1
0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-01-01 00:57:32 +01:00
Commit Graph

1559 Commits

Author SHA1 Message Date
Frank Denis
9c50963f69 Add Captain Miao ad list, whitelist mobiledl.adobe.com 2020-12-01 08:46:15 +01:00
Frank Denis
01e60ab31b Add localhost to the allowlist 2020-12-01 08:37:03 +01:00
Frank Denis
df8cfe3f3c dnsdist has been fixed 2020-11-30 14:31:30 +01:00
mibere
f5827520d8
download mirror download.dnscrypt.net (#1527)
Files are locally hosted on download.dnscrypt.net. A cronjob updates the files every 3 hours, source is https://download.dnscrypt.info
download.dnscrypt.net has IPv4 and IPv6, DNSSEC, HTTPS
2020-11-27 22:35:27 +01:00
Frank Denis
f9c11f0897 Allow arbitrary addresses to be set in listen_addresses
Only works on OpenBSD/FreeBSD/Linux (including Android)

Fixes #1362
2020-11-25 19:23:30 +01:00
Frank Denis
02a6ca1098 Keep .home in forwarding rules 2020-11-25 01:39:11 +01:00
petercooperjr
715c32f0fc
Change example forwarding rule to match recommended .home.arpa TLD (#1523)
The ".home" TLD was proposed at one point, and while it's probably not going to actually ever get delegated it's not best practice to just start using your own TLD. The .home.arpa domain has been specifically set aside for use in home networks (RFC 8375) and is probably the better example to put here.
2020-11-25 01:38:14 +01:00
Frank Denis
9e4131c6f7 Add ipv6.download.dnscrypt.info for testing 2020-11-23 21:10:22 +01:00
Frank Denis
cae3719464 CI: verify that queries sent over local DoH are properly logged 2020-11-18 20:22:16 +01:00
Frank Denis
7e3e9aa5d2 New version of kardianos/service 2020-11-18 10:19:58 +01:00
Ian Bashford
90a9a9d992
allowed ips plugin (#1510) 2020-11-15 20:59:58 +01:00
Frank Denis
6b6c6753aa Revert struct packing changes for the configuration
structlop is nice, but strips renames
2020-11-14 15:34:03 +01:00
Frank Denis
4fa643ef4d Repack structures to save some memory 2020-11-14 14:46:59 +01:00
Frank Denis
e6fdb08d3d Update deps 2020-11-06 07:43:29 +01:00
lifenjoiner
078f69357e
Update example-dnscrypt-proxy.toml (#1489)
* Update lb_strategy usage

* Update example-dnscrypt-proxy.toml
2020-10-21 14:21:39 +02:00
Frank Denis
6ee164a3c9 Update miekg/dns and other dependencies 2020-10-19 16:46:12 +02:00
Frank Denis
7a03369d01 Debug log certificate TTL 2020-10-12 17:58:08 +02:00
Frank Denis
d0674ef4d2 Cleanup go.sum 2020-10-12 10:38:44 +02:00
Frank Denis
2b826bbb64 Update deps 2020-10-12 10:35:37 +02:00
Ian Bashford
f2700874fd
user-friendly comments - follow up to #1412 (#1486) 2020-10-04 21:05:24 +02:00
Frank Denis
7b7107902b Update deps 2020-09-21 02:15:51 +02:00
Frank Denis
8b72e58656 Make key exchange behaviors consistent 2020-09-21 02:14:17 +02:00
Frank Denis
e54056bc38 Update deps 2020-09-18 18:19:55 +02:00
Frank Denis
687fe27371 Nits 2020-09-18 00:14:50 +02:00
Frank Denis
272984a640 Add support for EDNS-client-subnet
Fixes #1471
2020-09-18 00:11:26 +02:00
Frank Denis
4d7f253e6b Don't spawn new connections if we are full 2020-09-17 00:49:49 +02:00
Frank Denis
8411e5a91b Revert "Error out if the dns64 plugin is enabled without listening sockets"
This reverts commit b02649f774.
2020-09-17 00:45:48 +02:00
Frank Denis
4eab88c017 plugin_dns64: don't send queries to self
Fixes #1477
2020-09-17 00:44:37 +02:00
Frank Denis
b460ca9fa8 Simplify hasAAAAQuestion 2020-09-17 00:24:04 +02:00
Frank Denis
b02649f774 Error out if the dns64 plugin is enabled without listening sockets 2020-09-17 00:19:00 +02:00
Frank Denis
c74b993cbb dns64: check the original question, not the returned one 2020-09-17 00:10:11 +02:00
Frank Denis
26505ab560 Merge declaration and assignment 2020-09-13 20:24:06 +02:00
Frank Denis
018d8412be Format generate-domains-blocklist.py with Black 2020-09-12 23:34:39 +02:00
Frank Denis
5a1b87130d Use single quotes for strings
Fixes #1466
2020-09-03 21:21:05 +02:00
Ian Bashford
a510b97d86
Update to generate-domains-blocklist.py (#1412)
* ConfigFile change to allowlist and blocklist

