Commit 65f37d07 authored by Eric Dorland's avatar Eric Dorland

Update upstream source from tag 'upstream/2.0.16'

Update to upstream version '2.0.16'
with Debian dir 3e529f821d5897212751c9a6ac3dce9472ea584f
parents f657804e 66a1b34c
This diff is collapsed.
* Version 2.0.16
- On Unix-like systems, the server can run as an unprivileged user,
and the main process will automatically restart if an error occurs.
- pledge() on OpenBSD.
- New "offline" mode to serve queries locally without contacting any
upstream servers. This can be especially useful along with the
cloaking module for local development.
- New logo.
- TTL of OPT records is properly ignored by the caching module.
- The proxy doesn't quit any more if new TCP connections cannot be
created.
* Version 2.0.15
- Support for proxies (HTTP/SOCKS) was added. All it takes to route
all TCP queries to Tor is add `proxy = "socks5://127.0.0.1:9050"` to
the configuration file.
- Querylog files have a new record indicating the outcome of each
transaction.
- Pre-built binaries for Linux are statically linked on all
architectures.
* Version 2.0.14
- Supports DNS-over-HTTPS draft 08.
- Netprobes don't use port 0 by default, as this causes issues with
Little Snitch and FreeBSD.
* Version 2.0.13
- This version fixes a crash when using DoH for queries whose size
were a multiple of the block size. Reported by @char101, thanks!
* Version 2.0.12
- Further compatibility fixes for Alpine Linux/i386 and Android/i386
have been made. Thanks to @aead for his help!
- The proxy will now wait for network connectivity before starting.
This is useful if the proxy is automatically started at boot, possibly
before the network is fully configured.
- The IPv6 blocking module now returns synthetic SOA records to
improve compatibility with downstream resolvers and stub resolvers.
* Version 2.0.11
- This release fixes a long-standing bug that caused the proxy to
block or crash when Position-Independent Executables were produced.
This bug only showed up when compiled on (not for) Alpine Linux and
Android, for some CPU architectures.
- New configuration settings: cache_neg_min_ttl and
cache_neg_max_ttl, to clamp the negative caching TTL.
* Version 2.0.10
- This version fixes a crash when an incomplete size is sent by a
local client for a query over TCP.
- Slight performance improvement of DNSCrypt on non-Intel CPUs such
as Raspberry Pi.
* Version 2.0.9
- Whitelists have been implemented: one a name matches a pattern in
the whitelist, rules from the name-based and IP-based blacklists will
be bypassed. Whitelists support the same patterns as blacklists, as
well as time-based rules, so that some website can be normally
blocked, but accessible on specific days or times of the day.
- Lists are now faster to load, and large lists require significantly
less memory than before.
- New options have been added to disable TLS session tickets as well
as use a specific cipher suite. See the example configuration file for
a recommended configuration to speed up DoH servers on ARM such as
Android devices and Raspberry Pi.
- The `-service install` command now remembers what the current
directory was when the service was installed, in order to later load
configuration files with relative paths.
- DoH: The "Cache-Control: max-age" header is now ignored.
- Patterns can now be prefixed with `=` to do exact matching:
`=example.com` matches `example.com` but will not match `www.example.com`.
- Patterns are now fully supported by the cloaking module.
- A new option was added to use a specific cipher suite instead of
the server's provided one. Using RSA+ChaChaPoly over ECDSA+AES-GCM has
shown to decrease CPU usage and latency when connecting to Cloudflare,
especially on Mips and ARM systems.
- The ephemeral keys mode of dnscrypt-proxy v1.x was reimplemented: this
creates a new unique key for every single query.
* Version 2.0.8
- Multiple URLs can be defined for a source in order to improve
resiliency when servers are temporarily unreachable.
- Connections over IPv6 will be preferred over IPv4 for DoH servers
when using a fallback resolver if `ipv6_servers` is set.
- Improvements have been made to the example systemd configuration
files.
- The chacha20 implementation was updated to possibly fix a bug on
Android/x86.
- `generate-domains-blacklist.py` can now parse dnsmasq-style rules.
- FreeBSD/arm builds have been added.
- `dnscrypt-proxy -list -json` and `-list-all -json` now include the
remove servers names and IP addresses.
* Version 2.0.7
- Bug fix: optional ports were not properly parsed with IPv6
addresses -- thanks to @bleeee for the report and fix.
- Bug fix: truncate TCP queries to the prefixed length.
- Certificates are force-refreshed after a time jump (e.g. when a
system resumes from hibernation).
* Version 2.0.6
- Automatic log files rotation was finally implemented.
- A new -pidfile command-line option to write the PID file was added.
......
