Commit Graph

1504 Commits

Author SHA1 Message Date
Frank Denis 52f87aee8e Accept data from systemd sockets at the same time as everything else 2020-04-26 15:00:39 +02:00
Frank Denis 4029d3d4f3 proxy.dropPrivilege() doesn't return on success 2020-04-26 14:49:43 +02:00
Frank Denis 3c510b74bb Start listeners as goroutines 2020-04-26 14:26:40 +02:00
Frank Denis c6b2869317 Update Poly1305 dep 2020-04-26 13:03:48 +02:00
Frank Denis 4a50736457 Only start accepting connections after everyting has been initialized
Fixes #1295

And more. The estimator, key and servers list were not initialized either.
2020-04-26 12:52:55 +02:00
Frank Denis 7d0e1440e1 ESNI has been renamed to ECHO 2020-04-24 11:15:40 +02:00
Frank Denis 252b10c996 Remove blacklisted names due to globbing patterns
This is very clumsy, as it doesn't handle time-based rules properly,
and doesn't handle whitelists at all.

Adding globs to the "names" list is also an ugly hack just to have
them included in the final output.
2020-04-22 17:55:24 +02:00
Frank Denis a71b531d2e Re-add -o / --output-file 2020-04-21 23:40:58 +02:00
Frank Denis dcd6f8448d Revert "Improve generate-domains-blacklist.py to remove redundant lines (#1184)"
This reverts commit 58871de725.
2020-04-21 23:08:40 +02:00
Huhni 58871de725
Improve generate-domains-blacklist.py to remove redundant lines (#1184)
* Improve script to remove redundant lines

Let the script remove those lines that are covered by regular expressions already

* add optional "-o OUTPUT_FILE" argument 

This ensures that UTF-8 is used.
The redirect to file functionality from before is maintained, because "default=None" is used for the -o argument

I also fixed the formatting slightly to avoid newlines at the beginning of the file.

* improve glob matching

- rename regexes into globs 
- only check trusted (local) files for globs
- use fnmatch instead of manually converting globs into regular expressions and matching them
- modify is_glob function to check only for the following characters: * [ ] ?
- improve get_lines_with_globs function, by using the native filter and lambda functions
- improve covered_by_glob function, by checking if line is part of glob_list, instead of calling is_glob again
- print "ignored entries due to globs in local-additions" to the output as well to better differentiate from other duplicates
2020-04-21 23:07:32 +02:00
Frank Denis 9519472bbe Don't print the proxy version in the child 2020-04-20 12:34:59 +02:00
Frank Denis 6f2dcb900a Drop privileges early
Fixes #1265
2020-04-20 12:27:53 +02:00
Frank Denis b6b7ed3a67 Dropping privileges doesn't work reliably on MacOS 2020-04-20 11:50:27 +02:00
Frank Denis abfd195e51 Use Kadhosts without controversies
Fixes #1288
2020-04-19 17:55:46 +02:00
Frank Denis 69a7d832c4 Remove lists that are pretty much empty 2020-04-19 17:52:16 +02:00
Frank Denis ccc91e28a3 Try enabling energized blu by default
Quite a lot of domains in that list don't exist any more, though.
2020-04-19 17:46:18 +02:00
Frank Denis 900ed13ff1 Remove banbenek's list 2020-04-19 17:39:53 +02:00
Frank Denis dd522bb726 Merge branch 'master' of github.com:DNSCrypt/dnscrypt-proxy
* 'master' of github.com:DNSCrypt/dnscrypt-proxy:
  use global 'timeout' option for forwarding queries (#1284)
2020-04-18 21:18:53 +02:00
Frank Denis 2779d92f01 Add some blacklists 2020-04-18 21:18:40 +02:00
29f f71244ed74
use global 'timeout' option for forwarding queries (#1284)
* Update plugins.go

* Update plugin_forward.go
2020-04-17 20:57:23 +02:00
Frank Denis 4f41fc3fee Add Geoffrey Frogeye's block list 2020-04-12 23:34:15 +02:00
Frank Denis 527764aba7 Upper case 2020-04-05 20:50:28 +02:00
Kiril Angov d2602fd142
Respect proxy.mainProto in forward plugin (#1259)
* Respect proxy.mainProto in forward plugin

