miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
813 Commits 7 Branches 89 Tags 61 MiB
Commit Graph

813 Commits

Author SHA1 Message Date
Frank Denis 29a954f651 Snap: don't bother renaming the example config file 2019-05-24 23:03:06 +02:00
Frank Denis ef3e4cb6ee snap: use classic confinement, copy config files, remove network-control 2019-05-24 22:59:51 +02:00
Simon R f3e032f88a fix remaining urllib2 reference (#830) 2019-05-22 20:50:45 +02:00
igorljubuncic 0f3e8d32c6 Add support for building snaps (#820) 2019-05-22 17:43:47 +02:00
Simon R bc5e4f0544 make generate-domains-blacklist.py compatible to both python2 and python3 (#828) 
* update domains-blacklist-all.conf: Quidsup NoTrack moved to gitlab

* make generate-domains-blacklist.py python3 compatible

* fix whitespace
 2019-05-22 10:15:08 +02:00
encrypt.town dcce060ef2 Whitelist Server Source Domains (#829) 
A malicious blacklist, or accidental block, could prevent dnscrypt-proxy users from being able to fetch public resolvers and important certificate updates. Both URLs are taken from the default config:

[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
 2019-05-22 10:14:37 +02:00
Frank Denis fb7f16c902 quidsup notrack moved to gitlab 
Thanks to @simonfxr for reporting this
 2019-05-21 20:29:02 +02:00
Frank Denis 0e2d78d21b Warn is DoH is requested but HTTP/2 is not supported 2019-05-12 09:55:13 +02:00
Frank Denis 50a2018633 Keep holding the read lock in the cloaking load-balancing code 
Maybe
fixes #807
 2019-05-02 23:53:47 +02:00
Frank Denis 02d07df43f Cloaking example: yandex.ru to familysearch.yandex.ru 2019-04-29 14:35:24 +02:00
Frank Denis a8045e0a7a Bump 2019-04-28 23:26:33 +02:00
Frank Denis 71858bfc98 Update deps 2019-04-28 23:19:52 +02:00
Frank Denis 587a09b306 Add freebsd/armv7 target 
Fixes #792
Fixes #682
 2019-04-15 08:48:08 +02:00
Frank Denis 5c9edfccfe Ignore onion servers if Tor is not being used 2019-04-14 14:19:12 +02:00
Frank Denis 4940b34c76 Improve caching of server addresses, especially when using proxies 2019-04-14 13:46:07 +02:00
Frank Denis d143ae5279 Set the main protocol to TCP when using a SOCKS proxy 2019-04-14 13:41:43 +02:00
Frank Denis 4b001e3b8e Skip DNS resolution on Tor services 2019-04-14 11:18:14 +02:00
Frank Denis 0a535e28ab Stop printing "crypto v1/v2", as both are equally secure 2019-04-08 08:30:43 +02:00
Frank Denis 25ac94e7b2 Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy" 
This reverts commit 2d1dd7eaab.
 2019-04-02 01:57:48 +02:00
Frank Denis 2d1dd7eaab Add Stretch-Hash-and-Truncate option for extreme DNS privacy 
This works over DNSCrypt and DoH, but requires a specifically configured
server.

Instead of sending the actual DNS queries, the SH-T system works as follows:

Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.

Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.

Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.

This feature is experimental.
 2019-04-01 09:36:56 +02:00
Frank Denis f744110d38 Bump 2019-04-01 08:24:58 +02:00
Frank Denis 674bd30d45 Update dependencies 2019-04-01 08:21:17 +02:00
Frank Denis 8b608403b1 Do not cache truncated messages 
Fixes #774
 2019-04-01 08:19:26 +02:00
Aleksandr Sergeev a389067d29 Replace “find” with “findstr” in batches (#764) 
* Update service-install.bat

* Update service-restart.bat

* Update service-uninstall.bat
 2019-03-21 14:23:01 +01:00
Frank Denis 85abbeac61 Bump 2019-03-14 20:21:26 +01:00
Frank Denis 8076e206e0 Revert "Install the windows service as "NT AUTHORITY\NetworkService"" 
This reverts commit 17db0a658f.

