d42ab83184
ServerConfig -> StaticConfig to match the config file
2018-01-31 08:43:49 +01:00
cdb8faba75
Nits
2018-01-31 08:40:20 +01:00
f6571af24f
Nits
2018-01-31 08:38:22 +01:00
5e8925523f
Split ConfigLoad a bit more
2018-01-31 08:32:44 +01:00
16fc6b74e9
Split ConfigLoad()
2018-01-31 08:27:59 +01:00
bbfcb0c5bd
nits
2018-01-31 00:37:56 +01:00
c3414329b3
Warn about certificates that are about to expire
2018-01-31 00:33:00 +01:00
86adb438e0
Set cert refresh delay default to 240 (4h)
2018-01-31 00:21:25 +01:00
0cc76b8a77
Lower the log level for already registered servers
2018-01-31 00:19:53 +01:00
a364e51d9e
Increase the cert refresh delay; make D1n0Bot happy
...
Decrease this for more reliability.
2018-01-30 23:53:33 +01:00
76e5a99a5c
Move "refreshing certificates" to debug, display RTT even for 1 server
2018-01-30 23:50:42 +01:00
8f72a82b13
Don't forget to prepend prefixes to names in v2 lists
2018-01-30 19:47:29 +01:00
788e97cf86
Clarify
2018-01-30 19:47:26 +01:00
a7d75c7923
Implement the nofilter filter
2018-01-30 19:16:38 +01:00
3448b5b170
Add a -list option to display the list of available resolvers
2018-01-30 17:51:47 +01:00
330d265dc2
CRLF
2018-01-30 17:43:15 +01:00
e9b3a0e0b0
Space
2018-01-30 17:40:38 +01:00
1d35e249c9
Add an option to always ignore the system resolver
...
This makes startup faster when DoH resolvers without a static IP
are used (Google).
2018-01-30 17:37:35 +01:00
931916097e
Remove daemonize, at least from the configuration file example
...
daemonize only works on Linux so far, and it might not be secure not reliable
2018-01-30 16:12:36 +01:00
ce2a730ab7
Remove unneeded port numbers
2018-01-30 16:10:46 +01:00
c39197f7b2
Prepare for beta12
2018-01-30 15:58:13 +01:00
61bad01726
Import xtransport
2018-01-30 15:51:07 +01:00
ecaf18f614
Use a fallback resolver if the local DNS configuration doesn't work
...
This should fix all chicken-and-egg issues
2018-01-30 15:47:39 +01:00
24c21d5eb2
Start moving things to a custom transport
2018-01-30 13:29:47 +01:00
c2494cfc40
Make file paths relative to the path of the configuration file
2018-01-29 23:57:20 +01:00
b6e5f55870
Move the proxy struct to its own file
2018-01-29 23:47:04 +01:00
479d9d14fd
Reduce verbosity
2018-01-29 04:03:59 +01:00
cf12fb170a
Use a custom transport and a host->ip cache
...
maybe
Fixes #45
2018-01-29 03:58:39 +01:00
7acc38663b
Add Yandex to show that explicit server_names override require_*
2018-01-27 19:46:50 +01:00
7a5484d983
Include Google cert hash
2018-01-27 19:14:08 +01:00
9eeb68f3a1
beta11
2018-01-27 18:18:28 +01:00
a7fe2aacb8
Show how to use two servers
2018-01-27 18:16:55 +01:00
3c2cf2a1dc
Validate DoH certificate hashes
2018-01-27 17:48:53 +01:00
5e3e66ac71
Of course Google DNS supports DNSSEC
2018-01-27 17:05:39 +01:00
d2f6c69a2c
More checks on the response
2018-01-27 16:59:45 +01:00
7dde2f4a37
Request DNSSEC signature in the DoH probe
2018-01-27 16:53:57 +01:00
be1e99ea32
DoH: send a dummy query before measuring the RTT to ignore the handshake
2018-01-27 16:48:22 +01:00
50d0c0449f
Initial support for DNS-over-HTTP2 -- Yes, it works with Google.
