mirror/ encrypted-dns-server
1
1
Fork 0
mirror of https://github.com/DNSCrypt/encrypted-dns-server.git synced 2024-05-29 02:46:27 +02:00
Code Issues
481 Commits 11 Branches 36 Tags 3.4 MiB
Commit Graph

185 Commits

Author SHA1 Message Date
Frank Denis 24284541b0 Don't hardcode the TCP backlog 2020-08-22 18:40:00 +02:00
Frank Denis 641ba88ab1 Serialization now requires the Copy trait 2020-06-24 13:46:28 +02:00
Frank Denis 8a4a413f65 Use impl AsRef<...> 2020-06-11 11:50:22 +02:00
Frank Denis 6a19db5edf Merge branch 'master' of github.com:jedisct1/rust-dnscrypt-server 
* 'master' of github.com:jedisct1/rust-dnscrypt-server: (30 commits)
  Update Prometheus and friends
  Remove nightly feature from clap
  client_ttl_jitter -> client_ttl_holdon
  Use specific lengths for big arrays
  Update serde-big-array requirement from 0.2.0 to 0.3.0
  Update deps
  Add decreasing TTLs with jitter when a TTL becomes low
  Update precompiled binaries
  Bump
  Add my_ip feature
  dafuq
  Update deps
  Require tokio 0.2.17
  Update tokio dep due to a regression in the previous version
  Update precompiled binaries
  Bump
  Update deps to force a tokio update
  Revert "Disable parking_lot for tokio"
  Bump
  Disable parking_lot for tokio
  ...
 2020-05-19 11:10:24 +02:00
Frank Denis eaba8d3db5 Replace net2 with socket2 
The Rust ecosystem being the Rust ecosystem, essential crates always get
abandoned after a couple months, and apps need to be rewritten for the
replacement du jour.
 2020-05-19 11:07:51 +02:00
Frank Denis 561ebd07f4 client_ttl_jitter -> client_ttl_holdon 2020-05-05 17:27:28 +02:00
Frank Denis 04fdf73046 Use specific lengths for big arrays 2020-05-04 08:54:08 +02:00
Frank Denis dd1b550ef9 Add decreasing TTLs with jitter when a TTL becomes low 
Fixes #33
 2020-04-24 22:56:29 +02:00
Frank Denis 75166216b9 Add my_ip feature 2020-04-20 16:24:18 +02:00
Frank Denis 2a96c5f985 dafuq 2020-04-20 15:44:42 +02:00
Frank Denis 792f82fa35 Print something when access control is enabled 2020-03-20 11:09:39 +01:00
Frank Denis b9361a8711 Fail open if the tokens list is empty 2020-03-20 10:56:26 +01:00
Frank Denis 5ebd393981 Clippify 2020-03-20 10:55:37 +01:00
Frank Denis d5b06a6653 Implement access control 2020-03-20 10:43:54 +01:00
Frank Denis ccfd7b4184 Use the full timeout if we don't have a cached response 2020-01-27 20:18:22 +01:00
Frank Denis 9b464fe135 Clarify 2020-01-14 22:19:23 +01:00
Frank Denis 58b8d6f5f0 Continue on TCP accept errors 2020-01-14 20:54:04 +01:00
Frank Denis da00ac2194 Add some extra checks 2019-12-24 10:33:35 +01:00
Frank Denis 1c63906795 Refuse long labels 2019-12-23 20:57:24 +01:00
Frank Denis af22d59ce8 Add an option to disable DNSCrypt, and do only TLS and relaying 2019-12-22 00:50:09 +01:00
Frank Denis e9e5c700f0 Add ignore_unqualified_hostnames 2019-12-07 23:25:32 +01:00
Frank Denis f3fe2fa123 up 2019-12-07 22:52:23 +01:00
Frank Denis 3864de1951 Add the ability to return synthetic response for undelegated TLDs 2019-12-07 19:52:21 +01:00
Frank Denis 3d3a96a6f9 More statistics; keep track of NXDOMAIN responses 2019-12-07 17:24:44 +01:00
Frank Denis 3cc28670cb Prometheus: use int counters and gauges 2019-12-07 17:03:18 +01:00
Frank Denis bf5f0b3568 Update to tokio 0.2 2019-12-04 18:12:45 +01:00
Frank Denis 5e0f4a6223 Blacklist: use FxHashMap 2019-12-01 01:52:07 +01:00
Frank Denis df26dddb86 Revert "Allow serve_stale to be disabled" 
This reverts commit 3b2301dcbf.
