Commit Graph

542 Commits

Author SHA1 Message Date
Frank Denis 7ed4ce17d7 Move things down for clarity 2018-03-28 13:00:06 +02:00
Frank Denis 1ca7597c7f string(<int>) doesn't do what you may expect :) 2018-03-28 12:38:17 +02:00
Frank Denis e09f0875c1 Add the list of addresses to the -list -json output 2018-03-28 12:22:37 +02:00
Frank Denis 8bedb4b01e Add some helpers 2018-03-28 12:08:05 +02:00
Frank Denis 7f221afeff Don't assume that DoH servers use port 443 2018-03-28 11:52:04 +02:00
Frank Denis 0983a86b40 Mention that log_files_max_backups = 0 means "keep all backups"
Fixes #268
2018-03-28 00:14:07 +02:00
Frank Denis 84593c1341 Add liveinternet.ru to the whitelist 2018-03-27 00:22:13 +02:00
David Runge fa2c95084e Adding DynamicUser to systemd service file, enhancing socket and service (#261)
* Adding nss-lookup.target to the socket Before and Wants directive. Adding current upstream wiki as documentation to service and socket file.
Adding DynamicUser=yes to the service file, alongside various hardening settings (Protect{ControlGroups,KernelModules}. Allowing the service to bind to ports below 1024 by setting CAP_NET_BIND_SERVICE. Adding {Cache,Logs,Runtime}Directory for dnscrypt-proxy. Removing (default) Type=simple. Adding a more default ExecStart location and usage of configuration.

* systemd/dnscrypt-proxy.socket: Adding back ipv6 functionality.

* systemd/dnscrypt-proxy.service: Updating Description to match project name.
Explicitely setting ProtectHome=yes. Adding information on the DynamicUser settings.

* systemd/dnscrypt-proxy.socket: Updating description to match project name.

* systemd/dnscrypt-proxy.service: Adding Requires= and Also= for dnscrypt-proxy.socket in favor of CAP_NET_BIND_SERVICE capabilities.

* dnscrypt-proxy/example-dnscrypt-proxy.toml: Clarifying how to set listen_addresses, when using systemd socket activation.
2018-03-26 20:48:22 +02:00
Frank Denis 3e4b7671d1 Patch service_upstart 2018-03-26 20:46:51 +02:00
Frank Denis 10f0503d50 Update deps; especially for chacha20 2018-03-26 20:46:25 +02:00
Frank Denis 9224e79c59 Add NoTracking's list to the example blacklist configuration
Implement dnsmasq-style filters by the way
2018-03-26 20:43:42 +02:00
Frank Denis 6bca9eb795 malwaredomainslist seems to be hard to reach over HTTPS 2018-03-26 20:37:22 +02:00
Frank Denis 9643a311c8 Just build freebsd-arm to be consistent with other builds 2018-03-25 11:29:49 +02:00
Frank Denis 6283dfc0db + freebsd-armv7 2018-03-25 11:26:25 +02:00
Benjamin Dos Santos 37b4234b18 chore: build freebsd armv7 binary (#252) 2018-03-25 11:25:58 +02:00
FedericoYundt bdc32cee90 Add optional hardening to systemd service (#259) 2018-03-24 19:06:40 +01:00
FedericoYundt f2ab65aab7 dnscrypt-proxy.socket: update [Unit] dependencies to match those from service (#260) 2018-03-24 19:05:01 +01:00
Dhoulmagus a95c7b729b Let default systemd socket listen on both IPv4 and IPv6 (#257)
* Let default systemd socket listen on both IPv4 and IPv6

Setting listen_addresses = [] in config will listen on systemd socket, but by previous systemd socket config it would only listen on IPv4 127.0.0.1:53 without IPv6. This change fixes it.

* Update dnscrypt-proxy.socket
2018-03-24 15:01:27 +01:00
Frank Denis 0026a20e08 Mention that people in China may need to use Quad114 2018-03-22 07:44:06 +01:00
Frank Denis 2568ea0b0c Revert "Switch to Quad114 as the default resolver"
This reverts commit 91f97833a3.