2018-01-27 15:26:08 +01:00
85f8aa1000
Fix stamp proto initialization
2018-01-26 22:59:16 +01:00
e16155e22a
DoHstamps
2018-01-26 20:38:31 +01:00
3bbecdcde7
up
2018-01-26 20:16:45 +01:00
29f1b083a0
Rename a few things to prepare for DoH support
2018-01-26 02:25:38 +01:00
375378c15b
Rename "servers" to "static" for clarity
2018-01-25 17:41:36 +01:00
1164dd4d4d
Comment the additional list of servers in the example
2018-01-25 15:59:22 +01:00
ff5bba1ba4
up
2018-01-25 15:55:27 +01:00
803bc18027
Use a v2 list
2018-01-25 15:17:46 +01:00
79193e6ee3
Add support for V2 source format -- Goodbye, CSV.
2018-01-25 15:02:18 +01:00
78e8abeebc
Use http://
2018-01-25 14:34:55 +01:00
054461e240
Reserve identifiers for traditional nonencrypted DNS and for DoH
2018-01-25 14:31:18 +01:00
023c3e78ee
Fix systemd socket support
2018-01-25 10:24:28 +01:00
996d9be4e3
Improve message if /proc/self/exe doesn't exist (?)
...
Fixes #26
2018-01-24 16:55:28 +01:00
732c451dd4
Add max_clients to cap the maximum number of client queries
2018-01-24 16:51:26 +01:00
1dbc765fd7
crlf
2018-01-24 15:23:03 +01:00
94f9c14ad7
Only attempt to use systemd on linux
...
Remove plan9 builds
2018-01-24 15:14:48 +01:00
0b52211fa3
Update dnsc:// leftovers
2018-01-24 14:48:48 +01:00
c184ce1a03
systemd support
...
How does it work? I don't know. Does it work? I don't know.
Would I encourage its use? No.
2018-01-24 14:44:32 +01:00
0ce20518db
Make the UDP and TCP listeners more generic
2018-01-24 14:22:56 +01:00
1bcb791270
up
2018-01-24 14:13:29 +01:00
abb659eed2
Nits
2018-01-23 15:51:57 +01:00
3a3535dcbc
Still tolerate hex-encoded pks, but emit a warning
2018-01-23 15:42:22 +01:00
ccbdd41f5d
Add support for shorter stamps with binary public keys
2018-01-23 15:23:11 +01:00
2d7920af22
Prefer sdns:// which is less application-tainted
2018-01-22 12:00:42 +01:00
d7b8217018
Only cache specific Rcodes
2018-01-22 11:19:57 +01:00
973b53afdc
Simplify
2018-01-22 10:02:06 +01:00
8324b29b42
Require stamps in static server definitions
...
Provider names, etc. are not future-proof. In particular, they are
incompatible with other protocols such as DoH.
2018-01-22 09:59:32 +01:00
1d18a230c0
Consistent casing
2018-01-21 22:18:20 +01:00
3dcedac390
beta8
2018-01-21 19:52:51 +01:00
29fee1585f
abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist
...
With the following ruleset:
ex.com
bc.ex.com
"abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's
not at a label boundary, it is not rejected.
However, there is a more general rule that should be considered, ex.com.
So we need to perform at least two lookups in that case.
2018-01-21 19:47:19 +01:00
6ca2697128
Clear certIgnoreTimestamp if we found at live 1 live server
2018-01-21 18:14:37 +01:00
8bcba92f97
Add an undocumented option to ignore cert timestamps
2018-01-21 18:10:38 +01:00
05e07e8b69
Add a simple built-in DNS client for testing
2018-01-21 18:02:32 +01:00
d9b5625226
IP blocking
2018-01-21 16:07:44 +01:00
1c80e80a0d
Do not recommend block_ipv6
2018-01-21 00:54:20 +01:00
f80c16ed2a
Slightly change the way we block ipv6
2018-01-20 22:30:36 +01:00
f7b8b70322
Revert "AAAA filter: Reject instead of sending an empty response"
...
This reverts commit aceb8b30f7
2018-01-20 22:06:40 +01:00
aceb8b30f7
AAAA filter: Reject instead of sending an empty response
...
