Frank Denis
24284541b0
Don't hardcode the TCP backlog
2020-08-22 18:40:00 +02:00
Frank Denis
641ba88ab1
Serialization now requires the Copy trait
2020-06-24 13:46:28 +02:00
Frank Denis
8a4a413f65
Use impl AsRef<...>
2020-06-11 11:50:22 +02:00
Frank Denis
6a19db5edf
Merge branch 'master' of github.com:jedisct1/rust-dnscrypt-server
...
* 'master' of github.com:jedisct1/rust-dnscrypt-server: (30 commits)
Update Prometheus and friends
Remove nightly feature from clap
client_ttl_jitter -> client_ttl_holdon
Use specific lengths for big arrays
Update serde-big-array requirement from 0.2.0 to 0.3.0
Update deps
Add decreasing TTLs with jitter when a TTL becomes low
Update precompiled binaries
Bump
Add my_ip feature
dafuq
Update deps
Require tokio 0.2.17
Update tokio dep due to a regression in the previous version
Update precompiled binaries
Bump
Update deps to force a tokio update
Revert "Disable parking_lot for tokio"
Bump
Disable parking_lot for tokio
...
2020-05-19 11:10:24 +02:00
Frank Denis
eaba8d3db5
Replace net2 with socket2
...
The Rust ecosystem being the Rust ecosystem, essential crates always get
abandoned after a couple months, and apps need to be rewritten for the
replacement du jour.
2020-05-19 11:07:51 +02:00
Frank Denis
561ebd07f4
client_ttl_jitter -> client_ttl_holdon
2020-05-05 17:27:28 +02:00
Frank Denis
04fdf73046
Use specific lengths for big arrays
2020-05-04 08:54:08 +02:00
Frank Denis
dd1b550ef9
Add decreasing TTLs with jitter when a TTL becomes low
...
Fixes #33
2020-04-24 22:56:29 +02:00
Frank Denis
75166216b9
Add my_ip feature
2020-04-20 16:24:18 +02:00
Frank Denis
2a96c5f985
dafuq
2020-04-20 15:44:42 +02:00
Frank Denis
792f82fa35
Print something when access control is enabled
2020-03-20 11:09:39 +01:00
Frank Denis
b9361a8711
Fail open if the tokens list is empty
2020-03-20 10:56:26 +01:00
Frank Denis
5ebd393981
Clippify
2020-03-20 10:55:37 +01:00
Frank Denis
d5b06a6653
Implement access control
2020-03-20 10:43:54 +01:00
Frank Denis
ccfd7b4184
Use the full timeout if we don't have a cached response
2020-01-27 20:18:22 +01:00
Frank Denis
9b464fe135
Clarify
2020-01-14 22:19:23 +01:00
Frank Denis
58b8d6f5f0
Continue on TCP accept errors
2020-01-14 20:54:04 +01:00
Frank Denis
da00ac2194
Add some extra checks
2019-12-24 10:33:35 +01:00
Frank Denis
1c63906795
Refuse long labels
2019-12-23 20:57:24 +01:00
Frank Denis
af22d59ce8
Add an option to disable DNSCrypt, and do only TLS and relaying
2019-12-22 00:50:09 +01:00
Frank Denis
e9e5c700f0
Add ignore_unqualified_hostnames
2019-12-07 23:25:32 +01:00
Frank Denis
f3fe2fa123
up
2019-12-07 22:52:23 +01:00
Frank Denis
3864de1951
Add the ability to return synthetic response for undelegated TLDs
2019-12-07 19:52:21 +01:00
Frank Denis
3d3a96a6f9
More statistics; keep track of NXDOMAIN responses
2019-12-07 17:24:44 +01:00
Frank Denis
3cc28670cb
Prometheus: use int counters and gauges
2019-12-07 17:03:18 +01:00
Frank Denis
bf5f0b3568
Update to tokio 0.2
2019-12-04 18:12:45 +01:00
Frank Denis
5e0f4a6223
Blacklist: use FxHashMap
2019-12-01 01:52:07 +01:00
Frank Denis
df26dddb86
Revert "Allow serve_stale to be disabled"
...
This reverts commit 3b2301dcbf
.
2019-11-24 16:16:36 +01:00
Frank Denis
3b2301dcbf
Allow serve_stale to be disabled
2019-11-24 15:29:49 +01:00
Frank Denis
a6fb79a2b2
Make the project compatible with rust-stable
2019-11-08 13:06:21 +01:00
Frank Denis
48d0588337
Use SystemTime for the certificate's time
...
