Frank Denis
4940b34c76
Improve caching of server addresses, especially when using proxies
2019-04-14 13:46:07 +02:00
Frank Denis
d143ae5279
Set the main protocol to TCP when using a SOCKS proxy
2019-04-14 13:41:43 +02:00
Frank Denis
4b001e3b8e
Skip DNS resolution on Tor services
2019-04-14 11:18:14 +02:00
Frank Denis
0a535e28ab
Stop printing "crypto v1/v2", as both are equally secure
2019-04-08 08:30:43 +02:00
Frank Denis
25ac94e7b2
Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy"
...
This reverts commit 2d1dd7eaab
.
2019-04-02 01:57:48 +02:00
Frank Denis
2d1dd7eaab
Add Stretch-Hash-and-Truncate option for extreme DNS privacy
...
This works over DNSCrypt and DoH, but requires a specifically configured
server.
Instead of sending the actual DNS queries, the SH-T system works as follows:
Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.
Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.
Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.
This feature is experimental.
2019-04-01 09:36:56 +02:00
Frank Denis
f744110d38
Bump
2019-04-01 08:24:58 +02:00
Frank Denis
674bd30d45
Update dependencies
2019-04-01 08:21:17 +02:00
Frank Denis
8b608403b1
Do not cache truncated messages
...
Fixes #774
2019-04-01 08:19:26 +02:00
Aleksandr Sergeev
a389067d29
Replace “find” with “findstr” in batches ( #764 )
...
* Update service-install.bat
* Update service-restart.bat
* Update service-uninstall.bat
2019-03-21 14:23:01 +01:00
Frank Denis
85abbeac61
Bump
2019-03-14 20:21:26 +01:00
Frank Denis
8076e206e0
Revert "Install the windows service as "NT AUTHORITY\NetworkService""
...
This reverts commit 17db0a658f
.
On Windows, switching to user `NT AUTHORITY\NetworkService` apparently
breaks logging (reported by @Aland_123).
2019-03-14 20:10:53 +01:00
Frank Denis
707098a922
Bump
2019-03-14 02:18:20 +01:00
Frank Denis
c16016b112
Update deps
2019-03-14 02:17:58 +01:00
Frank Denis
47853e73d0
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Re-add a big download link in addition to the badge
Fix Matrix badge and replace the latest release notice with a badge (#749 )
Add Matrix Chat Badge (#747 )
2019-03-14 02:00:19 +01:00
Frank Denis
26cc68b748
Make startup *way* faster, especially when using DoH
2019-03-14 01:59:57 +01:00
Frank Denis
7688059cfb
Re-add a big download link in addition to the badge
...
Pretty sure many people won't think about clicking on the badge.
2019-03-06 18:14:16 +01:00
CHEF-KOCH
e9b4df38be
Fix Matrix badge and replace the latest release notice with a badge ( #749 )
...
* The shiels.io page seems to generate wrong links (sorry for that!) I reported it to the shields.io project to fix this ASAP.
* Replaced the "latest release" notice information with a badge which automatically fetches the latest "Release" which means no one has to manually edit the readme each time a new release was introduced.
2019-03-06 18:10:01 +01:00
CHEF-KOCH
935c1dd9f8
Add Matrix Chat Badge ( #747 )
...
* Add Matrix.org Chat badge
* Place the Travis build status badge together with the matrix chat badge under the main logo
2019-03-06 02:15:20 +01:00
Frank Denis
b624f8ef58
Accept sdns: scheme without a namespace
2019-03-03 18:20:39 +01:00
Frank Denis
864476b835
Update Quidsup URLs
...
Fixes #743
2019-03-03 17:43:25 +01:00
corsmith
d1a337f64b
logging enhancement CLOAK ( #742 )
2019-03-02 18:01:21 +01:00
Frank Denis
c3e29c2a60
Switch to Go modules
2019-03-01 18:44:37 +01:00
Frank Denis
0a65a658b6
Back to stable Go
2019-02-26 08:51:25 +01:00
Frank Denis
8899389d8b
Store IP addresses, not references
2019-02-25 18:25:35 +01:00
Frank Denis
734483226b
Support multiple IPs for a single cloaking rule
...
Fixes #617
2019-02-23 15:51:30 +01:00
Frank Denis
5dc66adaa9
Move disabled_server_names down
2019-02-23 14:55:23 +01:00
Frank Denis
c10fbb2aa7
+ disabled_server_names
...
Fixes #735
2019-02-23 14:54:22 +01:00
Frank Denis
d0ca608cb7
Update deps
2019-02-23 13:44:05 +01:00
Frank Denis
2aa0b7d6a7
Add `refused_code_in_responses` to the example.
...
Fixes #738
2019-02-23 12:34:59 +01:00
Frank Denis
a726a40dc5
Add refused_code_in_responses
...
Fixes #737
2019-02-23 00:58:25 +01:00
Frank Denis
cb022ece82
Set GODEBUG to enable TLS 1.3
...
Fixes #731
2019-02-17 23:56:02 +01:00
Frank Denis
5ee3512460
generate-domains-blacklist.py: properly handle time restrictions
...
Fixes #710
2019-02-15 00:03:02 +01:00
Frank Denis
c142923b46
Add a dedicated function for trusted lists
2019-02-14 23:27:19 +01:00
Frank Denis
8377d491f6
Whitelist revinate.com
2019-01-29 20:03:04 +01:00
Frank Denis
1871690832
polyfill.io is not a tracker
2019-01-29 19:14:30 +01:00
losuler
c8156829c5
Minor domains-blacklist fixes ( #697 )
...
* Removed unnecessary characters from hosts-file URLs
* Added HTTPS to various URLs that were missing it
2019-01-16 10:17:44 +01:00
Frank Denis
1877ca83de
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Install the windows service as "NT AUTHORITY\NetworkService"
2019-01-10 22:45:38 +01:00
Frank Denis
17db0a658f
Install the windows service as "NT AUTHORITY\NetworkService"
...
Untested
Maybe
Fixes #686
2019-01-10 22:44:58 +01:00
Frank Denis
7ff2501201
Install the windows service as "NT AUTHORITY\NetworkService"
...
Untested
Maybe
Fixes #686
2019-01-10 22:43:43 +01:00
Frank Denis
b886585486
Remove unused var
2019-01-02 22:59:16 +01:00
joonas.fi
30da550307
domains-blacklist.conf: change one URL to https ( #674 )
2018-12-28 15:42:31 +01:00
Frank Denis
3ccc989be5
Improve error logging, not only on Linux
2018-12-23 18:11:55 +01:00
Alexey Ivanov
1cf7ce94ba
Fixed error reporting ( #671 )
2018-12-23 18:10:14 +01:00
Mike Conrad
0d7de697cc
Removed securemecca.com as it has expired and does not currently host content ( #655 )
2018-11-29 12:58:14 +01:00
Frank Denis
33718400da
Update the ChangeLog
2018-11-22 18:16:15 +01:00
Frank Denis
4a7c932fdc
Remove debug statement
2018-11-22 18:13:30 +01:00
Frank Denis
70bdd46425
Add a hash of the query to POST requests
2018-11-22 18:09:27 +01:00
Frank Denis
fd9e97a570
Pad only once
2018-11-22 17:59:11 +01:00
Frank Denis
436125e812
Bump
2018-11-22 17:26:48 +01:00