis ca80b69b3a Re-implement ephemeral keys for DNSCrypt 2018-04-09 03:12:34 +02:00
Frank Denis 70dca19326 Clarify 2018-04-09 02:57:30 +02:00
Frank Denis 10baa245b2 Clarify 2018-04-07 23:27:57 +02:00
Frank Denis 517538bdb2 Less ### 2018-04-07 23:05:29 +02:00
Frank Denis 65e6b8569e Implement whitelists 
Fixes #293
 2018-04-07 23:02:40 +02:00
Frank Denis dee7960be6 Bump keepalive up 2018-04-07 22:26:46 +02:00
Frank Denis 1fa3e5d7f3 Add options to set the cipher suite as well as disable session tickets 2018-04-07 22:23:29 +02:00
Frank Denis d4367393c4 Add some links 2018-04-02 01:55:22 +02:00
Frank Denis 308ffff739 Make the keepalive configurable 
Fixes #300
 2018-04-02 01:49:09 +02:00
Frank Denis 2dcf5fe01a Skip the signature in the example Google stamp 
Example configuration files are updated less often than sources
 2018-04-01 03:50:10 +02:00
Frank Denis d812a9bdc3 Revert to 9.9.9.9 as the example fallback resolver 
Just in case some networks do stupid things with 1.1.1.1 already.
 2018-03-30 22:24:19 +02:00
Frank Denis a2160189af Welcome to 1.1.1.1 2018-03-30 21:30:06 +02:00
Frank Denis ede564ccf7 Support multiple URLs for a given source 
Fixes #265
 2018-03-28 13:36:19 +02:00
Frank Denis 0983a86b40 Mention that log_files_max_backups = 0 means "keep all backups" 
Fixes #268
 2018-03-28 00:14:07 +02:00
David Runge fa2c95084e Adding DynamicUser to systemd service file, enhancing socket and service (#261) 
* Adding nss-lookup.target to the socket Before and Wants directive. Adding current upstream wiki as documentation to service and socket file.
Adding DynamicUser=yes to the service file, alongside various hardening settings (Protect{ControlGroups,KernelModules}. Allowing the service to bind to ports below 1024 by setting CAP_NET_BIND_SERVICE. Adding {Cache,Logs,Runtime}Directory for dnscrypt-proxy. Removing (default) Type=simple. Adding a more default ExecStart location and usage of configuration.

* systemd/dnscrypt-proxy.socket: Adding back ipv6 functionality.

* systemd/dnscrypt-proxy.service: Updating Description to match project name.
Explicitely setting ProtectHome=yes. Adding information on the DynamicUser settings.

* systemd/dnscrypt-proxy.socket: Updating description to match project name.

* systemd/dnscrypt-proxy.service: Adding Requires= and Also= for dnscrypt-proxy.socket in favor of CAP_NET_BIND_SERVICE capabilities.

* dnscrypt-proxy/example-dnscrypt-proxy.toml: Clarifying how to set listen_addresses, when using systemd socket activation.
 2018-03-26 20:48:22 +02:00
Frank Denis 0026a20e08 Mention that people in China may need to use Quad114 2018-03-22 07:44:06 +01:00
Frank Denis 2568ea0b0c Revert "Switch to Quad114 as the default resolver" 
This reverts commit 91f97833a3.

The Internet has become a sad place.

People in China need to use resolvers in China.
People in the US would not trust resolvers in China.
People in the EU would not trust resolvers in the US.

Revert to Quad9 for now, and add some documentation about why
that might be changed (especially in China) later.
 2018-03-22 02:43:03 +01:00
Frank Denis 91f97833a3 Switch to Quad114 as the default resolver 
Quad9 current returns SERVFAIL for dnscrypt.info and there have
been reports of it not working as expected in some countries as well.
 2018-03-21 08:30:36 +01:00
Frank Denis fd51ff8fb6 Clarify 
Fixes #221
 2018-03-11 08:15:02 -07:00
Frank Denis a6ce630897 log_files_max_backups 2018-03-02 10:49:21 +01:00
Frank Denis 38942f62b0 log file rotation example config 2018-03-02 10:38:31 +01:00
Frank Denis 82825f46e9 Typos 2018-02-26 19:38:02 +01:00
Frank Denis 2068975780 Clarify 2018-02-26 19:05:12 +01:00
Frank Denis db0ed1b67f Mention that urls are optional, but recommended 2018-02-24 19:35:37 +01:00
Frank Denis 8fc135ad79 ... 2018-02-19 15:15:20 +01:00
Frank Denis dfe68118c6 Don't suggest that URLs are optional in the example config file 
This is confusing, and virtually everybody needs to specify
URLs no matter what.

Fixes #101
 2018-02-07 10:48:41 +01:00
Frank Denis d644cf0c41 Move servers down 2018-02-06 16:11:53 +01:00
Frank Denis 404c21816e Use a more permanent URLm even if it's a redirect 2018-02-06 14:27:45 +01:00
Frank Denis f6b6d70615 Add knobs to filter by protocol 2018-02-06 14:11:58 +01:00
Frank Denis a43352e160 Make the load-balancing strategy configurable 2018-02-04 21:23:39 +01:00
Frank Denis 1e066e69b3 Import a cloaking example file 2018-02-04 01:57:18 +01:00
Frank Denis 033931a13a Add a new powerful plugin: DNS cloaking 2018-02-04 01:43:37 +01:00
Frank Denis e62dd27593 Use https for the remote source example 
This can be changed back to http on platforms that don't have a clock
 2018-02-03 22:01:09 +01:00
Frank Denis 93810e60d7 Set the default source refresh delay to 3 days 2018-02-03 18:55:46 +01:00
Frank Denis dc070d56a4 Add nofilter to Google 2018-02-02 15:08:33 +01:00
Frank Denis fe2bb3847b Update Travis for the new example file names 2018-02-01 19:01:02 +01:00
Frank Denis c2fb372112 Rename example files 2018-02-01 18:28:53 +01:00