Also don't use mem::forget() for the updater, because who knows, Rust
optimizations may be too aggressive.
Maybe
Fixes #13
2019-11-05 11:38:45 +01:00
Frank Denis
4d584d95e6
Move from failure to anyhow
2019-11-01 20:56:07 +01:00
Frank Denis
d0c37819e2
Relax size check for certificates
2019-10-20 18:05:26 +02:00
Frank Denis
05d62da515
Explicit lifetime
2019-10-20 11:45:27 +02:00
Frank Denis
dbbdf984e9
uninline
2019-10-20 11:44:34 +02:00
Frank Denis
f4863ee017
Reintroduce the check for the standard provider name prefix
...
Only cleanbrowsing and dnsforfamily use a non-standard name.
2019-10-20 11:40:50 +02:00
Frank Denis
0c134b5393
Cache relayed certificates
...
To make it slightly more difficult for servers to fingerprint users by
rotating certificates too frequently.
2019-10-20 11:18:45 +02:00
Frank Denis
dd657faaab
Relax cert response check for legacy proxies
2019-10-20 01:22:36 +02:00
Frank Denis
bb39f146ae
Don't relay anything that would be bigger than the original question
2019-10-19 23:48:37 +02:00
Frank Denis
5848713ffd
Forward certificates
2019-10-19 13:39:21 +02:00
Frank Denis
5b77be1ac0
Pick IPv4 or IPv6 wildcard source addresses according to the destination
...
Fixes #10
2019-10-19 11:36:16 +02:00
Frank Denis
2706b2994d
Add a reasonable default set of ports + a new option
2019-10-17 22:44:43 +02:00
Frank Denis
e43ad4949b
to_tcp_listener() is essentially useless
2019-10-17 12:01:28 +02:00
Frank Denis
6483d3d4d7
Set IPV6_ONLY on IPv6 sockets
...
Fixes #9
2019-10-17 11:10:25 +02:00
Frank Denis
3fc7387d9f
Don't be too restrictive, we still need to serve certificates
2019-10-15 02:07:05 +02:00
Frank Denis
5cea42a397
Bump
2019-10-14 11:41:37 +02:00
Frank Denis
82e73374ab
Anonymized DNS is here
2019-10-14 11:10:55 +02:00
Frank Denis
72dfb0628c
Prepare a new configuration section for Anonymized DNS
2019-10-13 22:47:57 +02:00
Frank Denis
5437f80bfc
Merge branch 'master' of github.com:jedisct1/rust-dnscrypt-server
...
* 'master' of github.com:jedisct1/rust-dnscrypt-server:
Return a HINFO record when a query is blocked
2019-10-13 22:35:08 +02:00
Frank Denis
9db26ba20b
Preliminary support for Anonymized DNS
2019-10-13 22:34:46 +02:00
Frank Denis
c0faa11ac1
Return a HINFO record when a query is blocked
...
This is extremely useful to understand why a query doesn't return
e.g. IP addresses that resolve from other servers
2019-10-13 00:45:26 +02:00
Frank Denis
ca35d6fdc8
Ensure that PK prefixes don't match the Anonymized DNSCrypt query magic
2019-10-09 17:55:49 +02:00
Frank Denis
cf41840573
We can use Default::default() instead of tokio's Handle
...
What kind of magic is that?
