cobratbq
7a8bd35009
systemd: use constants and update status on ready ( #1993 )
...
Systemd-notify signaling indicates the status of dnscrypt-proxy when
starting as 'Type=notify' systemd service. However, the status is not
updated when initialization completes, instead it always shows
"Starting". Now fixed.
2022-01-19 20:30:15 +01:00
Frank Denis
06733f57ed
If a relay has multiple names, print the one matching the protocol
...
Fixes #1992
2022-01-17 19:43:12 +01:00
Frank Denis
fbfc2d57a7
omit comparison to bool constant, can be simplified to !cloakedName.isIP
...
Reported by GitHub's code scanning
2021-12-16 10:43:40 +01:00
Ian Bashford
1b6caba307
allow ptr queries for cloaked domains ( #1958 )
...
* allow ptr queries for cloaked domains
* multi ips per PTR returned + cleanup
* some string tidy up
* enable config file switch
* add cloaked ptr test
* enable cloak ptrs in test scenario
* fix reverse ipv6 ptr lookup
* added ipv6 cloaked ptr test
2021-12-13 14:00:13 +01:00
CNMan
27e93a53cf
minor typo fix ( #1951 )
2021-11-30 18:26:34 +01:00
Frank Denis
561e849889
Add a forwarding example for local reverse entries
2021-10-17 15:53:54 +02:00
a1346054
766e149699
Fix typo and alignment in example-dnscrypt-proxy.toml ( #1915 )
2021-10-10 19:19:45 +02:00
Frank Denis
e1f3f58eed
Bump
2021-09-27 15:51:48 +02:00
Frank Denis
efcd392279
StaleResponseTtl -> StaleResponseTTL
2021-09-27 15:47:19 +02:00
Frank Denis
8da1b698ad
Revert "Pasto, thanks to @lifenjoiner"
...
This reverts commit 14ef11447e
.
2021-09-27 15:42:54 +02:00
Frank Denis
77b27d9293
Merge branch 'master' of github.com:DNSCrypt/dnscrypt-proxy
...
* 'master' of github.com:DNSCrypt/dnscrypt-proxy:
Make return value explicit
Repair stale respones for DoH
Define a constant for the TTL of stale responses
Update plugin_cache.go (#1900 )
2021-09-27 12:31:43 +02:00
Frank Denis
4c29840040
Revert "Print an error if a block/allow rule contains more than a pattern"
...
This reverts commit 6e8628f796
.
2021-09-27 12:29:41 +02:00
Frank Denis
b7704a05c5
Make return value explicit
2021-09-25 20:09:29 +02:00
Frank Denis
d82021b545
Repair stale respones for DoH
2021-09-25 19:53:43 +02:00
Frank Denis
e5608e08cf
Define a constant for the TTL of stale responses
2021-09-25 19:53:25 +02:00
livingentity
2a3e59c4bf
Update plugin_cache.go ( #1900 )
2021-09-25 19:04:17 +02:00
Frank Denis
3bae61dbe1
Properly round the TTL
2021-09-24 09:26:31 +02:00
Frank Denis
5fedbe4c6e
// +build -> //go:build
2021-09-23 19:16:26 +02:00
Frank Denis
b2f26192e1
gofmt
2021-09-23 19:16:12 +02:00
Frank Denis
a4684d3bf5
Round TTLs
2021-09-23 19:10:40 +02:00
Frank Denis
34f0caaa34
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Enable HTTP/2 pings
Remove leftovers from the daemonize option
DoH/ODoH: strip optional port number when caching a hostname
Bump actions/setup-go from 2.1.3 to 2.1.4 (#1843 )
fix minor typo in example config (#1847 )
2021-09-23 18:38:50 +02:00
Frank Denis
75e917ae49
plugin_cache: update the response TTL, not the cached data
...
Fixes #1895
2021-09-23 18:37:40 +02:00
Frank Denis
8fc0ffc35f
Enable HTTP/2 pings
2021-09-21 12:57:42 +02:00
Frank Denis
97a983c6b3
Remove leftovers from the daemonize option
2021-09-09 11:26:17 +02:00
Frank Denis
0f00cd27f9
DoH/ODoH: strip optional port number when caching a hostname
...