......@@ -13,23 +13,17 @@
revision = "b24eb346a94c3ba12c1da1e564dbac1b498a77ce"
version = "v1.1.1"
[[projects]]
branch = "master"
name = "github.com/VividCortex/godaemon"
packages = ["."]
revision = "3d9f6e0b234fe7d17448b345b2e14ac05814a758"
[[projects]]
branch = "master"
name = "github.com/aead/chacha20"
packages = ["chacha"]
revision = "c8d29375923a8e1d2a0f0dc0fc1d8a0aba5b97ba"
revision = "e2538746bfea853aaa589feb8ec46bd46ee78f86"
[[projects]]
branch = "master"
name = "github.com/aead/poly1305"
packages = ["."]
revision = "6cf43fdfd7a228cf3003ae23d10ddbf65e85997b"
revision = "969857f48f7ae439b6d2449ed1dcd9aaabc49c67"
[[projects]]
branch = "master"
......@@ -46,8 +40,8 @@
"activation",
"daemon"
]
revision = "40e2722dffead74698ca12a750f64ef313ddce05"
version = "v16"
revision = "39ca1b05acc7ad1220e09f133283b8859a8b71ab"
version = "v17"
[[projects]]
branch = "master"
......@@ -92,19 +86,37 @@
branch = "master"
name = "github.com/jedisct1/dlog"
packages = ["."]
revision = "52c32ac39e436cd9295a4629a91f0613ce67052f"
revision = "f81e5af176e59fc11674b2777fe465fc506c27fe"
[[projects]]
branch = "master"
name = "github.com/jedisct1/go-clocksmith"
packages = ["."]
revision = "c35da9bed550558a4797c74e34957071214342e7"
[[projects]]
branch = "master"
name = "github.com/jedisct1/go-dnsstamps"
packages = ["."]
revision = "1e4999280f861b465e03e21e4f84d838f2f02b38"
[[projects]]
branch = "master"
name = "github.com/jedisct1/go-minisign"
packages = ["."]
revision = "f404c079ea5f0d4669fe617c553651f75167494e"
revision = "f4dbde220b4f73d450949b9ba27fa941faa05a78"
[[projects]]
branch = "master"
name = "github.com/jedisct1/xsecretbox"
packages = ["."]
revision = "88b1956e8d9a013c98dda528d3a5b77f168b057f"
revision = "7a679c0bcd9a5bbfe097fb7d48497bc06d17be76"
[[projects]]
name = "github.com/k-sone/critbitgo"
packages = ["."]
revision = "658116ef1e826b72c603cfe2091b12503f9bca43"
version = "v1.2.0"
[[projects]]
branch = "master"
......@@ -116,19 +128,13 @@
branch = "master"
name = "github.com/kardianos/service"
packages = ["."]
revision = "89346fbadecfd8c0ca98cfd31523f8eba9b4abbf"
revision = "615a14ed75099c9eaac6949e22ac2341bf9d3197"
[[projects]]
name = "github.com/miekg/dns"
packages = ["."]
revision = "5364553f1ee9cddc7ac8b62dce148309c386695b"
version = "v1.0.4"
[[projects]]
branch = "master"
name = "github.com/pquerna/cachecontrol"
packages = ["cacheobject"]
revision = "0dec1b30a0215bb68605dfc568e8855066c9202d"
revision = "5a2b9fab83ff0f8bfc99684bd5f43a37abe560f1"
version = "v1.0.8"
[[projects]]
branch = "master"
......@@ -137,36 +143,66 @@
"curve25519",
"ed25519",
"ed25519/internal/edwards25519",
"internal/subtle",
"nacl/box",
"nacl/secretbox",
"poly1305",
"salsa20/salsa"
]
revision = "91a49db82a88618983a78a06c1cbd4e00ab749ab"
revision = "a49355c7e3f8fe157a85be2f77e6e269a0f89602"
[[projects]]
branch = "master"
name = "golang.org/x/net"
packages = [
"bpf",
"http/httpguts",
"http2",
"http2/hpack",
"idna",
"internal/iana",
"internal/socket",
"internal/socks",
"ipv4",
"ipv6"
"ipv6",
"proxy"
]
revision = "22ae77b79946ea320088417e4d50825671d82d57"
revision = "32a936f46389aa10549d60bd7833e54b01685d09"
[[projects]]
branch = "master"
name = "golang.org/x/sys"
packages = [
"cpu",
"unix",
"windows",
"windows/registry",
"windows/svc",
"windows/svc/eventlog",
"windows/svc/mgr"
]
revision = "dd2ff4accc098aceecb86b36eaa7829b2a17b1c9"
revision = "3c6ecd8f22c6f40fbeec94c000a069d7d87c7624"
[[projects]]
name = "golang.org/x/text"
packages = [
"collate",
"collate/build",
"internal/colltab",
"internal/gen",
"internal/tag",
"internal/triegen",
"internal/ucd",
"language",
"secure/bidirule",
"transform",
"unicode/bidi",
"unicode/cldr",
"unicode/norm",
"unicode/rangetable"
]
revision = "f21a4dfb5e38f5895301dc265a8def02365cc3d0"
version = "v0.3.0"
[[projects]]
name = "gopkg.in/natefinch/lumberjack.v2"
......@@ -177,6 +213,6 @@
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "32f9b1bb4dd9f1ca13e9daedf85fc6cc9f3a97a023171a32ac7a2144ba9c1956"
inputs-digest = "2e3662737bdfec3295cf1f397f5584d97fbfd99973ab0351fafe66049bfa79bb"
solver-name = "gps-cdcl"
solver-version = 1
......@@ -6,17 +6,13 @@
name = "github.com/VividCortex/ewma"
version = "1.1.1"
[[constraint]]
branch = "master"
name = "github.com/VividCortex/godaemon"
[[constraint]]
branch = "master"
name = "github.com/agl/ed25519"
[[constraint]]
name = "github.com/coreos/go-systemd"
version = "16.0.0"
version = "17.0.0"
[[constraint]]
branch = "master"
......@@ -38,6 +34,14 @@
branch = "master"
name = "github.com/jedisct1/dlog"
[[constraint]]
branch = "master"
name = "github.com/jedisct1/go-clocksmith"
[[constraint]]
branch = "master"
name = "github.com/jedisct1/go-dnsstamps"
[[constraint]]
branch = "master"
name = "github.com/jedisct1/go-minisign"
......@@ -46,21 +50,25 @@
branch = "master"
name = "github.com/jedisct1/xsecretbox"
[[constraint]]
name = "github.com/k-sone/critbitgo"
version = "1.2.0"
[[constraint]]
branch = "master"
name = "github.com/kardianos/service"
[[constraint]]
name = "github.com/miekg/dns"
version = "1.0.4"
version = "1.0.8"
[[constraint]]
branch = "master"
name = "github.com/pquerna/cachecontrol"
name = "golang.org/x/crypto"
[[constraint]]
branch = "master"
name = "golang.org/x/crypto"
name = "golang.org/x/net"
[[constraint]]
name = "gopkg.in/natefinch/lumberjack.v2"
......
