d876c7b487
Keep the default LB strategy if an invalid p* one is used
2020-03-20 20:53:03 +01:00
34d83f027f
Support power-of-<arbitrary number>
2020-03-20 17:49:32 +01:00
b57cc19d70
Use an interface for load-balancing strategies
2020-03-20 17:37:34 +01:00
16708a0c20
Automatically detect servers blocking fragmented queries
2020-03-14 21:34:40 +01:00
49910d2f72
Localize some error values
2020-03-13 18:44:30 +01:00
19647e03a6
Overwrite the server name only when we need to send an upstream query
2020-03-13 17:52:09 +01:00
c17637c026
Don't log a server for blocked names by pattern ( #1218 )
...
* Update plugins.go
* reason update moved after reject confirmed
added boolean for direct rejects
* remove server with direct rejects
name pattern blocked cases
2020-03-13 17:50:38 +01:00
810f6043d2
People are used to seeing the [static] section at the end
2020-03-09 22:14:31 +01:00
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
92e842126d
Skip the Firefox plugin for connections through the local_doh protocol
...
Fixes #1205
2020-02-26 15:29:28 +01:00
b2be617e6b
Update example-dnscrypt-proxy.toml
...
Fixes to grammar and other minor issues.
2020-02-26 15:13:49 +01:00
11b31dea4f
Update example-dnscrypt-proxy.toml
...
Attempt to clarify the behaviour of server_names.
2020-02-26 15:13:49 +01:00
aa0e7f42d3
Make the xTransport functions return the HTTP body directly
...
This simplifies things, but also make RTT computation way more reliable
2020-02-21 22:33:34 +01:00
a6d946c41f
Shorten the default broken_query_padding list
2020-02-21 20:33:13 +01:00
4608b6d18d
Add auad9 to the broken_query_padding list
...
Fixes #1169
2020-02-21 20:31:45 +01:00
673eea65af
Add random padding to the initial DoH query
...
Fixes #1199
2020-02-21 20:24:24 +01:00
0ef2737ffe
fix minor typos in comment
2020-02-14 18:48:48 +00:00
1fa26eec0a
gofmt whitespace
2020-02-14 18:48:48 +00:00
8c42609475
fix minor typoS in config file
2020-02-14 18:48:48 +00:00
323c4a4758
Don't explain the format of other config files in the main config file
...
This is confusing if you don't read the documentation.
Fixes #1179
2020-02-05 12:17:14 +01:00
824fa90f94
Forwarding plugin: force set the response ID to match the query ID
...
Shouldn't be necessary, but just to be safe in case `dns.Exchange()`
does something unexpected.
2020-02-05 02:52:54 +01:00
63d28fc9b2
Forwarding plugin: retry over TCP if a truncated response is received
...
dns.Exchange() doesn't do it automatically.
Fixes #1178
2020-02-05 02:44:43 +01:00
170c690996
Bump
2020-01-31 11:25:04 +01:00
2dda74647d
Don't add padding unless the query has padding
...
Or else Firefox craps out
2020-01-31 11:17:36 +01:00
70311614a0
Improve error message on DNSSEC failure
2020-01-31 10:58:07 +01:00
cf1498c9f4
Properly compute the padding length for local DoH
...
Fixes #1173
2020-01-31 10:58:03 +01:00
d14d2b613a
Bump
2020-01-30 16:19:38 +01:00
a6026ce48a
Ignore lines starting with '#'
...
Fixes #1171
2020-01-30 16:16:05 +01:00
3a94523d65
Bump the cache size a little bit
2020-01-30 15:08:23 +01:00
c84a394817
Bump
2020-01-30 13:23:03 +01:00
f34d7b60fa
Implement serve-stale
2020-01-30 13:15:29 +01:00
f22461374c
Retry UDP queries on timeout
2020-01-29 18:53:39 +01:00
f17ce1ae0d
Use constant, but arbitrary long padding
2020-01-29 17:57:59 +01:00
4d788aed85
Make UDP and TCP code similar when it comes to SOCKS proxying
...
Actually use the relay when both a relay and a SOCKS proxy are
configured.
Keep forcing TCP when SOCKS is enabled. I couldn't get UDP proxying
to work with Shadowsocks.
2020-01-27 16:07:08 +01:00
349320f291
Add support for inline comments in patterns lists
...