2019-10-07 19:21:18 +02:00
Frank Denis
5afc1f1a6a
Ignore casing for caching
2019-10-06 21:04:40 +02:00
Frank Denis
fbf8a72d4f
Remove CIR
2019-10-02 18:06:02 +02:00
Frank Denis
4c07e91b3f
Limit the number of concurrent connections to the metrics
2019-10-02 13:59:02 +02:00
Frank Denis
8cbd5bb6b6
futres::prelude::* may not always be needed
2019-10-02 13:45:52 +02:00
Frank Denis
22d84a748c
Add process feature to prometheus, and a timeout for clients
2019-10-02 13:21:32 +02:00
Frank Denis
a67572f6f2
Add cache hit ratio
2019-10-02 12:16:43 +02:00
Frank Denis
1a53a1906b
Silent warning
2019-10-02 12:07:33 +02:00
Frank Denis
86ab29c06a
More Prometheus metrics
2019-10-02 12:03:27 +02:00
Frank Denis
cd98c5627c
More Prometheus metrics
2019-10-02 11:58:57 +02:00
Frank Denis
71699d8476
Some initial metrics
2019-10-02 11:41:59 +02:00
Frank Denis
27e6097dc9
Prometheus metrics
2019-10-01 20:58:51 +02:00
Frank Denis
f77a5aed47
Add metrics
2019-10-01 18:07:55 +02:00
Frank Denis
e5a42ebfa1
Do not forget to define rcode_refused
2019-10-01 17:00:56 +02:00
Frank Denis
4bc939977e
Serve stale on REFUSED, too
2019-10-01 16:58:43 +02:00
Frank Denis
7ab967e163
Refactor the resolver part a little bit
2019-10-01 08:58:50 +02:00
Frank Denis
6fa13f825d
Revert direct usage of FutureExt
2019-09-27 00:11:02 +02:00
Frank Denis
7ebcc7287e
Tokio update, that makes things more complicated
2019-09-26 19:56:40 +02:00
Frank Denis
18fe23471d
Nits
2019-09-26 15:12:18 +02:00
Frank Denis
e4df83410f
Keep DNS_FLAGS_CD and DNS_FLAGS_RD
2019-09-26 11:06:12 +02:00
Frank Denis
1e33f82887
Clear answer count on synthetic responses
2019-09-26 02:03:52 +02:00
Frank Denis
6f99d404d6
Typo
2019-09-26 01:45:02 +02:00
Frank Denis
518f0ce17d
Implement support for server-side blacklists
2019-09-25 15:51:13 +02:00
Frank Denis
cc53be8cf8
Better error messages
2019-09-24 22:37:25 +02:00
Frank Denis
3d07f98f90
Block on the updater
2019-09-24 19:57:54 +02:00
Frank Denis
f343802fd0
Revert "Nits"
...
This reverts commit 0f63c5e594
.
2019-09-24 19:55:51 +02:00
Frank Denis
0f63c5e594
Nits
2019-09-24 19:42:21 +02:00
Frank Denis
653c4e1de7
Better error handling
2019-09-24 19:29:38 +02:00
Frank Denis
41f4d77212
Update env_logger
2019-09-24 16:34:01 +02:00
Frank Denis
0b76ef2cce
Change the format of how IP addresses are specified
2019-09-22 13:44:45 +02:00
Frank Denis
c0c66e6254
We don't define any custom error types
2019-09-22 02:30:05 +02:00
Frank Denis
16b5db8c01
u8 vs i8
2019-09-22 01:26:00 +02:00
Frank Denis
a5a84b5bdd
Log to file
2019-09-21 16:29:13 +02:00
Frank Denis
c60a1734eb
Improved daemonization
2019-09-21 16:19:39 +02:00
Frank Denis
749ee9f7bf
Serve stale if cached and a shorter timeout occurs
2019-09-21 13:56:43 +02:00
Frank Denis
a9fe22fa7e
Move the resolver to its own file
2019-09-21 12:37:20 +02:00
Frank Denis
ba96f014ef
Make DNS cache TTLs configurable
2019-09-21 12:18:27 +02:00
Frank Denis
267a260801
Only force a state update if necessary
2019-09-21 12:03:50 +02:00
Frank Denis
56a8e2eb6a
Add TTL and serve-stale support to the DNS cache
...
Force certificate refresh on load
2019-09-21 11:53:40 +02:00
Frank Denis
2135af9610
up
2019-09-21 00:58:16 +02:00
Frank Denis
c98a202f80
Add a simple built-in DNS cache
...
(TTL is not handled yet)
2019-09-21 00:53:20 +02:00
Frank Denis
cf1cbdb51d
Split the resolution part
2019-09-20 21:03:15 +02:00
Frank Denis
2366456eb0
up
2019-09-20 12:15:45 +02:00
Frank Denis
1dd5ed07c1
Import from dnscrypt-wrapper
2019-09-20 11:25:24 +02:00
Frank Denis
e681e43070
ADd a key cache and improve logging
2019-09-20 10:39:42 +02:00
Frank Denis
f0c6235d33
Save states asynchronously
2019-09-20 02:31:31 +02:00
Frank Denis
360172601f
Nits
2019-09-20 01:44:03 +02:00
Frank Denis
bc4b10f637
Save resolver keys and certificates in the state
2019-09-19 21:08:49 +02:00