Ian Bashford
90a9a9d992
allowed ips plugin ( #1510 )
2020-11-15 20:59:58 +01:00
lifenjoiner
078f69357e
Update example-dnscrypt-proxy.toml ( #1489 )
...
* Update lb_strategy usage
* Update example-dnscrypt-proxy.toml
2020-10-21 14:21:39 +02:00
Frank Denis
272984a640
Add support for EDNS-client-subnet
...
Fixes #1471
2020-09-18 00:11:26 +02:00
Frank Denis
5a1b87130d
Use single quotes for strings
...
Fixes #1466
2020-09-03 21:21:05 +02:00
Frank Denis
d175642df3
Quad9 seems to have upgraded their dnsdist version!
2020-08-31 17:13:14 +02:00
Frank Denis
8dd4612ea7
Don't use Lumberjack for non-regular files
...
Fixes #1407
2020-07-08 13:48:04 +02:00
Frank Denis
77a27a46a4
Rename the python script name in the example config
2020-07-08 12:05:42 +02:00
Ian Bashford
af564522ec
Further block/allow updates ( #1406 )
...
* ConfigFile change to allowlist and blocklist
* revised names and warnings
* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity
* update ci files
* further allow/blocklist updates
* improve language in comments
Co-authored-by: Ian Bashford <ianbashford@gmail.com>
2020-07-08 12:01:06 +02:00
hugepants
038ebea0ed
Update broken_implementations with Quad9 -pri suffix ( #1398 )
2020-07-03 15:28:09 +02:00
hugepants
63c8f0610f
Update broken_implementations list with updated Quad9 v3 names ( #1390 )
2020-07-03 14:05:39 +02:00
Frank Denis
9bc5bb0e14
Clarify
2020-07-03 13:03:57 +02:00
yofiji
7a6f1461f8
Add option to go direct for failed certificate retrieval via relay ( #1397 )
...
* Add option to go direct for failed certificate retrieval via relay
* add direct_cert_fallback to example config file
Co-authored-by: yofiji <you@example.com>
2020-07-03 12:58:36 +02:00
Ian Bashford
b089d49d25
ConfigFile change to allowlist and blocklist ( #1375 )
...
* ConfigFile change to allowlist and blocklist
* revised names and warnings
* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity
* update ci files
Co-authored-by: Ian Bashford <ianbashford@gmail.com>
2020-06-26 23:18:30 +02:00
hugepants
19c0c3f7db
Add forward slashes to example stamp for consistency ( #1388 )
...
Seems to work with or without, but makes it consistent with the toml, the documentation and the stamp calculator.
2020-06-26 17:36:15 +02:00
Frank Denis
8935fa454a
v2 -> v3
2020-06-21 22:20:34 +02:00
Frank Denis
d7f16f6be4
Uncomment sections for consistency
2020-06-10 11:04:50 +02:00
Frank Denis
8945cb1b90
Add log_file_latest
2020-06-08 22:31:03 +02:00
Frank Denis
87c161ab76
Clarify what log_file is
2020-06-08 20:07:24 +02:00
Frank Denis
b32ffbb807
Discourage from blindly using dns64
2020-06-08 18:59:39 +02:00
s-s
f48b13f7b8
Add DNS64 support
2020-06-08 18:42:54 +02:00
Frank Denis
d766dc8bf7
doh_client_x509_auth: make it clear that root_ca is optional
2020-06-08 18:09:37 +02:00
Kevin O'Sullivan
5db4365540
Adding support for additional root CAs for DoH TLS Auth ( #1281 )
2020-06-08 18:01:40 +02:00
Frank Denis
3e264b9da9
Rename tls_client_auth to doh_client_x509_auth
...
Maybe improves clarity? I can never remember what tls_client_auth does.
2020-04-26 21:21:00 +02:00
Frank Denis
3775d59217
Add some comments for an obscure feature
2020-04-26 21:05:23 +02:00
Frank Denis
f6b9706322
This reverts commit 876e389a0a
.
...
