Frank Denis
3775d59217
Add some comments for an obscure feature
2020-04-26 21:05:23 +02:00
Frank Denis
c6b32e0590
Another example of an IP blocklist
2020-04-26 19:42:42 +02:00
Frank Denis
80b95b1ba6
Use accessors for systemd things, too
2020-04-26 17:08:24 +02:00
Frank Denis
436bce9edf
Define functions to register socket handles, to improve clarity
2020-04-26 16:52:50 +02:00
Frank Denis
38cfa437db
Repair Local DoH; should fix CI tests
2020-04-26 16:34:26 +02:00
Frank Denis
12219c7490
listener->pc
...
Spotted by @welwood08
2020-04-26 16:19:49 +02:00
Frank Denis
52f87aee8e
Accept data from systemd sockets at the same time as everything else
2020-04-26 15:00:39 +02:00
Frank Denis
4029d3d4f3
proxy.dropPrivilege() doesn't return on success
2020-04-26 14:49:43 +02:00
Frank Denis
3c510b74bb
Start listeners as goroutines
2020-04-26 14:26:40 +02:00
Frank Denis
4a50736457
Only start accepting connections after everyting has been initialized
...
Fixes #1295
And more. The estimator, key and servers list were not initialized either.
2020-04-26 12:52:55 +02:00
Frank Denis
9519472bbe
Don't print the proxy version in the child
2020-04-20 12:34:59 +02:00
Frank Denis
6f2dcb900a
Drop privileges early
...
Fixes #1265
2020-04-20 12:27:53 +02:00
Frank Denis
b6b7ed3a67
Dropping privileges doesn't work reliably on MacOS
2020-04-20 11:50:27 +02:00
29f
f71244ed74
use global 'timeout' option for forwarding queries ( #1284 )
...
* Update plugins.go
* Update plugin_forward.go
2020-04-17 20:57:23 +02:00
Frank Denis
527764aba7
Upper case
2020-04-05 20:50:28 +02:00
Kiril Angov
d2602fd142
Respect proxy.mainProto in forward plugin ( #1259 )
...
* Respect proxy.mainProto in forward plugin
* Make the serverProtocol part of pluginsState instead
2020-04-05 20:49:30 +02:00
Frank Denis
f4631b9121
Remove unreachable code
...
Spotted by @komapa
2020-04-05 20:48:00 +02:00
kimw
4ce28473f4
Update example-ip-blacklist.txt ( #1264 )
...
fix https://github.com/DNSCrypt/dnscrypt-proxy/issues/1261 . remove `[` & `]`.
2020-04-02 14:55:18 +02:00
Frank Denis
f6b9706322
This reverts commit 876e389a0a
.
...
April 1st is almost over :)
2020-04-01 21:55:17 +02:00
Frank Denis
876e389a0a
Make doh.nsa.gov the default DNS server
2020-04-01 12:22:52 +02:00
Frank Denis
1ff31f14f1
Remove the ct parameter from DoH queries
...
That was a workaround for Google, but Google doesn't seem to need
it any more.
2020-04-01 12:12:57 +02:00
Frank Denis
3ca80afb19
packets -> client queries
2020-03-26 17:25:52 +01:00
Frank Denis
74095d38ed
Remove LargerResponsesDropped
...
dnsdist drops DNSCrypt queries shorter than 256 bytes, interpreting them
as not being encrypted instead. This is surprising when doing ad-hoc
testing, but absolutely fine, and we will never send shorter encrypted
queries on normal circumstances.
So, remove a useless knob.
2020-03-26 17:20:34 +01:00
Frank Denis
b3fbc2304d
All dnsdist servers exhibit the same behavior re: sending truncated responses
...
A 128 bytes query will not get a 200 bytes response (randomly tested on
3.tlu.dl.delivery.mp.microsoft.com), not even a truncated one.
It may be related to fragments being blocked on the server socket, or a
different issue. We can expect everything to be back to normal in dnsdist
1.5.0 no matter what.
