Frank Denis
c184ce1a03
systemd support
...
How does it work? I don't know. Does it work? I don't know.
Would I encourage its use? No.
2018-01-24 14:44:32 +01:00
Frank Denis
0ce20518db
Make the UDP and TCP listeners more generic
2018-01-24 14:22:56 +01:00
Frank Denis
1bcb791270
up
2018-01-24 14:13:29 +01:00
Frank Denis
abb659eed2
Nits
2018-01-23 15:51:57 +01:00
Frank Denis
3a3535dcbc
Still tolerate hex-encoded pks, but emit a warning
2018-01-23 15:42:22 +01:00
Frank Denis
ccbdd41f5d
Add support for shorter stamps with binary public keys
2018-01-23 15:23:11 +01:00
Frank Denis
2d7920af22
Prefer sdns:// which is less application-tainted
2018-01-22 12:00:42 +01:00
Frank Denis
d7b8217018
Only cache specific Rcodes
2018-01-22 11:19:57 +01:00
Frank Denis
a9476fe04b
Mention how to run as a non-root user on Linux
2018-01-22 10:56:52 +01:00
Frank Denis
973b53afdc
Simplify
2018-01-22 10:02:06 +01:00
Frank Denis
8324b29b42
Require stamps in static server definitions
...
Provider names, etc. are not future-proof. In particular, they are
incompatible with other protocols such as DoH.
2018-01-22 09:59:32 +01:00
Frank Denis
1d18a230c0
Consistent casing
2018-01-21 22:18:20 +01:00
Frank Denis
3dcedac390
beta8
2018-01-21 19:52:51 +01:00
Frank Denis
29fee1585f
abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist
...
With the following ruleset:
ex.com
bc.ex.com
"abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's
not at a label boundary, it is not rejected.
However, there is a more general rule that should be considered, ex.com.
So we need to perform at least two lookups in that case.
2018-01-21 19:47:19 +01:00
Frank Denis
6ca2697128
Clear certIgnoreTimestamp if we found at live 1 live server
2018-01-21 18:14:37 +01:00
Frank Denis
8bcba92f97
Add an undocumented option to ignore cert timestamps
2018-01-21 18:10:38 +01:00
Frank Denis
05e07e8b69
Add a simple built-in DNS client for testing
2018-01-21 18:02:32 +01:00
Frank Denis
d9b5625226
IP blocking
2018-01-21 16:07:44 +01:00
Frank Denis
1c80e80a0d
Do not recommend block_ipv6
2018-01-21 00:54:20 +01:00
Frank Denis
f80c16ed2a
Slightly change the way we block ipv6
2018-01-20 22:30:36 +01:00
Frank Denis
f7b8b70322
Revert "AAAA filter: Reject instead of sending an empty response"
...
This reverts commit aceb8b30f7
.
2018-01-20 22:06:40 +01:00
Frank Denis
aceb8b30f7
AAAA filter: Reject instead of sending an empty response
...
Empty responses can cause issues with CNAME records
2018-01-20 20:37:02 +01:00
Frank Denis
f33b8a964a
Use softfloat on mips builds
2018-01-20 19:20:50 +01:00
Frank Denis
4f0c36ac27
Don't log blocked suffixes in reverse
2018-01-20 17:25:16 +01:00
Frank Denis
9a85a50efd
beta6
2018-01-20 17:14:53 +01:00
Frank Denis
a1461f3452
Remove unused variable
2018-01-20 17:14:21 +01:00
Frank Denis
5dd08fe56b
Fix swapped out arguments in substring check
...
*example.com* was matching ample.com, not xxxexample.comxxx
Fixes #14
2018-01-20 17:11:46 +01:00
Frank Denis
4f42dd01a4
nxlog
2018-01-20 17:03:48 +01:00
Frank Denis
1e0e01e8e1
NXLOG: a new output plugin to log suspicious queries
2018-01-20 16:59:40 +01:00
Frank Denis
caca210568
Regen deps
2018-01-20 14:20:45 +01:00
Frank Denis
47fdc45b2d
beta5
2018-01-20 14:15:20 +01:00
Frank Denis
ed50798049
Preliminary implementation of stamps
2018-01-20 14:13:11 +01:00
Frank Denis
88414e1448
Print stamps; require an env variable for debug level
2018-01-20 13:56:26 +01:00
Frank Denis
0fe21b2d57
Shortcut filters for the root zone
2018-01-20 13:30:19 +01:00
Frank Denis
066db6a080
Replace logged_qtypes with ignored_qtypes
2018-01-20 13:27:37 +01:00
Frank Denis
5080502381
" -> ' \because\people\still\use\backslahes\to\separate\path\components
2018-01-20 13:20:30 +01:00
Frank Denis
475d7edb2a
Fix suffix matching so that www.example is rejected if example is filtered
2018-01-20 13:18:54 +01:00
Frank Denis
b9e89d2278
megacheck
2018-01-20 01:00:19 +01:00
Frank Denis
5dae74ab0b
beta4
2018-01-20 00:40:44 +01:00
Frank Denis
187de17396
Don't prefetch more frequently than 1/min
2018-01-20 00:31:54 +01:00
Frank Denis
1c27d6c230
Improved error handling
2018-01-20 00:30:33 +01:00
Frank Denis
7fbb4c5428
Improve the prefetcher; run a dedicated goroutine
2018-01-19 23:43:45 +01:00
Frank Denis
2ab29a43d6
Reduce the noise
2018-01-19 22:37:05 +01:00
Frank Denis
a64f90e1ba
Update dlog
2018-01-19 20:54:32 +01:00
Frank Denis
fd9291b240
Update dlog
2018-01-19 20:27:48 +01:00
Frank Denis
6e1eaf7b90
More flexible logging; add support for the Windows event log
2018-01-19 20:06:04 +01:00
Frank Denis
ed33eb4890
up
2018-01-19 19:48:01 +01:00
Frank Denis
b02a4e6c73
Update dlog; now with support for the Windows Event Log
...
(completely untested)
2018-01-19 19:33:25 +01:00
Frank Denis
4b4bf36633
Unreachable -> Timeout
2018-01-19 16:40:35 +01:00
Frank Denis
aac0078991
Choose if we want to use IPv6 and/or IPv4 servers
2018-01-19 16:38:43 +01:00