interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,267 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

149 Commits

Author SHA1 Message Date
wtoorop 45884a2dd7 Merge pull request #310 from getdnsapi/features/getdns_context_set_logfunc 
A configurable log function
 2017-06-28 22:55:45 +02:00
Willem Toorop 264135e799 Reintroduct timestamps and replace GETDNS_DAEMON: with STUBBY: 2017-06-28 21:09:40 +02:00
Willem Toorop 8235250fb6 Rename SYSTEM_DAEMON in LOG_UPSTREAM_STATS 2017-06-28 20:57:53 +02:00
Melinda Shore b0c55d540f Basic Dockerfile for stubby. 2017-06-26 17:17:16 -08:00
Willem Toorop 04e554086a A configurable log function 
Currently used only for DAEMON_DEBUG
 2017-06-27 00:23:22 +02:00
Willem Toorop ac084db231 Don't build libtool stubby if installed directly 2017-06-19 12:19:14 +02:00
Willem Toorop 5e1cceca82 Stubby is installed from getdns_query directly 2017-06-19 12:12:09 +02:00
Willem Toorop a07290a9b0 Bugfix for parallel make install 2017-06-19 12:06:34 +02:00
Sara Dickinson d2e8ac9e61 Change script name so it is specific for macOS (which is the new ‘official’ name for Mac OS X!) 
Add the copyright statement to the stubby-setdns-macos.sh file
 2017-06-07 17:00:21 +01:00
Sara Dickinson 305a6f6b6a 1) Add a stubby-setdns script (for MAC OS X only at the moment) to support Homebrew formula 
2) Remove the OARC server from the default config. So now only include the servers that commit to not logging user data. Can make this clearer once we have a yaml config file.
3) Update makefile to include stubby.conf and stubby-setdns in dist tarball
 2017-06-02 11:52:56 +01:00
Willem Toorop ad53010cd2 NSAP-PTR 2017-05-02 14:50:39 +02:00
Willem Toorop eb8fe6184a getdnsapi.net DNS over TLS ips to match the name 2017-04-13 11:47:44 +02:00
wtoorop 0857926965 Merge pull request #283 from wtoorop/devel/doxygen 
Devel/doxygen
 2017-04-12 22:53:21 +02:00
Sara Dickinson 6e66754795 Nope - just add uncensored as the yeti servers would require a different trust anchor 2017-04-12 18:19:34 +01:00
Willem Toorop 708e520989 Spelling fixes from Andreas Schulze 2017-04-11 23:33:24 +02:00
Sara Dickinson ce7ee62355 Should we update stubby.conf to include 2 of the new test servers? 2017-04-11 15:24:10 +01:00
Willem Toorop c9b3e3cf7b Allow cleanup of naked idle timeouts 2017-04-06 20:50:34 +02:00
wtoorop fe49bc1c69 Merge pull request #279 from dkg/feature/padding-policy 
Implement sensible default padding policy.
 2017-03-27 08:19:31 -05:00
Daniel Kahn Gillmor f2a90925bc getdns-query: S is no longer a valid transport label. 2017-03-26 14:38:43 -05:00
Daniel Kahn Gillmor 9de4d6537b Implement sensible default padding policy. 
This commit changes the semantics of tls_query_padding_blocksize()
slightly.  Where previously both 0 and 1 meant "no padding", this
commit changes 1 to mean "pad using a sensible policy".

At NDSS 2017's DNS privacy workshop, I presented an empirical study of
DNS padding policies:

https://www.internetsociety.org/events/ndss-symposium/ndss-symposium-2017/dns-privacy-workshop-2017-programme#session3

The slide deck is here:
https://dns.cmrg.net/ndss2017-dprive-empirical-DNS-traffic-size.pdf

The resulting recommendation from the research is that a simple
padding policy is relatively cheap and still protective of metadata
when DNS traffic is encrypted:

 * queries should be padded to a multiple of 128 octets
 * responses should be padded to a multiple of 468 octets

