mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-02 20:57:38 +03:00
Code Issues Projects Releases Packages Wiki Activity
2223 commits 5 branches 92 tags 32 MiB
Commit graph

1384 commits

Author SHA1 Message Date
YX Hao
19f240fb3d Reduce DHCP DNS detector instances 2025-03-28 18:50:20 +08:00
Frank Denis
67c1213177 Bump 2025-03-26 23:05:30 +01:00
Frank Denis
c030e346b5 Add a bit of jitter to the TTL of xtransport cached IP addresses 2025-03-26 23:00:30 +01:00
Frank Denis
df9520e597 Missing go:build guard 2025-03-13 23:02:34 +01:00
Frank Denis
9ab4c0b339 Restore the ability to forward to non-standard ports 
Older versions of dnscrypt-proxy allowed to include an optional
port number to forward to, but this was not supported any more since
version 2.1.6.

Restore this ability.

Fixes #2802
 2025-03-10 12:12:55 +01:00
Frank Denis
c1d8e5cc57 The port number is not required any more with IPv6 and forwarding 2025-03-10 12:08:55 +01:00
Frank Denis
0d89626420 Don't run the permissions checks on non-Unix platforms 
This is way too annoying on Windows systems.
 2025-03-10 12:01:55 +01:00
Frank Denis
70f2f9b424 Avoid duplicate log 2025-02-22 01:20:50 +01:00
Frank Denis
2d8cfebe8b Add some debugging helpers 2025-02-21 23:56:18 +01:00
Frank Denis
f052e0ccdf Reduce SystemResolverIPTTL 2025-02-21 23:34:14 +01:00
Frank Denis
8432827e5d Reduce MinResolverIPTTL 2025-02-21 23:32:55 +01:00
Frank Denis
45a4df8df5 Nits 2025-02-21 18:16:33 +01:00
Frank Denis
3f3cd1e67d updating_until -> updatingUntil 2025-02-21 18:13:23 +01:00
Frank Denis
a4cbc66fdd http3: RoundTripper was renamed to Transport 2025-02-21 18:12:42 +01:00
Frank Denis
f49196c6e8 xTransport: avoid updating the host->IP map in multiple goroutines 
When a goroutine is updating an IP, keep serving the previous IP
to other goroutines.
 2025-02-21 18:07:41 +01:00
Pablo Méndez Hernández
2c14511156
Fix typo in comment 2025-02-08 13:43:30 +01:00
Frank Denis
f2527886cc Clarify example 2025-02-02 23:10:00 +01:00
Frank Denis
549426ace7 Reverse test for clarity; no behavioral change 2025-01-26 23:59:36 +01:00
Frank Denis
0ba23128cc Improve comment 2025-01-26 23:28:21 +01:00
Frank Denis
3b75a4c6ac Fix undefined vs empty confusion for tls_cipher_suite 
The documentation refers to tls_cipher_suite being empty in order
to use the default parameters, not undefined.

However, configuring an empty set of cipher suites did just that:
no cipher suites could be used, which is not very useful.

Fix the documentation: in order to use the default suites, the
parameter must be undefined, not empty.

And in code, make an empty set equivalent to the parameter being
undefined.
 2025-01-26 23:18:03 +01:00
Frank Denis
eb2c1dc6b3 plugin_forward: silently skip '*.' prefixes 2025-01-17 23:01:40 +01:00
Frank Denis
8f2be59a82 Error out on domain names with wildcards in captive portals 2025-01-17 23:01:07 +01:00
Frank Denis
6dd22becac More heuristics to detect valid plain DNS responses 2025-01-11 15:29:49 +01:00
Frank Denis
f332394c4b More heuristics to detect lying resolvers 2025-01-11 15:17:11 +01:00
Frank Denis
d469ad1396 Update ChangeLog, bump 2025-01-11 13:23:00 +01:00
Frank Denis
062dc53971 Revert "Remove support for xsalsapoly" 
Apparently, a bunch of popular resolvers such as adguard, cleanbrowsing
and comodo still only support xsalsapoly o_O

