22da6ca8da
Add some links
2018-04-01 17:13:53 +02:00
adb0c94a61
April 1st is already over in some time zones :)
...
This reverts commit dac52ab42a
2018-04-01 16:35:32 +02:00
dac52ab42a
Completely remove support for the DNSCrypt protocol
2018-04-01 04:04:12 +02:00
2dcf5fe01a
Skip the signature in the example Google stamp
...
Example configuration files are updated less often than sources
2018-04-01 03:50:10 +02:00
d812a9bdc3
Revert to 9.9.9.9 as the example fallback resolver
...
Just in case some networks do stupid things with 1.1.1.1 already.
2018-03-30 22:24:19 +02:00
a2160189af
Welcome to 1.1.1.1
2018-03-30 21:30:06 +02:00
be84399ffc
Do not assume that the kernel supports IPv6
2018-03-29 16:30:35 +02:00
5cc4663081
Bump
2018-03-29 11:22:20 +02:00
c3280a030c
Update ChangeLog
2018-03-28 14:46:20 +02:00
ede564ccf7
Support multiple URLs for a given source
...
Fixes #265
2018-03-28 13:36:19 +02:00
7ed4ce17d7
Move things down for clarity
2018-03-28 13:00:06 +02:00
1ca7597c7f
string(<int>) doesn't do what you may expect :)
2018-03-28 12:38:17 +02:00
e09f0875c1
Add the list of addresses to the -list -json output
2018-03-28 12:22:37 +02:00
8bedb4b01e
Add some helpers
2018-03-28 12:08:05 +02:00
7f221afeff
Don't assume that DoH servers use port 443
2018-03-28 11:52:04 +02:00
0983a86b40
Mention that log_files_max_backups = 0 means "keep all backups"
...
Fixes #268
2018-03-28 00:14:07 +02:00
84593c1341
Add liveinternet.ru to the whitelist
2018-03-27 00:22:13 +02:00
fa2c95084e
Adding DynamicUser to systemd service file, enhancing socket and service ( #261 )
...
* Adding nss-lookup.target to the socket Before and Wants directive. Adding current upstream wiki as documentation to service and socket file.
Adding DynamicUser=yes to the service file, alongside various hardening settings (Protect{ControlGroups,KernelModules}. Allowing the service to bind to ports below 1024 by setting CAP_NET_BIND_SERVICE. Adding {Cache,Logs,Runtime}Directory for dnscrypt-proxy. Removing (default) Type=simple. Adding a more default ExecStart location and usage of configuration.
* systemd/dnscrypt-proxy.socket: Adding back ipv6 functionality.
* systemd/dnscrypt-proxy.service: Updating Description to match project name.
Explicitely setting ProtectHome=yes. Adding information on the DynamicUser settings.
* systemd/dnscrypt-proxy.socket: Updating description to match project name.
* systemd/dnscrypt-proxy.service: Adding Requires= and Also= for dnscrypt-proxy.socket in favor of CAP_NET_BIND_SERVICE capabilities.
* dnscrypt-proxy/example-dnscrypt-proxy.toml: Clarifying how to set listen_addresses, when using systemd socket activation.
2018-03-26 20:48:22 +02:00
3e4b7671d1
Patch service_upstart
2018-03-26 20:46:51 +02:00
10f0503d50
Update deps; especially for chacha20
2018-03-26 20:46:25 +02:00
9224e79c59
Add NoTracking's list to the example blacklist configuration
...
Implement dnsmasq-style filters by the way
2018-03-26 20:43:42 +02:00
6bca9eb795
malwaredomainslist seems to be hard to reach over HTTPS
2018-03-26 20:37:22 +02:00
9643a311c8
Just build freebsd-arm to be consistent with other builds
2018-03-25 11:29:49 +02:00
6283dfc0db
+ freebsd-armv7
2018-03-25 11:26:25 +02:00
37b4234b18
chore: build freebsd armv7 binary ( #252 )
2018-03-25 11:25:58 +02:00
bdc32cee90
Add optional hardening to systemd service ( #259 )
2018-03-24 19:06:40 +01:00
f2ab65aab7
dnscrypt-proxy.socket: update [Unit] dependencies to match those from service ( #260 )
2018-03-24 19:05:01 +01:00
a95c7b729b
Let default systemd socket listen on both IPv4 and IPv6 ( #257 )
...
* Let default systemd socket listen on both IPv4 and IPv6
Setting listen_addresses = [] in config will listen on systemd socket, but by previous systemd socket config it would only listen on IPv4 127.0.0.1:53 without IPv6. This change fixes it.
* Update dnscrypt-proxy.socket
2018-03-24 15:01:27 +01:00
0026a20e08
Mention that people in China may need to use Quad114
2018-03-22 07:44:06 +01:00
2568ea0b0c
Revert "Switch to Quad114 as the default resolver"
...
This reverts commit 91f97833a3
2018-03-22 02:43:03 +01:00
2eac8d52d5
Revert the cache clear
...
Implementing this is going to be more complicated
2018-03-21 10:17:13 +01:00
3c05b38edd
Move local resolution to a dedicated function
2018-03-21 10:03:05 +01:00
d2805a19e4
DoH: only use the optional IP to bootstrap resolution
...
Fixes #100
2018-03-21 09:32:35 +01:00
577ac5c91a
When using a fallback resolver, favor IPv6 for DoH servers if use_ipv6 is set
...
Fixes #153
2018-03-21 09:05:30 +01:00
22f69a475a
Don't assume IPv6 or IPv4 about DoH servers
2018-03-21 08:48:57 +01:00
91f97833a3
Switch to Quad114 as the default resolver
...
Quad9 current returns SERVFAIL for dnscrypt.info and there have
been reports of it not working as expected in some countries as well.
2018-03-21 08:30:36 +01:00
963a54f6fe
Print the IP, not the address
2018-03-20 15:10:12 +01:00
50053d32a5
Bump
2018-03-18 09:21:36 -07:00
ebc3ddda38
Deps update
2018-03-18 09:09:29 -07:00
a0aeeabfa2
Nits
2018-03-17 14:47:17 -07:00
1f81710b91
Remove superflous brackets; fix DoH default port as well
2018-03-17 14:43:26 -07:00
86fb695189
Fix 2.0.6 ipv6 attach port ( #237 )
...
* fix-2.0.6-ipv6-attach-port
2018-03-17 14:39:46 -07:00
fd51ff8fb6
Clarify
...
Fixes #221
2018-03-11 08:15:02 -07:00
ba2f43e6db
TCP: don't read past the prefixed size
...
Maybe
fixes #219
2018-03-10 18:50:31 -08:00
3d50549cae
bring back exec and strings
2018-03-07 20:21:58 +01:00
a6ae97ecb1
Lower default granularity
2018-03-07 19:00:09 +01:00
ff81344aa8
Update clocksmith
2018-03-07 18:51:55 +01:00
817f2ff560
Don't pause the cert refresh timers if the host goes to hibernation
2018-03-07 18:29:58 +01:00
d8f502f130
Update deps
2018-03-07 18:29:26 +01:00
75f3c6403b
Print absolute paths when file caches cannot be written
2018-03-05 11:58:31 +01:00
Frank Denis
David Runge
Benjamin Dos Santos
FedericoYundt
Dhoulmagus
bleeee