ae2d036703
setting -> lowering
2019-06-03 17:35:16 +02:00
313ca48cad
rtt -> RTT
2019-06-03 17:32:54 +02:00
36e3691ccc
Log the current candidate's RTT
2019-06-03 17:32:23 +02:00
62e8d193c0
Round numbers
2019-06-03 17:10:38 +02:00
b63df9cdfa
Initialize the server rtt with the startup measurement
2019-06-03 17:07:30 +02:00
30f2a4fd6b
Misc fixes
...
- Set LBEstimator to true by default
- Shuffle the servers list at startup
- Add the server name to the query log
2019-06-03 16:49:06 +02:00
ec1b03b026
Renamed "hit" to "cached", and add the duration unit in TSV logs
2019-06-03 13:16:59 +02:00
9e2a945fff
Print the sorted list of latencies
...
Add an option to disable the load-balancing estimator
2019-06-03 13:04:59 +02:00
a417f0d282
Use 255.255.255.0 as the default netprobe address
2019-06-03 12:22:53 +02:00
5b5b5ec583
Verify that ApplyQueryPlugins() doesn't blow the packet size
2019-06-03 00:47:39 +02:00
11311d663d
Update deps
2019-06-02 13:25:06 +02:00
2e89c8da01
Rename LbStrategyFastest to LbStrategyFirst
2019-06-02 13:24:24 +02:00
3f2656dbe3
Document netprobe_address
2019-05-31 23:02:45 +02:00
f8415c4a4b
Update deps
2019-05-31 22:49:25 +02:00
b22d6dfc96
Send a byte to the netprobe IP only on Windows
2019-05-31 11:15:59 +02:00
cf261da79a
Fix netProbe write check
...
Write at least 1 byte. This ensures that sockets are ready to use for writing.
Windows specific: during the system startup, sockets can be created but the underlying buffers may not be setup yet. If this is the case Write fails with WSAENOBUFS: "An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full
This fixes: https://github.com/jedisct1/dnscrypt-proxy/issues/841
2019-05-31 11:05:22 +02:00
7c8e20a533
netProbe: Always log Network connectivity detected
...
In the netProb function, always log whether network connectivity is detected or not.
2019-05-30 22:28:57 +02:00
da48434483
regex isn't fully parsing the complicated csv file
...
Not all URLs are extracted from the complicated csv file.
However, they do offer a txt file for the same list, which does work correctly with the current regex:
https://www.malwaredomainlist.com/forums/index.php?topic=3270.0
This url replacement pull request is easier than rewriting the entire regex (which then breaks other lists).
2019-05-29 09:31:16 +02:00
4e76cd2245
Rename cacheHit to hit in ltsv log
2019-05-28 23:14:28 +02:00
14b464e56d
Log whether response was served from cache
2019-05-28 23:14:28 +02:00
af096f8488
Remove request forwarding measurement from log
2019-05-28 23:14:28 +02:00
578c090890
Send an empty packet to the probe
...
This seems to be required on Windows.
Also add the ability to wait for up to an hour.
2019-05-28 13:22:11 +02:00
da2e4b0b4b
Change duration output in query log to milliseconds ( #836 )
2019-05-26 21:53:15 +02:00
eab77ff871
Enhance logging ( #834 )
...
* Enhance query logging
Add request duration, and forward duration if applicable.
* Also measure requests forwarded based on forwarding_rules
2019-05-26 21:16:47 +02:00
29a954f651
Snap: don't bother renaming the example config file
2019-05-24 23:03:06 +02:00
ef3e4cb6ee
snap: use classic confinement, copy config files, remove network-control
2019-05-24 22:59:51 +02:00
f3e032f88a
fix remaining urllib2 reference ( #830 )
2019-05-22 20:50:45 +02:00
0f3e8d32c6
Add support for building snaps ( #820 )
2019-05-22 17:43:47 +02:00
bc5e4f0544
make generate-domains-blacklist.py compatible to both python2 and python3 ( #828 )
...
* update domains-blacklist-all.conf: Quidsup NoTrack moved to gitlab
* make generate-domains-blacklist.py python3 compatible
* fix whitespace
2019-05-22 10:15:08 +02:00
dcce060ef2
Whitelist Server Source Domains ( #829 )
...
A malicious blacklist, or accidental block, could prevent dnscrypt-proxy users from being able to fetch public resolvers and important certificate updates. Both URLs are taken from the default config:
[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md ', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md ']
2019-05-22 10:14:37 +02:00
fb7f16c902
quidsup notrack moved to gitlab
...
Thanks to @simonfxr for reporting this
2019-05-21 20:29:02 +02:00
0e2d78d21b
Warn is DoH is requested but HTTP/2 is not supported
2019-05-12 09:55:13 +02:00
50a2018633
Keep holding the read lock in the cloaking load-balancing code
...
Maybe
fixes #807
2019-05-02 23:53:47 +02:00
02d07df43f
Cloaking example: yandex.ru to familysearch.yandex.ru
2019-04-29 14:35:24 +02:00
a8045e0a7a
Bump
2019-04-28 23:26:33 +02:00
71858bfc98
Update deps
2019-04-28 23:19:52 +02:00
587a09b306
Add freebsd/armv7 target
...
Fixes #792
Fixes #682
2019-04-15 08:48:08 +02:00
5c9edfccfe
Ignore onion servers if Tor is not being used
2019-04-14 14:19:12 +02:00
4940b34c76
Improve caching of server addresses, especially when using proxies
2019-04-14 13:46:07 +02:00
d143ae5279
Set the main protocol to TCP when using a SOCKS proxy
2019-04-14 13:41:43 +02:00
4b001e3b8e
Skip DNS resolution on Tor services
2019-04-14 11:18:14 +02:00
0a535e28ab
Stop printing "crypto v1/v2", as both are equally secure
2019-04-08 08:30:43 +02:00
25ac94e7b2
Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy"
...
This reverts commit 2d1dd7eaab
2019-04-02 01:57:48 +02:00
2d1dd7eaab
Add Stretch-Hash-and-Truncate option for extreme DNS privacy
...
This works over DNSCrypt and DoH, but requires a specifically configured
server.
Instead of sending the actual DNS queries, the SH-T system works as follows:
Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.
Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.
Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.
This feature is experimental.
2019-04-01 09:36:56 +02:00
f744110d38
Bump
2019-04-01 08:24:58 +02:00
674bd30d45
Update dependencies
2019-04-01 08:21:17 +02:00
8b608403b1
Do not cache truncated messages
...
Fixes #774
2019-04-01 08:19:26 +02:00
a389067d29
Replace “find” with “findstr” in batches ( #764 )
...
* Update service-install.bat
* Update service-restart.bat
* Update service-uninstall.bat
2019-03-21 14:23:01 +01:00
85abbeac61
Bump
2019-03-14 20:21:26 +01:00
8076e206e0
Revert "Install the windows service as "NT AUTHORITY\NetworkService""
...
This reverts commit 17db0a658f
2019-03-14 20:10:53 +01:00
Frank Denis
Mathias Berchtold
encrypt.town
Ferdinand Holzer
Ferdinand Holzer
Simon R
igorljubuncic
Aleksandr Sergeev