Commit Graph

1339 Commits

Author SHA1 Message Date
Frank Denis 8a7569555c Don't warn if lbStrategy is empty 2018-02-05 01:53:23 +01:00
Frank Denis a43352e160 Make the load-balancing strategy configurable 2018-02-04 21:23:39 +01:00
Frank Denis 88434fc39f Prepare support for multiple load balancing strategies 2018-02-04 21:13:54 +01:00
Frank Denis f319088506 restrict. is too restrictive 2018-02-04 15:20:17 +01:00
Frank Denis 6f546b4c21 Use Cache-Control 2018-02-04 13:48:51 +01:00
Frank Denis ed60976dd2 Infer TTL from Date: and Expire: headers
Unfortunately, Google DNS sets Expire: to the same value as Date:

So we may want to use Cache-Control instead.
2018-02-04 13:35:40 +01:00
Frank Denis 458da8fa77 DoH: use 0 as a transaction ID
Reject short TCP queries early by the way
2018-02-04 12:57:54 +01:00
Frank Denis 2eed62f1e2 Add a setMaxTTL() function
Will be useful to interprete HTTP cache headers in DoH
2018-02-04 12:39:33 +01:00
Frank Denis a4b70fa56d Last released candidate, so people can test cloaking 2018-02-04 12:00:24 +01:00
Frank Denis 9d69811de9 Add limits to HTTP requests 2018-02-04 11:33:04 +01:00
Frank Denis 9ee7e522b1 Proper stamps length check 2018-02-04 11:04:29 +01:00
Frank Denis cfeb25a4c2 cloak: decrement TTL 2018-02-04 09:36:57 +01:00
Frank Denis d005a76dc4 Add some comments 2018-02-04 02:29:09 +01:00
Frank Denis 18167c0f47 If we already performed a resolution before, even partial, don't retry
(at least until the TTL expires)

So, if www.google.com is cloaked, and forcesafesearch returns a A
record but no AAAA, return the cloaked A record for A queries, but
don't return the actual AAAA record for AAAA queries: return a
synthetic empty response instead.
2018-02-04 02:22:38 +01:00
Frank Denis 5c18c51116 We need to manage the TTL properly, but in the meantime, reduce log verbosity 2018-02-04 02:12:45 +01:00
Frank Denis 1e066e69b3 Import a cloaking example file 2018-02-04 01:57:18 +01:00
Frank Denis 033931a13a Add a new powerful plugin: DNS cloaking 2018-02-04 01:43:37 +01:00
Frank Denis e62dd27593 Use https for the remote source example
This can be changed back to http on platforms that don't have a clock
2018-02-03 22:01:09 +01:00
Frank Denis 93810e60d7 Set the default source refresh delay to 3 days 2018-02-03 18:55:46 +01:00
Frank Denis 588d8dabde rc2 2018-02-03 12:53:43 +01:00
Frank Denis f513ab21fa Check if the config file exists from the current directory
Try the executable directory if it fails

Then, go to that config file directory no matter what

Fixes #80
2018-02-03 10:46:47 +01:00
Frank Denis 67b0d95ea1 Reduce log verbosity when ignore_system_dns = true
Fixes #81
2018-02-03 10:25:41 +01:00
Frank Denis dc070d56a4 Add nofilter to Google 2018-02-02 15:08:33 +01:00
Frank Denis c5283061cf Properly remove the default port 2018-02-02 15:07:12 +01:00
Frank Denis e4e351b854 Clear ServerName for -list-all
Suggested by @glitsj16, thanks!

Fixes #71
2018-02-02 14:51:14 +01:00
Frank Denis bf56644a49 Add a -list-all switch; add IPv6 & port number info to the JSON output 2018-02-01 21:48:46 +01:00
Frank Denis fe2bb3847b Update Travis for the new example file names 2018-02-01 19:01:02 +01:00
Frank Denis c2fb372112 Rename example files 2018-02-01 18:28:53 +01:00
Frank Denis 13952ffb1a Do not consider the absence a listening sockets an error
Because systemd.

