Willem Toorop
cfdaec9dcf
Merge branch 'develop' into features/DNS64
2017-08-30 15:20:10 +02:00
Willem Toorop
5a94081634
Make switch/case fallthroughs explicit
...
+1 fallthrough bugfix in getdns_query
2017-08-24 13:51:58 +02:00
Willem Toorop
6024f9d72e
Merge branch 'develop' into devel/without-stubby
2017-08-22 11:27:11 +02:00
Willem Toorop
e57011a3ea
Compile without stubby by default
...
And with stubby from repo (as submodule) when --with-stubby is specified
2017-08-22 11:25:47 +02:00
wtoorop
da7083f55a
Merge pull request #316 from wtoorop/devel/roadblocks_and_valchains
...
Devel/roadblocks and valchains
2017-08-18 15:55:56 +02:00
wtoorop
ae0dd866aa
Merge pull request #313 from MelindaShore/develop
...
Modified Dockerfile to check out getdns master
2017-08-18 15:52:49 +02:00
Willem Toorop
c5acb3769b
Exit with error when answers were bogus
2017-07-06 21:28:34 +02:00
Willem Toorop
d402603f4a
Merge branch 'develop' of github.com:getdnsapi/getdns into develop
2017-07-06 12:13:30 +02:00
Willem Toorop
4478745955
No output from getdns_query to stdout except the result (unless -V is used)
...
Resolves issue #315
2017-07-06 12:08:09 +02:00
Sara Dickinson
28c41c3495
Move the SYNC/ASYNC response text to after the dict so the dict is the first thing output and can be parsed without stripping this text (request from user).
2017-07-06 12:03:35 +02:00
Melinda Shore
146638ab94
Modified Dockerfile to check out getdns master and to use unbound-anchor to install dnssec trust root
2017-06-28 22:11:30 -08:00
wtoorop
45884a2dd7
Merge pull request #310 from getdnsapi/features/getdns_context_set_logfunc
...
A configurable log function
2017-06-28 22:55:45 +02:00
Willem Toorop
264135e799
Reintroduct timestamps and replace GETDNS_DAEMON: with STUBBY:
2017-06-28 21:09:40 +02:00
Willem Toorop
8235250fb6
Rename SYSTEM_DAEMON in LOG_UPSTREAM_STATS
2017-06-28 20:57:53 +02:00
Melinda Shore
b0c55d540f
Basic Dockerfile for stubby.
2017-06-26 17:17:16 -08:00
Willem Toorop
04e554086a
A configurable log function
...
Currently used only for DAEMON_DEBUG
2017-06-27 00:23:22 +02:00
Willem Toorop
ac084db231
Don't build libtool stubby if installed directly
2017-06-19 12:19:14 +02:00
Willem Toorop
5e1cceca82
Stubby is installed from getdns_query directly
2017-06-19 12:12:09 +02:00
Willem Toorop
a07290a9b0
Bugfix for parallel make install
2017-06-19 12:06:34 +02:00
Sara Dickinson
d2e8ac9e61
Change script name so it is specific for macOS (which is the new ‘official’ name for Mac OS X!)
...
Add the copyright statement to the stubby-setdns-macos.sh file
2017-06-07 17:00:21 +01:00
Sara Dickinson
305a6f6b6a
1) Add a stubby-setdns script (for MAC OS X only at the moment) to support Homebrew formula
...
2) Remove the OARC server from the default config. So now only include the servers that commit to not logging user data. Can make this clearer once we have a yaml config file.
3) Update makefile to include stubby.conf and stubby-setdns in dist tarball
2017-06-02 11:52:56 +01:00
Willem Toorop
ad53010cd2
NSAP-PTR
2017-05-02 14:50:39 +02:00
Willem Toorop
5f6679ec25
Merge branch 'release/1.1.0' into features/DNS64
2017-04-13 13:22:30 +02:00
Willem Toorop
eb8fe6184a
getdnsapi.net DNS over TLS ips to match the name
2017-04-13 11:47:44 +02:00
wtoorop
0857926965
Merge pull request #283 from wtoorop/devel/doxygen
...
Devel/doxygen
2017-04-12 22:53:21 +02:00
Sara Dickinson
6e66754795
Nope - just add uncensored as the yeti servers would require a different trust anchor
2017-04-12 18:19:34 +01:00
Willem Toorop
708e520989
Spelling fixes from Andreas Schulze
2017-04-11 23:33:24 +02:00
Sara Dickinson
ce7ee62355
Should we update stubby.conf to include 2 of the new test servers?