2020-03-26 15:19:17 +01:00
Frank Denis
5049516f53
Add an option to ignore servers incompatible with anonymization
2020-03-26 13:41:57 +01:00
Frank Denis
7621737dde
Improve debugging
2020-03-26 13:30:39 +01:00
Frank Denis
9542109d66
Cancel dnsExchange goroutines as soon as we have a best response
2020-03-26 12:53:22 +01:00
Frank Denis
ad36321dc8
Add cleanbrowsing until dnsdist 1.5.0 is out
2020-03-26 12:31:12 +01:00
Frank Denis
8896787e66
Add other dnsdist servers until the MTU issue is fixed
...
https://github.com/PowerDNS/pdns/pull/7410
2020-03-26 10:57:09 +01:00
Frank Denis
9f65457b1c
Wait a little bit more between UDP attempts
2020-03-26 10:37:56 +01:00
Frank Denis
7424f1a8b7
Try harder to work around Cisco and Quad9 bugs
2020-03-25 20:10:11 +01:00
Frank Denis
64935c9b92
Bump
2020-03-25 18:24:25 +01:00
Frank Denis
0860245c73
Nits
2020-03-25 18:24:03 +01:00
Frank Denis
25b89e57ae
Add Quad9 back to the list of servers with broken padding
2020-03-25 18:11:16 +01:00
Frank Denis
81c8d68462
Pad queries to 1472 bytes for implementations with broken padding
...
Quad9 doesn't return TC when responses are larger than the question;
it doesn't return anything instead :(
2020-03-25 18:06:02 +01:00
Frank Denis
dd37eaed7c
Retry over TCP on UDP timeouts
2020-03-25 17:45:59 +01:00
Frank Denis
4fe5929720
Typo
...
Fixes #1248
2020-03-25 09:11:10 +01:00
Frank Denis
c13a69b040
Remove deepsource
2020-03-24 14:38:00 +01:00
Frank Denis
a58044fed0
Bump
2020-03-24 14:37:35 +01:00
Frank Denis
c4287c799f
Quad9 doesn't seem to block fragments on all networks
...
So, remove them from the static list and trust the runtime checks
for detection.
2020-03-24 14:32:23 +01:00
Frank Denis
315f6f45ff
Certificates that can't be loaded are fatal
2020-03-24 14:31:43 +01:00
Frank Denis
2670caa71e
Print the anonymization incompatibility message even if detected at runtime
2020-03-24 14:19:41 +01:00
Frank Denis
3f07b6079a
No need to explicit ignore this variable
2020-03-24 12:45:17 +01:00
Frank Denis
b328a9768f
Remove debugging code that prevented detection of fragmented UDP support
2020-03-24 12:38:23 +01:00
Frank Denis
06ca9b01f0
Nits
2020-03-21 10:24:09 +01:00
Frank Denis
d80af74300
Fix unit tests
2020-03-20 22:40:29 +01:00
Frank Denis
0b87cc92b6
Fix data race
2020-03-20 21:45:09 +01:00
Frank Denis
44db53f58b
Not dnsdist
2020-03-20 21:19:34 +01:00
Frank Denis
d1710a4d2b
Use single quotes for consistency
2020-03-20 21:18:30 +01:00
Frank Denis
094ea07dc2
Bump
2020-03-20 21:09:34 +01:00
Frank Denis
d876c7b487
Keep the default LB strategy if an invalid p* one is used
2020-03-20 20:53:03 +01:00
Frank Denis
34d83f027f
Support power-of-<arbitrary number>
2020-03-20 17:49:32 +01:00
Frank Denis
b57cc19d70
Use an interface for load-balancing strategies
2020-03-20 17:37:34 +01:00
Frank Denis
16708a0c20
Automatically detect servers blocking fragmented queries
2020-03-14 21:34:40 +01:00
Frank Denis
49910d2f72
Localize some error values
2020-03-13 18:44:30 +01:00
Frank Denis
19647e03a6
Overwrite the server name only when we need to send an upstream query
2020-03-13 17:52:09 +01:00
Dragonfir3
c17637c026
Don't log a server for blocked names by pattern ( #1218 )
...
* Update plugins.go
* reason update moved after reject confirmed
added boolean for direct rejects
* remove server with direct rejects
name pattern blocked cases
2020-03-13 17:50:38 +01:00
Frank Denis
810f6043d2
People are used to seeing the [static] section at the end
2020-03-09 22:14:31 +01:00
Kevin O'Sullivan
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
Frank Denis
92e842126d
Skip the Firefox plugin for connections through the local_doh protocol
...
