Commit Graph

1530 Commits

Author SHA1 Message Date
Frank Denis 1124b8304e Remove dependency 2020-06-19 20:16:37 +02:00
Frank Denis 80dfffc4ee Unbreak CI 2020-06-19 20:16:21 +02:00
Frank Denis 03746b76bf Capitalize 2020-06-19 11:39:44 +02:00
IceCodeNew c8d099735b
Disable Sysctl list and AdAway, introduce GameIndustry.eu; Remove Chinese IT companies' top domain from whitelist. (#1365)
* Disable Sysctl list, Introduce GameIndustry.eu

* The host file from http://sysctl.org/cameleon/ is no longer updated, therefore it should be disabled.

* Introduce a new rule maintained by GameIndustry.eu. I only pick the rule sets that NextDNS provides to its customers of their choice, as these rule sets are generally seen as stable and reliable.
However I don't play game so much, there is no way to perform a fully test on my side. There is no FP detected during the couple of days while I using this rule set. And I've gone through the entire contents of the host file in roughly, the entries all seem reasonable to me.

* Disable rule set from AdAway by default

~~It doesn't take long for jedisct1 add baidu.com, and 163.com into whitelist after I introduced this rule into the configuration file, so I guess that the AdAway rule set must have presented a lot of false positives.~~
~~However, these Chinese IT companies are notorious for their extensive user-tracking tactics. Whitelist their top domain may not a good idea.~~
~~My suggestion is to simply disable the ruleset present FP, and let software like ABP or AdGuard do the most elaborate work. - Blocking on the DNS level has its limitations.~~
2020-06-19 00:32:01 +02:00
Prabhu Subramanian 6ee8a14deb
Add shiftleft scan (#1372)
* Create shiftleft-analysis.yml

* Remove comments

Co-authored-by: Frank Denis <124872+jedisct1@users.noreply.github.com>
2020-06-19 00:30:59 +02:00
Frank Denis 6235c11c77 When forking, relocate descriptors higher up
Channels used by the `services` module may use descriptors, so we don't
want to overwrite them.

Maybe
fixes #1371
2020-06-19 00:04:54 +02:00
Frank Denis 6dc484c177 Update deps 2020-06-18 23:19:28 +02:00
Frank Denis e1d6e27a8a Add CodeQL scan result 2020-06-15 20:25:52 +02:00
Frank Denis 5f3b568de3
Add CodeQL scan 2020-06-15 20:02:22 +02:00
Frank Denis 703059922f Easylist has false positives 2020-06-14 15:25:45 +02:00
Frank Denis 06705a6d14 Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Bump
2020-06-12 14:24:31 +02:00
Frank Denis 5b24439f99 Why the heck is Energized BLU blocking VK? 2020-06-12 14:24:11 +02:00
Frank Denis 65f42918a1 Bump 2020-06-11 17:10:33 +02:00
Frank Denis c59caf3a63 Try oisd list by default, mainly because it tries to avoid FPs 2020-06-11 13:16:50 +02:00
Frank Denis 576162d9bf Remove CodeQL/ShiftLeft until they are enabled for the org 2020-06-11 11:46:17 +02:00
Frank Denis d55421df96 Don't bind listening sockets with the -list/-list-all options
Fixes https://github.com/Homebrew/homebrew-core/pull/55998
2020-06-11 11:41:17 +02:00
Frank Denis 9cce77cc53 No need to import the dnsstamps package twice 2020-06-11 11:13:41 +02:00
Frank Denis 4f47cd0f4f Avoid implicit memory aliasing in for loop 2020-06-11 11:10:33 +02:00
Frank Denis de6afd5a4c Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Create shiftleft-analysis.yml
  Create codeql-analysis.yml
  Revert "Fix unit tests on Win10 (attempts 1 and 2)"
  sources_test: set bit 16 of the port instead of adding zeros (#1358)
  Fix unit tests on Win10 (attempt 2)
2020-06-11 11:03:30 +02:00
Frank Denis 9f9a17ed6b doh_client_x509_auth: don't ignore errors 2020-06-11 11:03:17 +02:00
Frank Denis 0fd0a1a939
Create shiftleft-analysis.yml 2020-06-11 10:55:08 +02:00
Frank Denis 8a99b3ed93
Create codeql-analysis.yml 2020-06-11 10:53:45 +02:00
William Elwood 2018945fdf Revert "Fix unit tests on Win10 (attempts 1 and 2)"
This reverts commit 92dda0d55a.
This reverts commit 5a1fdc8cd6.
2020-06-10 19:45:11 +01:00
Frank Denis f4d519092b
sources_test: set bit 16 of the port instead of adding zeros (#1358)
Ok @welwood08
2020-06-10 20:24:41 +02:00
William Elwood 92dda0d55a Fix unit tests on Win10 (attempt 2)
Thanks to @lifenjoiner for testing! Windows 10 behaves even more unexpectedly.
After it parses the "ip:port" string as a hostname, it attempts to upgrade from
http to https by appending `:443` and parsing that new URL again.
This seems to happen concurrently with the doomed DNS lookup and we see the
error from whichever fails first.
2020-06-10 12:10:51 +01:00
Frank Denis 8c42c465b2 Be even more explicit 2020-06-10 11:38:46 +02:00
Frank Denis 5416891056 Temporarily parse [tls_client_auth] for backward compatibility
Document the change.