Fixes #64
2018-02-01 16:59:48 +01:00
Frank Denis ac22f8a046 typo 2018-02-01 12:37:13 +01:00
Frank Denis 6efd904b9f 2.0.0 release candidate 2018-02-01 10:26:14 +01:00
Frank Denis db7ff80800 Nits 2018-02-01 10:25:16 +01:00
Frank Denis 107fc35d2a Support time access restrictions in substrings & glob patterns
Improve example
2018-02-01 09:47:37 +01:00
Frank Denis 1a34224c91 Rename time_ranges to schedules 2018-02-01 09:18:56 +01:00
Frank Denis cb0e2a1759 Indent sections in the example config file
It should make it more obvious that properties are tied to a section.

Fixes #62
2018-02-01 09:00:28 +01:00
Frank Denis 9b4eb54c0b Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Move the time check function down, make it more readable
  time-based access control: done, for prefixes & suffixes rules
2018-02-01 08:51:54 +01:00
Frank Denis b88cfa0716 Typo, and use single quotes everywhere
Fixes #61
2018-02-01 08:51:29 +01:00
Frank Denis aa34dae308 Move the time check function down, make it more readable 2018-02-01 01:05:23 +01:00
Frank Denis 61592776e2 time-based access control: done, for prefixes & suffixes rules 2018-02-01 01:00:48 +01:00
Frank Denis 41a73ccb03 Time access restrictions [WIP]
Because my daughter spends way too much time on Youtube
Because people have been asking OpenDNS to implement this for the past 10 years
Because existing tools suck
Because I want something flexible, where every rule can be assigned a schedule
2018-01-31 23:08:38 +01:00
Frank Denis ba2293149e phew 2018-01-31 22:49:40 +01:00
Frank Denis d575ec8beb bleh 2018-01-31 22:18:11 +01:00
Frank Denis fe8ff9dcbb Spaces 2018-01-31 20:07:52 +01:00
Frank Denis 7a8deebaf1 DoH: implement support for multiples cert hashes 2018-01-31 18:16:54 +01:00
Frank Denis 22e63774a1 Fix cert expiration warnings
Spotted by @CommanderRoot -- thanks!
2018-01-31 17:11:08 +01:00
Frank Denis e91ce9eb3d Nits 2018-01-31 15:08:58 +01:00
Frank Denis d7ec318945 Accept sources without an URL; use v2 format by default for remote sources 2018-01-31 14:24:21 +01:00
Frank Denis 2d291ecad6 Add some comments 2018-01-31 12:17:14 +01:00
Frank Denis 148d900a72 Legacy format: store server descriptions 2018-01-31 09:45:10 +01:00
Frank Denis f8a6e56026 -list -json now prints the list of available servers as JSON
Can be useful for GUIs, especially since this includes the description
2018-01-31 09:42:56 +01:00
Frank Denis d42ab83184 ServerConfig -> StaticConfig to match the config file 2018-01-31 08:43:49 +01:00
Frank Denis cdb8faba75 Nits 2018-01-31 08:40:20 +01:00
Frank Denis f6571af24f Nits 2018-01-31 08:38:22 +01:00
Frank Denis 5e8925523f Split ConfigLoad a bit more 2018-01-31 08:32:44 +01:00
Frank Denis 16fc6b74e9 Split ConfigLoad() 2018-01-31 08:27:59 +01:00
Frank Denis bbfcb0c5bd nits 2018-01-31 00:37:56 +01:00
Frank Denis c3414329b3 Warn about certificates that are about to expire 2018-01-31 00:33:00 +01:00
Frank Denis 86adb438e0 Set cert refresh delay default to 240 (4h) 2018-01-31 00:21:25 +01:00
Frank Denis 0cc76b8a77 Lower the log level for already registered servers 2018-01-31 00:19:53 +01:00
Frank Denis a364e51d9e Increase the cert refresh delay; make D1n0Bot happy
Decrease this for more reliability.
2018-01-30 23:53:33 +01:00
Frank Denis 76e5a99a5c Move "refreshing certificates" to debug, display RTT even for 1 server 2018-01-30 23:50:42 +01:00
Frank Denis 8f72a82b13 Don't forget to prepend prefixes to names in v2 lists 2018-01-30 19:47:29 +01:00
Frank Denis 788e97cf86 Clarify 2018-01-30 19:47:26 +01:00
Frank Denis a7d75c7923 Implement the nofilter filter 2018-01-30 19:16:38 +01:00
Frank Denis 3448b5b170 Add a -list option to display the list of available resolvers 2018-01-30 17:51:47 +01:00
Frank Denis 330d265dc2 CRLF 2018-01-30 17:43:15 +01:00
Frank Denis e9b3a0e0b0 Space 2018-01-30 17:40:38 +01:00
Frank Denis 1d35e249c9 Add an option to always ignore the system resolver
This makes startup faster when DoH resolvers without a static IP
are used (Google).
2018-01-30 17:37:35 +01:00
Frank Denis 931916097e Remove daemonize, at least from the configuration file example
daemonize only works on Linux so far, and it might not be secure not reliable
2018-01-30 16:12:36 +01:00
Frank Denis ce2a730ab7 Remove unneeded port numbers 2018-01-30 16:10:46 +01:00
Frank Denis c39197f7b2 Prepare for beta12 2018-01-30 15:58:13 +01:00