Empty responses can cause issues with CNAME records
2018-01-20 20:37:02 +01:00
4f0c36ac27
Don't log blocked suffixes in reverse
2018-01-20 17:25:16 +01:00
a1461f3452
Remove unused variable
2018-01-20 17:14:21 +01:00
5dd08fe56b
Fix swapped out arguments in substring check
...
*example.com* was matching ample.com, not xxxexample.comxxx
Fixes #14
2018-01-20 17:11:46 +01:00
4f42dd01a4
nxlog
2018-01-20 17:03:48 +01:00
1e0e01e8e1
NXLOG: a new output plugin to log suspicious queries
2018-01-20 16:59:40 +01:00
47fdc45b2d
beta5
2018-01-20 14:15:20 +01:00
ed50798049
Preliminary implementation of stamps
2018-01-20 14:13:11 +01:00
88414e1448
Print stamps; require an env variable for debug level
2018-01-20 13:56:26 +01:00
0fe21b2d57
Shortcut filters for the root zone
2018-01-20 13:30:19 +01:00
066db6a080
Replace logged_qtypes with ignored_qtypes
2018-01-20 13:27:37 +01:00
5080502381
" -> ' \because\people\still\use\backslahes\to\separate\path\components
2018-01-20 13:20:30 +01:00
475d7edb2a
Fix suffix matching so that www.example is rejected if example is filtered
2018-01-20 13:18:54 +01:00
b9e89d2278
megacheck
2018-01-20 01:00:19 +01:00
187de17396
Don't prefetch more frequently than 1/min
2018-01-20 00:31:54 +01:00
1c27d6c230
Improved error handling
2018-01-20 00:30:33 +01:00
7fbb4c5428
Improve the prefetcher; run a dedicated goroutine
2018-01-19 23:43:45 +01:00
2ab29a43d6
Reduce the noise
2018-01-19 22:37:05 +01:00
6e1eaf7b90
More flexible logging; add support for the Windows event log
2018-01-19 20:06:04 +01:00
4b4bf36633
Unreachable -> Timeout
2018-01-19 16:40:35 +01:00
aac0078991
Choose if we want to use IPv6 and/or IPv4 servers
2018-01-19 16:38:43 +01:00
3006a6f2b4
Print server names instead of provider names
2018-01-19 15:50:44 +01:00
7103229609
Add a logged_qtypes feature to log only some query types
2018-01-19 12:57:47 +01:00
414d366cb2
Print the root zone as a dot rather than an empty string
...
Fixes #7
2018-01-19 12:33:27 +01:00
41d5de6e8d
Scheduling
2018-01-19 00:06:18 +01:00
43e5689387
Schedule a prefetch if we got a set or its signature from a backup cache
...
This is not pretty, and has to be rewritten for the next beta
2018-01-18 23:54:53 +01:00
008d2d9093
Increase refresh delay for server sets
2018-01-18 23:54:37 +01:00
1b5e36432e
Remove cache files if we stored corrupted data
2018-01-18 23:33:30 +01:00
f745eb578a
Check HTTP error codes
2018-01-18 23:31:14 +01:00
a85d012a2b
Prefetch previously unreachable sources URLs after a server is reachable
...
Partial fix for #4
Pave the way for regular, background updates as well
2018-01-18 23:19:14 +01:00
c4bd6eb9f0
Make the distinction between a usable cache and a hot cache
...
A hot cache is still fresh. A usable cache exists, and can act as a
backup solution is we can't fetch a list from a remote server.
2018-01-18 22:23:40 +01:00
6c67739b56
bump
2018-01-18 22:23:37 +01:00
35a65bc2fd
Use single quotes in the TOML file, mention that paths are relative
...
