Frank Denis
0d260d0e2d
pattern_matcher: check exact matches first
2020-12-07 12:58:05 +01:00
Frank Denis
1239e64cd9
Correctly check for HTTPS type
2020-12-01 16:08:33 +01:00
Frank Denis
b7dfdb1372
Factorize
2020-12-01 16:08:10 +01:00
Frank Denis
24a9539d08
Filter names on SVCB and HTTPS records in addition to CNAME
2020-12-01 16:00:18 +01:00
Frank Denis
5c1e3f0b15
Update deps
2020-12-01 14:46:14 +01:00
Frank Denis
9c50963f69
Add Captain Miao ad list, whitelist mobiledl.adobe.com
2020-12-01 08:46:15 +01:00
Frank Denis
01e60ab31b
Add localhost to the allowlist
2020-12-01 08:37:03 +01:00
Frank Denis
df8cfe3f3c
dnsdist has been fixed
2020-11-30 14:31:30 +01:00
mibere
f5827520d8
download mirror download.dnscrypt.net ( #1527 )
...
Files are locally hosted on download.dnscrypt.net. A cronjob updates the files every 3 hours, source is https://download.dnscrypt.info
download.dnscrypt.net has IPv4 and IPv6, DNSSEC, HTTPS
2020-11-27 22:35:27 +01:00
Frank Denis
f9c11f0897
Allow arbitrary addresses to be set in listen_addresses
...
Only works on OpenBSD/FreeBSD/Linux (including Android)
Fixes #1362
2020-11-25 19:23:30 +01:00
Frank Denis
02a6ca1098
Keep .home in forwarding rules
2020-11-25 01:39:11 +01:00
petercooperjr
715c32f0fc
Change example forwarding rule to match recommended .home.arpa TLD ( #1523 )
...
The ".home" TLD was proposed at one point, and while it's probably not going to actually ever get delegated it's not best practice to just start using your own TLD. The .home.arpa domain has been specifically set aside for use in home networks (RFC 8375) and is probably the better example to put here.
2020-11-25 01:38:14 +01:00
Frank Denis
9e4131c6f7
Add ipv6.download.dnscrypt.info for testing
2020-11-23 21:10:22 +01:00
Frank Denis
cae3719464
CI: verify that queries sent over local DoH are properly logged
2020-11-18 20:22:16 +01:00
Frank Denis
7e3e9aa5d2
New version of kardianos/service
2020-11-18 10:19:58 +01:00
Ian Bashford
90a9a9d992
allowed ips plugin ( #1510 )
2020-11-15 20:59:58 +01:00
Frank Denis
6b6c6753aa
Revert struct packing changes for the configuration
...
structlop is nice, but strips renames
2020-11-14 15:34:03 +01:00
Frank Denis
4fa643ef4d
Repack structures to save some memory
2020-11-14 14:46:59 +01:00
Frank Denis
e6fdb08d3d
Update deps
2020-11-06 07:43:29 +01:00
lifenjoiner
078f69357e
Update example-dnscrypt-proxy.toml ( #1489 )
...
* Update lb_strategy usage
* Update example-dnscrypt-proxy.toml
2020-10-21 14:21:39 +02:00
Frank Denis
6ee164a3c9
Update miekg/dns and other dependencies
2020-10-19 16:46:12 +02:00
Frank Denis
7a03369d01
Debug log certificate TTL
2020-10-12 17:58:08 +02:00
Frank Denis
d0674ef4d2
Cleanup go.sum
2020-10-12 10:38:44 +02:00
Frank Denis
2b826bbb64
Update deps
2020-10-12 10:35:37 +02:00
Ian Bashford
f2700874fd
user-friendly comments - follow up to #1412 ( #1486 )
2020-10-04 21:05:24 +02:00
Frank Denis
7b7107902b
Update deps
2020-09-21 02:15:51 +02:00
Frank Denis
8b72e58656
Make key exchange behaviors consistent
2020-09-21 02:14:17 +02:00
Frank Denis
e54056bc38
Update deps
2020-09-18 18:19:55 +02:00
Frank Denis
687fe27371
Nits
2020-09-18 00:14:50 +02:00
Frank Denis
272984a640
Add support for EDNS-client-subnet
...
