436bce9edf
Define functions to register socket handles, to improve clarity
2020-04-26 16:52:50 +02:00
38cfa437db
Repair Local DoH; should fix CI tests
2020-04-26 16:34:26 +02:00
3c510b74bb
Start listeners as goroutines
2020-04-26 14:26:40 +02:00
4a50736457
Only start accepting connections after everyting has been initialized
...
Fixes #1295
And more. The estimator, key and servers list were not initialized either.
2020-04-26 12:52:55 +02:00
6f2dcb900a
Drop privileges early
...
Fixes #1265
2020-04-20 12:27:53 +02:00
d2602fd142
Respect proxy.mainProto in forward plugin ( #1259 )
...
* Respect proxy.mainProto in forward plugin
* Make the serverProtocol part of pluginsState instead
2020-04-05 20:49:30 +02:00
f4631b9121
Remove unreachable code
...
Spotted by @komapa
2020-04-05 20:48:00 +02:00
74095d38ed
Remove LargerResponsesDropped
...
dnsdist drops DNSCrypt queries shorter than 256 bytes, interpreting them
as not being encrypted instead. This is surprising when doing ad-hoc
testing, but absolutely fine, and we will never send shorter encrypted
queries on normal circumstances.
So, remove a useless knob.
2020-03-26 17:20:34 +01:00
5049516f53
Add an option to ignore servers incompatible with anonymization
2020-03-26 13:41:57 +01:00
7621737dde
Improve debugging
2020-03-26 13:30:39 +01:00
7424f1a8b7
Try harder to work around Cisco and Quad9 bugs
2020-03-25 20:10:11 +01:00
81c8d68462
Pad queries to 1472 bytes for implementations with broken padding
...
Quad9 doesn't return TC when responses are larger than the question;
it doesn't return anything instead :(
2020-03-25 18:06:02 +01:00
dd37eaed7c
Retry over TCP on UDP timeouts
2020-03-25 17:45:59 +01:00
49910d2f72
Localize some error values
2020-03-13 18:44:30 +01:00
19647e03a6
Overwrite the server name only when we need to send an upstream query
2020-03-13 17:52:09 +01:00
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
aa0e7f42d3
Make the xTransport functions return the HTTP body directly
...
This simplifies things, but also make RTT computation way more reliable
2020-02-21 22:33:34 +01:00
70311614a0
Improve error message on DNSSEC failure
2020-01-31 10:58:07 +01:00
f34d7b60fa
Implement serve-stale
2020-01-30 13:15:29 +01:00
f22461374c
Retry UDP queries on timeout
2020-01-29 18:53:39 +01:00
4d788aed85
Make UDP and TCP code similar when it comes to SOCKS proxying
...
Actually use the relay when both a relay and a SOCKS proxy are
configured.
Keep forcing TCP when SOCKS is enabled. I couldn't get UDP proxying
to work with Shadowsocks.
2020-01-27 16:07:08 +01:00
c27d41faa0
Avoid unneeded DNS packet unpacking
2019-12-23 11:37:45 +01:00
b1c08f8931
Handle Drop/Synth actions the same way in query and response plugins
2019-12-17 16:28:12 +01:00
66799c4159
Add the ability to block undelegated DNS zones
...
Using the generic pattern matcher as a first iteration, but we can
save some memory and CPU cycles by building and using a critbit tree
directly.
2019-12-16 16:18:47 +01:00
a635e92606
Add a new plugin to block unqualified host names
2019-12-09 20:25:38 +01:00
8efbf401c8
add error checks
2019-12-09 12:50:30 +01:00
3a4bc98073
Handle clientsCount in the local DoH handler, too
2019-12-03 13:04:58 +01:00
3b50caf4cd
Add a default local DoH path, print the URLs
2019-11-29 08:53:13 +01:00
f18dbc71ec
Make the local DoH path configurable
2019-11-28 23:49:28 +01:00
6a679cc543
Move local DoH configuration to its own section
2019-11-28 17:04:29 +01:00
be996c486f
Local DoH support, continued
2019-11-28 16:46:25 +01:00
1966a8604b
up
2019-11-26 01:36:35 +01:00
f249813cc5
First bits towards providing access over DoH in addition to DNS
...
Mainly to deal with the Firefox+ESNI situation
2019-11-24 22:46:27 +01:00
30b5507bf4
Make the part that creates or gets sockets more readable
2019-11-24 22:12:23 +01:00
45cb7b48df
Format
2019-11-17 21:28:26 +01:00
06c0fbb65b
Add NETWORK_ERROR
2019-11-17 19:48:15 +01:00
ca7e5e5bcb
Rename a few things
2019-11-17 15:07:40 +01:00
15b405b552
Support workarounds for ancient/broken implementations
...
Fixes #984
2019-11-16 18:51:16 +01:00
7e73a26a2f
Move most of the prefetching code into sources.go
...
The proxy shouldn't need to know how prefetching works, just that it needs to do it occasionally. Now the prefetching algorithm can be refactored without having to touch the proxy code.
2019-11-08 10:17:12 +01:00
78f2dead79
Move prefetch URLs onto Source struct
...
This is mostly in preparation for further refactoring, but does reduce the number of return values from `NewSource()` too.
2019-11-08 10:17:12 +01:00
da3f30871f
Revert "fix: proxy: Trigger query logging plugins using defer"
...
This reverts commit fc9509a8c8
2019-11-05 00:54:03 +01:00
1c9924e055
check error that was being erroneously shadowed
2019-10-31 17:55:26 +01:00
3a68f90c37
Back to 2.0.29 beta 3 ( ceed905196)
2019-10-31 17:50:19 +01:00
fb1fc14317
Revert "refactoring of pull 980"
...
This reverts commit 6fa420a8e0
2019-10-31 17:36:59 +01:00
6fa420a8e0
refactoring of pull 980
...
follow up on https://github.com/DNSCrypt/dnscrypt-proxy/pull/980#issuecomment-548153169
2019-10-31 15:04:12 +01:00
7f82c2504d
check error that was being erroneously shadowed
2019-10-31 09:52:05 +01:00
6680faf665
make sure tcp/udp Conn are closed on stop signal
2019-10-25 12:56:34 +02:00
ceed905196
Add a more explicit message when a user is set on Windows
2019-10-25 12:53:59 +02:00
a26b2b42f0
Rename negTTL to rejectTTL to avoid confusion with cacheNegTTL
2019-10-21 18:26:49 +02:00
bb01595320
feature: Add neg_ttl for rejected entries and cloak_ttl for cloaking-rules
...
entries
Previously cache_min_ttl was used. But one can certainly set
cache_min_ttl to 0, but still ensure synthetic values have ttl.
Hence new config file options.
2019-10-21 18:12:49 +02:00
Frank Denis
Kiril Angov
Kevin O'Sullivan
milgradesec
William Elwood
Eric Lagergren
Vladimir Bauer
Markus Linnala