Fixes #1162
2020-01-25 15:45:23 +01:00
7ada3fcfb8
Support multiple fallback resolvers
2020-01-15 19:58:14 +01:00
7fb62d98ea
Use EDNS0 padding for local DoH
2020-01-05 21:12:29 -05:00
6fb42d0eae
Improve error message when local DoH is enabled without a certificate
...
Fixes #1136
2020-01-05 19:02:57 -05:00
19cebfdb0a
Mention that /dev/stdout is not for Windows systems
...
Fixes #1131
2020-01-03 21:13:04 -05:00
abd221738b
Explicit brackets
2019-12-23 23:17:46 +01:00
5ede397d33
Mention ipsum
2019-12-23 19:52:27 +01:00
0e644c4b86
Add -config <config file> to the service configuration arguments
...
Maybe
fixes #1122
2019-12-23 15:35:52 +01:00
7e45b50d58
Move things around
2019-12-23 15:33:57 +01:00
c27d41faa0
Avoid unneeded DNS packet unpacking
2019-12-23 11:37:45 +01:00
adb6dac420
Strip EDNS0 options in responses
2019-12-22 18:02:33 +01:00
5118ed21fd
Use dumb padding even for GET queries
...
Resolvers such as Cloudflare always add padding to DoH responses
Resolvers such as Google only do if the question had dumb padding
Resolvers such as Cisco blindly return a copy of the question's padding
Some resolvers don't return any padding no matter what's in the question
Finally, other resolvers return FORMERR
This is a mess. A bad design inherited from DoT, that didn't fix
anything from Unbound's original experiment.
Also, padding with zeros as recommended is a bad idea. When using
GET, escaping makes the actual padding size 3 times as big as needed.
2019-12-22 17:34:16 +01:00
1585ede954
Use EDNS0 padding when using DoH over POST
...
This mechanism is horrible, slow (requires re-unpacking and re-packing
the query), should be done at transport layer and not at content layer, and
of course, it is incompatible with some resolvers.
However, in spite of https://go-review.googlesource.com/c/go/+/114316/2/src/net/http/transfer.go ,
we may still end up sending the header and the content in distinct packets.
So, use that horror for POST queries only. For GET, this is not needed.
2019-12-22 15:31:02 +01:00
0454463539
Pad GET queries
2019-12-22 14:43:21 +01:00
48817a4642
Unbeta
2019-12-21 21:29:13 +01:00
a7922a81fb
add some nonexistent zones
2019-12-21 14:34:29 +01:00
80d45a2343
2.0.36-beta.1
2019-12-18 12:44:24 +01:00
3fce30d7a5
Rename PluginsActionForward to PluginsActionContinue
...
Set the correct response code when forwarding
2019-12-17 19:19:36 +01:00
daf6d5881d
The default return code must be PASS
2019-12-17 18:54:49 +01:00
b1c08f8931
Handle Drop/Synth actions the same way in query and response plugins
2019-12-17 16:28:12 +01:00
a23f07a93d
Add an IP blacklist example
2019-12-17 15:25:39 +01:00
d88995aac6
Minor comment fix
...
I noticed while writing the functionality tests that comments about relative paths disagreed with what the code was doing.
While the executable directory is used if the configuration file itself can't be found, `cdFileDir(foundConfigFile)` is always executed after the configuration file is found whether that's the same as the executable's directory or not.
Also a couple of punctuation nits.
2019-12-17 14:28:06 +01:00
3c6f87527f
Undelegated zones are not dot suffixed any more
2019-12-17 11:08:22 +01:00
4fd54a4919
Store the normalized qName in the plugin state
...
We now enforce the fact that a query always include a question.
It holds true for all practical use cases of dnscrypt-proxy.
This avoids quite a lot of redundant code in plugins, and is faster.
2019-12-17 10:11:41 +01:00
ee24bf0421
Bump
2019-12-16 23:06:56 +01:00
07e605e9f4
Add a note about dnsmasq
...
In the config file, so that it has more visibility than in the doc.
Synthetic responses cannot contain NSEC or RRSIG records, and that
seems to be confusing dnsmasq.
2019-12-16 17:23:22 +01:00
eedabcbd4a
Reverse
2019-12-16 17:05:05 +01:00
cba755b4d1
Lowercase the question
2019-12-16 17:03:16 +01:00
7066e53843
Pre-add the final dot
2019-12-16 16:39:30 +01:00
1b276be85d
Rewrite block_undelegated without the generic pattern matcher
2019-12-16 16:35:08 +01:00
2d25719a69
Reuse the same variable
2019-12-16 16:32:49 +01:00
66799c4159
Add the ability to block undelegated DNS zones
...