Fixes #1861
2021-09-06 12:02:56 +02:00
Alison Winters
d8358b795f
fix minor typo in example config ( #1847 )
2021-08-29 11:11:52 +02:00
Aaron
b8c5790716
Add captive portal entry for dual stack setups ( #1835 )
...
For users with a dual stack set up at home (IPv4+native IPv6), Windows 21H1 will report that there is no Internet connection if this entry is missing from their captive portals file.
Signed-off-by: Aaron <admin@datahoarder.dev>
2021-08-20 17:32:32 +02:00
Frank Denis
9cb89ae410
odoh.md has been deprecated
2021-08-14 13:01:12 +02:00
Frank Denis
e83cb28ef5
Split ODoH servers and relays
2021-08-14 12:33:10 +02:00
Frank Denis
35c82e3dcf
Next will be 2.1.0
2021-08-13 19:20:27 +02:00
Frank Denis
1052fa6323
serve-stale on overflow
2021-08-04 14:30:32 +02:00
Frank Denis
c8a61abb79
Update comment
2021-08-04 14:27:58 +02:00
Frank Denis
e64425b5e7
On overflow, only respond to cached/synthesized queries
2021-08-04 14:27:24 +02:00
Frank Denis
da69583bd2
When we run out of connections, handle an extra one synchronously
2021-08-04 13:35:33 +02:00
Frank Denis
d996e3424d
No need to get the time if the connection is refused
2021-08-04 13:23:21 +02:00
Frank Denis
b4a073f54f
Typo
2021-08-03 11:24:16 +02:00
Frank Denis
0ca90dd8cc
xtransport: set a default error status code
2021-07-31 13:21:45 +02:00
Frank Denis
026c42424f
Workaround for ODoH relays not properly forwarding the status code
...
Some ODoH relays return a 200 status code even when the upstream
server returns something different. This is an issue after a key
update, where a 401 code is expected.
Handle empty responses with a 200 status code as a response with
a 401 code as a workaround until these relays are fixed.
2021-07-31 12:54:23 +02:00
Frank Denis
cedd4f3b54
xtransport: properly forward the status code on error
2021-07-31 12:38:10 +02:00
Frank Denis
796a7f6d31
Add an example for blocking private relay
2021-07-17 14:22:10 +02:00
Frank Denis
d35c1c3cb2
Lower reject_ttl even more
2021-07-16 16:46:50 +02:00
Frank Denis
8b3b7d38ac
Set ttl to reject_ttl for HINFO refused responses
...
Also lower the example TTL
2021-07-16 16:40:21 +02:00
Frank Denis
4caa7b6d64
Verbose
2021-06-12 14:48:02 +02:00
Frank Denis
9bea0e8f20
Nits
2021-06-12 14:16:20 +02:00
Frank Denis
b472fb3b21
Bump
2021-06-12 14:03:26 +02:00
Frank Denis
5fb2901dbc
Fuzz the stamps parser
2021-06-11 22:20:54 +02:00
Frank Denis
ccddb18424
Time to start fuzzing
2021-06-11 22:13:58 +02:00
Frank Denis
1b03ac817e
ODoH: supoprt config version 0x0001 in addition to 0xff06
2021-06-11 21:18:05 +02:00
Frank Denis
95c9fa75f8
Bump
2021-06-08 11:00:01 +02:00
Frank Denis
a85a003d2b
Filter relays by compatible type before selecting them
...
Fixes #1739
2021-06-08 10:52:06 +02:00
Frank Denis
5a9a6467df
Correctly check for empty/wrong relays
2021-06-08 10:27:03 +02:00
Frank Denis
ec581597a2
Require ODoH relays to be present
...
ODoH target stamps don't include certificate hashes; they are not
meant to be used directly.