Fixes #1205
2020-02-26 15:29:28 +01:00
Will Elwood
b2be617e6b
Update example-dnscrypt-proxy.toml
...
Fixes to grammar and other minor issues.
2020-02-26 15:13:49 +01:00
Will Elwood
11b31dea4f
Update example-dnscrypt-proxy.toml
...
Attempt to clarify the behaviour of server_names.
2020-02-26 15:13:49 +01:00
Frank Denis
aa0e7f42d3
Make the xTransport functions return the HTTP body directly
...
This simplifies things, but also make RTT computation way more reliable
2020-02-21 22:33:34 +01:00
Frank Denis
a6d946c41f
Shorten the default broken_query_padding list
2020-02-21 20:33:13 +01:00
Frank Denis
4608b6d18d
Add auad9 to the broken_query_padding list
...
Fixes #1169
2020-02-21 20:31:45 +01:00
Frank Denis
673eea65af
Add random padding to the initial DoH query
...
Fixes #1199
2020-02-21 20:24:24 +01:00
Alison Winters
0ef2737ffe
fix minor typos in comment
2020-02-14 18:48:48 +00:00
Alison Winters
1fa26eec0a
gofmt whitespace
2020-02-14 18:48:48 +00:00
Alison Winters
8c42609475
fix minor typoS in config file
2020-02-14 18:48:48 +00:00
Frank Denis
323c4a4758
Don't explain the format of other config files in the main config file
...
This is confusing if you don't read the documentation.
Fixes #1179
2020-02-05 12:17:14 +01:00
Frank Denis
824fa90f94
Forwarding plugin: force set the response ID to match the query ID
...
Shouldn't be necessary, but just to be safe in case `dns.Exchange()`
does something unexpected.
2020-02-05 02:52:54 +01:00
Frank Denis
63d28fc9b2
Forwarding plugin: retry over TCP if a truncated response is received
...
dns.Exchange() doesn't do it automatically.
Fixes #1178
2020-02-05 02:44:43 +01:00
Frank Denis
170c690996
Bump
2020-01-31 11:25:04 +01:00
Frank Denis
2dda74647d
Don't add padding unless the query has padding
...
Or else Firefox craps out
2020-01-31 11:17:36 +01:00
Frank Denis
70311614a0
Improve error message on DNSSEC failure
2020-01-31 10:58:07 +01:00
Frank Denis
cf1498c9f4
Properly compute the padding length for local DoH
...
Fixes #1173
2020-01-31 10:58:03 +01:00
Frank Denis
d14d2b613a
Bump
2020-01-30 16:19:38 +01:00
Frank Denis
a6026ce48a
Ignore lines starting with '#'
...
Fixes #1171
2020-01-30 16:16:05 +01:00
Frank Denis
3a94523d65
Bump the cache size a little bit
2020-01-30 15:08:23 +01:00
Frank Denis
c84a394817
Bump
2020-01-30 13:23:03 +01:00
Frank Denis
f34d7b60fa
Implement serve-stale
2020-01-30 13:15:29 +01:00
Frank Denis
f22461374c
Retry UDP queries on timeout
2020-01-29 18:53:39 +01:00
Frank Denis
f17ce1ae0d
Use constant, but arbitrary long padding
2020-01-29 17:57:59 +01:00
Frank Denis
4d788aed85
Make UDP and TCP code similar when it comes to SOCKS proxying
...
Actually use the relay when both a relay and a SOCKS proxy are
configured.
Keep forcing TCP when SOCKS is enabled. I couldn't get UDP proxying
to work with Shadowsocks.
2020-01-27 16:07:08 +01:00
Frank Denis
349320f291
Add support for inline comments in patterns lists
...
Fixes #1162
2020-01-25 15:45:23 +01:00
Frank Denis
7ada3fcfb8
Support multiple fallback resolvers
2020-01-15 19:58:14 +01:00
Frank Denis
7fb62d98ea
Use EDNS0 padding for local DoH
2020-01-05 21:12:29 -05:00
Frank Denis
6fb42d0eae
Improve error message when local DoH is enabled without a certificate
...