Using the generic pattern matcher as a first iteration, but we can
save some memory and CPU cycles by building and using a critbit tree
directly.
2019-12-16 16:18:47 +01:00
aa5350c7fd
Missed blockedName->xBlockedName renaming
...
Fixes #1116
2019-12-16 12:13:23 +01:00
c1202457bf
Json -> JSON
2019-12-11 14:08:48 +01:00
a7b7bdc11e
Compress synthetic responses
2019-12-11 14:02:56 +01:00
9553d7f8c5
Copy the DO bit from questions to synthetic responses
2019-12-11 13:56:25 +01:00
1674bb1742
Force clear the AD bit unless the DO bit was also set
2019-12-11 09:41:16 +01:00
ee1c0fed93
Properly set DNS flags when creating empty responses
2019-12-11 09:00:29 +01:00
3b4d6c532d
A URL path must start with a /
2019-12-10 16:04:37 +01:00
279d5619e3
Don't block '.'
2019-12-10 00:03:41 +01:00
548a439528
Bump
2019-12-09 20:56:59 +01:00
a635e92606
Add a new plugin to block unqualified host names
2019-12-09 20:25:38 +01:00
56d02597a6
Extend the grace period and log when it's used
2019-12-09 17:08:59 +01:00
21a5765527
Rename resolveWithCache() and make the comment match what the fn does
2019-12-09 17:03:16 +01:00
2d8fd40481
Don't use named return values just for one value, especially an error
...
Be consistent with the rest of the code
2019-12-09 16:59:02 +01:00
3e32d38f29
Explicit initialization
2019-12-09 16:56:43 +01:00
49460f1d6f
pidfile.Write() can fail if no pid file was configured, it's ok
2019-12-09 13:34:14 +01:00
7991b91f21
Downgrade error level of pidfile.Write() to Critical
2019-12-09 13:08:03 +01:00
b5bb0fd504
If we can't disconnect from the Service Manager, it's no big deal
2019-12-09 13:07:47 +01:00
bfd74185f5
Don't prevent DNS queries from being answered if the partition is full
2019-12-09 12:55:26 +01:00
8efbf401c8
add error checks
2019-12-09 12:50:30 +01:00
ba8565a59e
Shorten conditions
2019-12-09 10:07:05 +01:00
96d15771e2
add multiple error checks
2019-12-09 09:56:47 +01:00
59f2df6318
Recommend more names to be forwarded
2019-12-07 17:38:07 +01:00
62f0b80c66
Add a comment regarding forwarding and ipv6 blocking
2019-12-06 19:41:33 +01:00
db33c69fe5
Log the original qName when a CNAME pointer is blocked
2019-12-05 17:50:04 +01:00
4d0c5ad569
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Travis: use Ubuntu Bionic so we don't have to compile libsodium
Downcase wiki
Handle clientsCount in the local DoH handler, too
Remove beta
Bump deps
Fix typo
Bump
whitelist
Add some extra blacklists
2019-12-05 16:49:48 +01:00
57a88eda56
Add (indirect) to the logged pattern for indirect blocks
2019-12-05 16:49:08 +01:00
3a4bc98073
Handle clientsCount in the local DoH handler, too
2019-12-03 13:04:58 +01:00
0de2246af2
Remove beta
...
Fixes #1086
2019-12-03 12:34:42 +01:00
443bdce879
Fix typo
2019-12-01 23:38:05 +01:00
21c63a5608
Local-DoH: pad responses
2019-11-29 21:34:21 +01:00
53dd5cd6c5
Clarify
2019-11-29 14:18:48 +01:00
53924d4cf7
Unset GODEBUG - WHich means that Go 1.13 is now required for TLS 1.3
...
We could keep setting GODEBUG for compatibility with older versions, but
people complain that it prints debug warnings.
