miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,549 Commits 7 Branches 89 Tags 57 MiB
Commit Graph

171 Commits

Author SHA1 Message Date
Ian Bashford 90a9a9d992
allowed ips plugin (#1510) 2020-11-15 20:59:58 +01:00
lifenjoiner 078f69357e
Update example-dnscrypt-proxy.toml (#1489) 
* Update lb_strategy usage

* Update example-dnscrypt-proxy.toml
 2020-10-21 14:21:39 +02:00
Frank Denis 272984a640 Add support for EDNS-client-subnet 
Fixes #1471
 2020-09-18 00:11:26 +02:00
Frank Denis 5a1b87130d Use single quotes for strings 
Fixes #1466
 2020-09-03 21:21:05 +02:00
Frank Denis d175642df3 Quad9 seems to have upgraded their dnsdist version! 2020-08-31 17:13:14 +02:00
Frank Denis 8dd4612ea7 Don't use Lumberjack for non-regular files 
Fixes #1407
 2020-07-08 13:48:04 +02:00
Frank Denis 77a27a46a4 Rename the python script name in the example config 2020-07-08 12:05:42 +02:00
Ian Bashford af564522ec
Further block/allow updates (#1406) 
* ConfigFile change to allowlist and blocklist

* revised names and warnings

* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity

* update ci files

* further allow/blocklist updates

* improve language in comments

Co-authored-by: Ian Bashford <ianbashford@gmail.com>
 2020-07-08 12:01:06 +02:00
hugepants 038ebea0ed
Update broken_implementations with Quad9 -pri suffix (#1398) 2020-07-03 15:28:09 +02:00
hugepants 63c8f0610f
Update broken_implementations list with updated Quad9 v3 names (#1390) 2020-07-03 14:05:39 +02:00
Frank Denis 9bc5bb0e14 Clarify 2020-07-03 13:03:57 +02:00
yofiji 7a6f1461f8
Add option to go direct for failed certificate retrieval via relay (#1397) 
* Add option to go direct for failed certificate retrieval via relay

* add direct_cert_fallback to example config file

Co-authored-by: yofiji <you@example.com>
 2020-07-03 12:58:36 +02:00
Ian Bashford b089d49d25
ConfigFile change to allowlist and blocklist (#1375) 
* ConfigFile change to allowlist and blocklist

* revised names and warnings

* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity

* update ci files

Co-authored-by: Ian Bashford <ianbashford@gmail.com>
 2020-06-26 23:18:30 +02:00
hugepants 19c0c3f7db
Add forward slashes to example stamp for consistency (#1388) 
Seems to work with or without, but makes it consistent with the toml, the documentation and the stamp calculator.
 2020-06-26 17:36:15 +02:00
Frank Denis 8935fa454a v2 -> v3 2020-06-21 22:20:34 +02:00
Frank Denis d7f16f6be4 Uncomment sections for consistency 2020-06-10 11:04:50 +02:00
Frank Denis 8945cb1b90 Add log_file_latest 2020-06-08 22:31:03 +02:00
Frank Denis 87c161ab76 Clarify what log_file is 2020-06-08 20:07:24 +02:00
Frank Denis b32ffbb807 Discourage from blindly using dns64 2020-06-08 18:59:39 +02:00
s-s f48b13f7b8 Add DNS64 support 2020-06-08 18:42:54 +02:00
Frank Denis d766dc8bf7 doh_client_x509_auth: make it clear that root_ca is optional 2020-06-08 18:09:37 +02:00
Kevin O'Sullivan 5db4365540
Adding support for additional root CAs for DoH TLS Auth (#1281) 2020-06-08 18:01:40 +02:00
Frank Denis 3e264b9da9 Rename tls_client_auth to doh_client_x509_auth 
Maybe improves clarity? I can never remember what tls_client_auth does.
 2020-04-26 21:21:00 +02:00
Frank Denis 3775d59217 Add some comments for an obscure feature 2020-04-26 21:05:23 +02:00
Frank Denis f6b9706322 This reverts commit 876e389a0a. 
April 1st is almost over :)
 2020-04-01 21:55:17 +02:00
Frank Denis 876e389a0a Make doh.nsa.gov the default DNS server 2020-04-01 12:22:52 +02:00
Frank Denis 3ca80afb19 packets -> client queries 2020-03-26 17:25:52 +01:00
Frank Denis 74095d38ed Remove LargerResponsesDropped 
dnsdist drops DNSCrypt queries shorter than 256 bytes, interpreting them
as not being encrypted instead. This is surprising when doing ad-hoc
testing, but absolutely fine, and we will never send shorter encrypted
queries on normal circumstances.