2021-06-08 10:19:02 +02:00
Frank Denis
33ed882efe
Warn if fallback_resolvers is still in use
2021-06-08 09:53:53 +02:00
Frank Denis
b39232e996
this -> that
2021-06-08 01:14:11 +02:00
Frank Denis
9ebb90b22e
fallback -> bootstrap
2021-06-08 00:44:06 +02:00
Frank Denis
6076e2dd03
www.msftncsi.com IPs update
2021-06-07 18:47:31 +02:00
Frank Denis
d0e27a1366
Update ChangeLog
2021-06-07 18:25:52 +02:00
Frank Denis
d5e9ed3aa9
Don't hardcode the HPKE cipher
2021-06-07 18:16:15 +02:00
Frank Denis
45d3afc8f9
Call ObliviousDoHQuery() on the initial test
2021-06-07 17:32:34 +02:00
Frank Denis
e7f017c592
ODoH: try POST first, even without a relay
2021-06-07 17:19:56 +02:00
Frank Denis
a2ebe0c4a4
dnscrypt-proxy/odoh.go -> dnscrypt-proxy/oblivious_doh.go
2021-06-07 15:53:11 +02:00
Frank Denis
083fa0ad3c
Add an extra retry since ODoH servers are currently unstable
2021-06-07 13:49:37 +02:00
Frank Denis
f5a69c3bdc
Reduce delay
2021-06-07 13:46:44 +02:00
Frank Denis
9e96bbc20b
Continue, don't return
2021-06-07 13:44:08 +02:00
Frank Denis
a181a23263
Send a dummy initial query before RTT measurement in ODoH
2021-06-07 13:42:33 +02:00
Frank Denis
fad415f05a
Update example documentation
2021-06-07 13:37:08 +02:00
Frank Denis
29613096da
ODoH servers should not require a static configuration
2021-06-07 13:21:58 +02:00
Frank Denis
7980af6f46
Error propagation
2021-06-07 12:38:36 +02:00
Frank Denis
94151f9f96
Use ODoH relays in probes
2021-06-07 12:23:26 +02:00
Frank Denis
a11da2d4fb
ODoH: check certificate hashes
2021-06-07 12:09:27 +02:00
Frank Denis
e0483bbb27
Pretend not to always use the first ODoH config
2021-06-07 12:06:36 +02:00
Frank Denis
b35e27bd51
Shuffle ODoH target configs and use different NX queries
2021-06-07 12:05:42 +02:00
Frank Denis
4a4f69edb7
ODoH: only store working configurations
...
Actually, we only store the first one right now.
We should at least randomize them.
2021-06-07 12:02:21 +02:00
Frank Denis
96b05e57ca
Preliminary propoer ODoH initialization
2021-06-07 11:47:11 +02:00
Frank Denis
56f2e9adcc
server_name is ignored for x509 certs
2021-06-07 11:27:33 +02:00
Frank Denis
dc99f1bc2c
If you need this, implement it
2021-06-07 11:26:37 +02:00
Frank Denis
0d81fa2796
Remove doh_client_x509_auth stuf from fetchServerInfo
...
It doesn't belong there, and that feature doesn't do what it's
documented to do. It sets client certificates globally instead of
doing it per server.
2021-06-07 11:23:48 +02:00
Frank Denis
402860e2a6
ODoH broke DNSCrypt relays with wildcards - repair
2021-06-07 11:06:41 +02:00
Frank Denis
cd45f64c18
ODoH: until relay auto selection is implemented, pick random ones
2021-06-07 11:00:21 +02:00
Frank Denis
27a82c54c8
ODoH: handle relay IP addresses
2021-06-07 10:46:01 +02:00
Frank Denis
dce4db4c86
Construct net.URL directly
2021-06-07 10:08:55 +02:00
Frank Denis
525927e797
Don't use net/http
2021-06-07 10:05:20 +02:00
Frank Denis
e57d5173e9
Support GET in ODoH targets
2021-06-06 01:22:48 +02:00
Frank Denis
f542edacaa
ODoH: until detection is in place, without a relay, prefer GET
2021-06-06 01:15:28 +02:00
Frank Denis
92792f0e8b
Prevent remotely triggerable crash in ODoH config parser
2021-06-06 01:05:14 +02:00
Frank Denis
1cdb71cd7c
Avoid double slashes in ODoH relay URLs
2021-06-06 01:01:39 +02:00
Frank Denis
d2947cad75
Unbreak compilation
2021-06-06 00:14:56 +02:00
Frank Denis
3cf5c1ab8e
Limit the number of ODoH target configs
2021-06-05 18:35:45 +02:00
Frank Denis
06135b6141
Reduce MaxHTTPBodyLength
2021-06-05 18:29:13 +02:00
Frank Denis
44f3db31ee
Just a safeguard
2021-06-05 17:57:48 +02:00
Frank Denis
0a1d3b725c
Rename ODoHTarget to ODoHTargetConfig for clarity
2021-06-05 17:49:19 +02:00
Frank Denis
e27419f73d
x509.SystemCertPool() may fail
2021-06-03 20:59:05 +02:00
Frank Denis
ddcc40c954
Hardcode Let's Encrypt ISRG X1 cert
...