[![Build Status](https://travis-ci.org/jedisct1/dnscrypt-proxy.svg?branch=master)](https://travis-ci.org/jedisct1/dnscrypt-proxy?branch=master)
# ![dnscrypt-proxy 2](https://raw.github.com/jedisct1/dnscrypt-proxy/master/logo.png?2)
# ![dnscrypt-proxy 2](https://raw.github.com/jedisct1/dnscrypt-proxy/master/logo.png?3)
A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt) and [DNS-over-HTTP/2](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-03).
A flexible DNS proxy, with support for modern encrypted DNS protocols such as [DNSCrypt v2](https://dnscrypt.info/protocol) and [DNS-over-HTTPS](https://tools.ietf.org/html/draft-ietf-doh-dns-over-https-12).
## [dnscrypt-proxy 2.0.6 final is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
## [dnscrypt-proxy 2.0.16 final is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
## [Documentation](https://dnscrypt.info/doc)
* [dnscrypt-proxy documentation](https://dnscrypt.info/doc) – This project's documentation (Wiki)
* [DNSCrypt project home page](https://dnscrypt.info/)
* [DNS-over-HTTPS and DNSCrypt resolvers](https://dnscrypt.info/public-servers)
* [Server and client implementations](https://dnscrypt.info/implementations)
* [DNS stamps](https://dnscrypt.info/stamps)
* [FAQ](https://dnscrypt.info/faq)
## Features
* DNS traffic encryption and authentication. Supports DNS-over-HTTPS (DoH) and DNSCrypt.
* DNSSEC compatible
* DNS query monitoring, with separate log files for regular and suspicious queries
* Pattern-based local blocking of DNS names and IP addresses
* Filtering: block ads, malware, and other unwanted content. Compatible with all DNS services
* Time-based filtering, with a flexible weekly schedule
* Transparent redirection of specific domains to specific resolvers
* DNS caching, to reduce latency and improve privacy
......@@ -21,9 +25,9 @@ A flexible DNS proxy, with support for modern encrypted DNS protocols such as [D
* Load balancing: pick a set of resolvers, dnscrypt-proxy will automatically measure and keep track of their speed, and balance the traffic across the fastest available ones.
* Cloaking: like a `HOSTS` file on steroids, that can return preconfigured addresses for specific names, or resolve and return the IP address of other names. This can be used for local development as well as to enforce safe search results on Google, Yahoo and Bing.
* Automatic background updates of resolvers lists
* Can force outgoing connections to use TCP; useful with tunnels such as Tor.
It includes all the major features from dnscrypt-proxy 1.9.5, with improved reliability, flexibility, usability and performance.
* Can force outgoing connections to use TCP
* Supports SOCKS proxies
* Compatible with DNSSEC
## Pre-built binaries
......@@ -34,6 +38,7 @@ Up-to-date, pre-built binaries are available for:
* Android/x86
* Android/x86_64
* Dragonfly BSD
* FreeBSD/arm
* FreeBSD/x86
* FreeBSD/x86_64
* Linux/arm
......@@ -51,3 +56,5 @@ Up-to-date, pre-built binaries are available for:
* OpenBSD/x86_64
* Windows
* Windows 64 bit
How to use these files, as well as how to verify their signatures, are documented in the [installation instructions](https://github.com/jedisct1/dnscrypt-proxy/wiki/installation).
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -3,10 +3,13 @@ package main
import (
"encoding/binary"
"errors"
"fmt"
"net"
"runtime"
"strconv"
"strings"
"unicode"
"os"
)
type CryptoConstruction uint16
......@@ -34,6 +37,11 @@ var (
InitialMinQuestionSize = 256
)