miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
840 Commits 11 Branches 89 Tags 58 MiB
Commit Graph

840 Commits

Author SHA1 Message Date
Frank Denis d418225fdb Mention that the resolvers list is shuffled 2019-06-03 18:53:55 +02:00
Frank Denis aca031c2ec Don't display sorted latencies if there is only one (or none) 2019-06-03 18:51:21 +02:00
Frank Denis 8e01421304 Bump 2019-06-03 18:31:58 +02:00
Frank Denis ae2d036703 setting -> lowering 2019-06-03 17:35:16 +02:00
Frank Denis 313ca48cad rtt -> RTT 2019-06-03 17:32:54 +02:00
Frank Denis 36e3691ccc Log the current candidate's RTT 2019-06-03 17:32:23 +02:00
Frank Denis 62e8d193c0 Round numbers 2019-06-03 17:10:38 +02:00
Frank Denis b63df9cdfa Initialize the server rtt with the startup measurement 2019-06-03 17:07:30 +02:00
Frank Denis 30f2a4fd6b Misc fixes 
- Set LBEstimator to true by default
- Shuffle the servers list at startup
- Add the server name to the query log
 2019-06-03 16:49:06 +02:00
Frank Denis ec1b03b026 Renamed "hit" to "cached", and add the duration unit in TSV logs 2019-06-03 13:16:59 +02:00
Frank Denis 9e2a945fff Print the sorted list of latencies 
Add an option to disable the load-balancing estimator
 2019-06-03 13:04:59 +02:00
Frank Denis a417f0d282 Use 255.255.255.0 as the default netprobe address 2019-06-03 12:22:53 +02:00
Frank Denis 5b5b5ec583 Verify that ApplyQueryPlugins() doesn't blow the packet size 2019-06-03 00:47:39 +02:00
Frank Denis 11311d663d Update deps 2019-06-02 13:25:06 +02:00
Frank Denis 2e89c8da01 Rename LbStrategyFastest to LbStrategyFirst 2019-06-02 13:24:24 +02:00
Frank Denis 3f2656dbe3 Document netprobe_address 2019-05-31 23:02:45 +02:00
Frank Denis f8415c4a4b Update deps 2019-05-31 22:49:25 +02:00
Frank Denis b22d6dfc96 Send a byte to the netprobe IP only on Windows 2019-05-31 11:15:59 +02:00
Mathias Berchtold cf261da79a Fix netProbe write check 
Write at least 1 byte. This ensures that sockets are ready to use for writing.
Windows specific: during the system startup, sockets can be created but the underlying buffers may not be setup yet. If this is the case Write fails with WSAENOBUFS: "An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full
This fixes: https://github.com/jedisct1/dnscrypt-proxy/issues/841
 2019-05-31 11:05:22 +02:00
Mathias Berchtold 7c8e20a533 netProbe: Always log Network connectivity detected 
In the netProb function, always log whether network connectivity is detected or not.
 2019-05-30 22:28:57 +02:00
encrypt.town da48434483 regex isn't fully parsing the complicated csv file 
Not all URLs are extracted from the complicated csv file.
However, they do offer a txt file for the same list, which does work correctly with the current regex:
https://www.malwaredomainlist.com/forums/index.php?topic=3270.0
This url replacement pull request is easier than rewriting the entire regex (which then breaks other lists).
 2019-05-29 09:31:16 +02:00
Ferdinand Holzer 4e76cd2245 Rename cacheHit to hit in ltsv log 2019-05-28 23:14:28 +02:00
Ferdinand Holzer 14b464e56d Log whether response was served from cache 2019-05-28 23:14:28 +02:00
Ferdinand Holzer af096f8488 Remove request forwarding measurement from log 2019-05-28 23:14:28 +02:00
Frank Denis 578c090890 Send an empty packet to the probe 
This seems to be required on Windows.

Also add the ability to wait for up to an hour.
 2019-05-28 13:22:11 +02:00
Ferdinand Holzer da2e4b0b4b Change duration output in query log to milliseconds (#836) 2019-05-26 21:53:15 +02:00
Ferdinand Holzer eab77ff871 Enhance logging (#834) 
* Enhance query logging

Add request duration, and forward duration if applicable.