Some operating systems don't include it yet.
Thanks to @rs for the heads up
2021-06-03 12:48:33 +02:00
Frank Denis
14ef11447e
Pasto, thanks to @lifenjoiner
2021-05-13 10:30:57 +02:00
Frank Denis
6e8628f796
Print an error if a block/allow rule contains more than a pattern
...
... and it is not a time range.
2021-05-12 17:43:13 +02:00
Frank Denis
31f4d7aa03
Do not ignore ODoH encryption errors
2021-05-09 16:16:38 +02:00
Frank Denis
367b5062ec
Add another IP block list
2021-04-30 20:51:22 +02:00
Frank Denis
58e1410e66
Nits
2021-04-17 16:42:18 +02:00
Frank Denis
e2e32406fb
Improve ODoH log messages
2021-04-17 16:41:10 +02:00
Christopher Wood
23588733ae
Synchronously update the target configuration upon failure. ( #1671 )
...
* Synchronously update the target configuration upon failure.
* Notice a serverInfo failure when key updates fail.
* Add server name to debug logs.
2021-04-17 16:35:55 +02:00
Alison Winters
eda8dd5181
replace TrimFunc(s, IsSpace) with TrimSpace for ASCII optimization ( #1663 )
2021-04-05 11:46:57 +02:00
Frank Denis
3efbacc0d4
Rename
2021-03-30 11:53:59 +02:00
Christopher Wood
c748f93752
Add ODoH support. ( #1653 )
2021-03-30 11:53:51 +02:00
Frank Denis
54d85d7298
Filters don't apply to static entries
2021-03-12 20:05:58 +01:00
Frank Denis
b1e96b69fd
Save 1.4 MiB of memory
2021-03-08 15:36:42 +01:00
Frank Denis
34909babfb
Typo
2021-02-20 19:11:06 +01:00
Frank Denis
c500287498
Rename fallback_resolvers to bootstrap_resolvers
...
Clarify what they are used for.
Remove the legacy `fallback_resolver`.
2021-02-20 18:50:42 +01:00
Frank Denis
96ba551836
Revert "The source tests are completely brok4n :("
...
This reverts commit a76ffb0143
.
2021-01-22 17:50:01 +01:00
lifenjoiner
a9cf16b33e
Fix: Randomize source URLs ( #1593 )
2021-01-22 15:06:49 +01:00
Frank Denis
0ab9e30fa9
Merge branch 'master' of github.com:DNSCrypt/dnscrypt-proxy
...
* 'master' of github.com:DNSCrypt/dnscrypt-proxy:
The source tests are completely brok4n :(
Explain how to listen to all IP addresses
In the query log, consider everything that's not UDP as TCP
2021-01-22 09:16:56 +01:00
Frank Denis
d0f981156b
Add the base inherited fd to the application logging fd
...
Fixes #1585
2021-01-22 09:15:40 +01:00
Frank Denis
a76ffb0143
The source tests are completely brok4n :(
...
Fix at least the fact that URLs are now randomized
2021-01-21 14:59:34 +01:00
Frank Denis
53c8e25352
Explain how to listen to all IP addresses
...
Fixes #1588
2021-01-21 14:38:36 +01:00
Frank Denis
ac0b9cdfe8
In the query log, consider everything that's not UDP as TCP
...
Fixes #1589
2021-01-21 14:35:06 +01:00
Ian Bashford
fcd9225121
Threadsafe update ( #1579 )
...
* threadsafe update for relays
* locks around registeredRelays
2021-01-09 22:44:32 +01:00
Frank Denis
85d268f2b9
Randomize source URLs
...