Fixes #1471
2020-09-18 00:11:26 +02:00
Frank Denis
4d7f253e6b
Don't spawn new connections if we are full
2020-09-17 00:49:49 +02:00
Frank Denis
8411e5a91b
Revert "Error out if the dns64 plugin is enabled without listening sockets"
...
This reverts commit b02649f774
.
2020-09-17 00:45:48 +02:00
Frank Denis
4eab88c017
plugin_dns64: don't send queries to self
...
Fixes #1477
2020-09-17 00:44:37 +02:00
Frank Denis
b460ca9fa8
Simplify hasAAAAQuestion
2020-09-17 00:24:04 +02:00
Frank Denis
b02649f774
Error out if the dns64 plugin is enabled without listening sockets
2020-09-17 00:19:00 +02:00
Frank Denis
c74b993cbb
dns64: check the original question, not the returned one
2020-09-17 00:10:11 +02:00
Frank Denis
26505ab560
Merge declaration and assignment
2020-09-13 20:24:06 +02:00
Frank Denis
018d8412be
Format generate-domains-blocklist.py with Black
2020-09-12 23:34:39 +02:00
Frank Denis
5a1b87130d
Use single quotes for strings
...
Fixes #1466
2020-09-03 21:21:05 +02:00
Ian Bashford
a510b97d86
Update to generate-domains-blocklist.py ( #1412 )
...
* ConfigFile change to allowlist and blocklist
* revised names and warnings
* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity
* update ci files
* message about deprecation of -w
Co-authored-by: Ian Bashford <ianbashford@gmail.com>
2020-09-01 23:05:25 +02:00
Frank Denis
d175642df3
Quad9 seems to have upgraded their dnsdist version!
2020-08-31 17:13:14 +02:00
Frank Denis
f678f39535
CHEF-KOCH lists have moved to Gitlab
2020-08-31 16:06:30 +02:00
Frank Denis
d5c3c6747e
Revert "CHEF-KOCH is not on GitHub any more :("
...
This reverts commit b448324e1a
.
2020-08-31 16:05:51 +02:00
Frank Denis
b448324e1a
CHEF-KOCH is not on GitHub any more :(
...
Fixes #1462
2020-08-30 17:16:49 +02:00
IceCodeNew
fd98ced18d
fix `bblck.me` domain not exist error ( #1447 )
2020-08-15 08:58:59 +02:00
Frank Denis
fa5c55c64a
Debug log query names
2020-08-09 13:09:37 +02:00
Frank Denis
dadb38c32e
Lower severity
2020-08-05 15:50:48 +02:00
Frank Denis
0ac96fec30
Add some logging back to fetchDoHServerInfo()
2020-08-05 15:39:30 +02:00
Frank Denis
b583fb5314
Turns out that the "test." zone is directly served by the Tencent CDN
...
without hitting the actual resolvers.
So, we need to use a different test zone.
2020-08-05 15:03:16 +02:00
Frank Denis
f3157b0a42
Check DoH servers with a query to a random name
...
The issue with benchmarking DoH servers is that some responses can
be directly served by a CDN, while others require a round trip to
the origin that can be significantly more expensive.
Random padding was an attempt at mitigating this. Unfortunately,
some servers (Tencent) ignore the padding. We end up with a query
for the root zone served by the Tencent CDN very quickly, but
anything else is orders of magnitude slower.
So, measure a query within the reserved "test." zone instead.
Caching resolvers should either know that "test." is undelegated,
or have it in their negative cache already, so this is unlikely to
trigger an actual query to authoritative servers.
Take it as an opportunity to check that we don't get anything but
a NXDOMAIN response for nonexistent domains.
2020-08-05 14:54:14 +02:00