Frank Denis 61bad01726 Import xtransport 2018-01-30 15:51:07 +01:00
Frank Denis ecaf18f614 Use a fallback resolver if the local DNS configuration doesn't work
This should fix all chicken-and-egg issues
2018-01-30 15:47:39 +01:00
Frank Denis 24c21d5eb2 Start moving things to a custom transport 2018-01-30 13:29:47 +01:00
Frank Denis c2494cfc40 Make file paths relative to the path of the configuration file 2018-01-29 23:57:20 +01:00
Frank Denis b6e5f55870 Move the proxy struct to its own file 2018-01-29 23:47:04 +01:00
Frank Denis 479d9d14fd Reduce verbosity 2018-01-29 04:03:59 +01:00
Frank Denis cf12fb170a Use a custom transport and a host->ip cache
maybe
Fixes #45
2018-01-29 03:58:39 +01:00
Frank Denis 7acc38663b Add Yandex to show that explicit server_names override require_* 2018-01-27 19:46:50 +01:00
Frank Denis 7a5484d983 Include Google cert hash 2018-01-27 19:14:08 +01:00
Frank Denis 9eeb68f3a1 beta11 2018-01-27 18:18:28 +01:00
Frank Denis a7fe2aacb8 Show how to use two servers 2018-01-27 18:16:55 +01:00
Frank Denis 3c2cf2a1dc Validate DoH certificate hashes 2018-01-27 17:48:53 +01:00
Frank Denis 5e3e66ac71 Of course Google DNS supports DNSSEC 2018-01-27 17:05:39 +01:00
Frank Denis d2f6c69a2c More checks on the response 2018-01-27 16:59:45 +01:00
Frank Denis 7dde2f4a37 Request DNSSEC signature in the DoH probe 2018-01-27 16:53:57 +01:00
Frank Denis be1e99ea32 DoH: send a dummy query before measuring the RTT to ignore the handshake 2018-01-27 16:48:22 +01:00
Frank Denis 50d0c0449f Initial support for DNS-over-HTTP2 -- Yes, it works with Google. 2018-01-27 15:26:08 +01:00
Frank Denis 85f8aa1000 Fix stamp proto initialization 2018-01-26 22:59:16 +01:00
Frank Denis e16155e22a DoHstamps 2018-01-26 20:38:31 +01:00
Frank Denis 3bbecdcde7 up 2018-01-26 20:16:45 +01:00
Frank Denis 29f1b083a0 Rename a few things to prepare for DoH support 2018-01-26 02:25:38 +01:00
Frank Denis 375378c15b Rename "servers" to "static" for clarity 2018-01-25 17:41:36 +01:00
Frank Denis 1164dd4d4d Comment the additional list of servers in the example 2018-01-25 15:59:22 +01:00
Frank Denis ff5bba1ba4 up 2018-01-25 15:55:27 +01:00
Frank Denis 803bc18027 Use a v2 list 2018-01-25 15:17:46 +01:00
Frank Denis 79193e6ee3 Add support for V2 source format -- Goodbye, CSV. 2018-01-25 15:02:18 +01:00
Frank Denis 78e8abeebc Use http:// 2018-01-25 14:34:55 +01:00
Frank Denis 054461e240 Reserve identifiers for traditional nonencrypted DNS and for DoH 2018-01-25 14:31:18 +01:00
Adrián Laviós Gomis 023c3e78ee Fix systemd socket support 2018-01-25 10:24:28 +01:00
Frank Denis 996d9be4e3 Improve message if /proc/self/exe doesn't exist (?)
Fixes #26
2018-01-24 16:55:28 +01:00
Frank Denis 732c451dd4 Add max_clients to cap the maximum number of client queries 2018-01-24 16:51:26 +01:00
Frank Denis 1dbc765fd7 crlf 2018-01-24 15:23:03 +01:00
Frank Denis 94f9c14ad7 Only attempt to use systemd on linux
Remove plan9 builds
2018-01-24 15:14:48 +01:00
Frank Denis 0b52211fa3 Update dnsc:// leftovers 2018-01-24 14:48:48 +01:00
Frank Denis c184ce1a03 systemd support
How does it work? I don't know. Does it work? I don't know.
Would I encourage its use? No.
2018-01-24 14:44:32 +01:00
Frank Denis 0ce20518db Make the UDP and TCP listeners more generic 2018-01-24 14:22:56 +01:00
Frank Denis 1bcb791270 up 2018-01-24 14:13:29 +01:00
Frank Denis abb659eed2 Nits 2018-01-23 15:51:57 +01:00
Frank Denis 3a3535dcbc Still tolerate hex-encoded pks, but emit a warning 2018-01-23 15:42:22 +01:00
Frank Denis ccbdd41f5d Add support for shorter stamps with binary public keys 2018-01-23 15:23:11 +01:00
Frank Denis 2d7920af22 Prefer sdns:// which is less application-tainted 2018-01-22 12:00:42 +01:00
Frank Denis d7b8217018 Only cache specific Rcodes 2018-01-22 11:19:57 +01:00
Frank Denis 973b53afdc Simplify 2018-01-22 10:02:06 +01:00
Frank Denis 8324b29b42 Require stamps in static server definitions
Provider names, etc. are not future-proof. In particular, they are
incompatible with other protocols such as DoH.
2018-01-22 09:59:32 +01:00
Frank Denis 1d18a230c0 Consistent casing 2018-01-21 22:18:20 +01:00
Frank Denis 3dcedac390 beta8 2018-01-21 19:52:51 +01:00
Frank Denis 29fee1585f abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist
With the following ruleset:

