Commit Graph

1056 Commits

Author SHA1 Message Date
Frank Denis ccbdd41f5d Add support for shorter stamps with binary public keys 2018-01-23 15:23:11 +01:00
Frank Denis 2d7920af22 Prefer sdns:// which is less application-tainted 2018-01-22 12:00:42 +01:00
Frank Denis d7b8217018 Only cache specific Rcodes 2018-01-22 11:19:57 +01:00
Frank Denis a9476fe04b Mention how to run as a non-root user on Linux 2018-01-22 10:56:52 +01:00
Frank Denis 973b53afdc Simplify 2018-01-22 10:02:06 +01:00
Frank Denis 8324b29b42 Require stamps in static server definitions
Provider names, etc. are not future-proof. In particular, they are
incompatible with other protocols such as DoH.
2018-01-22 09:59:32 +01:00
Frank Denis 1d18a230c0 Consistent casing 2018-01-21 22:18:20 +01:00
Frank Denis 3dcedac390 beta8 2018-01-21 19:52:51 +01:00
Frank Denis 29fee1585f abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist
With the following ruleset:

ex.com
bc.ex.com

"abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's
not at a label boundary, it is not rejected.

However, there is a more general rule that should be considered, ex.com.

So we need to perform at least two lookups in that case.
2018-01-21 19:47:19 +01:00
Frank Denis 6ca2697128 Clear certIgnoreTimestamp if we found at live 1 live server 2018-01-21 18:14:37 +01:00
Frank Denis 8bcba92f97 Add an undocumented option to ignore cert timestamps 2018-01-21 18:10:38 +01:00
Frank Denis 05e07e8b69 Add a simple built-in DNS client for testing 2018-01-21 18:02:32 +01:00
Frank Denis d9b5625226 IP blocking 2018-01-21 16:07:44 +01:00
Frank Denis 1c80e80a0d Do not recommend block_ipv6 2018-01-21 00:54:20 +01:00
Frank Denis f80c16ed2a Slightly change the way we block ipv6 2018-01-20 22:30:36 +01:00
Frank Denis f7b8b70322 Revert "AAAA filter: Reject instead of sending an empty response"
This reverts commit aceb8b30f7.
2018-01-20 22:06:40 +01:00
Frank Denis aceb8b30f7 AAAA filter: Reject instead of sending an empty response
Empty responses can cause issues with CNAME records
2018-01-20 20:37:02 +01:00
Frank Denis f33b8a964a Use softfloat on mips builds 2018-01-20 19:20:50 +01:00
Frank Denis 4f0c36ac27 Don't log blocked suffixes in reverse 2018-01-20 17:25:16 +01:00
Frank Denis 9a85a50efd beta6 2018-01-20 17:14:53 +01:00
Frank Denis a1461f3452 Remove unused variable 2018-01-20 17:14:21 +01:00
Frank Denis 5dd08fe56b Fix swapped out arguments in substring check
*example.com* was matching ample.com, not xxxexample.comxxx

Fixes #14
2018-01-20 17:11:46 +01:00
Frank Denis 4f42dd01a4 nxlog 2018-01-20 17:03:48 +01:00
Frank Denis 1e0e01e8e1 NXLOG: a new output plugin to log suspicious queries 2018-01-20 16:59:40 +01:00
Frank Denis caca210568 Regen deps 2018-01-20 14:20:45 +01:00
Frank Denis 47fdc45b2d beta5 2018-01-20 14:15:20 +01:00
Frank Denis ed50798049 Preliminary implementation of stamps 2018-01-20 14:13:11 +01:00
Frank Denis 88414e1448 Print stamps; require an env variable for debug level 2018-01-20 13:56:26 +01:00
Frank Denis 0fe21b2d57 Shortcut filters for the root zone 2018-01-20 13:30:19 +01:00
Frank Denis 066db6a080 Replace logged_qtypes with ignored_qtypes 2018-01-20 13:27:37 +01:00
Frank Denis 5080502381 " -> ' \because\people\still\use\backslahes\to\separate\path\components 2018-01-20 13:20:30 +01:00
Frank Denis 475d7edb2a Fix suffix matching so that www.example is rejected if example is filtered 2018-01-20 13:18:54 +01:00
Frank Denis b9e89d2278 megacheck 2018-01-20 01:00:19 +01:00
Frank Denis 5dae74ab0b beta4 2018-01-20 00:40:44 +01:00
Frank Denis 187de17396 Don't prefetch more frequently than 1/min 2018-01-20 00:31:54 +01:00
Frank Denis 1c27d6c230 Improved error handling 2018-01-20 00:30:33 +01:00
Frank Denis 7fbb4c5428 Improve the prefetcher; run a dedicated goroutine 2018-01-19 23:43:45 +01:00
Frank Denis 2ab29a43d6 Reduce the noise 2018-01-19 22:37:05 +01:00
Frank Denis a64f90e1ba Update dlog 2018-01-19 20:54:32 +01:00
Frank Denis fd9291b240 Update dlog 2018-01-19 20:27:48 +01:00
Frank Denis 6e1eaf7b90 More flexible logging; add support for the Windows event log 2018-01-19 20:06:04 +01:00
Frank Denis ed33eb4890 up 2018-01-19 19:48:01 +01:00
Frank Denis b02a4e6c73 Update dlog; now with support for the Windows Event Log
(completely untested)
2018-01-19 19:33:25 +01:00
Frank Denis 4b4bf36633 Unreachable -> Timeout 2018-01-19 16:40:35 +01:00
Frank Denis aac0078991 Choose if we want to use IPv6 and/or IPv4 servers 2018-01-19 16:38:43 +01:00
Frank Denis 3006a6f2b4 Print server names instead of provider names 2018-01-19 15:50:44 +01:00
Frank Denis 0bdfd01245 up 2018-01-19 15:50:39 +01:00
Frank Denis 7103229609 Add a logged_qtypes feature to log only some query types 2018-01-19 12:57:47 +01:00
Frank Denis 414d366cb2 Print the root zone as a dot rather than an empty string
Fixes #7
2018-01-19 12:33:27 +01:00
Frank Denis e9e028c970 beta3 2018-01-19 00:11:52 +01:00