Commit Graph

1564 Commits

Author SHA1 Message Date
Frank Denis 0d260d0e2d pattern_matcher: check exact matches first 2020-12-07 12:58:05 +01:00
Frank Denis 1239e64cd9 Correctly check for HTTPS type 2020-12-01 16:08:33 +01:00
Frank Denis b7dfdb1372 Factorize 2020-12-01 16:08:10 +01:00
Frank Denis 24a9539d08 Filter names on SVCB and HTTPS records in addition to CNAME 2020-12-01 16:00:18 +01:00
Frank Denis 5c1e3f0b15 Update deps 2020-12-01 14:46:14 +01:00
Frank Denis 9c50963f69 Add Captain Miao ad list, whitelist mobiledl.adobe.com 2020-12-01 08:46:15 +01:00
Frank Denis 01e60ab31b Add localhost to the allowlist 2020-12-01 08:37:03 +01:00
Frank Denis df8cfe3f3c dnsdist has been fixed 2020-11-30 14:31:30 +01:00
mibere f5827520d8
download mirror download.dnscrypt.net (#1527)
Files are locally hosted on download.dnscrypt.net. A cronjob updates the files every 3 hours, source is https://download.dnscrypt.info
download.dnscrypt.net has IPv4 and IPv6, DNSSEC, HTTPS
2020-11-27 22:35:27 +01:00
Frank Denis f9c11f0897 Allow arbitrary addresses to be set in listen_addresses
Only works on OpenBSD/FreeBSD/Linux (including Android)

Fixes #1362
2020-11-25 19:23:30 +01:00
Frank Denis 02a6ca1098 Keep .home in forwarding rules 2020-11-25 01:39:11 +01:00
petercooperjr 715c32f0fc
Change example forwarding rule to match recommended .home.arpa TLD (#1523)
The ".home" TLD was proposed at one point, and while it's probably not going to actually ever get delegated it's not best practice to just start using your own TLD. The .home.arpa domain has been specifically set aside for use in home networks (RFC 8375) and is probably the better example to put here.
2020-11-25 01:38:14 +01:00
Frank Denis 9e4131c6f7 Add ipv6.download.dnscrypt.info for testing 2020-11-23 21:10:22 +01:00
Frank Denis cae3719464 CI: verify that queries sent over local DoH are properly logged 2020-11-18 20:22:16 +01:00
Frank Denis 7e3e9aa5d2 New version of kardianos/service 2020-11-18 10:19:58 +01:00
Ian Bashford 90a9a9d992
allowed ips plugin (#1510) 2020-11-15 20:59:58 +01:00
Frank Denis 6b6c6753aa Revert struct packing changes for the configuration
structlop is nice, but strips renames
2020-11-14 15:34:03 +01:00
Frank Denis 4fa643ef4d Repack structures to save some memory 2020-11-14 14:46:59 +01:00
Frank Denis e6fdb08d3d Update deps 2020-11-06 07:43:29 +01:00
lifenjoiner 078f69357e
Update example-dnscrypt-proxy.toml (#1489)
* Update lb_strategy usage