ex.com
bc.ex.com

"abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's
not at a label boundary, it is not rejected.

However, there is a more general rule that should be considered, ex.com.

So we need to perform at least two lookups in that case.
2018-01-21 19:47:19 +01:00
Frank Denis 6ca2697128 Clear certIgnoreTimestamp if we found at live 1 live server 2018-01-21 18:14:37 +01:00
Frank Denis 8bcba92f97 Add an undocumented option to ignore cert timestamps 2018-01-21 18:10:38 +01:00
Frank Denis 05e07e8b69 Add a simple built-in DNS client for testing 2018-01-21 18:02:32 +01:00
Frank Denis d9b5625226 IP blocking 2018-01-21 16:07:44 +01:00
Frank Denis 1c80e80a0d Do not recommend block_ipv6 2018-01-21 00:54:20 +01:00
Frank Denis f80c16ed2a Slightly change the way we block ipv6 2018-01-20 22:30:36 +01:00
Frank Denis f7b8b70322 Revert "AAAA filter: Reject instead of sending an empty response"
This reverts commit aceb8b30f7.
2018-01-20 22:06:40 +01:00
Frank Denis aceb8b30f7 AAAA filter: Reject instead of sending an empty response
Empty responses can cause issues with CNAME records
2018-01-20 20:37:02 +01:00
Frank Denis 4f0c36ac27 Don't log blocked suffixes in reverse 2018-01-20 17:25:16 +01:00
Frank Denis a1461f3452 Remove unused variable 2018-01-20 17:14:21 +01:00
Frank Denis 5dd08fe56b Fix swapped out arguments in substring check
*example.com* was matching ample.com, not xxxexample.comxxx