Fixes #1355
2020-06-10 11:37:03 +02:00
Frank Denis d7f16f6be4 Uncomment sections for consistency 2020-06-10 11:04:50 +02:00
Frank Denis adcdcffdec Skip netprobe & listeners when -show-cert or -check are used
Fixes #1354
2020-06-10 11:01:59 +02:00
Huhni c07ed55b16
update domains-blacklist.conf (#1353)
* remove isc.sans.edu lists

It says "Service Suspended" when opening these links

* change Peter Lowe's list to domains only

There is no need to manually strip away all the 127.0.0.1 at the beginning of each line if there is already a method for domains only provided on the website. Could also be modified to ignore old entries with `&startdate%5Byear%5D=2015`.
Adding `&mimetype=plaintext` doesn't seem to change anything for `hostformat=nohtml`, but could be added as well.

* Remove lists intended for adblockers

The Adblock Warning Removal List currently has 559 lines, only two of which are actually useable for dnscypt-proxy (adscat.ru, shellcat.ru).
Fanboy Social currently has 20162 lines and only 118 lines can be used, which is about 0.6%.
CJX Annoyance List: 512 lines, 19 lines usable, but it's just a lite version of the already included Easylists.
Prebake: 1160 lines, 4 lines usable (also not updated since May 2018)

Most of the remaining domains should be covered by a larger domains blocklist, such as Energized BLU, therefore I think it's safe to remove them.

* remove lists included in Energized Blu

Since Energized Blu is enabled by default, there is no need to also enable lists by default that are already contained in it.

Energized Blu contains the following sources:
1hosts, add.2o7Net, add.Dead, Risk & Spam, Adguard Filters, Ador, Anti-PopAds, Coin Blocker, Disconnectme Ads, Malware & Malvertising, EasyPrivacy Specific, hBlock, Lightswitch Ads & Tracking, Spam404, KADhosts, MoaAB, MobileAdTrackers, No Tracking, NSABlocklist, someonewhocares, StevenBlack, Wally3K_Blacklist & Zeus Tracker
2020-06-09 17:43:15 +02:00
William Elwood 5a1fdc8cd6 Fix unit tests on Win10
Untested attempt to fix unit tests that fail on Windows 10 build 1909.
From the test output mentioned in #1332, it looks like this version of Windows
doesn't report an "invalid port" error when asked to connect to an invalid port,
instead it treats the port as part of the host name and attempts a DNS lookup.
Naturally, this fails because the colon character is not valid in a host name.
This change simply makes this inexplicable error an expected result since the
outcome is the same and we can't fix Windows.
2020-06-09 15:51:23 +01:00
Frank Denis f9268be0c2 Recompute deps 2020-06-09 12:09:51 +02:00
Frank Denis 08e9dfe46e Nits 2020-06-09 09:55:40 +02:00
Frank Denis 506f727f1f Another place worth force GC'ing 2020-06-09 09:52:59 +02:00
Frank Denis b794d47a76 Force GC where it seems to matter most 2020-06-09 09:42:09 +02:00
Frank Denis 8200616655 dlog update 2020-06-08 22:52:07 +02:00
Frank Denis 8945cb1b90 Add log_file_latest 2020-06-08 22:31:03 +02:00
Frank Denis 9f9318701f Update dlog 2020-06-08 20:33:18 +02:00
Frank Denis 87c161ab76 Clarify what log_file is 2020-06-08 20:07:24 +02:00
Frank Denis e9227daf6a Update deps 2020-06-08 19:22:36 +02:00
Frank Denis 9c5cf611a4 Preliminary ChangeLog 2020-06-08 19:20:55 +02:00
Frank Denis b32ffbb807 Discourage from blindly using dns64 2020-06-08 18:59:39 +02:00
s-s f48b13f7b8 Add DNS64 support 2020-06-08 18:42:54 +02:00
Frank Denis d766dc8bf7 doh_client_x509_auth: make it clear that root_ca is optional 2020-06-08 18:09:37 +02:00
Kevin O'Sullivan 5db4365540
Adding support for additional root CAs for DoH TLS Auth (#1281) 2020-06-08 18:01:40 +02:00
Frank Denis 68ccd1410f Support multiple stamps per resolver
For now, a single stamp is randomly chosen in order to spread the load,
but we may eventually want to also use this for failover mechanisms.
2020-06-08 17:54:49 +02:00
Frank Denis b0e883ebc6 Android: use getprop persist.sys.timezone to get and set the time zone
Untested. Maybe
fixes #1351
2020-06-06 15:32:27 +02:00
Frank Denis 9d1eee4b29 Expand default whitelist 2020-06-03 09:47:34 +02:00
IceCodeNew dd1f32ebfd
Add comments for domains-blacklist.conf, with a little sorting on it. (#1350)
* Update domains-blacklist.conf

0. Add more comments so it should be much easier for anyone to get understanding how to choose the rules which is delivered in varies levels.
1. Sort rules from Energized so it is ordered in the sort of size, which would make sense.

* Add rule from AdAway

AdAway seems to be a project last more than 9 years. I tried it for several days and haven't experienced any false positive yet.
2020-06-03 09:42:50 +02:00
Frank Denis 2739db2733 Update deps 2020-06-02 13:56:05 +02:00