2019-11-29 14:00:21 +01:00
4a613aa68d
Explain what the path is in a URL
2019-11-29 13:42:35 +01:00
3b50caf4cd
Add a default local DoH path, print the URLs
2019-11-29 08:53:13 +01:00
640b949976
Bump to 2.0.34-beta.1
2019-11-29 00:07:36 +01:00
f18dbc71ec
Make the local DoH path configurable
2019-11-28 23:49:28 +01:00
583ca09946
Reuse dataType
2019-11-28 23:33:34 +01:00
aad9c8f19c
Limit the query body size
2019-11-28 23:32:56 +01:00
5d6f9358c9
Print something useful when browsing the local DoH URL
2019-11-28 23:30:54 +01:00
3ef9ec8732
Local DoH tweaks
2019-11-28 23:08:23 +01:00
3e5dbee75a
We don't need to store local copies of cachedResponses
2019-11-28 22:34:02 +01:00
068509ef30
Rename http to local_doh
2019-11-28 17:11:14 +01:00
6a679cc543
Move local DoH configuration to its own section
2019-11-28 17:04:29 +01:00
be996c486f
Local DoH support, continued
2019-11-28 16:46:25 +01:00
1966a8604b
up
2019-11-26 01:36:35 +01:00
f249813cc5
First bits towards providing access over DoH in addition to DNS
...
Mainly to deal with the Firefox+ESNI situation
2019-11-24 22:46:27 +01:00
30b5507bf4
Make the part that creates or gets sockets more readable
2019-11-24 22:12:23 +01:00
bc22f94eeb
Don't listen to IPv6 in the example config file
...
Some hosts don't support IPv6, and the default (without anything in
the config file) is only the IPv4 address anyway.
2019-11-24 10:31:40 +01:00
67c7254dc5
block_name plugin: also check names found in CNAME records
2019-11-24 10:18:46 +01:00
1152491b2d
Move PluginCache before PluginCacheResponse
2019-11-24 09:14:36 +01:00
6e3916556f
Downcase the query name in BlockedNames.check()
2019-11-20 19:16:37 +01:00
4aba44898b
Bump
2019-11-18 13:00:34 +01:00
230a66ea73
Add an extra byte to the padded length
...
Fixes resolution of livegorouter.trafficmanager.net via Cisco
2019-11-18 12:50:19 +01:00
925c12d334
Set the list of blocked names even if logging was not enabled
...
Fixes #1050
2019-11-18 01:42:51 +01:00
0790328424
Revert "Revert "plugin_block_name: make the blocking code reusable""
...
This reverts commit 2d00c24f85
2019-11-18 01:32:17 +01:00
2d00c24f85
Revert "plugin_block_name: make the blocking code reusable"
...
This reverts commit f76e0fd8cf
2019-11-18 01:29:06 +01:00
41e35bd8c5
Compress responses
2019-11-18 01:13:18 +01:00
8728361e89
Replace SERVER_ERROR with SERVFAIL
...
If only because SERVFAIL can be looked up on Google
2019-11-17 22:20:47 +01:00
0b64c5df66
Improve logging
2019-11-17 22:04:58 +01:00
ad40c6c54b
Fallback to the system resolver if the fallback resolver doesn't work
...
This is useful if fallback_resolver has been set to random junk, or
to an external resolver, but port 53 is blocked.
At least, it may allow the server to start.
2019-11-17 22:00:08 +01:00
b03e7f993f
Add a default list of buggy servers
2019-11-17 21:44:46 +01:00
6dcd872385
This is unlikely to become mandatory
2019-11-17 21:38:09 +01:00
45cb7b48df
Format
2019-11-17 21:28:26 +01:00
64d804486d
Bump, update ChangeLog
2019-11-17 21:25:54 +01:00
e211e18f71
Improve logging
2019-11-17 20:40:59 +01:00
4e217267d4
Log the server name, not the provider name
2019-11-17 20:37:55 +01:00
c3d93124a7
Bump MinResolverIPTTL up
2019-11-17 20:30:59 +01:00
faac6e2082
Set default ignore_system_dns to true
2019-11-17 20:30:04 +01:00
0e8d1a941b
Typo
2019-11-17 20:30:00 +01:00
068c8e70f2
Typo
2019-11-17 20:00:34 +01:00
06c0fbb65b
Add NETWORK_ERROR
2019-11-17 19:48:15 +01:00
ca7e5e5bcb
Rename a few things
2019-11-17 15:07:40 +01:00
15b405b552
Support workarounds for ancient/broken implementations
...
Fixes #984
2019-11-16 18:51:16 +01:00
f76e0fd8cf
plugin_block_name: make the blocking code reusable
2019-11-15 19:48:15 -05:00
e016300aab
Fix tests if filesystem stores less precise times
...
