Commit Graph

1255 Commits

Author SHA1 Message Date
Frank Denis e20c980b15 Use CMD.EXE /c to run Windows commands
That sounds very weird to me, but @mazesy said it was the right
thing to do.
2018-04-10 20:04:03 +02:00
Frank Denis 989de64cf9 Update Gopkg.lock 2018-04-10 20:03:37 +02:00
Frank Denis c7ae244410 Cloak localhost 2018-04-10 15:07:51 +02:00
Frank Denis d559301377 Bump default cache size 2018-04-10 13:24:13 +02:00
Frank Denis 3d34027aeb Double the example cache size 2018-04-10 13:23:51 +02:00
Frank Denis 17792d0efc Use the default cipher suite in the example config file on x86_64 2018-04-10 12:09:52 +02:00
Frank Denis 40d492f93a Go has only X25519 optimized for x86_64 2018-04-10 11:28:59 +02:00
Frank Denis 19db1a1560 If we get a TLS handshake error, recommend using the default suite 2018-04-10 11:26:31 +02:00
Zhuoyun Wei 6d2330eaf0 Minor typo fixes in config files (#338) 2018-04-10 09:06:19 +02:00
Frank Denis e3ad6b1c0e Actually use a cache if tlsDisableSessionTickets is not set 2018-04-10 00:36:55 +02:00
Frank Denis 8bebb50d49 Nits 2018-04-09 23:58:36 +02:00
Frank Denis 37ebc1db0e Replace @NET session with @SFC 2>&1 | FIND /i "/SCANNOW" >NUL
Fixes #336
2018-04-09 15:38:00 +02:00
Frank Denis fbfa8f9aab Do stop/start for restart 2018-04-09 15:36:19 +02:00
Frank Denis aa538969a3 New beta 2018-04-09 13:27:02 +02:00
Frank Denis 44880f9b2c Patterns are now fully supported in cloaking rules
Fixes #306
2018-04-09 13:26:50 +02:00
Frank Denis 7d10628a5f New syntax for blocking/whitelisting rules: exact matching
Example: =example.com

Matches `example.com` but not `api.example.com`
2018-04-09 13:02:42 +02:00
Frank Denis de6a8d230e Use PolyChaCha, but more importantly, RSA by default
Even on non-ARM systems, this makes a difference in CPU usage/latency
2018-04-09 12:45:42 +02:00
Frank Denis 1a4d34dc55 Add golang.org/x/net/http2 to the dependencies 2018-04-09 11:56:49 +02:00
Frank Denis 751f049136 Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  minor (#330)
2018-04-09 03:13:05 +02:00
Frank Denis ca80b69b3a Re-implement ephemeral keys for DNSCrypt 2018-04-09 03:12:34 +02:00
Frank Denis 70dca19326 Clarify 2018-04-09 02:57:30 +02:00
Massimiliano Fantuzzi HB3YOE b23a0fa007 minor (#330)
updated IETF draft link to version 5, updated the "official name" of the proposed protocol, which is indeed "DNS over HTTP" without S or 2.
2018-04-08 20:29:21 +02:00
Frank Denis 172159c00a Use Go 1.10.1 2018-04-08 08:48:48 +02:00
Frank Denis 4439040bc8 patternMatcher: initialize the indirectVals map 2018-04-08 08:42:02 +02:00
Frank Denis 10baa245b2 Clarify 2018-04-07 23:27:57 +02:00
Frank Denis fcdf7d7e55 Update ChangeLog 2018-04-07 23:14:15 +02:00
Frank Denis 517538bdb2 Less ### 2018-04-07 23:05:29 +02:00
Frank Denis 65e6b8569e Implement whitelists
Fixes #293
2018-04-07 23:02:40 +02:00
Frank Denis ceb2d55afd Move time range things to their own file 2018-04-07 22:36:30 +02:00
Frank Denis 77d1b6d075 Spacing 2018-04-07 22:33:40 +02:00
Frank Denis fbe91ee58b No need to initialize xTransport before we have all the parameters 2018-04-07 22:33:11 +02:00
Frank Denis dee7960be6 Bump keepalive up 2018-04-07 22:26:46 +02:00
Frank Denis 1fa3e5d7f3 Add options to set the cipher suite as well as disable session tickets 2018-04-07 22:23:29 +02:00
Frank Denis a4366b0593 Update deps 2018-04-07 17:14:53 +02:00
Frank Denis 10986aba62 Add a MemUsage() helper 2018-04-07 17:05:55 +02:00
Frank Denis 5c86191e43 Use critibitgo 2018-04-07 16:59:10 +02:00
Frank Denis 58c7ff3d2f We may not have a schedule for every rule 2018-04-06 20:18:15 +02:00
Frank Denis 105cb2c525 Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00
Frank Denis 8217170a7b Revert "Do not consider SERVFAIL responses as server failures"
This reverts commit 0e65c50989.
2018-04-06 13:43:09 +02:00
Frank Denis 2d27eabf95 Revert "Add a -v flag"
This reverts commit d8c95aaca8.
2018-04-06 03:03:27 +02:00
Frank Denis d8c95aaca8 Add a -v flag
Fixes #317

But makes me grumpy, because -v usually means `verbose` to me.
2018-04-06 03:01:42 +02:00
Frank Denis 0e65c50989 Do not consider SERVFAIL responses as server failures 2018-04-06 02:47:58 +02:00
Frank Denis a938eeff7b Mainly revert 869d44c30e
Fixing #304 doesn't look trivial

The service module needs to know the arguments right away.

The arguments haven't been parsed yet. And if we do, we will prevent
further arguments to be added to the set. Including the ones added
by the service module itself.

So, we have quite of a circular dependency here.

If someone with some Go knowledge can fix that, that would be amazing.
But it's probably never going to happen.

Meanwhile, we can try to save the current directory and document
that we have to be in that directory when running the install command.

Which is not going to work on Windows, so this is a big fucking mess
2018-04-03 20:15:33 +02:00
Frank Denis c88e480a15 Include the -config option in the installed service
Untested on Linux and Windows. Fear.

Fixes #304
2018-04-03 19:42:27 +02:00
Frank Denis 869d44c30e Reorder 2018-04-03 17:59:15 +02:00
Frank Denis f0a690701d Print "additional certificate" when a server has multiple valid certs
This doesn't mean anything but looks less confusing than having the
same message twice

Fixes #303
2018-04-02 20:55:42 +02:00
Frank Denis d4367393c4 Add some links 2018-04-02 01:55:22 +02:00
Frank Denis 308ffff739 Make the keepalive configurable
Fixes #300
2018-04-02 01:49:09 +02:00
Frank Denis b71e04c64e Update miekg/dns to v1.0.5 2018-04-02 00:10:55 +02:00
Frank Denis e210fc537e Ignore the Cache-Control: max-age header
What's in the DNS packet is a better source of truth.

There was also an inconsistency between the TTL from the
max-age header (as returned in a response that wasn't cached) and
a response from the cache (using TTLs from the DNS packet).

So, just use what's in the packet.

Reported by @vavrusam, thanks!
2018-04-01 21:41:36 +02:00