2017-04-11 15:24:10 +01:00
Willem Toorop
c9b3e3cf7b
Allow cleanup of naked idle timeouts
2017-04-06 20:50:34 +02:00
wtoorop
fe49bc1c69
Merge pull request #279 from dkg/feature/padding-policy
...
Implement sensible default padding policy.
2017-03-27 08:19:31 -05:00
Daniel Kahn Gillmor
f2a90925bc
getdns-query: S is no longer a valid transport label.
2017-03-26 14:38:43 -05:00
Daniel Kahn Gillmor
9de4d6537b
Implement sensible default padding policy.
...
This commit changes the semantics of tls_query_padding_blocksize()
slightly. Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".
At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:
https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3
The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf
The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:
* queries should be padded to a multiple of 128 octets
* responses should be padded to a multiple of 468 octets
Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
2017-03-26 14:37:28 -05:00
Sara Dickinson
1d4e3dd790
Update the name of the new option to 'round_robin_upstreams'
2017-03-17 16:53:03 +00:00
Sara Dickinson
f0f3c43552
- Add a new mode where for TLS (and infact TCP too) the upstream selection simply cycles over all the upstreams rather than treating them as an ordered list and always using the first open one.
...
- Make IP field in debug output fixed width
- Collect all the one line config options at the top of the stubby.conf file to make it easier to read
2017-03-16 14:51:46 +00:00
Willem Toorop
09baade016
Print pinsets Bas64 too
...
+ bugfix in reading base64
+ base64 pinsets in stubby.conf
2017-02-28 07:28:18 -08:00
Sara Dickinson
ebdf657fd7
Change pins for IPv6 addresses for Sinodun privacy servers!
...
Improve logging of auth failure
2017-02-23 16:48:16 +00:00
Sara Dickinson
356408955d
Update the SPKI pin in the stubby.conf file for the Sinodun/Surfnet servers.
2017-02-23 13:55:43 +00:00
Sara Dickinson
09df4e2d5d
Fix spacing error in stubby help output
2017-02-23 13:55:43 +00:00
Willem Toorop
04f6a2b13b
Fixed dependencies
2017-02-15 12:47:55 +01:00
Willem Toorop
80219a4195
Merge branch 'bugfix/replace__FUNCTION__' into bugfix/1.1.0-alpha3/replace__FUNCTION__
2016-12-12 14:20:31 +01:00
Sara Dickinson
7b58dc25a6
- Fix bug where a self signed cert + only a pinset would not authenticate
...
- Add OARC servers with pinset only to stubby.conf
- Move Authentication strings to types_internal for use in call_debugging
- Add connection counts to call_debugging
-
2016-12-09 17:03:41 +00:00
Willem Toorop
1264099be7
Pedantic warnings and XTRA_CFLAGS for tools too
2016-12-09 14:02:27 +01:00
Willem Toorop
8b454afb80
dependencies
2016-12-09 13:57:42 +01:00
Willem Toorop
9d48c47980
Merge branch 'develop' into release/1.1.0-alpha3
2016-12-08 16:31:47 +01:00
Willem Toorop
8f75e4ed8d
Few more things to work with CFLAGS=-Wextra
2016-12-08 15:17:27 +01:00
Willem Toorop
f31b2fa233
Merge branch 'develop' into release/1.1.0-alpha3
2016-12-08 15:06:25 +01:00
Sara Dickinson
691d32cf80
Improve README entry on stubby. Add a link to dnsprivacy.org (Willem - is this set up yet?)
...
Add sample Strict config file into the source with a pointer from the README. Not sure about installing this yet as opportunistic seems a better default...?
2016-12-06 15:59:40 +00:00
Sara Dickinson
471e8725e2
Change the default profile for Stubby to use TLS then UDP/TCP
...
- this will only try over TLS a few times before backing off to clear text
- but makes the default for Stubby opportunistic privacy (Willem - WDYT?)
Also use padding and ECS privacy by default for Stubby.
More debugging to help users when there are failures or fallbacks.
Also remove a few help options from Stubby that don't apply
Add -v to output version on getdns_query/stubby
2016-12-06 14:44:40 +00:00
Willem Toorop
57e2a18f94
Minor fixes to make it compile on Windows again
2016-11-03 15:35:53 +01:00
Willem Toorop
4bf93de12b
More conventional function prototypes for servers
2016-11-02 13:40:02 +01:00