* Also measure requests forwarded based on forwarding_rules
 2019-05-26 21:16:47 +02:00
Frank Denis 29a954f651 Snap: don't bother renaming the example config file 2019-05-24 23:03:06 +02:00
Frank Denis ef3e4cb6ee snap: use classic confinement, copy config files, remove network-control 2019-05-24 22:59:51 +02:00
Simon R f3e032f88a fix remaining urllib2 reference (#830) 2019-05-22 20:50:45 +02:00
igorljubuncic 0f3e8d32c6 Add support for building snaps (#820) 2019-05-22 17:43:47 +02:00
Simon R bc5e4f0544 make generate-domains-blacklist.py compatible to both python2 and python3 (#828) 
* update domains-blacklist-all.conf: Quidsup NoTrack moved to gitlab

* make generate-domains-blacklist.py python3 compatible

* fix whitespace
 2019-05-22 10:15:08 +02:00
encrypt.town dcce060ef2 Whitelist Server Source Domains (#829) 
A malicious blacklist, or accidental block, could prevent dnscrypt-proxy users from being able to fetch public resolvers and important certificate updates. Both URLs are taken from the default config:

[sources.'public-resolvers']
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
 2019-05-22 10:14:37 +02:00
Frank Denis fb7f16c902 quidsup notrack moved to gitlab 
Thanks to @simonfxr for reporting this
 2019-05-21 20:29:02 +02:00
Frank Denis 0e2d78d21b Warn is DoH is requested but HTTP/2 is not supported 2019-05-12 09:55:13 +02:00
Frank Denis 50a2018633 Keep holding the read lock in the cloaking load-balancing code 
Maybe
fixes #807
 2019-05-02 23:53:47 +02:00
Frank Denis 02d07df43f Cloaking example: yandex.ru to familysearch.yandex.ru 2019-04-29 14:35:24 +02:00
Frank Denis a8045e0a7a Bump 2019-04-28 23:26:33 +02:00
Frank Denis 71858bfc98 Update deps 2019-04-28 23:19:52 +02:00
Frank Denis 587a09b306 Add freebsd/armv7 target 
Fixes #792
Fixes #682
 2019-04-15 08:48:08 +02:00
Frank Denis 5c9edfccfe Ignore onion servers if Tor is not being used 2019-04-14 14:19:12 +02:00
Frank Denis 4940b34c76 Improve caching of server addresses, especially when using proxies 2019-04-14 13:46:07 +02:00
Frank Denis d143ae5279 Set the main protocol to TCP when using a SOCKS proxy 2019-04-14 13:41:43 +02:00
Frank Denis 4b001e3b8e Skip DNS resolution on Tor services 2019-04-14 11:18:14 +02:00
Frank Denis 0a535e28ab Stop printing "crypto v1/v2", as both are equally secure 2019-04-08 08:30:43 +02:00
Frank Denis 25ac94e7b2 Revert "Add Stretch-Hash-and-Truncate option for extreme DNS privacy" 
This reverts commit 2d1dd7eaab.
 2019-04-02 01:57:48 +02:00
Frank Denis 2d1dd7eaab Add Stretch-Hash-and-Truncate option for extreme DNS privacy 
This works over DNSCrypt and DoH, but requires a specifically configured
server.

Instead of sending the actual DNS queries, the SH-T system works as follows:

Step 1: the client query is evaluated through Argon2id, a military-grade,
memory-hard, CPU-hard stretching function. This makes it very expensive
for an attacker to find the original query, even using GPUs and ASICs.
For post-quantum resistance, we use it to generate a 1024-bit key.

Step 2: in case the Argon2id algorithm has a vulnerability, or, since this
is a popular function used for hashing passwords and for cryptocurrencices,
and people may have built rainbow tables already, we use a hash function over
the result of the previous function. This immediately defeats rainbow tables.

Step 3: the output of the hash function is truncated to 64-bit.
Due to a property of this operation known as collision-misresistance, and even
if the previous steps fail due to a nation-state actor, it is impossible for a
server operator to prove what exact query was originally sent by a client.

This feature is experimental.
 2019-04-01 09:36:56 +02:00
Frank Denis f744110d38 Bump 2019-04-01 08:24:58 +02:00
Frank Denis 674bd30d45 Update dependencies 2019-04-01 08:21:17 +02:00
Frank Denis 8b608403b1 Do not cache truncated messages 
Fixes #774
 2019-04-01 08:19:26 +02:00