Commit Graph

231 Commits

Author SHA1 Message Date
Frank Denis 803bc18027 Use a v2 list 2018-01-25 15:17:46 +01:00
Frank Denis 79193e6ee3 Add support for V2 source format -- Goodbye, CSV. 2018-01-25 15:02:18 +01:00
Frank Denis 78e8abeebc Use http:// 2018-01-25 14:34:55 +01:00
Frank Denis 054461e240 Reserve identifiers for traditional nonencrypted DNS and for DoH 2018-01-25 14:31:18 +01:00
Frank Denis f6a9229e2f Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Fix systemd socket support
2018-01-25 14:16:45 +01:00
Frank Denis 5b6e774356 Add service installation scripts for Windows 2018-01-25 14:15:28 +01:00
Frank Denis eb4f392071
Merge pull request #31 from Zirkelite/master
Fix systemd socket support
2018-01-25 11:17:42 +01:00
Adrián Laviós Gomis 023c3e78ee Fix systemd socket support 2018-01-25 10:24:28 +01:00
Frank Denis 81715555be Update deps 2018-01-24 20:08:48 +01:00
Frank Denis 1d5cce9cd1 Don't compress executables any more.
Fixes #26
2018-01-24 17:03:20 +01:00
Frank Denis 996d9be4e3 Improve message if /proc/self/exe doesn't exist (?)
Fixes #26
2018-01-24 16:55:28 +01:00
Frank Denis 732c451dd4 Add max_clients to cap the maximum number of client queries 2018-01-24 16:51:26 +01:00
Frank Denis e272dd84f7 up 2018-01-24 16:04:52 +01:00
Frank Denis 285cd09831 Don't compress on mips64 2018-01-24 15:41:48 +01:00
Frank Denis 81ec92d837 Remove --brute for now, for speed 2018-01-24 15:34:38 +01:00
Frank Denis 1dbc765fd7 crlf 2018-01-24 15:23:03 +01:00
Frank Denis b11c536fcc Compress only on relevant targets 2018-01-24 15:21:24 +01:00
Frank Denis 94f9c14ad7 Only attempt to use systemd on linux
Remove plan9 builds
2018-01-24 15:14:48 +01:00
Frank Denis d208d38f3f Update go, compress executables 2018-01-24 15:03:58 +01:00
Frank Denis 0b52211fa3 Update dnsc:// leftovers 2018-01-24 14:48:48 +01:00
Frank Denis c184ce1a03 systemd support
How does it work? I don't know. Does it work? I don't know.
Would I encourage its use? No.
2018-01-24 14:44:32 +01:00
Frank Denis 0ce20518db Make the UDP and TCP listeners more generic 2018-01-24 14:22:56 +01:00
Frank Denis 1bcb791270 up 2018-01-24 14:13:29 +01:00
Frank Denis abb659eed2 Nits 2018-01-23 15:51:57 +01:00
Frank Denis 3a3535dcbc Still tolerate hex-encoded pks, but emit a warning 2018-01-23 15:42:22 +01:00
Frank Denis ccbdd41f5d Add support for shorter stamps with binary public keys 2018-01-23 15:23:11 +01:00
Frank Denis 2d7920af22 Prefer sdns:// which is less application-tainted 2018-01-22 12:00:42 +01:00
Frank Denis d7b8217018 Only cache specific Rcodes 2018-01-22 11:19:57 +01:00
Frank Denis a9476fe04b Mention how to run as a non-root user on Linux 2018-01-22 10:56:52 +01:00
Frank Denis 973b53afdc Simplify 2018-01-22 10:02:06 +01:00
Frank Denis 8324b29b42 Require stamps in static server definitions
Provider names, etc. are not future-proof. In particular, they are
incompatible with other protocols such as DoH.
2018-01-22 09:59:32 +01:00
Frank Denis 1d18a230c0 Consistent casing 2018-01-21 22:18:20 +01:00
Frank Denis 3dcedac390 beta8 2018-01-21 19:52:51 +01:00
Frank Denis 29fee1585f abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist
With the following ruleset:

ex.com
bc.ex.com

"abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's
not at a label boundary, it is not rejected.

However, there is a more general rule that should be considered, ex.com.

So we need to perform at least two lookups in that case.
2018-01-21 19:47:19 +01:00
Frank Denis 6ca2697128 Clear certIgnoreTimestamp if we found at live 1 live server 2018-01-21 18:14:37 +01:00
Frank Denis 8bcba92f97 Add an undocumented option to ignore cert timestamps 2018-01-21 18:10:38 +01:00
Frank Denis 05e07e8b69 Add a simple built-in DNS client for testing 2018-01-21 18:02:32 +01:00
Frank Denis d9b5625226 IP blocking 2018-01-21 16:07:44 +01:00
Frank Denis 1c80e80a0d Do not recommend block_ipv6 2018-01-21 00:54:20 +01:00
Frank Denis f80c16ed2a Slightly change the way we block ipv6 2018-01-20 22:30:36 +01:00
Frank Denis f7b8b70322 Revert "AAAA filter: Reject instead of sending an empty response"
This reverts commit aceb8b30f7.
2018-01-20 22:06:40 +01:00
Frank Denis aceb8b30f7 AAAA filter: Reject instead of sending an empty response
Empty responses can cause issues with CNAME records
2018-01-20 20:37:02 +01:00
Frank Denis f33b8a964a Use softfloat on mips builds 2018-01-20 19:20:50 +01:00
Frank Denis 4f0c36ac27 Don't log blocked suffixes in reverse 2018-01-20 17:25:16 +01:00
Frank Denis 9a85a50efd beta6 2018-01-20 17:14:53 +01:00
Frank Denis a1461f3452 Remove unused variable 2018-01-20 17:14:21 +01:00
Frank Denis 5dd08fe56b Fix swapped out arguments in substring check
*example.com* was matching ample.com, not xxxexample.comxxx

Fixes #14
2018-01-20 17:11:46 +01:00
Frank Denis 4f42dd01a4 nxlog 2018-01-20 17:03:48 +01:00
Frank Denis 1e0e01e8e1 NXLOG: a new output plugin to log suspicious queries 2018-01-20 16:59:40 +01:00
Frank Denis caca210568 Regen deps 2018-01-20 14:20:45 +01:00