Will Elwood
d063a7959e
Avoid redirect and extra DNS lookup in example
...
Also makes the URL consistent with the other lists.
2019-11-10 12:48:21 +00:00
Frank Denis
9852a289f8
Increase the default cache size and minimum TTL
2019-11-03 17:31:41 +01:00
Frank Denis
2add754f23
Don't use real server names, because this is apparently confusing
2019-10-27 23:36:08 +01:00
Frank Denis
a26b2b42f0
Rename negTTL to rejectTTL to avoid confusion with cacheNegTTL
2019-10-21 18:26:49 +02:00
Markus Linnala
bb01595320
feature: Add neg_ttl for rejected entries and cloak_ttl for cloaking-rules
...
entries
Previously cache_min_ttl was used. But one can certainly set
cache_min_ttl to 0, but still ensure synthetic values have ttl.
Hence new config file options.
2019-10-21 18:12:49 +02:00
Frank Denis
f565d3c7f5
Documentation
2019-10-20 19:30:33 +02:00
Frank Denis
5c28950578
Bump the default timeout up
...
Because, yes, some networks have a lot of latency
2019-10-20 19:22:02 +02:00
Frank Denis
320197a00e
Accept relay names in routes, improve documentation
2019-10-20 14:19:21 +02:00
Frank Denis
be86d1df27
Fetch the list of relays
2019-10-18 15:53:56 +02:00
Frank Denis
322447aa91
Support multiple routes per destination
2019-10-14 12:08:47 +02:00
Frank Denis
ad5b2dc4f9
Mention that /dev/stdout can be used to log to the standard output
2019-09-23 10:33:57 +02:00
Frank Denis
ed79bd7489
Deprecate systemd sockets
2019-09-16 15:46:39 +02:00
Frank Denis
776e0d7ccc
New feature: query_meta
2019-09-07 16:19:47 +02:00
Frank Denis
faa931585b
Use single quotation marks everywhere in the example for consistency
...
Fixes #904
2019-08-04 09:04:01 +02:00
James Newell
d3ab899f7b
blocked_query_response takes the format 'a:<IPv4>,aaaa:<IPv6>' for IP responses
2019-07-17 12:12:28 +02:00
James Newell
5812cb2fe4
fold 'refused_code_in_responses' and 'respond_with_ip' options into a new option 'blocked_query_response'
2019-07-17 12:12:28 +02:00
James Newell
87bbfbfc10
add new option: 'respond_with_ip'
2019-07-17 12:12:28 +02:00
Frank Denis
df24db9b9d
Remove refresh_delay from the example configuration file
...
It is not implemented
2019-06-13 11:14:10 +02:00
Frank Denis
8933980121
netprobe_timeout=0 doesn't make much sense
2019-06-07 01:50:03 +02:00
Frank Denis
8def2d5edc
Document TLS 1.3 cipher suite IDs
2019-06-07 01:39:35 +02:00
Frank Denis
9604b8b3e5
Use an example server instead of a real one in the static section
2019-06-04 12:17:47 +02:00
Frank Denis
a060407db1
Use a different address than 255.255.255.0 for netprobes
...
Windows doesn't seem to like this address.
Also default to the fallback resolver IP if there is one and
no netprobe_address option in the configuration file.
Fix netprobe_timeout = -1 by the way
2019-06-04 01:37:59 +02:00
Frank Denis
9e2a945fff
Print the sorted list of latencies
...
Add an option to disable the load-balancing estimator
2019-06-03 13:04:59 +02:00
Frank Denis
a417f0d282
Use 255.255.255.0 as the default netprobe address
2019-06-03 12:22:53 +02:00
Frank Denis
2e89c8da01
Rename LbStrategyFastest to LbStrategyFirst
2019-06-02 13:24:24 +02:00
Frank Denis
3f2656dbe3
Document netprobe_address
2019-05-31 23:02:45 +02:00
Frank Denis
578c090890
Send an empty packet to the probe
...
This seems to be required on Windows.
Also add the ability to wait for up to an hour.
2019-05-28 13:22:11 +02:00
Frank Denis
25ac94e7b2
Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy"
...
This reverts commit 2d1dd7eaab
.
2019-04-02 01:57:48 +02:00
Frank Denis
2d1dd7eaab
Add Stretch-Hash-and-Truncate option for extreme DNS privacy
...
This works over DNSCrypt and DoH, but requires a specifically configured
server.
Instead of sending the actual DNS queries, the SH-T system works as follows:
Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.
Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.
Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.
This feature is experimental.
2019-04-01 09:36:56 +02:00
Frank Denis
5dc66adaa9
Move disabled_server_names down
2019-02-23 14:55:23 +01:00
Frank Denis
c10fbb2aa7
+ disabled_server_names
...
Fixes #735
2019-02-23 14:54:22 +01:00
Frank Denis
2aa0b7d6a7
Add `refused_code_in_responses` to the example.
...
Fixes #738
2019-02-23 12:34:59 +01:00
Frank Denis
c52b3ef124
Bump the netprobe timeout up to 60 seconds
2018-11-22 17:24:41 +01:00
Frank Denis
2e147364e9
Add support for HTTP/HTTPS proxies
...
Fixes #638
2018-11-15 18:47:33 +01:00
iiic
4fe62bc7cc
@typo in example-dnscrypt-proxy.toml ( #628 )
...
This can be can be useful… -> This can be useful…
2018-10-29 14:16:02 +01:00
Frank Denis
dda3ca1ea3
Add dash
2018-10-10 19:38:24 +02:00
Frank Denis
4e9397d83e
Revert "Remove Quad9 example until they remove prefixes"
...
This reverts commit 5cb7d8df35
.
2018-10-10 16:32:39 +02:00
Frank Denis
bfca70000e
A note about pidfile
2018-10-03 18:17:39 +02:00
Frank Denis
5cb7d8df35
Remove Quad9 example until they remove prefixes
2018-10-03 16:36:23 +02:00
Frank Denis
9f1be6e079
killChild() is not needed any more; update config example by the way
2018-10-03 16:35:59 +02:00
Frank Denis
1019428ca0
username -> user_name
...
in case we want to add user_group and whatnot.
Remove the command-line option as it hides the caveats documented
in the configuration file.
Remove TODO. TODO statements always remain in that state forever.
2018-07-07 17:39:33 +02:00
Frank Denis
6cb43f8e4d
Of course, dropping privileges breaks with systemd sockets
2018-07-07 15:21:21 +00:00
Frank Denis
9345958d16
Better description of what username does
2018-07-05 18:12:46 +02:00
Frank Denis
c73e95256d
Implement an offline mode
...
Fixes #528
2018-07-05 18:05:24 +02:00
John Spurlock
74093a65a2
Quick typo fix in example config. ( #511 )
2018-06-20 00:55:28 +02:00
Sebastian Schmidt
8f2972845d
Note that Windows doesn't support username option ( #494 )
2018-06-14 09:35:13 +02:00
Frank Denis
fe0aa52fba
Make description more accessible in the example configuration file
...
Also don't enable this by default, as "nobody" may not exist everywhere
2018-06-13 16:54:57 +02:00
Sebastian Schmidt
aab7e6380f
Drop privileges with exec ( #467 )
...
* Drop privileges with exec and SysProcAttr
* Fix windows build
* Fix passing logfile fd
2018-06-13 16:52:41 +02:00
Frank Denis
ae54a7aafc
Revert "Do not mention systemd activation until #480 is solved"
...
This reverts commit 066345123b
.
2018-06-13 16:49:57 +02:00
Frank Denis
066345123b
Do not mention systemd activation until #480 is solved
2018-06-08 06:35:47 +02:00