* revised names and warnings

* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity

* update ci files

* message about deprecation of -w

Co-authored-by: Ian Bashford <ianbashford@gmail.com>
2020-09-01 23:05:25 +02:00
Frank Denis
d175642df3 Quad9 seems to have upgraded their dnsdist version! 2020-08-31 17:13:14 +02:00
Frank Denis
f678f39535 CHEF-KOCH lists have moved to Gitlab 2020-08-31 16:06:30 +02:00
Frank Denis
d5c3c6747e Revert "CHEF-KOCH is not on GitHub any more :("
This reverts commit b448324e1a.
2020-08-31 16:05:51 +02:00
Frank Denis
b448324e1a CHEF-KOCH is not on GitHub any more :(
Fixes #1462
2020-08-30 17:16:49 +02:00
IceCodeNew
fd98ced18d
fix bblck.me domain not exist error (#1447) 2020-08-15 08:58:59 +02:00
Frank Denis
fa5c55c64a Debug log query names 2020-08-09 13:09:37 +02:00
Frank Denis
dadb38c32e Lower severity 2020-08-05 15:50:48 +02:00
Frank Denis
0ac96fec30 Add some logging back to fetchDoHServerInfo() 2020-08-05 15:39:30 +02:00
Frank Denis
b583fb5314 Turns out that the "test." zone is directly served by the Tencent CDN
without hitting the actual resolvers.

So, we need to use a different test zone.
2020-08-05 15:03:16 +02:00
Frank Denis
f3157b0a42 Check DoH servers with a query to a random name
The issue with benchmarking DoH servers is that some responses can
be directly served by a CDN, while others require a round trip to
the origin that can be significantly more expensive.

Random padding was an attempt at mitigating this. Unfortunately,
some servers (Tencent) ignore the padding. We end up with a query
for the root zone served by the Tencent CDN very quickly, but
anything else is orders of magnitude slower.

So, measure a query within the reserved "test." zone instead.
Caching resolvers should either know that "test." is undelegated,
or have it in their negative cache already, so this is unlikely to
trigger an actual query to authoritative servers.

Take it as an opportunity to check that we don't get anything but
a NXDOMAIN response for nonexistent domains.
2020-08-05 14:54:14 +02:00
Frank Denis
60d4c98f31 Unbreak running without a captive portal configuration file 2020-08-04 00:50:59 +02:00
Frank Denis
5843e49188 Sync vendor 2020-08-03 18:23:57 +02:00
dependabot-preview[bot]
1ed325b5c5
Bump github.com/miekg/dns from 1.1.30 to 1.1.31 (#1432)
Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.30 to 1.1.31.
- [Release notes](https://github.com/miekg/dns/releases)
- [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release)
- [Commits](https://github.com/miekg/dns/compare/v1.1.30...v1.1.31)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
2020-08-03 18:23:09 +02:00
Frank Denis
f7f84fd871 Add ipv4only.arpa 2020-08-03 18:20:12 +02:00
Frank Denis
4424602e39 Start experimenting with better support for captive portals
MacOS (and probably Windows and other systems) tries to fetch a URL
before marking a network interface as available.

During this time, applications cannot use the interface at all, not
even bind their address.

When DNS queries are sent to dnscrypt-proxy, this causes the system
to wait for a response that can't come from the network, since we
hit a dead lock here.

The only option is to return hard-coded responses directly until
te interface is available.

The same captive portal configuration file can also serve a different
purpose.

Once the network is available, captive portal detection may not
work as expected if the answer is cached for too long. In fact, it
probably can't work at all since routers can't hijack DNS queries.

Once thing we can do is redirect the list of names used for captive
portal detection to the fallback resolvers. This may allow detection
to work as expected while still using a secure channel for all
other queries.
2020-08-03 18:05:42 +02:00