Fixes #1577
2021-01-04 16:41:39 +01:00
Frank Denis
19dbd13c1b
Explain the example allowlist
2021-01-03 18:18:46 +01:00
Frank Denis
daa1f3d3b1
Add a NOT_READY return code
2021-01-03 18:09:03 +01:00
Frank Denis
f9ec0a9c09
Deep copy cached responses
2021-01-03 17:37:19 +01:00
Frank Denis
3a5585f8a1
Remove test leftover
2021-01-03 17:16:04 +01:00
Frank Denis
1f7b247138
Lower severity
2021-01-03 17:00:39 +01:00
Frank Denis
bc42eda1c8
Shorten
2021-01-03 16:58:21 +01:00
Frank Denis
5c3db0dcf5
Try to rely on proxy.serversInfo rather than proxy.registeredServers
...
With the introduction of background updates, I'm a little bit worried
about race conditions that can happen when a new server or relay is
registered (or even when a stamp changes).
2021-01-03 16:40:38 +01:00
Frank Denis
fbd598f027
Nits
2021-01-03 16:22:23 +01:00
Frank Denis
197f13ea0f
Fix typo and update message
2021-01-03 16:00:02 +01:00
Frank Denis
5861a58089
Nits
2021-01-03 14:44:02 +01:00
Frank Denis
7c6f0823ea
Doc update
2021-01-03 14:41:23 +01:00
Frank Denis
7b962dff98
Nits
2021-01-03 13:58:08 +01:00
Frank Denis
5a079a3eb9
Resolve: print host info
2021-01-03 13:49:43 +01:00
Frank Denis
1e10251407
Only find the farthest route on wildcards
2021-01-03 13:33:51 +01:00
Frank Denis
0f54b2b34c
Automatic relay selection
2021-01-03 13:01:44 +01:00
Frank Denis
79cb9451bd
Remove log messages that are not really needed
2021-01-02 22:59:21 +01:00
Frank Denis
662b4c0c62
Make staticcheck happier
2021-01-02 22:55:16 +01:00
Frank Denis
af80f57a58
Increase timeouts on retry
2021-01-02 22:31:47 +01:00
Frank Denis
996ea0dd89
Don't print the whole response
2021-01-02 22:28:00 +01:00
glitsj16
8a9e61d6cd
Fix typo ( #1571 )
2021-01-02 22:24:11 +01:00
Frank Denis
fc82a6c05e
Revamp dnscrypt-proxy -resolve
2021-01-02 22:20:52 +01:00
Frank Denis
a584effbe9
Remove HTTPS record creation
2021-01-02 19:05:18 +01:00
Frank Denis
7ec5ed127e
Repair server randomization
2021-01-02 19:04:53 +01:00
Frank Denis
5398dab58e
Lower log level
2021-01-02 17:04:59 +01:00
Frank Denis
8f0b38f4c0
Double comments
2021-01-02 15:37:41 +01:00
Frank Denis
9f5c034c3d
Add staticcheck.conf
2021-01-02 15:36:30 +01:00
Frank Denis
ee5711fbd6
Disable captive portals by default
2021-01-02 15:22:58 +01:00
Frank Denis
56acb7b5ab
Log when the ECS plugin is enabled
2021-01-02 15:10:30 +01:00
Frank Denis
a713e1a517
Move captive portals config to a dedicated section
...
Add examples
2021-01-02 15:10:04 +01:00
Frank Denis
3b18058ae5
Add IPv6 cleanbrowsing servers
2021-01-02 12:53:10 +01:00
Ian Bashford
5b8c9c495f
register servers after loading statics ( #1568 )
2021-01-02 11:57:18 +01:00
Frank Denis
b8d17debfd
Remove final stops from errors
2021-01-02 11:16:12 +01:00
Frank Denis
2cdafa4bb3
Remove debug leftover
2021-01-02 10:24:32 +01:00
Frank Denis
f245189f02
Handle captive portal names after coldstart
2021-01-01 21:39:17 +01:00
Ian Bashford
87fb44a588
Run from in memory cache updates ( #1564 )
...
* ConfigFile change to allowlist and blocklist
* revised names and warnings
* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity
* update ci files
* impose maximum delay and document
* live update of servers
* update for source prefixes
* fixup test
* stop registerServers being called twice at startup
* prevent double registration at startup
* tidy function signature for loadSource
Co-authored-by: Ian Bashford <ianbashford@gmail.com>
2021-01-01 14:04:12 +01:00
Frank Denis
254a4a6532
Use , not | to match multiples items
...
