Archives/encrypted-dns-server
2
0
Fork 0
mirror of https://github.com/jedisct1/encrypted-dns-server synced 2024-11-10 19:10:25 +00:00
Code Issues Releases Wiki Activity
258 Commits 13 Branches 37 Tags 5.4 MiB
c7fa097ffd
Commit Graph

119 Commits

Author SHA1 Message Date
Frank Denis
58b8d6f5f0 Continue on TCP accept errors 2020-01-14 20:54:04 +01:00
Frank Denis
da00ac2194 Add some extra checks 2019-12-24 10:33:35 +01:00
Frank Denis
1c63906795 Refuse long labels 2019-12-23 20:57:24 +01:00
Frank Denis
af22d59ce8 Add an option to disable DNSCrypt, and do only TLS and relaying 2019-12-22 00:50:09 +01:00
Frank Denis
e9e5c700f0 Add ignore_unqualified_hostnames 2019-12-07 23:25:32 +01:00
Frank Denis
f3fe2fa123 up 2019-12-07 22:52:23 +01:00
Frank Denis
3864de1951 Add the ability to return synthetic response for undelegated TLDs 2019-12-07 19:52:21 +01:00
Frank Denis
3d3a96a6f9 More statistics; keep track of NXDOMAIN responses 2019-12-07 17:24:44 +01:00
Frank Denis
3cc28670cb Prometheus: use int counters and gauges 2019-12-07 17:03:18 +01:00
Frank Denis
bf5f0b3568 Update to tokio 0.2 2019-12-04 18:12:45 +01:00
Frank Denis
5e0f4a6223 Blacklist: use FxHashMap 2019-12-01 01:52:07 +01:00
Frank Denis
df26dddb86 Revert "Allow serve_stale to be disabled" 
This reverts commit 3b2301dcbf.
 2019-11-24 16:16:36 +01:00
Frank Denis
3b2301dcbf Allow serve_stale to be disabled 2019-11-24 15:29:49 +01:00
Frank Denis
a6fb79a2b2 Make the project compatible with rust-stable 2019-11-08 13:06:21 +01:00
Frank Denis
48d0588337 Use SystemTime for the certificate's time 
Also don't use mem::forget() for the updater, because who knows, Rust
optimizations may be too aggressive.

Maybe
Fixes #13
 2019-11-05 11:38:45 +01:00
Frank Denis
4d584d95e6 Move from failure to anyhow 2019-11-01 20:56:07 +01:00
Frank Denis
d0c37819e2 Relax size check for certificates 2019-10-20 18:05:26 +02:00
Frank Denis
05d62da515 Explicit lifetime 2019-10-20 11:45:27 +02:00
Frank Denis
dbbdf984e9 uninline 2019-10-20 11:44:34 +02:00
Frank Denis
f4863ee017 Reintroduce the check for the standard provider name prefix 
Only cleanbrowsing and dnsforfamily use a non-standard name.
 2019-10-20 11:40:50 +02:00
Frank Denis
0c134b5393 Cache relayed certificates 
To make it slightly more difficult for servers to fingerprint users by
rotating certificates too frequently.
 2019-10-20 11:18:45 +02:00
Frank Denis
dd657faaab Relax cert response check for legacy proxies 2019-10-20 01:22:36 +02:00
Frank Denis
bb39f146ae Don't relay anything that would be bigger than the original question 2019-10-19 23:48:37 +02:00
Frank Denis
5848713ffd Forward certificates 2019-10-19 13:39:21 +02:00
Frank Denis
5b77be1ac0 Pick IPv4 or IPv6 wildcard source addresses according to the destination 
Fixes #10
 2019-10-19 11:36:16 +02:00
Frank Denis
2706b2994d Add a reasonable default set of ports + a new option 2019-10-17 22:44:43 +02:00
Frank Denis
e43ad4949b to_tcp_listener() is essentially useless 2019-10-17 12:01:28 +02:00
Frank Denis
6483d3d4d7 Set IPV6_ONLY on IPv6 sockets 
Fixes #9
 2019-10-17 11:10:25 +02:00
Frank Denis
3fc7387d9f Don't be too restrictive, we still need to serve certificates 2019-10-15 02:07:05 +02:00
Frank Denis
5cea42a397 Bump 2019-10-14 11:41:37 +02:00
Frank Denis
82e73374ab Anonymized DNS is here 2019-10-14 11:10:55 +02:00
Frank Denis
72dfb0628c Prepare a new configuration section for Anonymized DNS 2019-10-13 22:47:57 +02:00
Frank Denis
5437f80bfc Merge branch 'master' of github.com:jedisct1/rust-dnscrypt-server 
* 'master' of github.com:jedisct1/rust-dnscrypt-server:
  Return a HINFO record when a query is blocked
 2019-10-13 22:35:08 +02:00
Frank Denis
9db26ba20b Preliminary support for Anonymized DNS 2019-10-13 22:34:46 +02:00
Frank Denis
c0faa11ac1 Return a HINFO record when a query is blocked 
This is extremely useful to understand why a query doesn't return
e.g. IP addresses that resolve from other servers
 2019-10-13 00:45:26 +02:00
Frank Denis
ca35d6fdc8 Ensure that PK prefixes don't match the Anonymized DNSCrypt query magic 2019-10-09 17:55:49 +02:00
Frank Denis
cf41840573 We can use Default::default() instead of tokio's Handle 
What kind of magic is that?
 2019-10-07 19:21:18 +02:00
Frank Denis
5afc1f1a6a Ignore casing for caching 2019-10-06 21:04:40 +02:00
Frank Denis
fbf8a72d4f Remove CIR 2019-10-02 18:06:02 +02:00
Frank Denis
4c07e91b3f Limit the number of concurrent connections to the metrics 2019-10-02 13:59:02 +02:00
Frank Denis
8cbd5bb6b6 futres::prelude::* may not always be needed 2019-10-02 13:45:52 +02:00
Frank Denis
22d84a748c Add process feature to prometheus, and a timeout for clients 2019-10-02 13:21:32 +02:00
Frank Denis
a67572f6f2 Add cache hit ratio 2019-10-02 12:16:43 +02:00
Frank Denis
1a53a1906b Silent warning 2019-10-02 12:07:33 +02:00
Frank Denis
86ab29c06a More Prometheus metrics 2019-10-02 12:03:27 +02:00
Frank Denis
cd98c5627c More Prometheus metrics 2019-10-02 11:58:57 +02:00
Frank Denis
71699d8476 Some initial metrics 2019-10-02 11:41:59 +02:00
Frank Denis
27e6097dc9 Prometheus metrics 2019-10-01 20:58:51 +02:00
Frank Denis
f77a5aed47 Add metrics 2019-10-01 18:07:55 +02:00
Frank Denis
e5a42ebfa1 Do not forget to define rcode_refused 2019-10-01 17:00:56 +02:00