April 1st is almost over :)
2020-04-01 21:55:17 +02:00
Frank Denis
876e389a0a
Make doh.nsa.gov the default DNS server
2020-04-01 12:22:52 +02:00
Frank Denis
3ca80afb19
packets -> client queries
2020-03-26 17:25:52 +01:00
Frank Denis
74095d38ed
Remove LargerResponsesDropped
...
dnsdist drops DNSCrypt queries shorter than 256 bytes, interpreting them
as not being encrypted instead. This is surprising when doing ad-hoc
testing, but absolutely fine, and we will never send shorter encrypted
queries on normal circumstances.
So, remove a useless knob.
2020-03-26 17:20:34 +01:00
Frank Denis
b3fbc2304d
All dnsdist servers exhibit the same behavior re: sending truncated responses
...
A 128 bytes query will not get a 200 bytes response (randomly tested on
3.tlu.dl.delivery.mp.microsoft.com), not even a truncated one.
It may be related to fragments being blocked on the server socket, or a
different issue. We can expect everything to be back to normal in dnsdist
1.5.0 no matter what.
2020-03-26 15:19:17 +01:00
Frank Denis
5049516f53
Add an option to ignore servers incompatible with anonymization
2020-03-26 13:41:57 +01:00
Frank Denis
ad36321dc8
Add cleanbrowsing until dnsdist 1.5.0 is out
2020-03-26 12:31:12 +01:00
Frank Denis
8896787e66
Add other dnsdist servers until the MTU issue is fixed
...
https://github.com/PowerDNS/pdns/pull/7410
2020-03-26 10:57:09 +01:00
Frank Denis
7424f1a8b7
Try harder to work around Cisco and Quad9 bugs
2020-03-25 20:10:11 +01:00
Frank Denis
25b89e57ae
Add Quad9 back to the list of servers with broken padding
2020-03-25 18:11:16 +01:00
Frank Denis
c4287c799f
Quad9 doesn't seem to block fragments on all networks
...
So, remove them from the static list and trust the runtime checks
for detection.
2020-03-24 14:32:23 +01:00
Frank Denis
44db53f58b
Not dnsdist
2020-03-20 21:19:34 +01:00
Frank Denis
d1710a4d2b
Use single quotes for consistency
2020-03-20 21:18:30 +01:00
Frank Denis
094ea07dc2
Bump
2020-03-20 21:09:34 +01:00
Frank Denis
4c402a6012
Revert "Implement pN load balancing strategy ( #1188 )"
...
This reverts commit 014a75c0ec
.
2020-03-20 17:55:33 +01:00
Timofey
014a75c0ec
Implement pN load balancing strategy ( #1188 )
2020-03-20 17:55:03 +01:00
Frank Denis
810f6043d2
People are used to seeing the [static] section at the end
2020-03-09 22:14:31 +01:00
Kevin O'Sullivan
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
Will Elwood
b2be617e6b
Update example-dnscrypt-proxy.toml
...
Fixes to grammar and other minor issues.
2020-02-26 15:13:49 +01:00
Will Elwood
11b31dea4f
Update example-dnscrypt-proxy.toml
...
Attempt to clarify the behaviour of server_names.
2020-02-26 15:13:49 +01:00
Frank Denis
a6d946c41f
Shorten the default broken_query_padding list
2020-02-21 20:33:13 +01:00
Frank Denis
4608b6d18d
Add auad9 to the broken_query_padding list
...
Fixes #1169
2020-02-21 20:31:45 +01:00
Alison Winters
8c42609475
fix minor typoS in config file
2020-02-14 18:48:48 +00:00
Frank Denis
323c4a4758
Don't explain the format of other config files in the main config file
...
This is confusing if you don't read the documentation.
Fixes #1179
2020-02-05 12:17:14 +01:00
Frank Denis
3a94523d65
Bump the cache size a little bit
2020-01-30 15:08:23 +01:00
Frank Denis
7ada3fcfb8
Support multiple fallback resolvers
2020-01-15 19:58:14 +01:00