Commit Graph

1249 Commits

Author SHA1 Message Date
Frank Denis 0e644c4b86 Add -config <config file> to the service configuration arguments
Maybe
fixes #1122
2019-12-23 15:35:52 +01:00
Frank Denis 7e45b50d58 Move things around 2019-12-23 15:33:57 +01:00
Frank Denis c27d41faa0 Avoid unneeded DNS packet unpacking 2019-12-23 11:37:45 +01:00
Frank Denis adb6dac420 Strip EDNS0 options in responses 2019-12-22 18:02:33 +01:00
Frank Denis 5118ed21fd Use dumb padding even for GET queries
Resolvers such as Cloudflare always add padding to DoH responses
Resolvers such as Google only do if the question had dumb padding
Resolvers such as Cisco blindly return a copy of the question's padding
Some resolvers don't return any padding no matter what's in the question
Finally, other resolvers return FORMERR

This is a mess. A bad design inherited from DoT, that didn't fix
anything from Unbound's original experiment.

Also, padding with zeros as recommended is a bad idea. When using
GET, escaping makes the actual padding size 3 times as big as needed.
2019-12-22 17:34:16 +01:00
Frank Denis 1585ede954 Use EDNS0 padding when using DoH over POST
This mechanism is horrible, slow (requires re-unpacking and re-packing
the query), should be done at transport layer and not at content layer, and
of course, it is incompatible with some resolvers.

However, in spite of https://go-review.googlesource.com/c/go/+/114316/2/src/net/http/transfer.go ,
we may still end up sending the header and the content in distinct packets.

So, use that horror for POST queries only. For GET, this is not needed.
2019-12-22 15:31:02 +01:00
Frank Denis 0454463539 Pad GET queries 2019-12-22 14:43:21 +01:00
Frank Denis 48817a4642 Unbeta 2019-12-21 21:29:13 +01:00
Frank Denis 6f62a82496 Update deps 2019-12-21 21:28:07 +01:00
unknown a7922a81fb add some nonexistent zones 2019-12-21 14:34:29 +01:00
Frank Denis ebe3a37ddc Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  CI: don't hardcode the HTTP port
  2.0.36-beta.1
  agl/ed25519 is not required any more
  CI: Change the local DoH port, run go tests, enable -race
2019-12-18 23:22:41 +01:00
Frank Denis ffb1a1b718 People really blacklist cdn.cloudflare.net ¯\_(ツ)_/¯ 2019-12-18 23:21:50 +01:00
Frank Denis 99c86283f6 CI: don't hardcode the HTTP port 2019-12-18 12:54:55 +01:00
Frank Denis 80d45a2343 2.0.36-beta.1 2019-12-18 12:44:24 +01:00
Frank Denis 44735cb97e agl/ed25519 is not required any more 2019-12-18 12:40:52 +01:00
Frank Denis 3ec6a814c2 CI: Change the local DoH port, run go tests, enable -race 2019-12-17 23:48:01 +01:00
Frank Denis 3fce30d7a5 Rename PluginsActionForward to PluginsActionContinue
Set the correct response code when forwarding
2019-12-17 19:19:36 +01:00
Frank Denis 2c295e3702 Add an additional CI test for standard, cached queries 2019-12-17 19:03:02 +01:00
Frank Denis daf6d5881d The default return code must be PASS 2019-12-17 18:54:49 +01:00
Frank Denis 515968e414 Run the CI test in the before_install phase
This is unorthodox, but Travis will stop right after most errors
instead of spending forever installing the Android NDK
2019-12-17 18:38:40 +01:00
Frank Denis 56bd9dcd04 Add some temporary basic CI tests 2019-12-17 18:29:33 +01:00
Frank Denis b1c08f8931 Handle Drop/Synth actions the same way in query and response plugins 2019-12-17 16:28:12 +01:00
Frank Denis a23f07a93d Add an IP blacklist example 2019-12-17 15:25:39 +01:00
William Elwood d88995aac6 Minor comment fix
I noticed while writing the functionality tests that comments about relative paths disagreed with what the code was doing.
While the executable directory is used if the configuration file itself can't be found, `cdFileDir(foundConfigFile)` is always executed after the configuration file is found whether that's the same as the executable's directory or not.
Also a couple of punctuation nits.
2019-12-17 14:28:06 +01:00
William Elwood 7d08ba2536 Fix module name
I'm not sure why an extra "dnscrypt-proxy" was added to the module name when the rest of the URL was updated, but it resulted in the following:
```
$ go test -mod=vendor ./...
ok  	github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy	0.173s
ok  	github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/test	0.006s
$ go list ./...
github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/dnscrypt-proxy
github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy/test
```
Not critical, but it looks wrong that these packages will not be found at those URLs.
2019-12-17 14:27:05 +01:00
Frank Denis 8e5a5b734f Make the doc link more visible 2019-12-17 14:11:05 +01:00
Frank Denis 3c6f87527f Undelegated zones are not dot suffixed any more 2019-12-17 11:08:22 +01:00
Frank Denis 4fd54a4919 Store the normalized qName in the plugin state
We now enforce the fact that a query always include a question.
It holds true for all practical use cases of dnscrypt-proxy.

