Commit Graph

1520 Commits

Author SHA1 Message Date
Frank Denis 06705a6d14 Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Bump
2020-06-12 14:24:31 +02:00
Frank Denis 5b24439f99 Why the heck is Energized BLU blocking VK? 2020-06-12 14:24:11 +02:00
Frank Denis 65f42918a1 Bump 2020-06-11 17:10:33 +02:00
Frank Denis c59caf3a63 Try oisd list by default, mainly because it tries to avoid FPs 2020-06-11 13:16:50 +02:00
Frank Denis 576162d9bf Remove CodeQL/ShiftLeft until they are enabled for the org 2020-06-11 11:46:17 +02:00
Frank Denis d55421df96 Don't bind listening sockets with the -list/-list-all options
Fixes https://github.com/Homebrew/homebrew-core/pull/55998
2020-06-11 11:41:17 +02:00
Frank Denis 9cce77cc53 No need to import the dnsstamps package twice 2020-06-11 11:13:41 +02:00
Frank Denis 4f47cd0f4f Avoid implicit memory aliasing in for loop 2020-06-11 11:10:33 +02:00
Frank Denis de6afd5a4c Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Create shiftleft-analysis.yml
  Create codeql-analysis.yml
  Revert "Fix unit tests on Win10 (attempts 1 and 2)"
  sources_test: set bit 16 of the port instead of adding zeros (#1358)
  Fix unit tests on Win10 (attempt 2)
2020-06-11 11:03:30 +02:00
Frank Denis 9f9a17ed6b doh_client_x509_auth: don't ignore errors 2020-06-11 11:03:17 +02:00
Frank Denis 0fd0a1a939
Create shiftleft-analysis.yml 2020-06-11 10:55:08 +02:00
Frank Denis 8a99b3ed93
Create codeql-analysis.yml 2020-06-11 10:53:45 +02:00
William Elwood 2018945fdf Revert "Fix unit tests on Win10 (attempts 1 and 2)"
This reverts commit 92dda0d55a.
This reverts commit 5a1fdc8cd6.
2020-06-10 19:45:11 +01:00
Frank Denis f4d519092b
sources_test: set bit 16 of the port instead of adding zeros (#1358)
Ok @welwood08
2020-06-10 20:24:41 +02:00
William Elwood 92dda0d55a Fix unit tests on Win10 (attempt 2)
Thanks to @lifenjoiner for testing! Windows 10 behaves even more unexpectedly.
After it parses the "ip:port" string as a hostname, it attempts to upgrade from
http to https by appending `:443` and parsing that new URL again.
This seems to happen concurrently with the doomed DNS lookup and we see the
error from whichever fails first.
2020-06-10 12:10:51 +01:00
Frank Denis 8c42c465b2 Be even more explicit 2020-06-10 11:38:46 +02:00
Frank Denis 5416891056 Temporarily parse [tls_client_auth] for backward compatibility
Document the change.

Fixes #1355
2020-06-10 11:37:03 +02:00
Frank Denis d7f16f6be4 Uncomment sections for consistency 2020-06-10 11:04:50 +02:00
Frank Denis adcdcffdec Skip netprobe & listeners when -show-cert or -check are used
Fixes #1354
2020-06-10 11:01:59 +02:00
Huhni c07ed55b16
update domains-blacklist.conf (#1353)
* remove isc.sans.edu lists

It says "Service Suspended" when opening these links

* change Peter Lowe's list to domains only

There is no need to manually strip away all the 127.0.0.1 at the beginning of each line if there is already a method for domains only provided on the website. Could also be modified to ignore old entries with `&startdate%5Byear%5D=2015`.
Adding `&mimetype=plaintext` doesn't seem to change anything for `hostformat=nohtml`, but could be added as well.

* Remove lists intended for adblockers

The Adblock Warning Removal List currently has 559 lines, only two of which are actually useable for dnscypt-proxy (adscat.ru, shellcat.ru).
Fanboy Social currently has 20162 lines and only 118 lines can be used, which is about 0.6%.
CJX Annoyance List: 512 lines, 19 lines usable, but it's just a lite version of the already included Easylists.
Prebake: 1160 lines, 4 lines usable (also not updated since May 2018)

Most of the remaining domains should be covered by a larger domains blocklist, such as Energized BLU, therefore I think it's safe to remove them.

* remove lists included in Energized Blu

Since Energized Blu is enabled by default, there is no need to also enable lists by default that are already contained in it.

