7621737dde
Improve debugging
2020-03-26 13:30:39 +01:00
7424f1a8b7
Try harder to work around Cisco and Quad9 bugs
2020-03-25 20:10:11 +01:00
81c8d68462
Pad queries to 1472 bytes for implementations with broken padding
...
Quad9 doesn't return TC when responses are larger than the question;
it doesn't return anything instead :(
2020-03-25 18:06:02 +01:00
dd37eaed7c
Retry over TCP on UDP timeouts
2020-03-25 17:45:59 +01:00
49910d2f72
Localize some error values
2020-03-13 18:44:30 +01:00
19647e03a6
Overwrite the server name only when we need to send an upstream query
2020-03-13 17:52:09 +01:00
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
aa0e7f42d3
Make the xTransport functions return the HTTP body directly
...
This simplifies things, but also make RTT computation way more reliable
2020-02-21 22:33:34 +01:00
70311614a0
Improve error message on DNSSEC failure
2020-01-31 10:58:07 +01:00
f34d7b60fa
Implement serve-stale
2020-01-30 13:15:29 +01:00
f22461374c
Retry UDP queries on timeout
2020-01-29 18:53:39 +01:00
4d788aed85
Make UDP and TCP code similar when it comes to SOCKS proxying
...
Actually use the relay when both a relay and a SOCKS proxy are
configured.
Keep forcing TCP when SOCKS is enabled. I couldn't get UDP proxying
to work with Shadowsocks.
2020-01-27 16:07:08 +01:00
c27d41faa0
Avoid unneeded DNS packet unpacking
2019-12-23 11:37:45 +01:00
b1c08f8931
Handle Drop/Synth actions the same way in query and response plugins
2019-12-17 16:28:12 +01:00
66799c4159
Add the ability to block undelegated DNS zones
...
Using the generic pattern matcher as a first iteration, but we can
save some memory and CPU cycles by building and using a critbit tree
directly.
2019-12-16 16:18:47 +01:00
a635e92606
Add a new plugin to block unqualified host names
2019-12-09 20:25:38 +01:00
8efbf401c8
add error checks
2019-12-09 12:50:30 +01:00
3a4bc98073
Handle clientsCount in the local DoH handler, too
2019-12-03 13:04:58 +01:00
3b50caf4cd
Add a default local DoH path, print the URLs
2019-11-29 08:53:13 +01:00
f18dbc71ec
Make the local DoH path configurable
2019-11-28 23:49:28 +01:00
6a679cc543
Move local DoH configuration to its own section
2019-11-28 17:04:29 +01:00
be996c486f
Local DoH support, continued
2019-11-28 16:46:25 +01:00
1966a8604b
up
2019-11-26 01:36:35 +01:00
f249813cc5
First bits towards providing access over DoH in addition to DNS
...
Mainly to deal with the Firefox+ESNI situation
2019-11-24 22:46:27 +01:00
30b5507bf4
Make the part that creates or gets sockets more readable
2019-11-24 22:12:23 +01:00
45cb7b48df
Format
2019-11-17 21:28:26 +01:00
06c0fbb65b
Add NETWORK_ERROR
2019-11-17 19:48:15 +01:00
ca7e5e5bcb
Rename a few things
2019-11-17 15:07:40 +01:00
15b405b552
Support workarounds for ancient/broken implementations
...
Fixes #984
2019-11-16 18:51:16 +01:00
7e73a26a2f
Move most of the prefetching code into sources.go
...
The proxy shouldn't need to know how prefetching works, just that it needs to do it occasionally. Now the prefetching algorithm can be refactored without having to touch the proxy code.
2019-11-08 10:17:12 +01:00
78f2dead79
Move prefetch URLs onto Source struct
...
This is mostly in preparation for further refactoring, but does reduce the number of return values from `NewSource()` too.
2019-11-08 10:17:12 +01:00
da3f30871f
Revert "fix: proxy: Trigger query logging plugins using defer"
...
This reverts commit fc9509a8c8
2019-11-05 00:54:03 +01:00
1c9924e055
check error that was being erroneously shadowed
2019-10-31 17:55:26 +01:00
3a68f90c37
Back to 2.0.29 beta 3 ( ceed905196)
2019-10-31 17:50:19 +01:00
fb1fc14317
Revert "refactoring of pull 980"
...
This reverts commit 6fa420a8e0
2019-10-31 17:36:59 +01:00
6fa420a8e0
refactoring of pull 980
...
follow up on https://github.com/DNSCrypt/dnscrypt-proxy/pull/980#issuecomment-548153169
2019-10-31 15:04:12 +01:00
7f82c2504d
check error that was being erroneously shadowed
2019-10-31 09:52:05 +01:00
6680faf665
make sure tcp/udp Conn are closed on stop signal
2019-10-25 12:56:34 +02:00
ceed905196
Add a more explicit message when a user is set on Windows
2019-10-25 12:53:59 +02:00
a26b2b42f0
Rename negTTL to rejectTTL to avoid confusion with cacheNegTTL
2019-10-21 18:26:49 +02:00
bb01595320
feature: Add neg_ttl for rejected entries and cloak_ttl for cloaking-rules
...
entries
Previously cache_min_ttl was used. But one can certainly set
cache_min_ttl to 0, but still ensure synthetic values have ttl.
Hence new config file options.
2019-10-21 18:12:49 +02:00
92e632daf1
Fail on failure :)
2019-10-20 23:07:36 +02:00
1cb9a360de
fix: proxy: Add missing logging in a case where flow does not return
2019-10-20 22:27:30 +02:00
74c1f4a00d
Use the relay for cert retrieval over TCP, tooo
...
But don't use a relay if a proxy has been specified already
2019-10-20 21:45:19 +02:00
fc9509a8c8
fix: proxy: Trigger query logging plugins using defer
...
This is more robust and uses lot less lines.
2019-10-20 21:30:24 +02:00
320197a00e
Accept relay names in routes, improve documentation
2019-10-20 14:19:21 +02:00
fbe9f225dd
Reencrypt on TCP retries
2019-10-20 02:04:32 +02:00
d6b63aaf15
Pad certificate requests and add support for proxies
2019-10-19 22:08:02 +02:00
ac6fd3db39
differentiate between timeout and other error for dnscrypt servers
2019-10-19 10:36:26 +02:00
0058bc063e
feature: service_linux: Support systemd watchdog
2019-10-19 09:36:39 +02:00
Frank Denis
Kevin O'Sullivan
milgradesec
William Elwood
Eric Lagergren
Vladimir Bauer
Markus Linnala
Alison Winters