This avoids quite a lot of redundant code in plugins, and is faster.
2019-12-17 10:11:41 +01:00
Frank Denis ee24bf0421 Bump 2019-12-16 23:06:56 +01:00
Frank Denis a35d08394a Update ChangeLog 2019-12-16 23:06:41 +01:00
Frank Denis 49e8328dd6 Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy 2019-12-16 20:04:52 +01:00
Frank Denis ed5431d7b9 Update deps 2019-12-16 20:04:38 +01:00
Frank 10f33d39fc Update deps 2019-12-16 20:02:53 +01:00
Frank Denis 07e605e9f4 Add a note about dnsmasq
In the config file, so that it has more visibility than in the doc.

Synthetic responses cannot contain NSEC or RRSIG records, and that
seems to be confusing dnsmasq.
2019-12-16 17:23:22 +01:00
Frank Denis eedabcbd4a Reverse 2019-12-16 17:05:05 +01:00
Frank Denis cba755b4d1 Lowercase the question 2019-12-16 17:03:16 +01:00
Frank Denis 7066e53843 Pre-add the final dot 2019-12-16 16:39:30 +01:00
Frank Denis 1b276be85d Rewrite block_undelegated without the generic pattern matcher 2019-12-16 16:35:08 +01:00
Frank Denis 2d25719a69 Reuse the same variable 2019-12-16 16:32:49 +01:00
Frank Denis 66799c4159 Add the ability to block undelegated DNS zones
Using the generic pattern matcher as a first iteration, but we can
save some memory and CPU cycles by building and using a critbit tree
directly.
2019-12-16 16:18:47 +01:00
Frank Denis aa5350c7fd Missed blockedName->xBlockedName renaming
Fixes #1116
2019-12-16 12:13:23 +01:00
Frank Denis 56f838341b travis-ci.org -> travis-ci.com 2019-12-11 14:19:39 +01:00
Frank Denis 76de8a955a Update deps 2019-12-11 14:10:16 +01:00
Frank Denis c1202457bf Json -> JSON 2019-12-11 14:08:48 +01:00
Frank Denis a7b7bdc11e Compress synthetic responses 2019-12-11 14:02:56 +01:00
Frank Denis 9553d7f8c5 Copy the DO bit from questions to synthetic responses 2019-12-11 13:56:25 +01:00
Frank Denis 1674bb1742 Force clear the AD bit unless the DO bit was also set 2019-12-11 09:41:16 +01:00
Frank Denis ee1c0fed93 Properly set DNS flags when creating empty responses 2019-12-11 09:00:29 +01:00
Frank Denis 3b4d6c532d A URL path must start with a / 2019-12-10 16:04:37 +01:00
Frank Denis 4d5c940616 Remove domains-blacklist-all.conf 2019-12-10 15:51:04 +01:00