Frank Denis
|
3864de1951
|
Add the ability to return synthetic response for undelegated TLDs
|
5 years ago |
Frank Denis
|
3d3a96a6f9
|
More statistics; keep track of NXDOMAIN responses
|
5 years ago |
Frank Denis
|
3cc28670cb
|
Prometheus: use int counters and gauges
|
5 years ago |
Frank Denis
|
bf5f0b3568
|
Update to tokio 0.2
|
5 years ago |
Frank Denis
|
df26dddb86
|
Revert "Allow serve_stale to be disabled"
This reverts commit 3b2301dcbf .
|
5 years ago |
Frank Denis
|
3b2301dcbf
|
Allow serve_stale to be disabled
|
5 years ago |
Frank Denis
|
a6fb79a2b2
|
Make the project compatible with rust-stable
|
5 years ago |
Frank Denis
|
48d0588337
|
Use SystemTime for the certificate's time
Also don't use mem::forget() for the updater, because who knows, Rust
optimizations may be too aggressive.
Maybe
Fixes #13
|
5 years ago |
Frank Denis
|
4d584d95e6
|
Move from failure to anyhow
|
5 years ago |
Frank Denis
|
d0c37819e2
|
Relax size check for certificates
|
5 years ago |
Frank Denis
|
0c134b5393
|
Cache relayed certificates
To make it slightly more difficult for servers to fingerprint users by
rotating certificates too frequently.
|
5 years ago |
Frank Denis
|
5b77be1ac0
|
Pick IPv4 or IPv6 wildcard source addresses according to the destination
Fixes #10
|
5 years ago |
Frank Denis
|
2706b2994d
|
Add a reasonable default set of ports + a new option
|
5 years ago |
Frank Denis
|
e43ad4949b
|
to_tcp_listener() is essentially useless
|
5 years ago |
Frank Denis
|
6483d3d4d7
|
Set IPV6_ONLY on IPv6 sockets
Fixes #9
|
5 years ago |
Frank Denis
|
3fc7387d9f
|
Don't be too restrictive, we still need to serve certificates
|
5 years ago |
Frank Denis
|
82e73374ab
|
Anonymized DNS is here
|
5 years ago |
Frank Denis
|
72dfb0628c
|
Prepare a new configuration section for Anonymized DNS
|
5 years ago |
Frank Denis
|
9db26ba20b
|
Preliminary support for Anonymized DNS
|
5 years ago |
Frank Denis
|
ca35d6fdc8
|
Ensure that PK prefixes don't match the Anonymized DNSCrypt query magic
|
5 years ago |
Frank Denis
|
cf41840573
|
We can use Default::default() instead of tokio's Handle
What kind of magic is that?
|
5 years ago |
Frank Denis
|
71699d8476
|
Some initial metrics
|
5 years ago |
Frank Denis
|
27e6097dc9
|
Prometheus metrics
|
5 years ago |
Frank Denis
|
f77a5aed47
|
Add metrics
|
5 years ago |
Frank Denis
|
7ab967e163
|
Refactor the resolver part a little bit
|
5 years ago |
Frank Denis
|
6fa13f825d
|
Revert direct usage of FutureExt
|
5 years ago |
Frank Denis
|
7ebcc7287e
|
Tokio update, that makes things more complicated
|
5 years ago |
Frank Denis
|
518f0ce17d
|
Implement support for server-side blacklists
|
5 years ago |
Frank Denis
|
cc53be8cf8
|
Better error messages
|
5 years ago |
Frank Denis
|
3d07f98f90
|
Block on the updater
|
5 years ago |
Frank Denis
|
f343802fd0
|
Revert "Nits"
This reverts commit 0f63c5e594 .
