Frank Denis
9cb89ae410
odoh.md has been deprecated
2021-08-14 13:01:12 +02:00
Frank Denis
e83cb28ef5
Split ODoH servers and relays
2021-08-14 12:33:10 +02:00
Frank Denis
35c82e3dcf
Next will be 2.1.0
2021-08-13 19:20:27 +02:00
Frank Denis
1052fa6323
serve-stale on overflow
2021-08-04 14:30:32 +02:00
Frank Denis
c8a61abb79
Update comment
2021-08-04 14:27:58 +02:00
Frank Denis
e64425b5e7
On overflow, only respond to cached/synthesized queries
2021-08-04 14:27:24 +02:00
Frank Denis
da69583bd2
When we run out of connections, handle an extra one synchronously
2021-08-04 13:35:33 +02:00
Frank Denis
d996e3424d
No need to get the time if the connection is refused
2021-08-04 13:23:21 +02:00
Frank Denis
b4a073f54f
Typo
2021-08-03 11:24:16 +02:00
Frank Denis
0ca90dd8cc
xtransport: set a default error status code
2021-07-31 13:21:45 +02:00
Frank Denis
026c42424f
Workaround for ODoH relays not properly forwarding the status code
...
Some ODoH relays return a 200 status code even when the upstream
server returns something different. This is an issue after a key
update, where a 401 code is expected.
Handle empty responses with a 200 status code as a response with
a 401 code as a workaround until these relays are fixed.
2021-07-31 12:54:23 +02:00
Frank Denis
cedd4f3b54
xtransport: properly forward the status code on error
2021-07-31 12:38:10 +02:00
Frank Denis
796a7f6d31
Add an example for blocking private relay
2021-07-17 14:22:10 +02:00
Frank Denis
d35c1c3cb2
Lower reject_ttl even more
2021-07-16 16:46:50 +02:00
Frank Denis
8b3b7d38ac
Set ttl to reject_ttl for HINFO refused responses
...
Also lower the example TTL
2021-07-16 16:40:21 +02:00
Frank Denis
4caa7b6d64
Verbose
2021-06-12 14:48:02 +02:00
Frank Denis
9bea0e8f20
Nits
2021-06-12 14:16:20 +02:00
Frank Denis
b472fb3b21
Bump
2021-06-12 14:03:26 +02:00
Frank Denis
5fb2901dbc
Fuzz the stamps parser
2021-06-11 22:20:54 +02:00
Frank Denis
ccddb18424
Time to start fuzzing
2021-06-11 22:13:58 +02:00
Frank Denis
1b03ac817e
ODoH: supoprt config version 0x0001 in addition to 0xff06
2021-06-11 21:18:05 +02:00
Frank Denis
95c9fa75f8
Bump
2021-06-08 11:00:01 +02:00
Frank Denis
a85a003d2b
Filter relays by compatible type before selecting them
...
Fixes #1739
2021-06-08 10:52:06 +02:00
Frank Denis
5a9a6467df
Correctly check for empty/wrong relays
2021-06-08 10:27:03 +02:00
Frank Denis
ec581597a2
Require ODoH relays to be present
...
ODoH target stamps don't include certificate hashes; they are not
meant to be used directly.
2021-06-08 10:19:02 +02:00
Frank Denis
33ed882efe
Warn if fallback_resolvers is still in use
2021-06-08 09:53:53 +02:00
Frank Denis
b39232e996
this -> that
2021-06-08 01:14:11 +02:00
Frank Denis
9ebb90b22e
fallback -> bootstrap
2021-06-08 00:44:06 +02:00
Frank Denis
6076e2dd03
www.msftncsi.com IPs update
2021-06-07 18:47:31 +02:00
Frank Denis
d0e27a1366
Update ChangeLog
2021-06-07 18:25:52 +02:00
Frank Denis
d5e9ed3aa9
Don't hardcode the HPKE cipher
2021-06-07 18:16:15 +02:00
Frank Denis
45d3afc8f9
Call ObliviousDoHQuery() on the initial test
2021-06-07 17:32:34 +02:00
Frank Denis
e7f017c592
ODoH: try POST first, even without a relay
2021-06-07 17:19:56 +02:00
Frank Denis
a2ebe0c4a4
dnscrypt-proxy/odoh.go -> dnscrypt-proxy/oblivious_doh.go
2021-06-07 15:53:11 +02:00
Frank Denis
083fa0ad3c
Add an extra retry since ODoH servers are currently unstable
2021-06-07 13:49:37 +02:00
Frank Denis
f5a69c3bdc
Reduce delay
2021-06-07 13:46:44 +02:00
Frank Denis
9e96bbc20b
Continue, don't return
2021-06-07 13:44:08 +02:00
Frank Denis
a181a23263
Send a dummy initial query before RTT measurement in ODoH
2021-06-07 13:42:33 +02:00
Frank Denis
fad415f05a
Update example documentation
2021-06-07 13:37:08 +02:00
Frank Denis
29613096da
ODoH servers should not require a static configuration
2021-06-07 13:21:58 +02:00
Frank Denis
7980af6f46
Error propagation
2021-06-07 12:38:36 +02:00
Frank Denis
94151f9f96
Use ODoH relays in probes
2021-06-07 12:23:26 +02:00
Frank Denis
a11da2d4fb
ODoH: check certificate hashes
2021-06-07 12:09:27 +02:00
Frank Denis
e0483bbb27
Pretend not to always use the first ODoH config
2021-06-07 12:06:36 +02:00
Frank Denis
b35e27bd51
Shuffle ODoH target configs and use different NX queries
2021-06-07 12:05:42 +02:00
Frank Denis
4a4f69edb7
ODoH: only store working configurations
...
Actually, we only store the first one right now.
We should at least randomize them.
2021-06-07 12:02:21 +02:00
Frank Denis
96b05e57ca
Preliminary propoer ODoH initialization
2021-06-07 11:47:11 +02:00
Frank Denis
56f2e9adcc
server_name is ignored for x509 certs
2021-06-07 11:27:33 +02:00
Frank Denis
dc99f1bc2c
If you need this, implement it
2021-06-07 11:26:37 +02:00
Frank Denis
0d81fa2796
Remove doh_client_x509_auth stuf from fetchServerInfo
...
It doesn't belong there, and that feature doesn't do what it's
documented to do. It sets client certificates globally instead of
doing it per server.
2021-06-07 11:23:48 +02:00