 2019-11-24 16:16:36 +01:00
Frank Denis 3b2301dcbf Allow serve_stale to be disabled 2019-11-24 15:29:49 +01:00
Frank Denis a6fb79a2b2 Make the project compatible with rust-stable 2019-11-08 13:06:21 +01:00
Frank Denis 48d0588337 Use SystemTime for the certificate's time 
Also don't use mem::forget() for the updater, because who knows, Rust
optimizations may be too aggressive.

Maybe
Fixes #13
 2019-11-05 11:38:45 +01:00
Frank Denis 4d584d95e6 Move from failure to anyhow 2019-11-01 20:56:07 +01:00
Frank Denis d0c37819e2 Relax size check for certificates 2019-10-20 18:05:26 +02:00
Frank Denis 05d62da515 Explicit lifetime 2019-10-20 11:45:27 +02:00
Frank Denis dbbdf984e9 uninline 2019-10-20 11:44:34 +02:00
Frank Denis f4863ee017 Reintroduce the check for the standard provider name prefix 
Only cleanbrowsing and dnsforfamily use a non-standard name.
 2019-10-20 11:40:50 +02:00
Frank Denis 0c134b5393 Cache relayed certificates 
To make it slightly more difficult for servers to fingerprint users by
rotating certificates too frequently.
 2019-10-20 11:18:45 +02:00
Frank Denis dd657faaab Relax cert response check for legacy proxies 2019-10-20 01:22:36 +02:00
Frank Denis bb39f146ae Don't relay anything that would be bigger than the original question 2019-10-19 23:48:37 +02:00
Frank Denis 5848713ffd Forward certificates 2019-10-19 13:39:21 +02:00
Frank Denis 5b77be1ac0 Pick IPv4 or IPv6 wildcard source addresses according to the destination 
Fixes #10
 2019-10-19 11:36:16 +02:00
Frank Denis 2706b2994d Add a reasonable default set of ports + a new option 2019-10-17 22:44:43 +02:00
Frank Denis e43ad4949b to_tcp_listener() is essentially useless 2019-10-17 12:01:28 +02:00
Frank Denis 6483d3d4d7 Set IPV6_ONLY on IPv6 sockets 
Fixes #9
 2019-10-17 11:10:25 +02:00
Frank Denis 3fc7387d9f Don't be too restrictive, we still need to serve certificates 2019-10-15 02:07:05 +02:00
Frank Denis 5cea42a397 Bump 2019-10-14 11:41:37 +02:00
Frank Denis 82e73374ab Anonymized DNS is here 2019-10-14 11:10:55 +02:00
Frank Denis 72dfb0628c Prepare a new configuration section for Anonymized DNS 2019-10-13 22:47:57 +02:00
Frank Denis 5437f80bfc Merge branch 'master' of github.com:jedisct1/rust-dnscrypt-server 
* 'master' of github.com:jedisct1/rust-dnscrypt-server:
  Return a HINFO record when a query is blocked
 2019-10-13 22:35:08 +02:00
Frank Denis 9db26ba20b Preliminary support for Anonymized DNS 2019-10-13 22:34:46 +02:00
Frank Denis c0faa11ac1 Return a HINFO record when a query is blocked 
This is extremely useful to understand why a query doesn't return
e.g. IP addresses that resolve from other servers
 2019-10-13 00:45:26 +02:00
Frank Denis ca35d6fdc8 Ensure that PK prefixes don't match the Anonymized DNSCrypt query magic 2019-10-09 17:55:49 +02:00
Frank Denis cf41840573 We can use Default::default() instead of tokio's Handle 
What kind of magic is that?