Not all filesystems store modification times with millisecond precision.
2019-11-14 12:47:55 +00:00
d063a7959e
Avoid redirect and extra DNS lookup in example
...
Also makes the URL consistent with the other lists.
2019-11-10 12:48:21 +00:00
a521caf6fc
Add test for short refresh delay
...
Ensures a short refresh delay is ignored and the default minimum used instead.
2019-11-10 13:42:17 +01:00
0d0c634242
Avoid writing cache if it didn't change
...
Most of the time the only useful difference being written is the new modification time anyway, which is now being done explicitly.
2019-11-10 13:42:17 +01:00
d43fcabe69
Fix prefetch sometimes being skipped
...
Previously when the cache was written to disk, the modification time was unspecified.
At the next prefetch, it was possible for the cache to be expiring very soon (on the order of milliseconds) but still deemed valid.
Now the modification time is explicitly set to when the prefetch run began to make this situation much less likely.
2019-11-10 13:42:17 +01:00
a31e7c0c61
Avoid ridiculously low values for proxy.certRefreshDelay
2019-11-08 22:51:04 +01:00
0f7bd23b8a
Simplify
2019-11-08 11:28:41 +01:00
4324a09fc9
Fix failing tests on Windows
...
To simulate failures opening a cache file, fixtures are written without the read permission bits.
Since Unix permission bits have no meaning on Windows, a slightly more complicated solution is required to achieve the same permissions.
Thankfully, there's a library to abstract that already.
2019-11-08 10:17:12 +01:00
77a4a3da90
Reduce indentation and long lines in test
2019-11-08 10:17:12 +01:00
0aea5f81ef
Raise log level of a prefetch failure
...
This way it matches with the "loading from URL" info message and users with that log level aren't left with the false impression that it loaded fine when it really didn't.
2019-11-08 10:17:12 +01:00
5ed7b7c24f
Reduce the chances of corrupting the cache
...
Write both parts of the cache to their temp files before renaming
Now only the 2nd rename failing can leave the cache in a bad state.
2019-11-08 10:17:12 +01:00
b6d11b4351
Parse source URLs sooner
...
URLs only need to be parsed once, after that they are always available to the download func.
2019-11-08 10:17:12 +01:00
bf28325b61
Enable tests for expired cache
...
If the cache is expired but then all downloads fail, the cache should be used.
2019-11-08 10:17:12 +01:00
38019866ca
Move download loop, fix unnecessary cache reads
...
Previously, an expired cache would be read before trying each URL until a download completed.
By moving the download loop, the cache can be read once outside the loop.
2019-11-08 10:17:12 +01:00
f6f1a75884
Improve logging by keeping a Source's configured name on the struct
2019-11-08 10:17:12 +01:00
b697283309
Minor cleanup, mostly in tests
2019-11-08 10:17:12 +01:00
c0e34d1a9e
Verify signature immediately after reading from cache or URL
...
This allows a large number of tests to be enabled and pass now that the behaviour is expected.
The main fix here is that a download with an invalid signature will always fall back on using a properly signed cache, no matter how old it is.
Additionally, downloads will never be written to the cache unless they are properly signed (both at startup and prefetching).
2019-11-08 10:17:12 +01:00
53d5b0f3cd
Remove URLToPrefetch struct
2019-11-08 10:17:12 +01:00
a83ecf626b
Move `when` from URLToPrefetch struct to `refresh` on Source struct
2019-11-08 10:17:12 +01:00
b29c70551e
Refactor writing download to cache
2019-11-08 10:17:12 +01:00
082a4a5e01
Clarify how refresh_delay is intended to be used internally
...
Cache TTL is how old the cache can be at startup before trying to download an update immediately.
Prefetch delay is how long the prefetcher should wait between successful downloads of a source.
Previously, the refresh_delay configuration was used at startup as both cache TTL and prefetch delay, with subsequent prefetches using a hard-coded delay.
As discussed, refresh_delay is now only used for cache TTL, prefetch delay always uses the hard-coded delay.
2019-11-08 10:17:12 +01:00
190700e5ba
Move cacheFile from URLToPrefetch to Source struct
2019-11-08 10:17:12 +01:00
0991749b19
Allow source URLs to contain query parameters
...
Previously when constructing the signature URL, the `.minisig` suffix was blindly appended to the string version of the source URL.
Now we take the parsed source URL, deep copy it (saves us parsing it twice), and append the `.minisig` suffix to the path component of the URL.