Fixes #1136
2020-01-05 19:02:57 -05:00
Frank Denis
19cebfdb0a
Mention that /dev/stdout is not for Windows systems
...
Fixes #1131
2020-01-03 21:13:04 -05:00
Frank Denis
abd221738b
Explicit brackets
2019-12-23 23:17:46 +01:00
Frank Denis
5ede397d33
Mention ipsum
2019-12-23 19:52:27 +01:00
Frank Denis
0e644c4b86
Add -config <config file> to the service configuration arguments
...
Maybe
fixes #1122
2019-12-23 15:35:52 +01:00
Frank Denis
7e45b50d58
Move things around
2019-12-23 15:33:57 +01:00
Frank Denis
c27d41faa0
Avoid unneeded DNS packet unpacking
2019-12-23 11:37:45 +01:00
Frank Denis
adb6dac420
Strip EDNS0 options in responses
2019-12-22 18:02:33 +01:00
Frank Denis
5118ed21fd
Use dumb padding even for GET queries
...
Resolvers such as Cloudflare always add padding to DoH responses
Resolvers such as Google only do if the question had dumb padding
Resolvers such as Cisco blindly return a copy of the question's padding
Some resolvers don't return any padding no matter what's in the question
Finally, other resolvers return FORMERR
This is a mess. A bad design inherited from DoT, that didn't fix
anything from Unbound's original experiment.
Also, padding with zeros as recommended is a bad idea. When using
GET, escaping makes the actual padding size 3 times as big as needed.
2019-12-22 17:34:16 +01:00
Frank Denis
1585ede954
Use EDNS0 padding when using DoH over POST
...
This mechanism is horrible, slow (requires re-unpacking and re-packing
the query), should be done at transport layer and not at content layer, and
of course, it is incompatible with some resolvers.
However, in spite of https://go-review.googlesource.com/c/go/+/114316/2/src/net/http/transfer.go ,
we may still end up sending the header and the content in distinct packets.
So, use that horror for POST queries only. For GET, this is not needed.
2019-12-22 15:31:02 +01:00
Frank Denis
0454463539
Pad GET queries
2019-12-22 14:43:21 +01:00
Frank Denis
48817a4642
Unbeta
2019-12-21 21:29:13 +01:00
unknown
a7922a81fb
add some nonexistent zones
2019-12-21 14:34:29 +01:00
Frank Denis
80d45a2343
2.0.36-beta.1
2019-12-18 12:44:24 +01:00
Frank Denis
3fce30d7a5
Rename PluginsActionForward to PluginsActionContinue
...
Set the correct response code when forwarding
2019-12-17 19:19:36 +01:00
Frank Denis
daf6d5881d
The default return code must be PASS
2019-12-17 18:54:49 +01:00
Frank Denis
b1c08f8931
Handle Drop/Synth actions the same way in query and response plugins
2019-12-17 16:28:12 +01:00
Frank Denis
a23f07a93d
Add an IP blacklist example
2019-12-17 15:25:39 +01:00
William Elwood
d88995aac6
Minor comment fix
...
I noticed while writing the functionality tests that comments about relative paths disagreed with what the code was doing.
While the executable directory is used if the configuration file itself can't be found, `cdFileDir(foundConfigFile)` is always executed after the configuration file is found whether that's the same as the executable's directory or not.
Also a couple of punctuation nits.
2019-12-17 14:28:06 +01:00
Frank Denis
3c6f87527f
Undelegated zones are not dot suffixed any more
2019-12-17 11:08:22 +01:00
Frank Denis
4fd54a4919
Store the normalized qName in the plugin state
...
We now enforce the fact that a query always include a question.
It holds true for all practical use cases of dnscrypt-proxy.
This avoids quite a lot of redundant code in plugins, and is faster.
2019-12-17 10:11:41 +01:00
Frank Denis
ee24bf0421
Bump
2019-12-16 23:06:56 +01:00
Frank Denis
07e605e9f4
Add a note about dnsmasq
...
In the config file, so that it has more visibility than in the doc.
Synthetic responses cannot contain NSEC or RRSIG records, and that
seems to be confusing dnsmasq.