 2019-10-07 19:21:18 +02:00
Frank Denis 5afc1f1a6a Ignore casing for caching 2019-10-06 21:04:40 +02:00
Frank Denis fbf8a72d4f Remove CIR 2019-10-02 18:06:02 +02:00
Frank Denis 4c07e91b3f Limit the number of concurrent connections to the metrics 2019-10-02 13:59:02 +02:00
Frank Denis 8cbd5bb6b6 futres::prelude::* may not always be needed 2019-10-02 13:45:52 +02:00
Frank Denis 22d84a748c Add process feature to prometheus, and a timeout for clients 2019-10-02 13:21:32 +02:00
Frank Denis a67572f6f2 Add cache hit ratio 2019-10-02 12:16:43 +02:00
Frank Denis 1a53a1906b Silent warning 2019-10-02 12:07:33 +02:00
Frank Denis 86ab29c06a More Prometheus metrics 2019-10-02 12:03:27 +02:00
Frank Denis cd98c5627c More Prometheus metrics 2019-10-02 11:58:57 +02:00
Frank Denis 71699d8476 Some initial metrics 2019-10-02 11:41:59 +02:00
Frank Denis 27e6097dc9 Prometheus metrics 2019-10-01 20:58:51 +02:00
Frank Denis f77a5aed47 Add metrics 2019-10-01 18:07:55 +02:00
Frank Denis e5a42ebfa1 Do not forget to define rcode_refused 2019-10-01 17:00:56 +02:00
Frank Denis 4bc939977e Serve stale on REFUSED, too 2019-10-01 16:58:43 +02:00
Frank Denis 7ab967e163 Refactor the resolver part a little bit 2019-10-01 08:58:50 +02:00
Frank Denis 6fa13f825d Revert direct usage of FutureExt 2019-09-27 00:11:02 +02:00
Frank Denis 7ebcc7287e Tokio update, that makes things more complicated 2019-09-26 19:56:40 +02:00
Frank Denis 18fe23471d Nits 2019-09-26 15:12:18 +02:00
Frank Denis e4df83410f Keep DNS_FLAGS_CD and DNS_FLAGS_RD 2019-09-26 11:06:12 +02:00
Frank Denis 1e33f82887 Clear answer count on synthetic responses 2019-09-26 02:03:52 +02:00
Frank Denis 6f99d404d6 Typo 2019-09-26 01:45:02 +02:00
Frank Denis 518f0ce17d Implement support for server-side blacklists 2019-09-25 15:51:13 +02:00
Frank Denis cc53be8cf8 Better error messages 2019-09-24 22:37:25 +02:00
Frank Denis 3d07f98f90 Block on the updater 2019-09-24 19:57:54 +02:00
Frank Denis f343802fd0 Revert "Nits" 
This reverts commit 0f63c5e594.
 2019-09-24 19:55:51 +02:00
Frank Denis 0f63c5e594 Nits 2019-09-24 19:42:21 +02:00
Frank Denis 653c4e1de7 Better error handling 2019-09-24 19:29:38 +02:00
Frank Denis 41f4d77212 Update env_logger 2019-09-24 16:34:01 +02:00
Frank Denis 0b76ef2cce Change the format of how IP addresses are specified 2019-09-22 13:44:45 +02:00
Frank Denis c0c66e6254 We don't define any custom error types 2019-09-22 02:30:05 +02:00
Frank Denis 16b5db8c01 u8 vs i8 2019-09-22 01:26:00 +02:00
Frank Denis a5a84b5bdd Log to file 2019-09-21 16:29:13 +02:00
Frank Denis c60a1734eb Improved daemonization 2019-09-21 16:19:39 +02:00
Frank Denis 749ee9f7bf Serve stale if cached and a shorter timeout occurs 2019-09-21 13:56:43 +02:00
Frank Denis a9fe22fa7e Move the resolver to its own file 2019-09-21 12:37:20 +02:00
Frank Denis ba96f014ef Make DNS cache TTLs configurable 2019-09-21 12:18:27 +02:00
Frank Denis 267a260801 Only force a state update if necessary 2019-09-21 12:03:50 +02:00
Frank Denis 56a8e2eb6a Add TTL and serve-stale support to the DNS cache 
Force certificate refresh on load
 2019-09-21 11:53:40 +02:00
Frank Denis 2135af9610 up 2019-09-21 00:58:16 +02:00
Frank Denis c98a202f80 Add a simple built-in DNS cache 
(TTL is not handled yet)
 2019-09-21 00:53:20 +02:00
Frank Denis cf1cbdb51d Split the resolution part 2019-09-20 21:03:15 +02:00
Frank Denis 2366456eb0 up 2019-09-20 12:15:45 +02:00
Frank Denis 1dd5ed07c1 Import from dnscrypt-wrapper 2019-09-20 11:25:24 +02:00
Frank Denis e681e43070 ADd a key cache and improve logging 2019-09-20 10:39:42 +02:00
Frank Denis f0c6235d33 Save states asynchronously 2019-09-20 02:31:31 +02:00
Frank Denis 360172601f Nits 2019-09-20 01:44:03 +02:00
Frank Denis bc4b10f637 Save resolver keys and certificates in the state 2019-09-19 21:08:49 +02:00