Fixes #5
2018-01-18 20:41:33 +01:00
0fcbbfda1f
Add systemd readiness notification
2018-01-18 15:31:08 +01:00
941a7b6f4f
Bring FS info level down to INFO, but store this information with the cert
2018-01-18 14:58:57 +01:00
25664b9a99
Be more tolerant
2018-01-18 14:49:51 +01:00
ed352cc28c
Reduce verbosity
2018-01-18 14:46:19 +01:00
7e86477a7d
Make megacheck happier
2018-01-18 14:28:05 +01:00
0a63975d48
Logs can now be sent to files or syslog in addition to stderr
2018-01-18 14:25:45 +01:00
b0f6a04dc4
Reserve require_nofilter
2018-01-18 13:04:50 +01:00
41a9bf5bf3
Add require_nolog and require_dnssec filters
2018-01-18 13:01:16 +01:00
fd7838ee58
Add a -version command-line switch to print the version
...
Fixes #2
2018-01-18 12:22:25 +01:00
0e03f684b2
Hotfix for OpenBSD and other OS whose init system is not supported yet
2018-01-18 02:08:08 +01:00
8429df82fd
Perform an initial benchmark to use servers with the lowest latency
...
(initially according to the certificate rtt)
2018-01-17 22:12:34 +01:00
9dcd37093d
Use all resolvers simultaneously, even the ones from remote sources.
...
Fireworks!
2018-01-17 21:41:36 +01:00
df3a5f608d
Improve management of multiple servers, and unreachable-at-boot servers
2018-01-17 21:23:01 +01:00
c46498c1d3
Nits
2018-01-17 17:25:43 +01:00
1140e067ad
Retry more frequently if we don't have any useable certificates
...
This will ahve to be done at startup time as well.
2018-01-17 17:22:29 +01:00
b9c43c8ef3
Add the ability to log blocked queries
2018-01-17 17:03:42 +01:00
9f8bce28a4
Fix forwarding of subdomains
2018-01-17 16:16:22 +01:00
f35357ef88
Simplify the forwarding syntax
2018-01-17 16:06:30 +01:00
203cfafe35
Add a forwarding rules example
2018-01-17 12:34:05 +01:00
adcdb94d99
Allow comments in the fowarding rules
2018-01-17 12:27:29 +01:00
3fffbaa2a2
Support installation as a service
2018-01-17 11:28:43 +01:00
3fe6dbd740
Preliminary support for running as a Windows service
2018-01-17 10:58:19 +01:00
6ba5749c91
Freformat
2018-01-17 09:50:21 +01:00
96dadc7aca
Forwarding plugin
2018-01-17 09:44:03 +01:00
1b38364e48
Another example
2018-01-17 08:47:47 +01:00
404fcea50b
Pattern matching in blacklists: done
2018-01-17 08:46:42 +01:00
548d97989b
Comment
2018-01-17 02:42:01 +01:00
170e2e816e
Implement blocking, fully compatible with rules from version 1
2018-01-17 02:40:47 +01:00
0dcf2c9e06
Split plugins into individual files
2018-01-16 18:21:17 +01:00
796186a078
Add support for LTSV query logging
2018-01-16 18:10:04 +01:00
004fbef395
Fix source cache
2018-01-16 00:37:04 +01:00
5685844f43
Implement query logging
2018-01-16 00:23:16 +01:00
3ffad7be44
Add Init/Drop/Update methods to plugins
...
Eventually, we may want to provide a specific structure for plugin
initialization. Sending the whole Proxy structure doesn't scale well.
2018-01-15 23:07:41 +01:00
b945e23101
Use time.Since()
2018-01-14 23:53:17 +01:00
fee0a42dec
Plugins can now access the client IP. Useful for logging and ACLs.