Add a lying resolver check for old DNSCrypt servers.
 2025-01-11 13:02:18 +01:00
Frank Denis
0208ecf35a Skip DHCP detectors that couldn't be started 2025-01-10 23:40:41 +01:00
Frank Denis
cff909aa6f Raise a critical error if the DHCP detector can't be started 2025-01-10 23:33:41 +01:00
Frank Denis
08fc560129 Change error levels 2025-01-10 23:30:41 +01:00
Frank Denis
65ada71a34 DHCP detection doesn't seem to work as non-root 
Maybe it should be started before the uid switch
 2025-01-10 23:27:41 +01:00
Frank Denis
5b8c65a42e Revert Quad9 example Minisign key 2025-01-10 23:22:41 +01:00
Frank Denis
1a3a68e899 Bump 2025-01-10 23:17:41 +01:00
Frank Denis
7d2eede907 Bump the refresh delay for sources by a hour 
This allows for a better distribution
 2025-01-10 23:09:41 +01:00
Frank Denis
956f16c107 Log the actual server IP 2025-01-10 23:02:41 +01:00
Frank Denis
5aa958e282 Fix sequence type for $DHCP 2025-01-10 12:52:52 +01:00
Frank Denis
b5a50655de Go fixes 2025-01-10 12:46:26 +01:00
Frank Denis
eda26b4a79 Support $DHCP and $BOOTSTRAP keywords in forwarding rules 
Ideally, that should also be supported by the captive portal
handler.

Great work by @lifenjoiner

Fixes #2460
 2025-01-10 12:38:27 +01:00
Frank Denis
4fbdf2cfcc Skip lying resolvers instead of just warning about them 2025-01-10 12:12:20 +01:00
Frank Denis
c4879a21f7 Trim unneeded entries 
These servers never supported the DNSCrypt v2 protocol, and have
been a pain to maintain compatibility with. But the main issue
is that in some countries, they are now lying resolvers, *except*
for the certificate.

That makes it difficult to reliably detect that they are lying
resolvers. From a user perspective in these countries, it appears
that DNS queries randomly fail, when they are hitting these servers.

I tried to think of different ways to detect this, but couldn't
find anything satisfactory.

Maybe if they properly implement the DNSCrypt protocol some day,
they will take it as an opportunity to also fix that bug, and
return consistent error codes, even for the certificates.
 2025-01-10 12:10:20 +01:00
Frank Denis
8987906653 Remove support for xsalsapoly 2025-01-10 12:07:20 +01:00
Frank Denis
55b2ed9851 Improve error message when no servers can be used 2024-10-30 20:12:55 +01:00
Frank Denis
8d43ebf120 EmptyResponseFromMessage: always set the RA flag, copy the RD flag 2024-10-28 23:59:01 +01:00
Frank Denis
56bc6e6a06 Update Quad9 signing key 
See https://github.com/Quad9DNS/dnscrypt-settings/pull/7
 2024-08-06 22:31:44 +02:00
Frank Denis
6a3fe63ad2 Add 'cisco-sandbox' to the list of broken resolvers 2024-07-03 14:02:11 +02:00
Frank Denis
31dcab22b6 Discourage from using very low values for the timeout 2024-07-03 01:58:12 +02:00
cloudclaim
1905c9ac46 chore: fix some comments 
Signed-off-by: cloudclaim <824973921@qq.com>
 2024-06-07 16:28:29 +08:00
Frank Denis
35d7aa0603 Print error when the lying resolver test fails 2024-05-19 18:17:05 +02:00
Frank Denis
249dba391d Support gzip compression to fetch source files 2024-04-25 12:43:29 +02:00
Frank Denis
987ae216e3 Add fritz.box to the set of undelegated zones 2024-04-21 20:14:15 +02:00
Frank Denis
7fba32651b Make it more visible that DNS64 has been enabled 2024-04-19 18:27:39 +02:00