acc25fcefb
Format with gofumpt
2023-02-11 14:27:12 +01:00
683aad75da
Nits ( #2293 )
2023-02-03 16:23:57 +01:00
e1c7ea1770
Make CodeQL happy ( #2294 )
2023-02-03 16:22:32 +01:00
3f23ff5c08
Mostly get rid of ioutil
2023-02-02 19:38:24 +01:00
33c8027e0a
Use a custom dialer for HTTP/3
2023-02-02 19:32:17 +01:00
c3fd855831
Update quic-go dependency to support go 1.20 ( #2292 )
2023-02-02 12:42:11 +01:00
937c1e63e2
Revert "xtransport layer to netip and immediate dependencies ( #2159 )"
...
This reverts commit baee50f1dc
2022-08-10 22:24:36 +02:00
baee50f1dc
xtransport layer to netip and immediate dependencies ( #2159 )
2022-08-01 22:31:12 +02:00
442f2e15cb
Make HTTP/3 support configurable
2022-07-24 16:13:14 +02:00
5977de660b
Add suport for DoH over HTTP/3
2022-07-21 18:50:10 +02:00
866954fbad
PreferServerCipherSuites has been deprecated
2022-06-11 19:26:26 +02:00
df3fb0c9f8
Keep lines short
...
$ golines -w -m 120 --shorten-comments .
2022-03-23 17:48:48 +01:00
8fc0ffc35f
Enable HTTP/2 pings
2021-09-21 12:57:42 +02:00
0ca90dd8cc
xtransport: set a default error status code
2021-07-31 13:21:45 +02:00
cedd4f3b54
xtransport: properly forward the status code on error
2021-07-31 12:38:10 +02:00
525927e797
Don't use net/http
2021-06-07 10:05:20 +02:00
e57d5173e9
Support GET in ODoH targets
2021-06-06 01:22:48 +02:00
e27419f73d
x509.SystemCertPool() may fail
2021-06-03 20:59:05 +02:00
ddcc40c954
Hardcode Let's Encrypt ISRG X1 cert
...
Some operating systems don't include it yet.
Thanks to @rs for the heads up
2021-06-03 12:48:33 +02:00
c748f93752
Add ODoH support. ( #1653 )
2021-03-30 11:53:51 +02:00
c500287498
Rename fallback_resolvers to bootstrap_resolvers
...
Clarify what they are used for.
Remove the legacy `fallback_resolver`.
2021-02-20 18:50:42 +01:00
1a34c8d5ff
Add max-stale cache control directive to requests
2020-07-09 21:42:35 +02:00
9f9a17ed6b
doh_client_x509_auth: don't ignore errors
2020-06-11 11:03:17 +02:00
5db4365540
Adding support for additional root CAs for DoH TLS Auth ( #1281 )
2020-06-08 18:01:40 +02:00
1ff31f14f1
Remove the ct parameter from DoH queries
...
That was a workaround for Google, but Google doesn't seem to need
it any more.
2020-04-01 12:12:57 +02:00
315f6f45ff
Certificates that can't be loaded are fatal
2020-03-24 14:31:43 +01:00
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
aa0e7f42d3
Make the xTransport functions return the HTTP body directly
...
This simplifies things, but also make RTT computation way more reliable
2020-02-21 22:33:34 +01:00
7ada3fcfb8
Support multiple fallback resolvers
2020-01-15 19:58:14 +01:00
c27d41faa0
Avoid unneeded DNS packet unpacking
2019-12-23 11:37:45 +01:00
adb6dac420
Strip EDNS0 options in responses
2019-12-22 18:02:33 +01:00
5118ed21fd
Use dumb padding even for GET queries
...
Resolvers such as Cloudflare always add padding to DoH responses
Resolvers such as Google only do if the question had dumb padding
Resolvers such as Cisco blindly return a copy of the question's padding
Some resolvers don't return any padding no matter what's in the question
Finally, other resolvers return FORMERR
This is a mess. A bad design inherited from DoT, that didn't fix
anything from Unbound's original experiment.
Also, padding with zeros as recommended is a bad idea. When using
GET, escaping makes the actual padding size 3 times as big as needed.
2019-12-22 17:34:16 +01:00
1585ede954
Use EDNS0 padding when using DoH over POST
...
This mechanism is horrible, slow (requires re-unpacking and re-packing
the query), should be done at transport layer and not at content layer, and
of course, it is incompatible with some resolvers.
However, in spite of https://go-review.googlesource.com/c/go/+/114316/2/src/net/http/transfer.go ,
we may still end up sending the header and the content in distinct packets.
So, use that horror for POST queries only. For GET, this is not needed.
2019-12-22 15:31:02 +01:00
0454463539
Pad GET queries
2019-12-22 14:43:21 +01:00
a7b7bdc11e
Compress synthetic responses
2019-12-11 14:02:56 +01:00
56d02597a6
Extend the grace period and log when it's used
2019-12-09 17:08:59 +01:00
21a5765527
Rename resolveWithCache() and make the comment match what the fn does
2019-12-09 17:03:16 +01:00
2d8fd40481
Don't use named return values just for one value, especially an error
...
Be consistent with the rest of the code
2019-12-09 16:59:02 +01:00
3e32d38f29
Explicit initialization
2019-12-09 16:56:43 +01:00
0b64c5df66
Improve logging
2019-11-17 22:04:58 +01:00
ad40c6c54b
Fallback to the system resolver if the fallback resolver doesn't work
...
This is useful if fallback_resolver has been set to random junk, or
to an external resolver, but port 53 is blocked.
At least, it may allow the server to start.
2019-11-17 22:00:08 +01:00
c3d93124a7
Bump MinResolverIPTTL up
2019-11-17 20:30:59 +01:00
0e8d1a941b
Typo
2019-11-17 20:30:00 +01:00
068c8e70f2
Typo
2019-11-17 20:00:34 +01:00
0f332c644d
Set a minimum TTL when caching resolver IPs
...
Comcast having a 30 sec TTL is silly
2019-11-02 02:01:03 +01:00
63ed3b4fef
Update comment
2019-11-02 01:52:51 +01:00
a84a789a8a
Keep resolving if needed
2019-11-02 01:50:35 +01:00
d932d5fdfc
Inverse test
2019-11-02 01:20:28 +01:00
6032c3b79b
Add a grace TTL for expired cached IPs
...
And some comments to make the code more readable
2019-11-01 23:19:07 +01:00
0dc69eacd5
resolveHostWithCache -> resolveWithCache
2019-11-01 23:10:36 +01:00
Frank Denis
lifenjoiner
Deltadroid
Ian Bashford
Christopher Wood
Frank Denis
Kevin O'Sullivan