2019-12-16 17:23:22 +01:00
Frank Denis
eedabcbd4a
Reverse
2019-12-16 17:05:05 +01:00
Frank Denis
cba755b4d1
Lowercase the question
2019-12-16 17:03:16 +01:00
Frank Denis
7066e53843
Pre-add the final dot
2019-12-16 16:39:30 +01:00
Frank Denis
1b276be85d
Rewrite block_undelegated without the generic pattern matcher
2019-12-16 16:35:08 +01:00
Frank Denis
2d25719a69
Reuse the same variable
2019-12-16 16:32:49 +01:00
Frank Denis
66799c4159
Add the ability to block undelegated DNS zones
...
Using the generic pattern matcher as a first iteration, but we can
save some memory and CPU cycles by building and using a critbit tree
directly.
2019-12-16 16:18:47 +01:00
Frank Denis
aa5350c7fd
Missed blockedName->xBlockedName renaming
...
Fixes #1116
2019-12-16 12:13:23 +01:00
Frank Denis
c1202457bf
Json -> JSON
2019-12-11 14:08:48 +01:00
Frank Denis
a7b7bdc11e
Compress synthetic responses
2019-12-11 14:02:56 +01:00
Frank Denis
9553d7f8c5
Copy the DO bit from questions to synthetic responses
2019-12-11 13:56:25 +01:00
Frank Denis
1674bb1742
Force clear the AD bit unless the DO bit was also set
2019-12-11 09:41:16 +01:00
Frank Denis
ee1c0fed93
Properly set DNS flags when creating empty responses
2019-12-11 09:00:29 +01:00
Frank Denis
3b4d6c532d
A URL path must start with a /
2019-12-10 16:04:37 +01:00
Frank Denis
279d5619e3
Don't block '.'
2019-12-10 00:03:41 +01:00
Frank Denis
548a439528
Bump
2019-12-09 20:56:59 +01:00
Frank Denis
a635e92606
Add a new plugin to block unqualified host names
2019-12-09 20:25:38 +01:00
Frank Denis
56d02597a6
Extend the grace period and log when it's used
2019-12-09 17:08:59 +01:00
Frank Denis
21a5765527
Rename resolveWithCache() and make the comment match what the fn does
2019-12-09 17:03:16 +01:00
Frank Denis
2d8fd40481
Don't use named return values just for one value, especially an error
...
Be consistent with the rest of the code
2019-12-09 16:59:02 +01:00
Frank Denis
3e32d38f29
Explicit initialization
2019-12-09 16:56:43 +01:00
Frank Denis
49460f1d6f
pidfile.Write() can fail if no pid file was configured, it's ok
2019-12-09 13:34:14 +01:00
Frank Denis
7991b91f21
Downgrade error level of pidfile.Write() to Critical
2019-12-09 13:08:03 +01:00
Frank Denis
b5bb0fd504
If we can't disconnect from the Service Manager, it's no big deal
2019-12-09 13:07:47 +01:00
Frank Denis
bfd74185f5
Don't prevent DNS queries from being answered if the partition is full
2019-12-09 12:55:26 +01:00
milgradesec
8efbf401c8
add error checks
2019-12-09 12:50:30 +01:00
Frank Denis
ba8565a59e
Shorten conditions
2019-12-09 10:07:05 +01:00
milgradesec
96d15771e2
add multiple error checks
2019-12-09 09:56:47 +01:00
Frank Denis
59f2df6318
Recommend more names to be forwarded
2019-12-07 17:38:07 +01:00
Frank Denis
62f0b80c66
Add a comment regarding forwarding and ipv6 blocking
2019-12-06 19:41:33 +01:00
Frank Denis
db33c69fe5
Log the original qName when a CNAME pointer is blocked
2019-12-05 17:50:04 +01:00
Frank Denis
4d0c5ad569
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Travis: use Ubuntu Bionic so we don't have to compile libsodium
Downcase wiki
Handle clientsCount in the local DoH handler, too
Remove beta
Bump deps
Fix typo
Bump
whitelist
Add some extra blacklists
2019-12-05 16:49:48 +01:00
Frank Denis
57a88eda56
Add (indirect) to the logged pattern for indirect blocks
2019-12-05 16:49:08 +01:00
Frank Denis
3a4bc98073
Handle clientsCount in the local DoH handler, too
2019-12-03 13:04:58 +01:00
Frank Denis
0de2246af2
Remove beta
...