2019-11-08 10:17:12 +01:00
b2ecc45133
Treat each list and signature pair as a single unit
...
When a list fails to download, there's no point trying to download the signature.
Code duplication moved to where it's easier to refactor away.
Enabled a few more tests.
2019-11-08 10:17:12 +01:00
1e225dbb67
Alter source tests to cover entire prefetch algorithm and make it pass
2019-11-08 10:17:12 +01:00
7e73a26a2f
Move most of the prefetching code into sources.go
...
The proxy shouldn't need to know how prefetching works, just that it needs to do it occasionally. Now the prefetching algorithm can be refactored without having to touch the proxy code.
2019-11-08 10:17:12 +01:00
78f2dead79
Move prefetch URLs onto Source struct
...
This is mostly in preparation for further refactoring, but does reduce the number of return values from `NewSource()` too.
2019-11-08 10:17:12 +01:00
4a792026eb
Refactor cache reading to reduce number of return values
2019-11-08 10:17:12 +01:00
fe34d07b68
Refactor away some unnecessary type shuffling
...
Signatures in particular were read in from both cache and url as `[]byte`, converted to `string`, then back to `[]byte` to pass through to minisign.
Lists themselves will be converted to `string` by the parsing code anyway.
2019-11-08 10:17:12 +01:00
ad92be5b9c
Refactor saving downloads to cache
...
Moved writing to happen immediately after the download to reduce duplicated code and number of return values from the download function.
2019-11-08 10:17:12 +01:00
4c156784c8
Refactor calculation of update delay when reading cache
...
Set the default delay once at the top instead of before every early return.
2019-11-08 10:17:12 +01:00
e818eeb800
Refactor reading a URL's content to own function
...
No longer shadows `url` package with variable of the same name.
2019-11-08 10:17:12 +01:00
d851c9eeb6
Refactor signature verification to own function
...
The cache is no longer destroyed whenever any signature verification fails.
The public key is stored on the Source struct for future use.
2019-11-08 10:17:12 +01:00
da0d7fe841
Fix various timing inconsistencies
...
When comparing times in tests, it's necessary to control the `now` value to ensure slow test runs don't fail incorrectly.
Both cache and download code had been using refreshDelay to set the next prefetch delay, which by default meant the 1st prefetch was 3 days after startup - this has now been corrected to match the 1 day expectation.
Enabling some of the cache tests revealed some other incorrect failures in the test that were also fixed.
2019-11-08 10:17:12 +01:00
03dea47130
Remove dead code paths
...
These paths were unreachable because XTransport.Get already checks the same conditions.
2019-11-08 10:17:12 +01:00
af0629856c
Add unit tests for sources.go
...
Tests cover most of the cache and download related code paths and specify the expected result of various starting states and external failure modes.
Where the current code's behaviour doesn't match a test's expectations, the test is disabled and annotated with a TODO until it can be fixed.
Added dependency on `github.com/powerman/check` and ran `go mod vendor`.
2019-11-08 10:17:12 +01:00
b76db70a6c
Revert "cleanup: estimators: simplify blindAdjust"
...
This reverts commit c699e7bec4
2019-11-05 01:16:22 +01:00
17a675021e
No one ever completes // TODO things
2019-11-05 01:10:57 +01:00
da3f30871f
Revert "fix: proxy: Trigger query logging plugins using defer"
...
This reverts commit fc9509a8c8
2019-11-05 00:54:03 +01:00
14862c2fc7
defer is slow and not worth it here
2019-11-05 00:37:46 +01:00
316c5ca6b1
Don't return immediately on non-Windows system if netprobe_timout is -1
...
Fixes #1016
2019-11-04 17:14:31 +01:00
9852a289f8
Increase the default cache size and minimum TTL
2019-11-03 17:31:41 +01:00
e0c37f92fc
Add a comment about why DoH addresses from stamps don't expire
2019-11-03 00:33:17 +01:00
0f332c644d
Set a minimum TTL when caching resolver IPs
...
Comcast having a 30 sec TTL is silly
2019-11-02 02:01:03 +01:00
63ed3b4fef
Update comment
2019-11-02 01:52:51 +01:00
a84a789a8a
Keep resolving if needed
2019-11-02 01:50:35 +01:00
d932d5fdfc
Inverse test
2019-11-02 01:20:28 +01:00
6032c3b79b
Add a grace TTL for expired cached IPs
...
