Commit Graph

623 Commits

Author SHA1 Message Date
Amit 2a6a1852f1 Cache Plugin: return non-fixed TTL for cached entries 2018-02-09 17:59:04 +02:00
Frank Denis c42ae840db
Merge pull request #107 from Bitti09/master
switched  to https version  when available
2018-02-08 16:21:17 +01:00
Bitti09 a4e4c9da8e switched to https version when available 2018-02-08 16:18:40 +01:00
Frank Denis 063a9b6957 Remove Solaris test builds 2018-02-07 23:37:56 +01:00
Frank Denis 148b19cfd1 Use Go 1.10rc2 2018-02-07 22:50:38 +01:00
Frank Denis dfe68118c6 Don't suggest that URLs are optional in the example config file
This is confusing, and virtually everybody needs to specify
URLs no matter what.

Fixes #101
2018-02-07 10:48:41 +01:00
Frank Denis 16c75172ad Remove "starting"
Fixes #97
2018-02-06 19:33:58 +01:00
Frank Denis 453299e49a 2.0.0 final 2018-02-06 16:13:06 +01:00
Frank Denis d644cf0c41 Move servers down 2018-02-06 16:11:53 +01:00
Frank Denis 6863ab66d5 Update dlog 2018-02-06 16:07:54 +01:00
Frank Denis 404c21816e Use a more permanent URLm even if it's a redirect 2018-02-06 14:27:45 +01:00
Frank Denis f6b6d70615 Add knobs to filter by protocol 2018-02-06 14:11:58 +01:00
Frank Denis 31c16c0dbb Nits 2018-02-05 19:25:52 +01:00
Frank Denis af0833387a Close idle connections after an error; reduce idle connections timeout 2018-02-05 19:03:04 +01:00
Frank Denis 7f5d67881b Add a super secret way to print cert hashes
Not so secret. The purpose is to avoid log pollution, while still
allowing people setting up DoH servers to quickly view the
certificate chain.
2018-02-05 13:24:17 +01:00
Frank Denis 5c52199ee1 draft 3 says queries should use "dns", previous drafts said "body"
Send both until servers adjust :/
2018-02-05 11:36:15 +01:00
Frank Denis 43f3e64bd9 DoH: fallback to GET on servers that don't support POST 2018-02-05 11:30:10 +01:00
Frank Denis 8a7569555c Don't warn if lbStrategy is empty 2018-02-05 01:53:23 +01:00
Frank Denis a43352e160 Make the load-balancing strategy configurable 2018-02-04 21:23:39 +01:00
Frank Denis 88434fc39f Prepare support for multiple load balancing strategies 2018-02-04 21:13:54 +01:00
Frank Denis f319088506 restrict. is too restrictive 2018-02-04 15:20:17 +01:00
Frank Denis 6f546b4c21 Use Cache-Control 2018-02-04 13:48:51 +01:00
Frank Denis 6b49470b95 Update deps, include cachecontrol 2018-02-04 13:48:40 +01:00
Frank Denis ed60976dd2 Infer TTL from Date: and Expire: headers
Unfortunately, Google DNS sets Expire: to the same value as Date:

So we may want to use Cache-Control instead.
2018-02-04 13:35:40 +01:00
Frank Denis 458da8fa77 DoH: use 0 as a transaction ID
Reject short TCP queries early by the way
2018-02-04 12:57:54 +01:00
Frank Denis 2eed62f1e2 Add a setMaxTTL() function
Will be useful to interprete HTTP cache headers in DoH
2018-02-04 12:39:33 +01:00
Frank Denis 454e1bdfbc Link to the latest draft of DNS-over-HTTPS 2018-02-04 12:20:26 +01:00
Frank Denis a4b70fa56d Last released candidate, so people can test cloaking 2018-02-04 12:00:24 +01:00
Frank Denis 9d69811de9 Add limits to HTTP requests 2018-02-04 11:33:04 +01:00
Frank Denis 9ee7e522b1 Proper stamps length check 2018-02-04 11:04:29 +01:00
Frank Denis cfeb25a4c2 cloak: decrement TTL 2018-02-04 09:36:57 +01:00
Frank Denis d005a76dc4 Add some comments 2018-02-04 02:29:09 +01:00
Frank Denis 18167c0f47 If we already performed a resolution before, even partial, don't retry
(at least until the TTL expires)

So, if www.google.com is cloaked, and forcesafesearch returns a A
record but no AAAA, return the cloaked A record for A queries, but
don't return the actual AAAA record for AAAA queries: return a
synthetic empty response instead.
2018-02-04 02:22:38 +01:00
Frank Denis 5c18c51116 We need to manage the TTL properly, but in the meantime, reduce log verbosity 2018-02-04 02:12:45 +01:00
Frank Denis 1e066e69b3 Import a cloaking example file 2018-02-04 01:57:18 +01:00
Frank Denis 033931a13a Add a new powerful plugin: DNS cloaking 2018-02-04 01:43:37 +01:00
Frank Denis e62dd27593 Use https for the remote source example
This can be changed back to http on platforms that don't have a clock
2018-02-03 22:01:09 +01:00
Frank Denis 93810e60d7 Set the default source refresh delay to 3 days 2018-02-03 18:55:46 +01:00
Frank Denis 588d8dabde rc2 2018-02-03 12:53:43 +01:00
Frank Denis faf80cd6f7 Recompress the logo 2018-02-03 12:15:24 +01:00
Frank Denis f513ab21fa Check if the config file exists from the current directory
Try the executable directory if it fails

Then, go to that config file directory no matter what

Fixes #80
2018-02-03 10:46:47 +01:00
Frank Denis 67b0d95ea1 Reduce log verbosity when ignore_system_dns = true
Fixes #81
2018-02-03 10:25:41 +01:00
Frank Denis db973f1aa9
Merge pull request #78 from mastad0n/patch-5
Fix mirror 404
2018-02-02 20:43:31 +01:00
Frank Denis 118ec5e0f0
Merge pull request #79 from mastad0n/patch-6
fix mirror 404
2018-02-02 20:43:19 +01:00
mastad0n d2a0cdf0c7
fix mirror 404 2018-02-02 11:28:40 -08:00
mastad0n 1feada737e
Fix mirror 404 2018-02-02 11:27:59 -08:00
Frank Denis cb911e6ed0 Add missing golang-lru files 2018-02-02 18:18:38 +01:00
Frank Denis a7ecb1a4a3 Update golang-lru 2018-02-02 17:46:45 +01:00
Frank Denis 1fcb0acc77
Merge pull request #77 from Zirkelite/systemd-service-update
Update systemd service to pull nss-lookup.target in.
2018-02-02 16:04:06 +01:00
Adrián Laviós Gomis 821646e7a4 Update systemd service to pull nss-lookup.target in.
According to systemd.special(7), nss-lookup.target is a Special Passive System Unit. This means that services depending on its functionality should order themselves after the target with an After= type dependency, but should not have a Wants= dependency for them. Therefore, nss-lookup.target should be pulled in by the providing services instead, or the consumer services will never be able to order themselves after the providing services since nss-lookup.target would not be pulled in at any point in the boot process. dnscrypt-proxy.service provides name lookup functionality, and has a Before= dependency on nss-lookup.target. However, it should have a Wants= dependency on it as well in order to indicate readiness of name lookup functionality.
2018-02-02 15:51:38 +01:00