Frank Denis
acc25fcefb
Format with gofumpt
2023-02-11 14:27:12 +01:00
lifenjoiner
683aad75da
Nits ( #2293 )
2023-02-03 16:23:57 +01:00
lifenjoiner
e1c7ea1770
Make CodeQL happy ( #2294 )
2023-02-03 16:22:32 +01:00
Frank Denis
3f23ff5c08
Mostly get rid of ioutil
2023-02-02 19:38:24 +01:00
Frank Denis
33c8027e0a
Use a custom dialer for HTTP/3
2023-02-02 19:32:17 +01:00
Deltadroid
c3fd855831
Update quic-go dependency to support go 1.20 ( #2292 )
2023-02-02 12:42:11 +01:00
Frank Denis
937c1e63e2
Revert "xtransport layer to netip and immediate dependencies ( #2159 )"
...
This reverts commit baee50f1dc
.
2022-08-10 22:24:36 +02:00
Ian Bashford
baee50f1dc
xtransport layer to netip and immediate dependencies ( #2159 )
2022-08-01 22:31:12 +02:00
Frank Denis
442f2e15cb
Make HTTP/3 support configurable
2022-07-24 16:13:14 +02:00
Frank Denis
5977de660b
Add suport for DoH over HTTP/3
2022-07-21 18:50:10 +02:00
Frank Denis
866954fbad
PreferServerCipherSuites has been deprecated
2022-06-11 19:26:26 +02:00
Frank Denis
df3fb0c9f8
Keep lines short
...
$ golines -w -m 120 --shorten-comments .
2022-03-23 17:48:48 +01:00
Frank Denis
8fc0ffc35f
Enable HTTP/2 pings
2021-09-21 12:57:42 +02:00
Frank Denis
0ca90dd8cc
xtransport: set a default error status code
2021-07-31 13:21:45 +02:00
Frank Denis
cedd4f3b54
xtransport: properly forward the status code on error
2021-07-31 12:38:10 +02:00
Frank Denis
525927e797
Don't use net/http
2021-06-07 10:05:20 +02:00
Frank Denis
e57d5173e9
Support GET in ODoH targets
2021-06-06 01:22:48 +02:00
Frank Denis
e27419f73d
x509.SystemCertPool() may fail
2021-06-03 20:59:05 +02:00
Frank Denis
ddcc40c954
Hardcode Let's Encrypt ISRG X1 cert
...
Some operating systems don't include it yet.
Thanks to @rs for the heads up
2021-06-03 12:48:33 +02:00
Christopher Wood
c748f93752
Add ODoH support. ( #1653 )
2021-03-30 11:53:51 +02:00
Frank Denis
c500287498
Rename fallback_resolvers to bootstrap_resolvers
...
Clarify what they are used for.
Remove the legacy `fallback_resolver`.
2021-02-20 18:50:42 +01:00
Frank Denis
1a34c8d5ff
Add max-stale cache control directive to requests
2020-07-09 21:42:35 +02:00
Frank Denis
9f9a17ed6b
doh_client_x509_auth: don't ignore errors
2020-06-11 11:03:17 +02:00
Kevin O'Sullivan
5db4365540
Adding support for additional root CAs for DoH TLS Auth ( #1281 )
2020-06-08 18:01:40 +02:00
Frank Denis
1ff31f14f1
Remove the ct parameter from DoH queries
...
That was a workaround for Google, but Google doesn't seem to need
it any more.
2020-04-01 12:12:57 +02:00
Frank Denis
315f6f45ff
Certificates that can't be loaded are fatal
2020-03-24 14:31:43 +01:00
Kevin O'Sullivan
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
Frank Denis
aa0e7f42d3
Make the xTransport functions return the HTTP body directly
...
This simplifies things, but also make RTT computation way more reliable
2020-02-21 22:33:34 +01:00
Frank Denis
7ada3fcfb8
Support multiple fallback resolvers
2020-01-15 19:58:14 +01:00
Frank Denis
c27d41faa0
Avoid unneeded DNS packet unpacking
2019-12-23 11:37:45 +01:00
Frank Denis
adb6dac420
Strip EDNS0 options in responses
2019-12-22 18:02:33 +01:00
Frank Denis
5118ed21fd
Use dumb padding even for GET queries
...
Resolvers such as Cloudflare always add padding to DoH responses
Resolvers such as Google only do if the question had dumb padding
Resolvers such as Cisco blindly return a copy of the question's padding
Some resolvers don't return any padding no matter what's in the question
Finally, other resolvers return FORMERR
This is a mess. A bad design inherited from DoT, that didn't fix
anything from Unbound's original experiment.
Also, padding with zeros as recommended is a bad idea. When using
GET, escaping makes the actual padding size 3 times as big as needed.
2019-12-22 17:34:16 +01:00
Frank Denis
1585ede954
Use EDNS0 padding when using DoH over POST
...
This mechanism is horrible, slow (requires re-unpacking and re-packing
the query), should be done at transport layer and not at content layer, and
of course, it is incompatible with some resolvers.
However, in spite of https://go-review.googlesource.com/c/go/+/114316/2/src/net/http/transfer.go ,
we may still end up sending the header and the content in distinct packets.
So, use that horror for POST queries only. For GET, this is not needed.
2019-12-22 15:31:02 +01:00
Frank Denis
0454463539
Pad GET queries
2019-12-22 14:43:21 +01:00
Frank Denis
a7b7bdc11e
Compress synthetic responses
2019-12-11 14:02:56 +01:00
Frank Denis
56d02597a6
Extend the grace period and log when it's used
2019-12-09 17:08:59 +01:00
Frank Denis
21a5765527
Rename resolveWithCache() and make the comment match what the fn does
2019-12-09 17:03:16 +01:00
Frank Denis
2d8fd40481
Don't use named return values just for one value, especially an error
...
Be consistent with the rest of the code
2019-12-09 16:59:02 +01:00
Frank Denis
3e32d38f29
Explicit initialization
2019-12-09 16:56:43 +01:00
Frank Denis
0b64c5df66
Improve logging
2019-11-17 22:04:58 +01:00
Frank Denis
ad40c6c54b
Fallback to the system resolver if the fallback resolver doesn't work
...
This is useful if fallback_resolver has been set to random junk, or
to an external resolver, but port 53 is blocked.
At least, it may allow the server to start.
2019-11-17 22:00:08 +01:00
Frank Denis
c3d93124a7
Bump MinResolverIPTTL up
2019-11-17 20:30:59 +01:00
Frank Denis
0e8d1a941b
Typo
2019-11-17 20:30:00 +01:00
Frank Denis
068c8e70f2
Typo
2019-11-17 20:00:34 +01:00
Frank Denis
0f332c644d
Set a minimum TTL when caching resolver IPs
...
Comcast having a 30 sec TTL is silly
2019-11-02 02:01:03 +01:00
Frank Denis
63ed3b4fef
Update comment
2019-11-02 01:52:51 +01:00
Frank Denis
a84a789a8a
Keep resolving if needed
2019-11-02 01:50:35 +01:00
Frank Denis
d932d5fdfc
Inverse test
2019-11-02 01:20:28 +01:00
Frank Denis
6032c3b79b
Add a grace TTL for expired cached IPs
...
And some comments to make the code more readable
2019-11-01 23:19:07 +01:00
Frank Denis
0dc69eacd5
resolveHostWithCache -> resolveWithCache
2019-11-01 23:10:36 +01:00