Fixes #1086
2019-12-03 12:34:42 +01:00
glitsj16
443bdce879
Fix typo
2019-12-01 23:38:05 +01:00
Frank Denis
21c63a5608
Local-DoH: pad responses
2019-11-29 21:34:21 +01:00
Frank Denis
53dd5cd6c5
Clarify
2019-11-29 14:18:48 +01:00
Frank Denis
53924d4cf7
Unset GODEBUG - WHich means that Go 1.13 is now required for TLS 1.3
...
We could keep setting GODEBUG for compatibility with older versions, but
people complain that it prints debug warnings.
2019-11-29 14:00:21 +01:00
Frank Denis
4a613aa68d
Explain what the path is in a URL
2019-11-29 13:42:35 +01:00
Frank Denis
3b50caf4cd
Add a default local DoH path, print the URLs
2019-11-29 08:53:13 +01:00
Frank Denis
640b949976
Bump to 2.0.34-beta.1
2019-11-29 00:07:36 +01:00
Frank Denis
f18dbc71ec
Make the local DoH path configurable
2019-11-28 23:49:28 +01:00
Frank Denis
583ca09946
Reuse dataType
2019-11-28 23:33:34 +01:00
Frank Denis
aad9c8f19c
Limit the query body size
2019-11-28 23:32:56 +01:00
Frank Denis
5d6f9358c9
Print something useful when browsing the local DoH URL
2019-11-28 23:30:54 +01:00
Frank Denis
3ef9ec8732
Local DoH tweaks
2019-11-28 23:08:23 +01:00
Frank Denis
3e5dbee75a
We don't need to store local copies of cachedResponses
2019-11-28 22:34:02 +01:00
Frank Denis
068509ef30
Rename http to local_doh
2019-11-28 17:11:14 +01:00
Frank Denis
6a679cc543
Move local DoH configuration to its own section
2019-11-28 17:04:29 +01:00
Frank Denis
be996c486f
Local DoH support, continued
2019-11-28 16:46:25 +01:00
Frank Denis
1966a8604b
up
2019-11-26 01:36:35 +01:00
Frank Denis
f249813cc5
First bits towards providing access over DoH in addition to DNS
...
Mainly to deal with the Firefox+ESNI situation
2019-11-24 22:46:27 +01:00
Frank Denis
30b5507bf4
Make the part that creates or gets sockets more readable
2019-11-24 22:12:23 +01:00
Frank Denis
bc22f94eeb
Don't listen to IPv6 in the example config file
...
Some hosts don't support IPv6, and the default (without anything in
the config file) is only the IPv4 address anyway.
2019-11-24 10:31:40 +01:00
Frank Denis
67c7254dc5
block_name plugin: also check names found in CNAME records
2019-11-24 10:18:46 +01:00
Frank Denis
1152491b2d
Move PluginCache before PluginCacheResponse
2019-11-24 09:14:36 +01:00
Frank Denis
6e3916556f
Downcase the query name in BlockedNames.check()
2019-11-20 19:16:37 +01:00
Frank Denis
4aba44898b
Bump
2019-11-18 13:00:34 +01:00
Frank Denis
230a66ea73
Add an extra byte to the padded length
...
Fixes resolution of livegorouter.trafficmanager.net via Cisco
2019-11-18 12:50:19 +01:00
Frank Denis
925c12d334
Set the list of blocked names even if logging was not enabled
...
Fixes #1050
2019-11-18 01:42:51 +01:00
Frank Denis
0790328424
Revert "Revert "plugin_block_name: make the blocking code reusable""
...
This reverts commit 2d00c24f85
.
2019-11-18 01:32:17 +01:00
Frank Denis
2d00c24f85
Revert "plugin_block_name: make the blocking code reusable"
...
This reverts commit f76e0fd8cf
.
2019-11-18 01:29:06 +01:00
Frank Denis
41e35bd8c5
Compress responses
2019-11-18 01:13:18 +01:00
Frank Denis
8728361e89
Replace SERVER_ERROR with SERVFAIL
...
