1a34c8d5ff
Add max-stale cache control directive to requests
2020-07-09 21:42:35 +02:00
9f9a17ed6b
doh_client_x509_auth: don't ignore errors
2020-06-11 11:03:17 +02:00
5db4365540
Adding support for additional root CAs for DoH TLS Auth ( #1281 )
2020-06-08 18:01:40 +02:00
1ff31f14f1
Remove the ct parameter from DoH queries
...
That was a workaround for Google, but Google doesn't seem to need
it any more.
2020-04-01 12:12:57 +02:00
315f6f45ff
Certificates that can't be loaded are fatal
2020-03-24 14:31:43 +01:00
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
aa0e7f42d3
Make the xTransport functions return the HTTP body directly
...
This simplifies things, but also make RTT computation way more reliable
2020-02-21 22:33:34 +01:00
7ada3fcfb8
Support multiple fallback resolvers
2020-01-15 19:58:14 +01:00
c27d41faa0
Avoid unneeded DNS packet unpacking
2019-12-23 11:37:45 +01:00
adb6dac420
Strip EDNS0 options in responses
2019-12-22 18:02:33 +01:00
5118ed21fd
Use dumb padding even for GET queries
...
Resolvers such as Cloudflare always add padding to DoH responses
Resolvers such as Google only do if the question had dumb padding
Resolvers such as Cisco blindly return a copy of the question's padding
Some resolvers don't return any padding no matter what's in the question
Finally, other resolvers return FORMERR
This is a mess. A bad design inherited from DoT, that didn't fix
anything from Unbound's original experiment.
Also, padding with zeros as recommended is a bad idea. When using
GET, escaping makes the actual padding size 3 times as big as needed.
2019-12-22 17:34:16 +01:00
1585ede954
Use EDNS0 padding when using DoH over POST
...
This mechanism is horrible, slow (requires re-unpacking and re-packing
the query), should be done at transport layer and not at content layer, and
of course, it is incompatible with some resolvers.
However, in spite of https://go-review.googlesource.com/c/go/+/114316/2/src/net/http/transfer.go ,
we may still end up sending the header and the content in distinct packets.
So, use that horror for POST queries only. For GET, this is not needed.
2019-12-22 15:31:02 +01:00
0454463539
Pad GET queries
2019-12-22 14:43:21 +01:00
a7b7bdc11e
Compress synthetic responses
2019-12-11 14:02:56 +01:00
56d02597a6
Extend the grace period and log when it's used
2019-12-09 17:08:59 +01:00
21a5765527
Rename resolveWithCache() and make the comment match what the fn does
2019-12-09 17:03:16 +01:00
2d8fd40481
Don't use named return values just for one value, especially an error
...
Be consistent with the rest of the code
2019-12-09 16:59:02 +01:00
3e32d38f29
Explicit initialization
2019-12-09 16:56:43 +01:00
0b64c5df66
Improve logging
2019-11-17 22:04:58 +01:00
ad40c6c54b
Fallback to the system resolver if the fallback resolver doesn't work
...
This is useful if fallback_resolver has been set to random junk, or
to an external resolver, but port 53 is blocked.
At least, it may allow the server to start.
2019-11-17 22:00:08 +01:00
c3d93124a7
Bump MinResolverIPTTL up
2019-11-17 20:30:59 +01:00
0e8d1a941b
Typo
2019-11-17 20:30:00 +01:00
068c8e70f2
Typo
2019-11-17 20:00:34 +01:00
0f332c644d
Set a minimum TTL when caching resolver IPs
...
Comcast having a 30 sec TTL is silly
2019-11-02 02:01:03 +01:00
63ed3b4fef
Update comment
2019-11-02 01:52:51 +01:00
a84a789a8a
Keep resolving if needed
2019-11-02 01:50:35 +01:00
d932d5fdfc
Inverse test
2019-11-02 01:20:28 +01:00
6032c3b79b
Add a grace TTL for expired cached IPs
...
And some comments to make the code more readable
2019-11-01 23:19:07 +01:00
0dc69eacd5
resolveHostWithCache -> resolveWithCache
2019-11-01 23:10:36 +01:00
b30904f20b
lowercase
2019-11-01 23:06:42 +01:00
8d191cdcf1
Rename CheckResolver to IsIPAndPort for clarity
2019-11-01 23:05:17 +01:00
3cef651b07
Rename resolveHost() to resolveHostWithCache() for clarity
...
(but to be honest, I don't understand anything to that code any more)
2019-11-01 23:00:39 +01:00
e028f4d483
Don't delete cached server IP addresses
...
If we can't update an entry, keep the previous one.
2019-11-01 22:55:06 +01:00
3db3de0a91
Use SystemResolverTTL as a minimum timeout for cached resolver IPs
2019-11-01 21:47:13 +01:00
59c3d5121d
Add brackets around cached IPv6 IP addresses
...
Fixes #1005
2019-10-31 17:55:54 +01:00
3a68f90c37
Back to 2.0.29 beta 3 ( ceed905196)
2019-10-31 17:50:19 +01:00
71e3cf4aef
Add brackets around cached IPv6 IP addresses
...
Fixes #1005
2019-10-31 16:38:43 +01:00
a0614510e9
Don't name different things "ttl" to avoid confusion
2019-10-21 18:40:47 +02:00
ffd60d21db
Reduce lock contention
2019-10-21 18:36:47 +02:00
70970d2333
Nits
2019-10-21 18:31:06 +02:00
bc831816f5
feature: xtransport: Expire CachedIPs, split resolve function from Fetch
...
I selected default ttl when resolving using system to be 86400 / 24h.
As the program can run long time, I think it is relevant to honor TTL
when resolving and caching results.
Change cache internal format from string to net.IP. This should ensure
there is no need to further check validity of value later when using.
Resolve part was too big and had only one purpose. So it is fine
candidate to be own function.
2019-10-21 18:12:49 +02:00
d14d78e648
fix: xtransport: Check 'fallback_resolver'
...
And also DefaultFallbackResolver.
As far a I could see, value needs to have port defined
too. dns.Exchange does seem to use address as such.
2019-10-21 18:12:49 +02:00
890dcca270
fix: xtransport: Ensure we strip [] from host/ip before net.ParseIP
2019-10-21 18:12:49 +02:00
ac4843b460
cleanup: xtransport: group all consts and alike
...
This is mainly for case where more consts are added.
Also I think those vars were not variables but treated as
const.
2019-10-21 18:12:49 +02:00
a941cbd893
cleanup: xtransport: simplify body creation
2019-10-18 20:24:11 +02:00
345ec56cab
cleanup: xtransport: move onion check earlier to fail fast
2019-10-18 20:24:11 +02:00
df03065eaf
change: xtransport: Return http response status string as error, do name make own string
...
This gives much better possibilities to diagnose problems than error
message with only "informative" part being 500.
2019-10-18 20:24:11 +02:00
72681725b1
clanup: xtransport: use MaxDNSPacketSize more
2019-10-18 20:24:11 +02:00
0d553a9fa7
cleanup: Drop ExtractPort ExtractHost, use ExtractHostAndPort instead
2019-10-18 20:24:11 +02:00
f0fae0c756
cleanup: xtransport: There is no function level foundIP in resolveUsingResolver
...
Rename foundIPx to foundIP just to make it nicer looking.
2019-10-18 20:24:11 +02:00
Frank Denis
Frank Denis
Kevin O'Sullivan
Markus Linnala