* Update example-dnscrypt-proxy.toml
2020-10-21 14:21:39 +02:00
Frank Denis 6ee164a3c9 Update miekg/dns and other dependencies 2020-10-19 16:46:12 +02:00
Frank Denis 7a03369d01 Debug log certificate TTL 2020-10-12 17:58:08 +02:00
Frank Denis d0674ef4d2 Cleanup go.sum 2020-10-12 10:38:44 +02:00
Frank Denis 2b826bbb64 Update deps 2020-10-12 10:35:37 +02:00
Ian Bashford f2700874fd
user-friendly comments - follow up to #1412 (#1486) 2020-10-04 21:05:24 +02:00
Frank Denis 7b7107902b Update deps 2020-09-21 02:15:51 +02:00
Frank Denis 8b72e58656 Make key exchange behaviors consistent 2020-09-21 02:14:17 +02:00
Frank Denis e54056bc38 Update deps 2020-09-18 18:19:55 +02:00
Frank Denis 687fe27371 Nits 2020-09-18 00:14:50 +02:00
Frank Denis 272984a640 Add support for EDNS-client-subnet
Fixes #1471
2020-09-18 00:11:26 +02:00
Frank Denis 4d7f253e6b Don't spawn new connections if we are full 2020-09-17 00:49:49 +02:00
Frank Denis 8411e5a91b Revert "Error out if the dns64 plugin is enabled without listening sockets"
This reverts commit b02649f774.
2020-09-17 00:45:48 +02:00
Frank Denis 4eab88c017 plugin_dns64: don't send queries to self
Fixes #1477
2020-09-17 00:44:37 +02:00
Frank Denis b460ca9fa8 Simplify hasAAAAQuestion 2020-09-17 00:24:04 +02:00
Frank Denis b02649f774 Error out if the dns64 plugin is enabled without listening sockets 2020-09-17 00:19:00 +02:00
Frank Denis c74b993cbb dns64: check the original question, not the returned one 2020-09-17 00:10:11 +02:00
Frank Denis 26505ab560 Merge declaration and assignment 2020-09-13 20:24:06 +02:00
Frank Denis 018d8412be Format generate-domains-blocklist.py with Black 2020-09-12 23:34:39 +02:00
Frank Denis 5a1b87130d Use single quotes for strings
Fixes #1466
2020-09-03 21:21:05 +02:00
Ian Bashford a510b97d86
Update to generate-domains-blocklist.py (#1412)
* ConfigFile change to allowlist and blocklist

* revised names and warnings

* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity

* update ci files

* message about deprecation of -w

Co-authored-by: Ian Bashford <ianbashford@gmail.com>
2020-09-01 23:05:25 +02:00
Frank Denis d175642df3 Quad9 seems to have upgraded their dnsdist version! 2020-08-31 17:13:14 +02:00
Frank Denis f678f39535 CHEF-KOCH lists have moved to Gitlab 2020-08-31 16:06:30 +02:00
Frank Denis d5c3c6747e Revert "CHEF-KOCH is not on GitHub any more :("
This reverts commit b448324e1a.
2020-08-31 16:05:51 +02:00
Frank Denis b448324e1a CHEF-KOCH is not on GitHub any more :(
Fixes #1462
2020-08-30 17:16:49 +02:00
IceCodeNew fd98ced18d
fix `bblck.me` domain not exist error (#1447) 2020-08-15 08:58:59 +02:00
Frank Denis fa5c55c64a Debug log query names 2020-08-09 13:09:37 +02:00
Frank Denis dadb38c32e Lower severity 2020-08-05 15:50:48 +02:00
Frank Denis 0ac96fec30 Add some logging back to fetchDoHServerInfo() 2020-08-05 15:39:30 +02:00
Frank Denis b583fb5314 Turns out that the "test." zone is directly served by the Tencent CDN
without hitting the actual resolvers.

So, we need to use a different test zone.
2020-08-05 15:03:16 +02:00
Frank Denis f3157b0a42 Check DoH servers with a query to a random name
The issue with benchmarking DoH servers is that some responses can
be directly served by a CDN, while others require a round trip to
the origin that can be significantly more expensive.

Random padding was an attempt at mitigating this. Unfortunately,
some servers (Tencent) ignore the padding. We end up with a query
for the root zone served by the Tencent CDN very quickly, but
anything else is orders of magnitude slower.

So, measure a query within the reserved "test." zone instead.
Caching resolvers should either know that "test." is undelegated,
or have it in their negative cache already, so this is unlikely to
trigger an actual query to authoritative servers.

Take it as an opportunity to check that we don't get anything but
a NXDOMAIN response for nonexistent domains.
2020-08-05 14:54:14 +02:00