The Internet has become a sad place.

People in China need to use resolvers in China.
People in the US would not trust resolvers in China.
People in the EU would not trust resolvers in the US.

Revert to Quad9 for now, and add some documentation about why
that might be changed (especially in China) later.
2018-03-22 02:43:03 +01:00
Frank Denis 2eac8d52d5 Revert the cache clear
Implementing this is going to be more complicated
2018-03-21 10:17:13 +01:00
Frank Denis 3c05b38edd Move local resolution to a dedicated function 2018-03-21 10:03:05 +01:00
Frank Denis d2805a19e4 DoH: only use the optional IP to bootstrap resolution
Fixes #100
2018-03-21 09:32:35 +01:00
Frank Denis 577ac5c91a When using a fallback resolver, favor IPv6 for DoH servers if use_ipv6 is set
Fixes #153
2018-03-21 09:05:30 +01:00
Frank Denis 22f69a475a Don't assume IPv6 or IPv4 about DoH servers 2018-03-21 08:48:57 +01:00
Frank Denis 91f97833a3 Switch to Quad114 as the default resolver
Quad9 current returns SERVFAIL for dnscrypt.info and there have
been reports of it not working as expected in some countries as well.
2018-03-21 08:30:36 +01:00
Frank Denis 963a54f6fe Print the IP, not the address 2018-03-20 15:10:12 +01:00
Frank Denis 50053d32a5 Bump 2018-03-18 09:21:36 -07:00
Frank Denis ebc3ddda38 Deps update 2018-03-18 09:09:29 -07:00
Frank Denis a0aeeabfa2 Nits 2018-03-17 14:47:17 -07:00
Frank Denis 1f81710b91 Remove superflous brackets; fix DoH default port as well 2018-03-17 14:43:26 -07:00
bleeee 86fb695189 Fix 2.0.6 ipv6 attach port (#237)
* fix-2.0.6-ipv6-attach-port
2018-03-17 14:39:46 -07:00
Frank Denis fd51ff8fb6 Clarify
Fixes #221
2018-03-11 08:15:02 -07:00
Frank Denis ba2f43e6db TCP: don't read past the prefixed size
Maybe
fixes #219
2018-03-10 18:50:31 -08:00
Frank Denis 3d50549cae bring back exec and strings 2018-03-07 20:21:58 +01:00
Frank Denis a6ae97ecb1 Lower default granularity 2018-03-07 19:00:09 +01:00
Frank Denis ff81344aa8 Update clocksmith 2018-03-07 18:51:55 +01:00
Frank Denis 817f2ff560 Don't pause the cert refresh timers if the host goes to hibernation 2018-03-07 18:29:58 +01:00
Frank Denis d8f502f130 Update deps 2018-03-07 18:29:26 +01:00
Frank Denis 75f3c6403b Print absolute paths when file caches cannot be written 2018-03-05 11:58:31 +01:00
Frank Denis 4e671cf5ef Don't assume that A RRs will be first
Maybe
fixes #202
2018-03-02 12:28:56 +01:00
Frank Denis 2c7513a2c8 2.0.6 2018-03-02 11:05:58 +01:00
Frank Denis a6ce630897 log_files_max_backups 2018-03-02 10:49:21 +01:00
Frank Denis 10026809a3 Update ChangeLog 2018-03-02 10:39:02 +01:00
Frank Denis 38942f62b0 log file rotation example config 2018-03-02 10:38:31 +01:00
Frank Denis b643a816cc Add automatic log files rotation
Fixes #172
2018-03-02 10:34:00 +01:00
Frank Denis 97156c3ad3 Use atomic loads for the clients counter 2018-03-02 09:41:12 +01:00
Frank Denis 4e7631bfcd Remove init check for busybox-based systems 2018-03-02 09:29:46 +01:00
Frank Denis 3910873bf2 Make the serverInfo list a list of pointers
Maybe
fixes #201
2018-03-02 02:30:25 +01:00
Frank Denis 80426967bf Remove useless fmt.Errorf and argument 2018-03-02 02:17:07 +01:00