Energized Blu contains the following sources:
1hosts, add.2o7Net, add.Dead, Risk & Spam, Adguard Filters, Ador, Anti-PopAds, Coin Blocker, Disconnectme Ads, Malware & Malvertising, EasyPrivacy Specific, hBlock, Lightswitch Ads & Tracking, Spam404, KADhosts, MoaAB, MobileAdTrackers, No Tracking, NSABlocklist, someonewhocares, StevenBlack, Wally3K_Blacklist & Zeus Tracker
2020-06-09 17:43:15 +02:00
William Elwood 5a1fdc8cd6 Fix unit tests on Win10
Untested attempt to fix unit tests that fail on Windows 10 build 1909.
From the test output mentioned in #1332, it looks like this version of Windows
doesn't report an "invalid port" error when asked to connect to an invalid port,
instead it treats the port as part of the host name and attempts a DNS lookup.
Naturally, this fails because the colon character is not valid in a host name.
This change simply makes this inexplicable error an expected result since the
outcome is the same and we can't fix Windows.
2020-06-09 15:51:23 +01:00
Frank Denis f9268be0c2 Recompute deps 2020-06-09 12:09:51 +02:00
Frank Denis 08e9dfe46e Nits 2020-06-09 09:55:40 +02:00
Frank Denis 506f727f1f Another place worth force GC'ing 2020-06-09 09:52:59 +02:00
Frank Denis b794d47a76 Force GC where it seems to matter most 2020-06-09 09:42:09 +02:00
Frank Denis 8200616655 dlog update 2020-06-08 22:52:07 +02:00
Frank Denis 8945cb1b90 Add log_file_latest 2020-06-08 22:31:03 +02:00
Frank Denis 9f9318701f Update dlog 2020-06-08 20:33:18 +02:00
Frank Denis 87c161ab76 Clarify what log_file is 2020-06-08 20:07:24 +02:00
Frank Denis e9227daf6a Update deps 2020-06-08 19:22:36 +02:00
Frank Denis 9c5cf611a4 Preliminary ChangeLog 2020-06-08 19:20:55 +02:00
Frank Denis b32ffbb807 Discourage from blindly using dns64 2020-06-08 18:59:39 +02:00
s-s f48b13f7b8 Add DNS64 support 2020-06-08 18:42:54 +02:00
Frank Denis d766dc8bf7 doh_client_x509_auth: make it clear that root_ca is optional 2020-06-08 18:09:37 +02:00
Kevin O'Sullivan 5db4365540
Adding support for additional root CAs for DoH TLS Auth (#1281) 2020-06-08 18:01:40 +02:00
Frank Denis 68ccd1410f Support multiple stamps per resolver
For now, a single stamp is randomly chosen in order to spread the load,
but we may eventually want to also use this for failover mechanisms.
2020-06-08 17:54:49 +02:00
Frank Denis b0e883ebc6 Android: use getprop persist.sys.timezone to get and set the time zone
Untested. Maybe
fixes #1351
2020-06-06 15:32:27 +02:00
Frank Denis 9d1eee4b29 Expand default whitelist 2020-06-03 09:47:34 +02:00
IceCodeNew dd1f32ebfd
Add comments for domains-blacklist.conf, with a little sorting on it. (#1350)
* Update domains-blacklist.conf

0. Add more comments so it should be much easier for anyone to get understanding how to choose the rules which is delivered in varies levels.
1. Sort rules from Energized so it is ordered in the sort of size, which would make sense.

* Add rule from AdAway

AdAway seems to be a project last more than 9 years. I tried it for several days and haven't experienced any false positive yet.
2020-06-03 09:42:50 +02:00
Frank Denis 2739db2733 Update deps 2020-06-02 13:56:05 +02:00
Frank Denis 010cedd7b8 whitelist qualtrics.com 2020-06-02 13:51:37 +02:00
Frank Denis 45628702b6 Add SANS lists 2020-06-02 13:03:41 +02:00
Frank Denis 1f6d8cc53c Nits 2020-05-31 13:46:44 +02:00
Frank Denis c5d2459752 Whitelist domains required to check for captive portals 2020-05-31 13:36:15 +02:00
Frank Denis 8ddd5fe36e Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Fallback to cache_file avoiding termination for not offline_mode (#1332)
  Minor update to GH Actions workflow (#1341)
2020-05-31 13:27:28 +02:00
Frank Denis d59d9427b3 Don't wait for the whole server list before accepting connections
Blocking until all servers have been checked is safe, but significantly
increases startup times.

OTOH, we shouldn't accept connections unless we have at least one live
server.

So, a better approach may be to add the ability for `serversInfo.refresh()`
to write to a channel after a live server has been found, and block on
that channel in the main thread before accepting client connections.
2020-05-31 13:24:35 +02:00
lifenjoiner c4a13d25ce
Fallback to cache_file avoiding termination for not offline_mode (#1332)
Ignore downloading error from `NewSource` when startup (cache loaded).
2020-05-30 07:38:04 +01:00
Will Elwood ee62eb7b23
Minor update to GH Actions workflow (#1341)
* Update releases.yml

Run CI for pull requests and new tags, and only when relevant files change in a push or PR.

* Update releases.yml

"Path filters are not evaluated for pushes to tags."
2020-05-29 15:06:02 +02:00
IceCodeNew 3d5f877058
Added Ads-blocking rules from Disconnect (#1336) 2020-05-28 12:10:59 +02:00
IceCodeNew da8620cdda
Update link to Spam404 rule (#1334)
Though the old link is still available, the rule file has stop updating for a long while.
2020-05-27 21:46:15 +02:00