Fixes #14
2018-01-20 17:11:46 +01:00
Frank Denis 4f42dd01a4 nxlog 2018-01-20 17:03:48 +01:00
Frank Denis 1e0e01e8e1 NXLOG: a new output plugin to log suspicious queries 2018-01-20 16:59:40 +01:00
Frank Denis 47fdc45b2d beta5 2018-01-20 14:15:20 +01:00
Frank Denis ed50798049 Preliminary implementation of stamps 2018-01-20 14:13:11 +01:00
Frank Denis 88414e1448 Print stamps; require an env variable for debug level 2018-01-20 13:56:26 +01:00
Frank Denis 0fe21b2d57 Shortcut filters for the root zone 2018-01-20 13:30:19 +01:00
Frank Denis 066db6a080 Replace logged_qtypes with ignored_qtypes 2018-01-20 13:27:37 +01:00
Frank Denis 5080502381 " -> ' \because\people\still\use\backslahes\to\separate\path\components 2018-01-20 13:20:30 +01:00
Frank Denis 475d7edb2a Fix suffix matching so that www.example is rejected if example is filtered 2018-01-20 13:18:54 +01:00
Frank Denis b9e89d2278 megacheck 2018-01-20 01:00:19 +01:00
Frank Denis 187de17396 Don't prefetch more frequently than 1/min 2018-01-20 00:31:54 +01:00
Frank Denis 1c27d6c230 Improved error handling 2018-01-20 00:30:33 +01:00
Frank Denis 7fbb4c5428 Improve the prefetcher; run a dedicated goroutine 2018-01-19 23:43:45 +01:00
Frank Denis 2ab29a43d6 Reduce the noise 2018-01-19 22:37:05 +01:00
Frank Denis 6e1eaf7b90 More flexible logging; add support for the Windows event log 2018-01-19 20:06:04 +01:00
Frank Denis 4b4bf36633 Unreachable -> Timeout 2018-01-19 16:40:35 +01:00
Frank Denis aac0078991 Choose if we want to use IPv6 and/or IPv4 servers 2018-01-19 16:38:43 +01:00
Frank Denis 3006a6f2b4 Print server names instead of provider names 2018-01-19 15:50:44 +01:00
Frank Denis 7103229609 Add a logged_qtypes feature to log only some query types 2018-01-19 12:57:47 +01:00
Frank Denis 414d366cb2 Print the root zone as a dot rather than an empty string
Fixes #7
2018-01-19 12:33:27 +01:00
Frank Denis 41d5de6e8d Scheduling 2018-01-19 00:06:18 +01:00
Frank Denis 43e5689387 Schedule a prefetch if we got a set or its signature from a backup cache
This is not pretty, and has to be rewritten for the next beta
2018-01-18 23:54:53 +01:00
Frank Denis 008d2d9093 Increase refresh delay for server sets 2018-01-18 23:54:37 +01:00
Frank Denis 1b5e36432e Remove cache files if we stored corrupted data 2018-01-18 23:33:30 +01:00
Frank Denis f745eb578a Check HTTP error codes 2018-01-18 23:31:14 +01:00
Frank Denis a85d012a2b Prefetch previously unreachable sources URLs after a server is reachable
Partial fix for #4