So, remove a useless knob.
 2020-03-26 17:20:34 +01:00
Frank Denis b3fbc2304d All dnsdist servers exhibit the same behavior re: sending truncated responses 
A 128 bytes query will not get a 200 bytes response (randomly tested on
3.tlu.dl.delivery.mp.microsoft.com), not even a truncated one.

It may be related to fragments being blocked on the server socket, or a
different issue. We can expect everything to be back to normal in dnsdist
1.5.0 no matter what.
 2020-03-26 15:19:17 +01:00
Frank Denis 5049516f53 Add an option to ignore servers incompatible with anonymization 2020-03-26 13:41:57 +01:00
Frank Denis ad36321dc8 Add cleanbrowsing until dnsdist 1.5.0 is out 2020-03-26 12:31:12 +01:00
Frank Denis 8896787e66 Add other dnsdist servers until the MTU issue is fixed 
https://github.com/PowerDNS/pdns/pull/7410
 2020-03-26 10:57:09 +01:00
Frank Denis 7424f1a8b7 Try harder to work around Cisco and Quad9 bugs 2020-03-25 20:10:11 +01:00
Frank Denis 25b89e57ae Add Quad9 back to the list of servers with broken padding 2020-03-25 18:11:16 +01:00
Frank Denis c4287c799f Quad9 doesn't seem to block fragments on all networks 
So, remove them from the static list and trust the runtime checks
for detection.
 2020-03-24 14:32:23 +01:00
Frank Denis 44db53f58b Not dnsdist 2020-03-20 21:19:34 +01:00
Frank Denis d1710a4d2b Use single quotes for consistency 2020-03-20 21:18:30 +01:00
Frank Denis 094ea07dc2 Bump 2020-03-20 21:09:34 +01:00
Frank Denis 4c402a6012 Revert "Implement pN load balancing strategy (#1188)" 
This reverts commit 014a75c0ec.
 2020-03-20 17:55:33 +01:00
Timofey 014a75c0ec
Implement pN load balancing strategy (#1188) 2020-03-20 17:55:03 +01:00
Frank Denis 810f6043d2 People are used to seeing the [static] section at the end 2020-03-09 22:14:31 +01:00
Kevin O'Sullivan c040b13d59
Adding the ability to do TLS client authentication for DoH (#1203) 
* Adding the ability to do TLS client authentication for DoH

* whitespace nit

* Check for server specific creds before wildcard

* small comma ok idiom change
 2020-03-09 22:11:53 +01:00
Will Elwood b2be617e6b Update example-dnscrypt-proxy.toml 
Fixes to grammar and other minor issues.
 2020-02-26 15:13:49 +01:00
Will Elwood 11b31dea4f Update example-dnscrypt-proxy.toml 
Attempt to clarify the behaviour of server_names.
 2020-02-26 15:13:49 +01:00
Frank Denis a6d946c41f Shorten the default broken_query_padding list 2020-02-21 20:33:13 +01:00
Frank Denis 4608b6d18d Add auad9 to the broken_query_padding list 
Fixes #1169
 2020-02-21 20:31:45 +01:00
Alison Winters 8c42609475 fix minor typoS in config file 2020-02-14 18:48:48 +00:00
Frank Denis 323c4a4758 Don't explain the format of other config files in the main config file 
This is confusing if you don't read the documentation.

Fixes #1179
 2020-02-05 12:17:14 +01:00
Frank Denis 3a94523d65 Bump the cache size a little bit 2020-01-30 15:08:23 +01:00
Frank Denis 7ada3fcfb8 Support multiple fallback resolvers 2020-01-15 19:58:14 +01:00