On Windows, switching to user `NT AUTHORITY\NetworkService` apparently
breaks logging (reported by @Aland_123).
 2019-03-14 20:10:53 +01:00
Frank Denis 707098a922 Bump 2019-03-14 02:18:20 +01:00
Frank Denis c16016b112 Update deps 2019-03-14 02:17:58 +01:00
Frank Denis 47853e73d0 Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy 
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Re-add a big download link in addition to the badge
  Fix Matrix badge and replace the latest release notice with a badge (#749)
  Add Matrix Chat Badge (#747)
 2019-03-14 02:00:19 +01:00
Frank Denis 26cc68b748 Make startup *way* faster, especially when using DoH 2019-03-14 01:59:57 +01:00
Frank Denis 7688059cfb Re-add a big download link in addition to the badge 
Pretty sure many people won't think about clicking on the badge.
 2019-03-06 18:14:16 +01:00
CHEF-KOCH e9b4df38be Fix Matrix badge and replace the latest release notice with a badge (#749) 
* The shiels.io page seems to generate wrong links (sorry for that!) I reported it to the shields.io project to fix this ASAP.
* Replaced the "latest release" notice information with a badge which automatically fetches the latest "Release" which means no one has to manually edit the readme each time a new release was introduced.
 2019-03-06 18:10:01 +01:00
CHEF-KOCH 935c1dd9f8 Add Matrix Chat Badge (#747) 
* Add Matrix.org Chat badge
* Place the Travis build status badge together with the matrix chat badge under the main logo
 2019-03-06 02:15:20 +01:00
Frank Denis b624f8ef58 Accept sdns: scheme without a namespace 2019-03-03 18:20:39 +01:00
Frank Denis 864476b835 Update Quidsup URLs 
Fixes #743
 2019-03-03 17:43:25 +01:00
corsmith d1a337f64b logging enhancement CLOAK (#742) 2019-03-02 18:01:21 +01:00
Frank Denis c3e29c2a60 Switch to Go modules 2019-03-01 18:44:37 +01:00
Frank Denis 0a65a658b6 Back to stable Go 2019-02-26 08:51:25 +01:00
Frank Denis 8899389d8b Store IP addresses, not references 2019-02-25 18:25:35 +01:00
Frank Denis 734483226b Support multiple IPs for a single cloaking rule 
Fixes #617
 2019-02-23 15:51:30 +01:00
Frank Denis 5dc66adaa9 Move disabled_server_names down 2019-02-23 14:55:23 +01:00
Frank Denis c10fbb2aa7 + disabled_server_names 
Fixes #735
 2019-02-23 14:54:22 +01:00
Frank Denis d0ca608cb7 Update deps 2019-02-23 13:44:05 +01:00
Frank Denis 2aa0b7d6a7 Add `refused_code_in_responses` to the example. 
Fixes #738
 2019-02-23 12:34:59 +01:00
Frank Denis a726a40dc5 Add refused_code_in_responses 
Fixes #737
 2019-02-23 00:58:25 +01:00
Frank Denis cb022ece82 Set GODEBUG to enable TLS 1.3 
Fixes #731
 2019-02-17 23:56:02 +01:00
Frank Denis 5ee3512460 generate-domains-blacklist.py: properly handle time restrictions 
Fixes #710
 2019-02-15 00:03:02 +01:00
Frank Denis c142923b46 Add a dedicated function for trusted lists 2019-02-14 23:27:19 +01:00
Frank Denis 8377d491f6 Whitelist revinate.com 2019-01-29 20:03:04 +01:00
Frank Denis 1871690832 polyfill.io is not a tracker 2019-01-29 19:14:30 +01:00