If only because SERVFAIL can be looked up on Google
2019-11-17 22:20:47 +01:00
Frank Denis
0b64c5df66
Improve logging
2019-11-17 22:04:58 +01:00
Frank Denis
ad40c6c54b
Fallback to the system resolver if the fallback resolver doesn't work
...
This is useful if fallback_resolver has been set to random junk, or
to an external resolver, but port 53 is blocked.
At least, it may allow the server to start.
2019-11-17 22:00:08 +01:00
Frank Denis
b03e7f993f
Add a default list of buggy servers
2019-11-17 21:44:46 +01:00
Frank Denis
6dcd872385
This is unlikely to become mandatory
2019-11-17 21:38:09 +01:00
Frank Denis
45cb7b48df
Format
2019-11-17 21:28:26 +01:00
Frank Denis
64d804486d
Bump, update ChangeLog
2019-11-17 21:25:54 +01:00
Frank Denis
e211e18f71
Improve logging
2019-11-17 20:40:59 +01:00
Frank Denis
4e217267d4
Log the server name, not the provider name
2019-11-17 20:37:55 +01:00
Frank Denis
c3d93124a7
Bump MinResolverIPTTL up
2019-11-17 20:30:59 +01:00
Frank Denis
faac6e2082
Set default ignore_system_dns to true
2019-11-17 20:30:04 +01:00
Frank Denis
0e8d1a941b
Typo
2019-11-17 20:30:00 +01:00
Frank Denis
068c8e70f2
Typo
2019-11-17 20:00:34 +01:00
Frank Denis
06c0fbb65b
Add NETWORK_ERROR
2019-11-17 19:48:15 +01:00
Frank Denis
ca7e5e5bcb
Rename a few things
2019-11-17 15:07:40 +01:00
Frank Denis
15b405b552
Support workarounds for ancient/broken implementations
...
Fixes #984
2019-11-16 18:51:16 +01:00
Frank Denis
f76e0fd8cf
plugin_block_name: make the blocking code reusable
2019-11-15 19:48:15 -05:00
William Elwood
e016300aab
Fix tests if filesystem stores less precise times
...
Not all filesystems store modification times with millisecond precision.
2019-11-14 12:47:55 +00:00
Will Elwood
d063a7959e
Avoid redirect and extra DNS lookup in example
...
Also makes the URL consistent with the other lists.
2019-11-10 12:48:21 +00:00
William Elwood
a521caf6fc
Add test for short refresh delay
...
Ensures a short refresh delay is ignored and the default minimum used instead.
2019-11-10 13:42:17 +01:00
William Elwood
0d0c634242
Avoid writing cache if it didn't change
...
Most of the time the only useful difference being written is the new modification time anyway, which is now being done explicitly.
2019-11-10 13:42:17 +01:00
William Elwood
d43fcabe69
Fix prefetch sometimes being skipped
...
Previously when the cache was written to disk, the modification time was unspecified.
At the next prefetch, it was possible for the cache to be expiring very soon (on the order of milliseconds) but still deemed valid.
Now the modification time is explicitly set to when the prefetch run began to make this situation much less likely.
2019-11-10 13:42:17 +01:00
Frank Denis
a31e7c0c61
Avoid ridiculously low values for proxy.certRefreshDelay
2019-11-08 22:51:04 +01:00
Frank Denis
0f7bd23b8a
Simplify
2019-11-08 11:28:41 +01:00
William Elwood
4324a09fc9
Fix failing tests on Windows
...
To simulate failures opening a cache file, fixtures are written without the read permission bits.
Since Unix permission bits have no meaning on Windows, a slightly more complicated solution is required to achieve the same permissions.
Thankfully, there's a library to abstract that already.
2019-11-08 10:17:12 +01:00
William Elwood
77a4a3da90
Reduce indentation and long lines in test
2019-11-08 10:17:12 +01:00
William Elwood
0aea5f81ef
Raise log level of a prefetch failure
...
This way it matches with the "loading from URL" info message and users with that log level aren't left with the false impression that it loaded fine when it really didn't.
2019-11-08 10:17:12 +01:00