Frank Denis
df3fb0c9f8
Keep lines short
...
$ golines -w -m 120 --shorten-comments .
2022-03-23 17:48:48 +01:00
Frank Denis
8fc0ffc35f
Enable HTTP/2 pings
2021-09-21 12:57:42 +02:00
Frank Denis
0ca90dd8cc
xtransport: set a default error status code
2021-07-31 13:21:45 +02:00
Frank Denis
cedd4f3b54
xtransport: properly forward the status code on error
2021-07-31 12:38:10 +02:00
Frank Denis
525927e797
Don't use net/http
2021-06-07 10:05:20 +02:00
Frank Denis
e57d5173e9
Support GET in ODoH targets
2021-06-06 01:22:48 +02:00
Frank Denis
e27419f73d
x509.SystemCertPool() may fail
2021-06-03 20:59:05 +02:00
Frank Denis
ddcc40c954
Hardcode Let's Encrypt ISRG X1 cert
...
Some operating systems don't include it yet.
Thanks to @rs for the heads up
2021-06-03 12:48:33 +02:00
Christopher Wood
c748f93752
Add ODoH support. ( #1653 )
2021-03-30 11:53:51 +02:00
Frank Denis
c500287498
Rename fallback_resolvers to bootstrap_resolvers
...
Clarify what they are used for.
Remove the legacy `fallback_resolver`.
2021-02-20 18:50:42 +01:00
Frank Denis
1a34c8d5ff
Add max-stale cache control directive to requests
2020-07-09 21:42:35 +02:00
Frank Denis
9f9a17ed6b
doh_client_x509_auth: don't ignore errors
2020-06-11 11:03:17 +02:00
Kevin O'Sullivan
5db4365540
Adding support for additional root CAs for DoH TLS Auth ( #1281 )
2020-06-08 18:01:40 +02:00
Frank Denis
1ff31f14f1
Remove the ct parameter from DoH queries
...
That was a workaround for Google, but Google doesn't seem to need
it any more.
2020-04-01 12:12:57 +02:00
Frank Denis
315f6f45ff
Certificates that can't be loaded are fatal
2020-03-24 14:31:43 +01:00
Kevin O'Sullivan
c040b13d59
Adding the ability to do TLS client authentication for DoH ( #1203 )
...
* Adding the ability to do TLS client authentication for DoH
* whitespace nit
* Check for server specific creds before wildcard
* small comma ok idiom change
2020-03-09 22:11:53 +01:00
Frank Denis
aa0e7f42d3
Make the xTransport functions return the HTTP body directly
...
This simplifies things, but also make RTT computation way more reliable
2020-02-21 22:33:34 +01:00
Frank Denis
7ada3fcfb8
Support multiple fallback resolvers
2020-01-15 19:58:14 +01:00
Frank Denis
c27d41faa0
Avoid unneeded DNS packet unpacking
2019-12-23 11:37:45 +01:00
Frank Denis
adb6dac420
Strip EDNS0 options in responses
2019-12-22 18:02:33 +01:00
Frank Denis
5118ed21fd
Use dumb padding even for GET queries
...
Resolvers such as Cloudflare always add padding to DoH responses
Resolvers such as Google only do if the question had dumb padding
Resolvers such as Cisco blindly return a copy of the question's padding
Some resolvers don't return any padding no matter what's in the question
Finally, other resolvers return FORMERR
This is a mess. A bad design inherited from DoT, that didn't fix
anything from Unbound's original experiment.
Also, padding with zeros as recommended is a bad idea. When using
GET, escaping makes the actual padding size 3 times as big as needed.
2019-12-22 17:34:16 +01:00
Frank Denis
1585ede954
Use EDNS0 padding when using DoH over POST
...
This mechanism is horrible, slow (requires re-unpacking and re-packing
the query), should be done at transport layer and not at content layer, and
of course, it is incompatible with some resolvers.