Pave the way for regular, background updates as well
2018-01-18 23:19:14 +01:00
Frank Denis c4bd6eb9f0 Make the distinction between a usable cache and a hot cache
A hot cache is still fresh. A usable cache exists, and can act as a
backup solution is we can't fetch a list from a remote server.
2018-01-18 22:23:40 +01:00
Frank Denis 6c67739b56 bump 2018-01-18 22:23:37 +01:00
Frank Denis 35a65bc2fd Use single quotes in the TOML file, mention that paths are relative
Fixes #5
2018-01-18 20:41:33 +01:00
Frank Denis 0fcbbfda1f Add systemd readiness notification 2018-01-18 15:31:08 +01:00
Frank Denis 941a7b6f4f Bring FS info level down to INFO, but store this information with the cert 2018-01-18 14:58:57 +01:00
Frank Denis 25664b9a99 Be more tolerant 2018-01-18 14:49:51 +01:00
Frank Denis ed352cc28c Reduce verbosity 2018-01-18 14:46:19 +01:00
Frank Denis 7e86477a7d Make megacheck happier 2018-01-18 14:28:05 +01:00
Frank Denis 0a63975d48 Logs can now be sent to files or syslog in addition to stderr 2018-01-18 14:25:45 +01:00
Frank Denis b0f6a04dc4 Reserve require_nofilter 2018-01-18 13:04:50 +01:00
Frank Denis 41a9bf5bf3 Add require_nolog and require_dnssec filters 2018-01-18 13:01:16 +01:00
Frank Denis fd7838ee58 Add a -version command-line switch to print the version
Fixes #2
2018-01-18 12:22:25 +01:00
Frank Denis 0e03f684b2 Hotfix for OpenBSD and other OS whose init system is not supported yet 2018-01-18 02:08:08 +01:00
Frank Denis 8429df82fd Perform an initial benchmark to use servers with the lowest latency
(initially according to the certificate rtt)
2018-01-17 22:12:34 +01:00
Frank Denis 9dcd37093d Use all resolvers simultaneously, even the ones from remote sources.
Fireworks!
2018-01-17 21:41:36 +01:00
Frank Denis df3a5f608d Improve management of multiple servers, and unreachable-at-boot servers 2018-01-17 21:23:01 +01:00
Frank Denis c46498c1d3 Nits 2018-01-17 17:25:43 +01:00
Frank Denis 1140e067ad Retry more frequently if we don't have any useable certificates
This will ahve to be done at startup time as well.
2018-01-17 17:22:29 +01:00
Frank Denis b9c43c8ef3 Add the ability to log blocked queries 2018-01-17 17:03:42 +01:00
Frank Denis 9f8bce28a4 Fix forwarding of subdomains 2018-01-17 16:16:22 +01:00
Frank Denis f35357ef88 Simplify the forwarding syntax 2018-01-17 16:06:30 +01:00
Frank Denis 203cfafe35 Add a forwarding rules example 2018-01-17 12:34:05 +01:00
Frank Denis adcdb94d99 Allow comments in the fowarding rules 2018-01-17 12:27:29 +01:00
Frank Denis 3fffbaa2a2 Support installation as a service 2018-01-17 11:28:43 +01:00
Frank Denis 3fe6dbd740 Preliminary support for running as a Windows service 2018-01-17 10:58:19 +01:00
Frank Denis 6ba5749c91 Freformat 2018-01-17 09:50:21 +01:00
Frank Denis 96dadc7aca Forwarding plugin 2018-01-17 09:44:03 +01:00
Frank Denis 1b38364e48 Another example 2018-01-17 08:47:47 +01:00
Frank Denis 404fcea50b Pattern matching in blacklists: done 2018-01-17 08:46:42 +01:00
Frank Denis 548d97989b Comment 2018-01-17 02:42:01 +01:00
Frank Denis 170e2e816e Implement blocking, fully compatible with rules from version 1 2018-01-17 02:40:47 +01:00
Frank Denis 0dcf2c9e06 Split plugins into individual files 2018-01-16 18:21:17 +01:00
Frank Denis 796186a078 Add support for LTSV query logging 2018-01-16 18:10:04 +01:00
Frank Denis 004fbef395 Fix source cache 2018-01-16 00:37:04 +01:00
Frank Denis 5685844f43 Implement query logging 2018-01-16 00:23:16 +01:00
Frank Denis 3ffad7be44 Add Init/Drop/Update methods to plugins
Eventually, we may want to provide a specific structure for plugin
initialization. Sending the whole Proxy structure doesn't scale well.
2018-01-15 23:07:41 +01:00
Frank Denis b945e23101 Use time.Since() 2018-01-14 23:53:17 +01:00
Frank Denis fee0a42dec Plugins can now access the client IP. Useful for logging and ACLs. 2018-01-14 23:47:49 +01:00
Frank Denis 5e252372d5 Pass the client protocol around, don't infer it from clientAddr 2018-01-14 23:39:55 +01:00
Frank Denis b2d297fb17 cd to the path of the executable file 2018-01-14 00:56:46 +01:00
Frank Denis 9640a38ff8 More explicit example name 2018-01-14 00:47:22 +01:00
Frank Denis c3edfb0637 Don't print server public keys 2018-01-14 00:43:57 +01:00
Frank Denis 32b72f3eb3 up 2018-01-14 00:36:46 +01:00
Frank Denis c90befd5a8 Fix getOne() 2018-01-14 00:34:28 +01:00
Frank Denis 9b6d527045 Better explain what cache_file should be set to 2018-01-14 00:24:05 +01:00
Frank Denis 4fef1a705c Fix source cache 2018-01-14 00:20:22 +01:00
Frank Denis 5a65a3a084 Correct format 2018-01-14 00:17:46 +01:00
Frank Denis 01d424a942 Use net.ParseIP() to add missing port numbers 2018-01-14 00:15:01 +01:00
Frank Denis 1b7b6418f1 Restrict the set of resolvers used from a remote source 2018-01-14 00:10:20 +01:00
Frank Denis 13e30ade2b Skip empty lines in the CSV file 2018-01-13 23:53:33 +01:00
Frank Denis a361aa52f3 Preliminary support for remote sources 2018-01-13 23:52:44 +01:00
Frank Denis e9faf4368c Load the toml file from the current directory by default 2018-01-13 00:14:12 +01:00
Frank Denis 9a3cd91cd7 Use dlog for everything 2018-01-11 11:50:54 +01:00
Frank Denis 735213f45a Use glog 2018-01-11 02:11:54 +01:00
Frank Denis 822ae27a46 Always use negative caching except on srvfail (and obviously on success) 2018-01-10 23:26:03 +01:00
Frank Denis 1527d6ed5e Improve caching 2018-01-10 22:47:29 +01:00
Frank Denis 3dd473910b Doc 2018-01-10 19:49:39 +01:00
Frank Denis 3fe60f64c4 So, daemonization only works on linux :/ 2018-01-10 19:49:02 +01:00
Frank Denis 99c5273e3a Add configuration cache size and other parameters 2018-01-10 19:32:56 +01:00
Frank Denis b60c728067 If computeCacheKey ever returns an error, bubble it up 2018-01-10 19:23:24 +01:00
Frank Denis 132add7955 Use a LRU for the cache 2018-01-10 19:02:43 +01:00
Frank Denis 8e73bb4a2c Working DNS cache 2018-01-10 18:53:09 +01:00
Frank Denis 77cdc1db78 Start implementing a basic cache 2018-01-10 18:32:05 +01:00
Frank Denis f283105866 Implement the IPv6 block plugin 2018-01-10 17:23:20 +01:00
Frank Denis fb16eadb24 Single entry for now 2018-01-10 16:43:11 +01:00
Frank Denis fa22cc32d7 Basic load balancing/failover
Try to send queries to one of the two fastest servers
2018-01-10 16:42:14 +01:00
Frank Denis 9eeb799d6e Many improvements 2018-01-10 16:01:29 +01:00
Frank Denis 32a8a3d3e2 Get the path to the config file from the command line 2018-01-10 13:40:50 +01:00
Frank Denis 6dfcb659d4 Handle daemonization 2018-01-10 13:33:06 +01:00
Frank Denis b86e7f268e Use more things from the config file 2018-01-10 12:09:59 +01:00
Frank Denis 2822a9781b Add a config file 2018-01-10 12:02:09 +01:00
Frank Denis 20e3182692 Improve the plugins interface 2018-01-10 10:11:59 +01:00
Frank Denis efd0477c2b Implement an actual estimator for the response size
Scale back the minimum question size when relevant.