Fixes #1558
2020-12-26 17:55:31 +01:00
Frank Denis
77f81cc8c2
Add recommendation for fallback resolvers in the example config
...
This is the same recommendation as c4d9860577/dnscrypt-proxy/serversInfo.go (L429-L432)
that has been here for a while as a comment, but having it in the configuration
file gives it more visibility.
2020-12-17 11:10:35 +01:00
Frank Denis
c4d9860577
cloak plugin: return multiple the entire set of IPv4 or IPv6 addresses
...
Fixes #1547
2020-12-17 09:47:44 +01:00
Frank Denis
a8a0677ea9
h1 -> http/1.x
2020-12-17 01:13:11 +01:00
Frank Denis
7d851366bb
Do not only warn if the protocol is empty
2020-12-17 01:08:06 +01:00
Frank Denis
85e7dddc9b
Move a few DNS things to dnsutils
2020-12-12 23:09:15 +01:00
Frank Denis
a24b009667
Filler
2020-12-12 22:35:51 +01:00
Frank Denis
d700ab6085
Nits
2020-12-12 22:19:09 +01:00
Frank Denis
a384011e71
Support relays in static entries
2020-12-12 21:57:04 +01:00
Frank Denis
7f46f4820c
Don't use distinct pointers for UDP and TCP relay addresses
2020-12-12 21:18:32 +01:00
Frank Denis
ab8ebead34
Remove support for {ip|host}[:port] syntax for specifying a relay
...
It's very likely that no one ever used it.
2020-12-12 20:46:40 +01:00
Frank Denis
fc785f9f69
Print details when an unsupported protocol is found
2020-12-11 12:26:05 +01:00
Frank Denis
d6d8c37ef6
Format
2020-12-11 12:25:57 +01:00
Frank Denis
0d260d0e2d
pattern_matcher: check exact matches first
2020-12-07 12:58:05 +01:00
Frank Denis
1239e64cd9
Correctly check for HTTPS type
2020-12-01 16:08:33 +01:00
Frank Denis
b7dfdb1372
Factorize
2020-12-01 16:08:10 +01:00
Frank Denis
24a9539d08
Filter names on SVCB and HTTPS records in addition to CNAME
2020-12-01 16:00:18 +01:00
Frank Denis
df8cfe3f3c
dnsdist has been fixed
2020-11-30 14:31:30 +01:00
mibere
f5827520d8
download mirror download.dnscrypt.net ( #1527 )
...
Files are locally hosted on download.dnscrypt.net. A cronjob updates the files every 3 hours, source is https://download.dnscrypt.info
download.dnscrypt.net has IPv4 and IPv6, DNSSEC, HTTPS
2020-11-27 22:35:27 +01:00
Frank Denis
f9c11f0897
Allow arbitrary addresses to be set in listen_addresses
...
Only works on OpenBSD/FreeBSD/Linux (including Android)
Fixes #1362
2020-11-25 19:23:30 +01:00
Frank Denis
02a6ca1098
Keep .home in forwarding rules
2020-11-25 01:39:11 +01:00
petercooperjr
715c32f0fc
Change example forwarding rule to match recommended .home.arpa TLD ( #1523 )
...
The ".home" TLD was proposed at one point, and while it's probably not going to actually ever get delegated it's not best practice to just start using your own TLD. The .home.arpa domain has been specifically set aside for use in home networks (RFC 8375) and is probably the better example to put here.
2020-11-25 01:38:14 +01:00
Frank Denis
9e4131c6f7
Add ipv6.download.dnscrypt.info for testing
2020-11-23 21:10:22 +01:00
Ian Bashford
90a9a9d992
allowed ips plugin ( #1510 )
2020-11-15 20:59:58 +01:00
Frank Denis
6b6c6753aa
Revert struct packing changes for the configuration
...
structlop is nice, but strips renames
2020-11-14 15:34:03 +01:00
Frank Denis
4fa643ef4d
Repack structures to save some memory
2020-11-14 14:46:59 +01:00
lifenjoiner
078f69357e
Update example-dnscrypt-proxy.toml ( #1489 )
...