And some comments to make the code more readable
2019-11-01 23:19:07 +01:00
0dc69eacd5
resolveHostWithCache -> resolveWithCache
2019-11-01 23:10:36 +01:00
b30904f20b
lowercase
2019-11-01 23:06:42 +01:00
8d191cdcf1
Rename CheckResolver to IsIPAndPort for clarity
2019-11-01 23:05:17 +01:00
3cef651b07
Rename resolveHost() to resolveHostWithCache() for clarity
...
(but to be honest, I don't understand anything to that code any more)
2019-11-01 23:00:39 +01:00
e028f4d483
Don't delete cached server IP addresses
...
If we can't update an entry, keep the previous one.
2019-11-01 22:55:06 +01:00
3db3de0a91
Use SystemResolverTTL as a minimum timeout for cached resolver IPs
2019-11-01 21:47:13 +01:00
97e4c44223
remove err return values that are never set
2019-11-01 17:13:14 +01:00
36808cdec7
remove unused patternType return
2019-11-01 17:13:14 +01:00
a0d9412a25
run goimports
2019-11-01 17:13:14 +01:00
cd675913b2
Fix copy-paste oversight
...
I think these variables are always both nil or both not nil, but maybe in the future they might not be.
2019-11-01 09:07:57 +00:00
816acb9d8d
move ConfigLoad into AppMain
2019-10-31 18:55:44 +01:00
2f7e057996
move flags parsing into main()
2019-10-31 18:55:44 +01:00
116f985b96
Bump
2019-10-31 18:12:13 +01:00
59c3d5121d
Add brackets around cached IPv6 IP addresses
...
Fixes #1005
2019-10-31 17:55:54 +01:00
1c9924e055
check error that was being erroneously shadowed
2019-10-31 17:55:26 +01:00
971b08bcec
No more beta
2019-10-31 17:54:04 +01:00
06b0976786
Remove the serverInfo rwlock; just use the global serversInfo rwlock
2019-10-31 17:50:56 +01:00
3a68f90c37
Back to 2.0.29 beta 3 ( ceed905196)
2019-10-31 17:50:19 +01:00
fb1fc14317
Revert "refactoring of pull 980"
...
This reverts commit 6fa420a8e0
2019-10-31 17:36:59 +01:00
7636a78d74
Revert "avoid LoadConfig twice"
...
This reverts commit 8f2c438c70
2019-10-31 17:36:32 +01:00
828af28658
Revert "move ConfigLoad and InitPluginsGlobals to appMain"
...
This reverts commit b67d19ffb3
2019-10-31 17:36:28 +01:00
393195066e
Up
2019-10-31 16:50:38 +01:00
71e3cf4aef
Add brackets around cached IPv6 IP addresses
...
Fixes #1005
2019-10-31 16:38:43 +01:00
b67d19ffb3
move ConfigLoad and InitPluginsGlobals to appMain
2019-10-31 15:04:12 +01:00
8f2c438c70
avoid LoadConfig twice
2019-10-31 15:04:12 +01:00
65de188423
don't use syscall directly
2019-10-31 15:04:12 +01:00
6fa420a8e0
refactoring of pull 980
...
follow up on https://github.com/DNSCrypt/dnscrypt-proxy/pull/980#issuecomment-548153169
2019-10-31 15:04:12 +01:00
9eae8de902
fix the file not found error message when passing -config
2019-10-31 09:53:44 +01:00
7307c51d6f
move ConfigLoad into Start function when running as a service (take 2)
2019-10-31 09:53:44 +01:00
b80e4957d1
move flags parsing into main()
2019-10-31 09:53:44 +01:00
7f82c2504d
check error that was being erroneously shadowed
2019-10-31 09:52:05 +01:00
899cd07239
Bump
2019-10-30 23:02:07 +01:00
37c939480d
Potential fix for #998
...
I haven't tested this change, but it should be as simple as that.
2019-10-30 19:01:37 +00:00
778b2cccc1
Revert "move ConfigLoad into Start function when running as a service"
...
This reverts commit 9aeec3478f
2019-10-30 08:02:31 +01:00
9aeec3478f
move ConfigLoad into Start function when running as a service
2019-10-28 15:29:02 +01:00
4eea03c9a1
No more beta
2019-10-28 12:18:51 +01:00
fe3b8b6321
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Fix travis build
2019-10-27 23:36:42 +01:00
2add754f23
Don't use real server names, because this is apparently confusing
2019-10-27 23:36:08 +01:00
0c2fb16214
Fix travis build
...