2018-01-14 23:47:49 +01:00
5e252372d5
Pass the client protocol around, don't infer it from clientAddr
2018-01-14 23:39:55 +01:00
b2d297fb17
cd to the path of the executable file
2018-01-14 00:56:46 +01:00
9640a38ff8
More explicit example name
2018-01-14 00:47:22 +01:00
c3edfb0637
Don't print server public keys
2018-01-14 00:43:57 +01:00
32b72f3eb3
up
2018-01-14 00:36:46 +01:00
c90befd5a8
Fix getOne()
2018-01-14 00:34:28 +01:00
9b6d527045
Better explain what cache_file should be set to
2018-01-14 00:24:05 +01:00
4fef1a705c
Fix source cache
2018-01-14 00:20:22 +01:00
5a65a3a084
Correct format
2018-01-14 00:17:46 +01:00
01d424a942
Use net.ParseIP() to add missing port numbers
2018-01-14 00:15:01 +01:00
1b7b6418f1
Restrict the set of resolvers used from a remote source
2018-01-14 00:10:20 +01:00
13e30ade2b
Skip empty lines in the CSV file
2018-01-13 23:53:33 +01:00
a361aa52f3
Preliminary support for remote sources
2018-01-13 23:52:44 +01:00
e9faf4368c
Load the toml file from the current directory by default
2018-01-13 00:14:12 +01:00
9a3cd91cd7
Use dlog for everything
2018-01-11 11:50:54 +01:00
735213f45a
Use glog
2018-01-11 02:11:54 +01:00
822ae27a46
Always use negative caching except on srvfail (and obviously on success)
2018-01-10 23:26:03 +01:00
1527d6ed5e
Improve caching
2018-01-10 22:47:29 +01:00
3dd473910b
Doc
2018-01-10 19:49:39 +01:00
3fe60f64c4
So, daemonization only works on linux :/
2018-01-10 19:49:02 +01:00
99c5273e3a
Add configuration cache size and other parameters
2018-01-10 19:32:56 +01:00
b60c728067
If computeCacheKey ever returns an error, bubble it up
2018-01-10 19:23:24 +01:00
132add7955
Use a LRU for the cache
2018-01-10 19:02:43 +01:00
8e73bb4a2c
Working DNS cache
2018-01-10 18:53:09 +01:00
77cdc1db78
Start implementing a basic cache
2018-01-10 18:32:05 +01:00
f283105866
Implement the IPv6 block plugin
2018-01-10 17:23:20 +01:00
fb16eadb24
Single entry for now
2018-01-10 16:43:11 +01:00
fa22cc32d7
Basic load balancing/failover
...
Try to send queries to one of the two fastest servers
2018-01-10 16:42:14 +01:00
9eeb799d6e
Many improvements
2018-01-10 16:01:29 +01:00
32a8a3d3e2
Get the path to the config file from the command line
2018-01-10 13:40:50 +01:00
6dfcb659d4
Handle daemonization
2018-01-10 13:33:06 +01:00
b86e7f268e
Use more things from the config file
2018-01-10 12:09:59 +01:00
2822a9781b
Add a config file
2018-01-10 12:02:09 +01:00
20e3182692
Improve the plugins interface
2018-01-10 10:11:59 +01:00
efd0477c2b
Implement an actual estimator for the response size
...
Scale back the minimum question size when relevant.
Did I mention that this is yet another thing that was never properly
implemented in dnscrypt-proxy 1.x?
2018-01-10 09:46:27 +01:00
f4346691bc
Transform queries via an initial edns mangling plugin
...
Yet another thing that was utterly broken in dnscrypt-proxy v1.x
2018-01-10 09:04:03 +01:00
705cf440b1
Skip queries without a question
2018-01-10 03:04:13 +01:00
d8f8d561c8
Synthesize a truncated response if the response wouldn't fit the local MSS
2018-01-10 02:52:09 +01:00
ab9006e74c
Be more tolerant with invalid/unsupported certificates
2018-01-10 00:38:37 +01:00
3049f43bc7
Nits
2018-01-10 00:32:16 +01:00
72a6963f2e
Cleanups
2018-01-10 00:31:12 +01:00
35ec5bd044
We can now receive queries on UDP and forward them on TCP
...
Something that had never been possible with the old implementation
2018-01-09 20:10:06 +01:00
1a59d93192
Support TCP connection to the backend
2018-01-09 19:47:24 +01:00
888db6a8fb
The preferred protocol will be a global (for Tor users)
2018-01-09 18:42:24 +01:00
ce5e0c8031
Try to retrieve the certificates using UDP before TCP
2018-01-09 18:37:37 +01:00
841bf65d61
Reorganize
2018-01-09 18:32:14 +01:00
Frank Denis
Adrián Laviós Gomis