* Make the serverProtocol part of pluginsState instead
2020-04-05 20:49:30 +02:00
Frank Denis f4631b9121 Remove unreachable code
Spotted by @komapa
2020-04-05 20:48:00 +02:00
Linuxfreak 76f6d02e52
Change URL of Block Spotify ads (#1266)
The url of the Spotify-HOSTS.txt is changed. Path of "/filter/" is now "/filters/"
2020-04-04 22:18:21 +02:00
Frank Denis 5930b45116 Farewall host-files.net domain list
Fixes #1262
2020-04-02 14:56:38 +02:00
kimw 4ce28473f4
Update example-ip-blacklist.txt (#1264)
fix https://github.com/DNSCrypt/dnscrypt-proxy/issues/1261. remove `[` & `]`.
2020-04-02 14:55:18 +02:00
Frank Denis f6b9706322 This reverts commit 876e389a0a.
April 1st is almost over :)
2020-04-01 21:55:17 +02:00
Frank Denis 876e389a0a Make doh.nsa.gov the default DNS server 2020-04-01 12:22:52 +02:00
Frank Denis 17fbad3648 Update deps 2020-04-01 12:15:13 +02:00
Frank Denis 1ff31f14f1 Remove the ct parameter from DoH queries
That was a workaround for Google, but Google doesn't seem to need
it any more.
2020-04-01 12:12:57 +02:00
Frank Denis eb372e7ce5 First release using GitHub Actions: success! Farewell, Travis. 2020-03-26 18:53:35 +01:00
Frank Denis 89dd0de6af Update ChangeLog 2020-03-26 18:38:15 +01:00
Frank Denis 8fc2f00ffb Probably older than version 1.4.0 2020-03-26 18:33:39 +01:00
Frank Denis 3ca80afb19 packets -> client queries 2020-03-26 17:25:52 +01:00
Frank Denis 74095d38ed Remove LargerResponsesDropped
dnsdist drops DNSCrypt queries shorter than 256 bytes, interpreting them
as not being encrypted instead. This is surprising when doing ad-hoc
testing, but absolutely fine, and we will never send shorter encrypted
queries on normal circumstances.

So, remove a useless knob.
2020-03-26 17:20:34 +01:00
Frank Denis fb04a62470 ChangeLog 2020-03-26 15:39:48 +01:00
Frank Denis b3fbc2304d All dnsdist servers exhibit the same behavior re: sending truncated responses
A 128 bytes query will not get a 200 bytes response (randomly tested on
3.tlu.dl.delivery.mp.microsoft.com), not even a truncated one.

It may be related to fragments being blocked on the server socket, or a
different issue. We can expect everything to be back to normal in dnsdist
1.5.0 no matter what.
2020-03-26 15:19:17 +01:00
Frank Denis 5049516f53 Add an option to ignore servers incompatible with anonymization 2020-03-26 13:41:57 +01:00
Frank Denis 7621737dde Improve debugging 2020-03-26 13:30:39 +01:00
Frank Denis 9542109d66 Cancel dnsExchange goroutines as soon as we have a best response 2020-03-26 12:53:22 +01:00
Frank Denis ad36321dc8 Add cleanbrowsing until dnsdist 1.5.0 is out 2020-03-26 12:31:12 +01:00
Frank Denis 98e53c4013 Replace Travis status badge with the GitHub Action badge 2020-03-26 11:15:12 +01:00
Frank Denis c54e8a2c60 Goodbye Travis, let's switch to GitHub Actions! 2020-03-26 11:02:19 +01:00
Frank Denis 8896787e66 Add other dnsdist servers until the MTU issue is fixed
https://github.com/PowerDNS/pdns/pull/7410
2020-03-26 10:57:09 +01:00
Frank Denis 9f65457b1c Wait a little bit more between UDP attempts 2020-03-26 10:37:56 +01:00
Frank Denis 1d090eb194 Unfortunately, blocking stats.* has too many implications 2020-03-25 20:33:36 +01:00
Frank Denis 7424f1a8b7 Try harder to work around Cisco and Quad9 bugs 2020-03-25 20:10:11 +01:00
Frank Denis 64935c9b92 Bump 2020-03-25 18:24:25 +01:00
Frank Denis 0860245c73 Nits 2020-03-25 18:24:03 +01:00