Commit Graph

845 Commits

Author SHA1 Message Date
Frank Denis 7dde2f4a37 Request DNSSEC signature in the DoH probe 2018-01-27 16:53:57 +01:00
Frank Denis be1e99ea32 DoH: send a dummy query before measuring the RTT to ignore the handshake 2018-01-27 16:48:22 +01:00
Frank Denis 4f0c29047d + DoH 2018-01-27 15:31:28 +01:00
Frank Denis 50d0c0449f Initial support for DNS-over-HTTP2 -- Yes, it works with Google. 2018-01-27 15:26:08 +01:00
Frank Denis 85f8aa1000 Fix stamp proto initialization 2018-01-26 22:59:16 +01:00
Frank Denis eca7a078dd Do not blindly execute /sbin/init to detect upstart 2018-01-26 22:19:58 +01:00
Frank Denis e16155e22a DoHstamps 2018-01-26 20:38:31 +01:00
Frank Denis 3bbecdcde7 up 2018-01-26 20:16:45 +01:00
Frank Denis 747ccf85cb Let's update Go 2018-01-26 02:25:43 +01:00
Frank Denis 29f1b083a0 Rename a few things to prepare for DoH support 2018-01-26 02:25:38 +01:00
Frank Denis 375378c15b Rename "servers" to "static" for clarity 2018-01-25 17:41:36 +01:00
Frank Denis 1164dd4d4d Comment the additional list of servers in the example 2018-01-25 15:59:22 +01:00
Frank Denis 8a0d919503 +x 2018-01-25 15:56:28 +01:00
Frank Denis ff5bba1ba4 up 2018-01-25 15:55:27 +01:00
Frank Denis 803bc18027 Use a v2 list 2018-01-25 15:17:46 +01:00
Frank Denis 79193e6ee3 Add support for V2 source format -- Goodbye, CSV. 2018-01-25 15:02:18 +01:00
Frank Denis 78e8abeebc Use http:// 2018-01-25 14:34:55 +01:00
Frank Denis 054461e240 Reserve identifiers for traditional nonencrypted DNS and for DoH 2018-01-25 14:31:18 +01:00
Frank Denis f6a9229e2f Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Fix systemd socket support
2018-01-25 14:16:45 +01:00
Frank Denis 5b6e774356 Add service installation scripts for Windows 2018-01-25 14:15:28 +01:00
Frank Denis eb4f392071
Merge pull request #31 from Zirkelite/master
Fix systemd socket support
2018-01-25 11:17:42 +01:00
Adrián Laviós Gomis 023c3e78ee Fix systemd socket support 2018-01-25 10:24:28 +01:00
Frank Denis 81715555be Update deps 2018-01-24 20:08:48 +01:00
Frank Denis 1d5cce9cd1 Don't compress executables any more.
Fixes #26
2018-01-24 17:03:20 +01:00
Frank Denis 996d9be4e3 Improve message if /proc/self/exe doesn't exist (?)
Fixes #26
2018-01-24 16:55:28 +01:00
Frank Denis 732c451dd4 Add max_clients to cap the maximum number of client queries 2018-01-24 16:51:26 +01:00
Frank Denis e272dd84f7 up 2018-01-24 16:04:52 +01:00
Frank Denis 285cd09831 Don't compress on mips64 2018-01-24 15:41:48 +01:00
Frank Denis 81ec92d837 Remove --brute for now, for speed 2018-01-24 15:34:38 +01:00
Frank Denis 1dbc765fd7 crlf 2018-01-24 15:23:03 +01:00
Frank Denis b11c536fcc Compress only on relevant targets 2018-01-24 15:21:24 +01:00
Frank Denis 94f9c14ad7 Only attempt to use systemd on linux
Remove plan9 builds
2018-01-24 15:14:48 +01:00
Frank Denis d208d38f3f Update go, compress executables 2018-01-24 15:03:58 +01:00
Frank Denis 0b52211fa3 Update dnsc:// leftovers 2018-01-24 14:48:48 +01:00
Frank Denis c184ce1a03 systemd support
How does it work? I don't know. Does it work? I don't know.
Would I encourage its use? No.
2018-01-24 14:44:32 +01:00
Frank Denis 0ce20518db Make the UDP and TCP listeners more generic 2018-01-24 14:22:56 +01:00
Frank Denis 1bcb791270 up 2018-01-24 14:13:29 +01:00
Frank Denis abb659eed2 Nits 2018-01-23 15:51:57 +01:00
Frank Denis 3a3535dcbc Still tolerate hex-encoded pks, but emit a warning 2018-01-23 15:42:22 +01:00
Frank Denis ccbdd41f5d Add support for shorter stamps with binary public keys 2018-01-23 15:23:11 +01:00
Frank Denis 2d7920af22 Prefer sdns:// which is less application-tainted 2018-01-22 12:00:42 +01:00
Frank Denis d7b8217018 Only cache specific Rcodes 2018-01-22 11:19:57 +01:00
Frank Denis a9476fe04b Mention how to run as a non-root user on Linux 2018-01-22 10:56:52 +01:00
Frank Denis 973b53afdc Simplify 2018-01-22 10:02:06 +01:00
Frank Denis 8324b29b42 Require stamps in static server definitions
Provider names, etc. are not future-proof. In particular, they are
incompatible with other protocols such as DoH.
2018-01-22 09:59:32 +01:00
Frank Denis 1d18a230c0 Consistent casing 2018-01-21 22:18:20 +01:00
Frank Denis 3dcedac390 beta8 2018-01-21 19:52:51 +01:00
Frank Denis 29fee1585f abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist
With the following ruleset:

ex.com
bc.ex.com

"abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's
not at a label boundary, it is not rejected.

However, there is a more general rule that should be considered, ex.com.

So we need to perform at least two lookups in that case.
2018-01-21 19:47:19 +01:00
Frank Denis 6ca2697128 Clear certIgnoreTimestamp if we found at live 1 live server 2018-01-21 18:14:37 +01:00
Frank Denis 8bcba92f97 Add an undocumented option to ignore cert timestamps 2018-01-21 18:10:38 +01:00