Since getdns is only currently doing queries over tls, we only have to
implement the first part of this policy :)
 2017-03-26 14:37:28 -05:00
Sara Dickinson 1d4e3dd790 Update the name of the new option to 'round_robin_upstreams' 2017-03-17 16:53:03 +00:00
Sara Dickinson f0f3c43552 - Add a new mode where for TLS (and infact TCP too) the upstream selection simply cycles over all the upstreams rather than treating them as an ordered list and always using the first open one. 
- Make IP field in debug output fixed width
- Collect all the one line config options at the top of the stubby.conf file to make it easier to read
 2017-03-16 14:51:46 +00:00
Willem Toorop 09baade016 Print pinsets Bas64 too 
+ bugfix in reading base64
+ base64 pinsets in stubby.conf
 2017-02-28 07:28:18 -08:00
Sara Dickinson ebdf657fd7 Change pins for IPv6 addresses for Sinodun privacy servers! 
Improve logging of auth failure
 2017-02-23 16:48:16 +00:00
Sara Dickinson 356408955d Update the SPKI pin in the stubby.conf file for the Sinodun/Surfnet servers. 2017-02-23 13:55:43 +00:00
Sara Dickinson 09df4e2d5d Fix spacing error in stubby help output 2017-02-23 13:55:43 +00:00
Willem Toorop 04f6a2b13b Fixed dependencies 2017-02-15 12:47:55 +01:00
Willem Toorop 80219a4195 Merge branch 'bugfix/replace__FUNCTION__' into bugfix/1.1.0-alpha3/replace__FUNCTION__ 2016-12-12 14:20:31 +01:00
Sara Dickinson 7b58dc25a6 - Fix bug where a self signed cert + only a pinset would not authenticate 
- Add OARC servers with pinset only to stubby.conf
- Move Authentication strings to types_internal for use in call_debugging
- Add connection counts to call_debugging
-
 2016-12-09 17:03:41 +00:00
Willem Toorop 1264099be7 Pedantic warnings and XTRA_CFLAGS for tools too 2016-12-09 14:02:27 +01:00
Willem Toorop 8b454afb80 dependencies 2016-12-09 13:57:42 +01:00
Willem Toorop 9d48c47980 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-08 16:31:47 +01:00
Willem Toorop 8f75e4ed8d Few more things to work with CFLAGS=-Wextra 2016-12-08 15:17:27 +01:00
Willem Toorop f31b2fa233 Merge branch 'develop' into release/1.1.0-alpha3 2016-12-08 15:06:25 +01:00
Sara Dickinson 691d32cf80 Improve README entry on stubby. Add a link to dnsprivacy.org (Willem - is this set up yet?) 
Add sample Strict config file into the source with a pointer from the README. Not sure about installing this yet as opportunistic seems a better default...?
 2016-12-06 15:59:40 +00:00
Sara Dickinson 471e8725e2 Change the default profile for Stubby to use TLS then UDP/TCP 
- this will only try over TLS a few times before backing off to clear text
  - but makes the default  for Stubby opportunistic privacy (Willem - WDYT?)
Also use padding and ECS privacy by default for Stubby.
More debugging to help users when there are failures or fallbacks.
Also remove a few help options from Stubby that don't apply
Add -v to output version on getdns_query/stubby
 2016-12-06 14:44:40 +00:00
Willem Toorop 57e2a18f94 Minor fixes to make it compile on Windows again 2016-11-03 15:35:53 +01:00
Willem Toorop 4bf93de12b More conventional function prototypes for servers 2016-11-02 13:40:02 +01:00
Willem Toorop bc70b29416 Stubby release 2016-10-19 07:30:31 -05:00
Willem Toorop 732844eeaa Correct default config 2016-10-16 09:46:02 -05:00
Willem Toorop 05fb6edfcb Linking to allow running stubby from src/tools 2016-10-16 05:39:04 -05:00
Willem Toorop 838375fe66 Run stubby in foreground by default 2016-10-16 05:32:05 -05:00
Willem Toorop ec04dc21ee Stubby defaults in help text 2016-10-14 10:14:38 -05:00
Willem Toorop 3d356bd35e Stubby runs in background by default 2016-10-14 09:51:17 -05:00
Willem Toorop 58b5ead67a Make stubby act as stubby 2016-10-14 08:24:25 -05:00
Willem Toorop 3f965e68c0 Stubby is getdns_query with a different name 2016-10-14 12:02:23 +02:00
Willem Toorop 94292f5bc7 Merge branch 'release/v1.0.0b2' into release/v1.1.0a1 2016-07-14 16:22:53 +02:00
Willem Toorop 0340b74604 Dependencies 2016-07-14 15:04:19 +02:00
Willem Toorop 80ea8637d1 Recover src/tools 2016-07-14 14:50:26 +02:00