However, in spite of https://go-review.googlesource.com/c/go/+/114316/2/src/net/http/transfer.go ,
we may still end up sending the header and the content in distinct packets.
So, use that horror for POST queries only. For GET, this is not needed.
2019-12-22 15:31:02 +01:00
Frank Denis
0454463539
Pad GET queries
2019-12-22 14:43:21 +01:00
Frank Denis
a7b7bdc11e
Compress synthetic responses
2019-12-11 14:02:56 +01:00
Frank Denis
56d02597a6
Extend the grace period and log when it's used
2019-12-09 17:08:59 +01:00
Frank Denis
21a5765527
Rename resolveWithCache() and make the comment match what the fn does
2019-12-09 17:03:16 +01:00
Frank Denis
2d8fd40481
Don't use named return values just for one value, especially an error
...
Be consistent with the rest of the code
2019-12-09 16:59:02 +01:00
Frank Denis
3e32d38f29
Explicit initialization
2019-12-09 16:56:43 +01:00
Frank Denis
0b64c5df66
Improve logging
2019-11-17 22:04:58 +01:00
Frank Denis
ad40c6c54b
Fallback to the system resolver if the fallback resolver doesn't work
...
This is useful if fallback_resolver has been set to random junk, or
to an external resolver, but port 53 is blocked.
At least, it may allow the server to start.
2019-11-17 22:00:08 +01:00
Frank Denis
c3d93124a7
Bump MinResolverIPTTL up
2019-11-17 20:30:59 +01:00
Frank Denis
0e8d1a941b
Typo
2019-11-17 20:30:00 +01:00
Frank Denis
068c8e70f2
Typo
2019-11-17 20:00:34 +01:00
Frank Denis
0f332c644d
Set a minimum TTL when caching resolver IPs
...
Comcast having a 30 sec TTL is silly
2019-11-02 02:01:03 +01:00
Frank Denis
63ed3b4fef
Update comment
2019-11-02 01:52:51 +01:00
Frank Denis
a84a789a8a
Keep resolving if needed
2019-11-02 01:50:35 +01:00
Frank Denis
d932d5fdfc
Inverse test
2019-11-02 01:20:28 +01:00
Frank Denis
6032c3b79b
Add a grace TTL for expired cached IPs
...
And some comments to make the code more readable
2019-11-01 23:19:07 +01:00
Frank Denis
0dc69eacd5
resolveHostWithCache -> resolveWithCache
2019-11-01 23:10:36 +01:00
Frank Denis
b30904f20b
lowercase
2019-11-01 23:06:42 +01:00
Frank Denis
8d191cdcf1
Rename CheckResolver to IsIPAndPort for clarity
2019-11-01 23:05:17 +01:00
Frank Denis
3cef651b07
Rename resolveHost() to resolveHostWithCache() for clarity
...
(but to be honest, I don't understand anything to that code any more)
2019-11-01 23:00:39 +01:00
Frank Denis
e028f4d483
Don't delete cached server IP addresses
...
If we can't update an entry, keep the previous one.
2019-11-01 22:55:06 +01:00
Frank Denis
3db3de0a91
Use SystemResolverTTL as a minimum timeout for cached resolver IPs
2019-11-01 21:47:13 +01:00
Frank Denis
59c3d5121d
Add brackets around cached IPv6 IP addresses
...
Fixes #1005
2019-10-31 17:55:54 +01:00
Frank Denis
3a68f90c37
Back to 2.0.29 beta 3 ( ceed905196
)
2019-10-31 17:50:19 +01:00
Frank Denis
71e3cf4aef
Add brackets around cached IPv6 IP addresses
...
Fixes #1005
2019-10-31 16:38:43 +01:00
Frank Denis
a0614510e9
Don't name different things "ttl" to avoid confusion
2019-10-21 18:40:47 +02:00
Frank Denis
ffd60d21db
Reduce lock contention
2019-10-21 18:36:47 +02:00
Frank Denis
70970d2333
Nits
2019-10-21 18:31:06 +02:00