miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,106 Commits 5 Branches 89 Tags 58 MiB
Commit Graph

189 Commits

Author SHA1 Message Date
Frank Denis 0166f21b27 Add built-in support for Tor 2018-06-06 15:54:51 +02:00
Frank Denis 977dcad826 Improved return codes 2018-06-04 23:18:28 +02:00
Frank Denis 3bbdf93095 Log return codes in LTSV qeruylog files 
DNS return codes are not enough; we need to change this to something
more expressive.

In particular, we can't use them to distinguish between a server block,
a blacklist block, and a plugin block such as the IPv6 blocker.
 2018-06-04 21:35:07 +02:00
Frank Denis b6e6a19b50 Make logging plugins independent from query/response plugins 2018-06-04 20:52:16 +02:00
Frank Denis 255423588c REFUSED responses are fine for filtering resolvers 2018-05-11 03:31:25 +02:00
Frank Denis 3d67c81697 Deps update 2018-04-18 18:58:39 +02:00
Frank Denis f63dc17f90 stamps -> dnsstamps 2018-04-18 18:47:10 +02:00
gdm85 eb5f391fa6 Split stamps into package 2018-04-18 18:36:47 +02:00
Frank Denis b1447160a0 Add cache_neg_min_ttl and cache_neg_max_ttl 2018-04-17 00:24:49 +02:00
Frank Denis 64d22dfc2b Clarify 2018-04-12 11:07:34 +02:00
Frank Denis ca80b69b3a Re-implement ephemeral keys for DNSCrypt 2018-04-09 03:12:34 +02:00
Frank Denis 65e6b8569e Implement whitelists 
Fixes #293
 2018-04-07 23:02:40 +02:00
Frank Denis 8217170a7b Revert "Do not consider SERVFAIL responses as server failures" 
This reverts commit 0e65c50989.
 2018-04-06 13:43:09 +02:00
Frank Denis 0e65c50989 Do not consider SERVFAIL responses as server failures 2018-04-06 02:47:58 +02:00
Frank Denis e210fc537e Ignore the Cache-Control: max-age header 
What's in the DNS packet is a better source of truth.

There was also an inconsistency between the TTL from the
max-age header (as returned in a response that wasn't cached) and
a response from the cache (using TTLs from the DNS packet).

So, just use what's in the packet.

Reported by @vavrusam, thanks!
 2018-04-01 21:41:36 +02:00
Frank Denis adb0c94a61 April 1st is already over in some time zones :) 
This reverts commit dac52ab42a.
 2018-04-01 16:35:32 +02:00
Frank Denis dac52ab42a Completely remove support for the DNSCrypt protocol 2018-04-01 04:04:12 +02:00
Frank Denis 2eac8d52d5 Revert the cache clear 
Implementing this is going to be more complicated
 2018-03-21 10:17:13 +01:00
Frank Denis d2805a19e4 DoH: only use the optional IP to bootstrap resolution 
Fixes #100
 2018-03-21 09:32:35 +01:00
Frank Denis 817f2ff560 Don't pause the cert refresh timers if the host goes to hibernation 2018-03-07 18:29:58 +01:00
Frank Denis b643a816cc Add automatic log files rotation 
Fixes #172
 2018-03-02 10:34:00 +01:00
Frank Denis 97156c3ad3 Use atomic loads for the clients counter 2018-03-02 09:41:12 +01:00
Frank Denis 519af2e532 Revert "Allow -test 0" 
This reverts commit 1e2c175e19.

Revert "Don't bind any sockets when using -test"

This reverts commit 982f341de8.

Revert "Implement -test to check certificates expiration"

This reverts commit 2158674d17.
 2018-02-27 07:55:10 +01:00
Frank Denis 2158674d17 Implement -test to check certificates expiration 2018-02-27 02:52:45 +01:00
Frank Denis eac8732b2b Log servers returning SERVFAIL 2018-02-22 14:48:08 +01:00
Frank Denis 4ec5461b2f Mark servers as failing more aggressively 2018-02-22 14:20:59 +01:00
Frank Denis e1e283ac23 Better (and, for DoH, fixed) RTT estimation 2018-02-19 18:30:26 +01:00
Frank Denis af0833387a Close idle connections after an error; reduce idle connections timeout 2018-02-05 19:03:04 +01:00
Frank Denis 43f3e64bd9 DoH: fallback to GET on servers that don't support POST 2018-02-05 11:30:10 +01:00
Frank Denis 88434fc39f Prepare support for multiple load balancing strategies 2018-02-04 21:13:54 +01:00
Frank Denis 6f546b4c21 Use Cache-Control 2018-02-04 13:48:51 +01:00
Frank Denis ed60976dd2 Infer TTL from Date: and Expire: headers 
Unfortunately, Google DNS sets Expire: to the same value as Date:

So we may want to use Cache-Control instead.
 2018-02-04 13:35:40 +01:00
Frank Denis 458da8fa77 DoH: use 0 as a transaction ID 
Reject short TCP queries early by the way
 2018-02-04 12:57:54 +01:00
Frank Denis 9d69811de9 Add limits to HTTP requests 2018-02-04 11:33:04 +01:00
Frank Denis 033931a13a Add a new powerful plugin: DNS cloaking 2018-02-04 01:43:37 +01:00
Frank Denis 41a73ccb03 Time access restrictions [WIP] 
Because my daughter spends way too much time on Youtube
Because people have been asking OpenDNS to implement this for the past 10 years
Because existing tools suck
Because I want something flexible, where every rule can be assigned a schedule
 2018-01-31 23:08:38 +01:00
Frank Denis ecaf18f614 Use a fallback resolver if the local DNS configuration doesn't work 
This should fix all chicken-and-egg issues
 2018-01-30 15:47:39 +01:00
Frank Denis 24c21d5eb2 Start moving things to a custom transport 2018-01-30 13:29:47 +01:00
Frank Denis b6e5f55870 Move the proxy struct to its own file 2018-01-29 23:47:04 +01:00