Commit Graph

740 Commits

Author SHA1 Message Date
Frank Denis 7d10628a5f New syntax for blocking/whitelisting rules: exact matching
Example: =example.com

Matches `example.com` but not `api.example.com`
2018-04-09 13:02:42 +02:00
Frank Denis de6a8d230e Use PolyChaCha, but more importantly, RSA by default
Even on non-ARM systems, this makes a difference in CPU usage/latency
2018-04-09 12:45:42 +02:00
Frank Denis 1a4d34dc55 Add golang.org/x/net/http2 to the dependencies 2018-04-09 11:56:49 +02:00
Frank Denis 751f049136 Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  minor (#330)
2018-04-09 03:13:05 +02:00
Frank Denis ca80b69b3a Re-implement ephemeral keys for DNSCrypt 2018-04-09 03:12:34 +02:00
Frank Denis 70dca19326 Clarify 2018-04-09 02:57:30 +02:00
Massimiliano Fantuzzi HB3YOE b23a0fa007 minor (#330)
updated IETF draft link to version 5, updated the "official name" of the proposed protocol, which is indeed "DNS over HTTP" without S or 2.
2018-04-08 20:29:21 +02:00
Frank Denis 172159c00a Use Go 1.10.1 2018-04-08 08:48:48 +02:00
Frank Denis 4439040bc8 patternMatcher: initialize the indirectVals map 2018-04-08 08:42:02 +02:00
Frank Denis 10baa245b2 Clarify 2018-04-07 23:27:57 +02:00
Frank Denis fcdf7d7e55 Update ChangeLog 2018-04-07 23:14:15 +02:00
Frank Denis 517538bdb2 Less ### 2018-04-07 23:05:29 +02:00
Frank Denis 65e6b8569e Implement whitelists
Fixes #293
2018-04-07 23:02:40 +02:00
Frank Denis ceb2d55afd Move time range things to their own file 2018-04-07 22:36:30 +02:00
Frank Denis 77d1b6d075 Spacing 2018-04-07 22:33:40 +02:00
Frank Denis fbe91ee58b No need to initialize xTransport before we have all the parameters 2018-04-07 22:33:11 +02:00
Frank Denis dee7960be6 Bump keepalive up 2018-04-07 22:26:46 +02:00
Frank Denis 1fa3e5d7f3 Add options to set the cipher suite as well as disable session tickets 2018-04-07 22:23:29 +02:00
Frank Denis a4366b0593 Update deps 2018-04-07 17:14:53 +02:00
Frank Denis 10986aba62 Add a MemUsage() helper 2018-04-07 17:05:55 +02:00
Frank Denis 5c86191e43 Use critibitgo 2018-04-07 16:59:10 +02:00
Frank Denis 58c7ff3d2f We may not have a schedule for every rule 2018-04-06 20:18:15 +02:00
Frank Denis 105cb2c525 Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00
Frank Denis 8217170a7b Revert "Do not consider SERVFAIL responses as server failures"
This reverts commit 0e65c50989.
2018-04-06 13:43:09 +02:00
Frank Denis 2d27eabf95 Revert "Add a -v flag"
This reverts commit d8c95aaca8.
2018-04-06 03:03:27 +02:00
Frank Denis d8c95aaca8 Add a -v flag
Fixes #317

But makes me grumpy, because -v usually means `verbose` to me.
2018-04-06 03:01:42 +02:00
Frank Denis 0e65c50989 Do not consider SERVFAIL responses as server failures 2018-04-06 02:47:58 +02:00
Frank Denis a938eeff7b Mainly revert 869d44c30e
Fixing #304 doesn't look trivial

The service module needs to know the arguments right away.

The arguments haven't been parsed yet. And if we do, we will prevent
further arguments to be added to the set. Including the ones added
by the service module itself.

So, we have quite of a circular dependency here.

If someone with some Go knowledge can fix that, that would be amazing.
But it's probably never going to happen.

Meanwhile, we can try to save the current directory and document
that we have to be in that directory when running the install command.

Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
Frank Denis c88e480a15 Include the -config option in the installed service
Untested on Linux and Windows. Fear.

Fixes #304
2018-04-03 19:42:27 +02:00
Frank Denis 869d44c30e Reorder 2018-04-03 17:59:15 +02:00
Frank Denis f0a690701d Print "additional certificate" when a server has multiple valid certs
This doesn't mean anything but looks less confusing than having the
same message twice

Fixes #303
2018-04-02 20:55:42 +02:00
Frank Denis d4367393c4 Add some links 2018-04-02 01:55:22 +02:00
Frank Denis 308ffff739 Make the keepalive configurable
Fixes #300
2018-04-02 01:49:09 +02:00
Frank Denis b71e04c64e Update miekg/dns to v1.0.5 2018-04-02 00:10:55 +02:00
Frank Denis e210fc537e Ignore the Cache-Control: max-age header
What's in the DNS packet is a better source of truth.

There was also an inconsistency between the TTL from the
max-age header (as returned in a response that wasn't cached) and
a response from the cache (using TTLs from the DNS packet).

So, just use what's in the packet.

Reported by @vavrusam, thanks!
2018-04-01 21:41:36 +02:00
Frank Denis 2dedd3a314 em dash 2018-04-01 17:19:39 +02:00
Frank Denis 2147a3a95f Make this less confusing 2018-04-01 17:19:03 +02:00
Frank Denis f3e3ff01c8 Nits 2018-04-01 17:14:44 +02:00
Frank Denis 22da6ca8da Add some links 2018-04-01 17:13:53 +02:00
Frank Denis adb0c94a61 April 1st is already over in some time zones :)
This reverts commit dac52ab42a.
2018-04-01 16:35:32 +02:00
Frank Denis dac52ab42a Completely remove support for the DNSCrypt protocol 2018-04-01 04:04:12 +02:00
Frank Denis 2dcf5fe01a Skip the signature in the example Google stamp
Example configuration files are updated less often than sources
2018-04-01 03:50:10 +02:00
Frank Denis d812a9bdc3 Revert to 9.9.9.9 as the example fallback resolver
Just in case some networks do stupid things with 1.1.1.1 already.
2018-03-30 22:24:19 +02:00
Frank Denis a2160189af Welcome to 1.1.1.1 2018-03-30 21:30:06 +02:00
Frank Denis be84399ffc Do not assume that the kernel supports IPv6 2018-03-29 16:30:35 +02:00
Frank Denis 5cc4663081 Bump 2018-03-29 11:22:20 +02:00
Frank Denis c3280a030c Update ChangeLog 2018-03-28 14:46:20 +02:00
Frank Denis ede564ccf7 Support multiple URLs for a given source
Fixes #265
2018-03-28 13:36:19 +02:00
Frank Denis 7ed4ce17d7 Move things down for clarity 2018-03-28 13:00:06 +02:00
Frank Denis 1ca7597c7f string(<int>) doesn't do what you may expect :) 2018-03-28 12:38:17 +02:00