Hopefully this is all that's needed to make it go green, I'm not set up to test locally.
2019-10-27 09:54:05 +01:00
4824e91d46
Remove the serverInfo rwlock; just use the global serversInfo rwlock
2019-10-26 17:28:24 +02:00
6680faf665
make sure tcp/udp Conn are closed on stop signal
2019-10-25 12:56:34 +02:00
220d418f2f
make sure app main goroutine quits, before stopping
2019-10-25 12:56:34 +02:00
ceed905196
Add a more explicit message when a user is set on Windows
2019-10-25 12:53:59 +02:00
f60395390e
Typo
2019-10-23 23:30:39 +02:00
e5f3eff760
Add DNS stamps to JSON output
2019-10-23 23:28:46 +02:00
560577af00
Correctly honor MaxTimeout on Windows, too
2019-10-22 11:53:59 +02:00
32b691a5c7
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Reduce contention
Don't name different things "ttl" to avoid confusion
Reduce lock contention
Nits
Rename negTTL to rejectTTL to avoid confusion with cacheNegTTL
feature: Add neg_ttl for rejected entries and cloak_ttl for cloaking-rules entries
feature: xtransport: Expire CachedIPs, split resolve function from Fetch
fix: xtransport: Check 'fallback_resolver'
fix: xtransport: Ensure we strip [] from host/ip before net.ParseIP
cleanup: xtransport: group all consts and alike
2019-10-22 11:51:38 +02:00
94c16c3167
MaxTimeout is the maximum timeout, not the minimum
...
Fixes #977
2019-10-22 11:51:22 +02:00
3ddb134190
Reduce contention
2019-10-21 18:50:20 +02:00
a0614510e9
Don't name different things "ttl" to avoid confusion
2019-10-21 18:40:47 +02:00
ffd60d21db
Reduce lock contention
2019-10-21 18:36:47 +02:00
70970d2333
Nits
2019-10-21 18:31:06 +02:00
a26b2b42f0
Rename negTTL to rejectTTL to avoid confusion with cacheNegTTL
2019-10-21 18:26:49 +02:00
bb01595320
feature: Add neg_ttl for rejected entries and cloak_ttl for cloaking-rules
...
entries
Previously cache_min_ttl was used. But one can certainly set
cache_min_ttl to 0, but still ensure synthetic values have ttl.
Hence new config file options.
2019-10-21 18:12:49 +02:00
bc831816f5
feature: xtransport: Expire CachedIPs, split resolve function from Fetch
...
I selected default ttl when resolving using system to be 86400 / 24h.
As the program can run long time, I think it is relevant to honor TTL
when resolving and caching results.
Change cache internal format from string to net.IP. This should ensure
there is no need to further check validity of value later when using.
Resolve part was too big and had only one purpose. So it is fine
candidate to be own function.
2019-10-21 18:12:49 +02:00
d14d78e648
fix: xtransport: Check 'fallback_resolver'
...
And also DefaultFallbackResolver.
As far a I could see, value needs to have port defined
too. dns.Exchange does seem to use address as such.
2019-10-21 18:12:49 +02:00
890dcca270
fix: xtransport: Ensure we strip [] from host/ip before net.ParseIP
2019-10-21 18:12:49 +02:00
ac4843b460
cleanup: xtransport: group all consts and alike
...
This is mainly for case where more consts are added.
Also I think those vars were not variables but treated as
const.
2019-10-21 18:12:49 +02:00
92e632daf1
Fail on failure :)
2019-10-20 23:07:36 +02:00
1cb9a360de
fix: proxy: Add missing logging in a case where flow does not return
2019-10-20 22:27:30 +02:00
74c1f4a00d
Use the relay for cert retrieval over TCP, tooo
...
But don't use a relay if a proxy has been specified already
2019-10-20 21:45:19 +02:00
fc9509a8c8
fix: proxy: Trigger query logging plugins using defer
...
This is more robust and uses lot less lines.
2019-10-20 21:30:24 +02:00
Frank Denis
Dragonfir3
Kevin O'Sullivan
Will Elwood
Alison Winters
unknown
William Elwood
milgradesec
glitsj16
Eric Lagergren
Vladimir Bauer
Markus Linnala