Did I mention that this is yet another thing that was never properly
implemented in dnscrypt-proxy 1.x?
2018-01-10 09:46:27 +01:00
Frank Denis f4346691bc Transform queries via an initial edns mangling plugin
Yet another thing that was utterly broken in dnscrypt-proxy v1.x
2018-01-10 09:04:03 +01:00
Frank Denis 705cf440b1 Skip queries without a question 2018-01-10 03:04:13 +01:00
Frank Denis d8f8d561c8 Synthesize a truncated response if the response wouldn't fit the local MSS 2018-01-10 02:52:09 +01:00
Frank Denis ab9006e74c Be more tolerant with invalid/unsupported certificates 2018-01-10 00:38:37 +01:00
Frank Denis 3049f43bc7 Nits 2018-01-10 00:32:16 +01:00
Frank Denis 72a6963f2e Cleanups 2018-01-10 00:31:12 +01:00
Frank Denis 35ec5bd044 We can now receive queries on UDP and forward them on TCP
Something that had never been possible with the old implementation
2018-01-09 20:10:06 +01:00
Frank Denis 1a59d93192 Support TCP connection to the backend 2018-01-09 19:47:24 +01:00
Frank Denis 888db6a8fb The preferred protocol will be a global (for Tor users) 2018-01-09 18:42:24 +01:00
Frank Denis ce5e0c8031 Try to retrieve the certificates using UDP before TCP 2018-01-09 18:37:37 +01:00
Frank Denis 841bf65d61 Reorganize 2018-01-09 18:32:14 +01:00