|
5 years ago |
Frank Denis
|
0f63c5e594
|
Nits
|
5 years ago |
Frank Denis
|
653c4e1de7
|
Better error handling
|
5 years ago |
Frank Denis
|
41f4d77212
|
Update env_logger
|
5 years ago |
Frank Denis
|
0b76ef2cce
|
Change the format of how IP addresses are specified
|
5 years ago |
Frank Denis
|
a5a84b5bdd
|
Log to file
|
5 years ago |
Frank Denis
|
c60a1734eb
|
Improved daemonization
|
5 years ago |
Frank Denis
|
a9fe22fa7e
|
Move the resolver to its own file
|
5 years ago |
Frank Denis
|
ba96f014ef
|
Make DNS cache TTLs configurable
|
5 years ago |
Frank Denis
|
267a260801
|
Only force a state update if necessary
|
5 years ago |
Frank Denis
|
56a8e2eb6a
|
Add TTL and serve-stale support to the DNS cache
Force certificate refresh on load
|
5 years ago |
Frank Denis
|
2135af9610
|
up
|
5 years ago |
Frank Denis
|
c98a202f80
|
Add a simple built-in DNS cache
(TTL is not handled yet)
|
5 years ago |
Frank Denis
|
cf1cbdb51d
|
Split the resolution part
|
5 years ago |
Frank Denis
|
2366456eb0
|
up
|
5 years ago |
Frank Denis
|
1dd5ed07c1
|
Import from dnscrypt-wrapper
|
5 years ago |
Frank Denis
|
e681e43070
|
ADd a key cache and improve logging
|
5 years ago |
Frank Denis
|
f0c6235d33
|
Save states asynchronously
|
5 years ago |
Frank Denis
|
bc4b10f637
|
Save resolver keys and certificates in the state
|
5 years ago |
Frank Denis
|
0592855b25
|
kaboom the compiler
|
5 years ago |
Frank Denis
|
77a5878a52
|
Remove unused things
|
5 years ago |
Frank Denis
|
8268f4d241
|
Better auto renewal
|
5 years ago |
Frank Denis
|
6c10602af6
|
Automatic cert renewal
|
5 years ago |
Frank Denis
|
93774a892f
|
Set Unix permissions on the state file
|
5 years ago |
Frank Denis
|
00cab788b8
|
Drop privileges
|
5 years ago |
Frank Denis
|
e31363e926
|
Move everything to a configuration file
|
5 years ago |
Frank Denis
|
2c519a2b46
|
Move to TOML (1)
|
5 years ago |
Frank Denis
|
d8d8757c74
|
TLS proxy return code
|
5 years ago |
Frank Denis
|
a62b4a0cf7
|
Add TLS proxying
|
5 years ago |
Frank Denis
|
a0454b8aff
|
Detect TLS connections
|
5 years ago |
Frank Denis
|
89704db220
|
Be less restrictive regarding packet sizes
|
5 years ago |
Frank Denis
|
7c76ee9a13
|
Clean a few things
|
5 years ago |
Frank Denis
|
a135814891
|
Persist the provider key
Of course we also need to persist the resolver keys
|
5 years ago |
Frank Denis
|
67a935f291
|
Padding
|
5 years ago |
Frank Denis
|
0505f886e5
|
Handle truncated responses when len(query)<len(response)
|
5 years ago |
Frank Denis
|
eb1b857274
|
Send encrypted DNS responses
|
5 years ago |
Frank Denis
|
65c2bba989
|
Keep the shared secret around
|
5 years ago |
Frank Denis
|
337eb4924d
|
Refactor a bit, remove question padding
|
5 years ago |
Frank Denis
|
5f0bb6daf5
|
Start decrypting DNSCrypt queries
|
5 years ago |
Frank Denis
|
58c5452084
|
Set TCP source address for outgoing connections
|
5 years ago |
Frank Denis
|
e1bd1f52dc
|
Recycle old connections
|
5 years ago |
Frank Denis
|
236b424fbe
|
Keep track of the number of clients
|
5 years ago |
Frank Denis
|
82924686d9
|
Check the peer address
Just for paranoia, as it is redundant with the connect() call, but
cheap enough and the connect() call may eventually be removed.
|
5 years ago |
Frank Denis
|
0c1ba485f4
|
merge
|
5 years ago |
Frank Denis
|
0b3eabb488
|
Retry truncated responses over TCP
|
5 years ago |
Frank Denis
|
35819a2375
|
Proxying
|
5 years ago |
Frank Denis
|
f7b2a1777a
|
up
|
5 years ago |
Frank Denis
|
46c933e398
|
Print the DNS stamp at startup
|
5 years ago |
Frank Denis
|
8689469722
|
up
|
5 years ago |
Frank Denis
|
1dc7ce9a05
|
up
|
5 years ago |