* Update lb_strategy usage
* Update example-dnscrypt-proxy.toml
2020-10-21 14:21:39 +02:00
Frank Denis
7a03369d01
Debug log certificate TTL
2020-10-12 17:58:08 +02:00
Frank Denis
8b72e58656
Make key exchange behaviors consistent
2020-09-21 02:14:17 +02:00
Frank Denis
687fe27371
Nits
2020-09-18 00:14:50 +02:00
Frank Denis
272984a640
Add support for EDNS-client-subnet
...
Fixes #1471
2020-09-18 00:11:26 +02:00
Frank Denis
4d7f253e6b
Don't spawn new connections if we are full
2020-09-17 00:49:49 +02:00
Frank Denis
8411e5a91b
Revert "Error out if the dns64 plugin is enabled without listening sockets"
...
This reverts commit b02649f774
.
2020-09-17 00:45:48 +02:00
Frank Denis
4eab88c017
plugin_dns64: don't send queries to self
...
Fixes #1477
2020-09-17 00:44:37 +02:00
Frank Denis
b460ca9fa8
Simplify hasAAAAQuestion
2020-09-17 00:24:04 +02:00
Frank Denis
b02649f774
Error out if the dns64 plugin is enabled without listening sockets
2020-09-17 00:19:00 +02:00
Frank Denis
c74b993cbb
dns64: check the original question, not the returned one
2020-09-17 00:10:11 +02:00
Frank Denis
26505ab560
Merge declaration and assignment
2020-09-13 20:24:06 +02:00
Frank Denis
5a1b87130d
Use single quotes for strings
...
Fixes #1466
2020-09-03 21:21:05 +02:00
Frank Denis
d175642df3
Quad9 seems to have upgraded their dnsdist version!
2020-08-31 17:13:14 +02:00
Frank Denis
fa5c55c64a
Debug log query names
2020-08-09 13:09:37 +02:00
Frank Denis
dadb38c32e
Lower severity
2020-08-05 15:50:48 +02:00
Frank Denis
0ac96fec30
Add some logging back to fetchDoHServerInfo()
2020-08-05 15:39:30 +02:00
Frank Denis
b583fb5314
Turns out that the "test." zone is directly served by the Tencent CDN
...
without hitting the actual resolvers.
So, we need to use a different test zone.
2020-08-05 15:03:16 +02:00
Frank Denis
f3157b0a42
Check DoH servers with a query to a random name
...
The issue with benchmarking DoH servers is that some responses can
be directly served by a CDN, while others require a round trip to
the origin that can be significantly more expensive.
Random padding was an attempt at mitigating this. Unfortunately,
some servers (Tencent) ignore the padding. We end up with a query
for the root zone served by the Tencent CDN very quickly, but
anything else is orders of magnitude slower.
So, measure a query within the reserved "test." zone instead.
Caching resolvers should either know that "test." is undelegated,
or have it in their negative cache already, so this is unlikely to
trigger an actual query to authoritative servers.
Take it as an opportunity to check that we don't get anything but
a NXDOMAIN response for nonexistent domains.
2020-08-05 14:54:14 +02:00
Frank Denis
60d4c98f31
Unbreak running without a captive portal configuration file
2020-08-04 00:50:59 +02:00
Frank Denis
f7f84fd871
Add ipv4only.arpa
2020-08-03 18:20:12 +02:00
Frank Denis
4424602e39
Start experimenting with better support for captive portals
...
MacOS (and probably Windows and other systems) tries to fetch a URL
before marking a network interface as available.
During this time, applications cannot use the interface at all, not
even bind their address.
When DNS queries are sent to dnscrypt-proxy, this causes the system
to wait for a response that can't come from the network, since we
hit a dead lock here.
The only option is to return hard-coded responses directly until
te interface is available.
The same captive portal configuration file can also serve a different
purpose.
Once the network is available, captive portal detection may not
work as expected if the answer is cached for too long. In fact, it
probably can't work at all since routers can't hijack DNS queries.
Once thing we can do is redirect the list of names used for captive
portal detection to the fallback resolvers. This may allow detection
to work as expected while still using a secure channel for all
other queries.
2020-08-03 18:05:42 +02:00
Frank Denis
210ba8c60f
coldstart experiment
2020-08-03 15:40:39 +02:00