Skip to content

@jedisct1 jedisct1 released this Oct 14, 2019

Preliminary support for anonymized DNS is here!

Assets 52

@jedisct1 jedisct1 released this Oct 12, 2019

  • Invalid server entries are now skipped instead of preventing a source from being used. Thanks to Alison Winters for the contribution!
  • Truncated responses are immediately retried over TCP instead of waiting for the client to retry. This reduces the latency for large responses.
  • Responses sent to the local network are assumed to support at least 1252 bytes packets, and use optional information from EDNS up to 4096 bytes. This also reduces latency.
  • Logging improvements: servers are not logged for cached, synthetic and cloaked responses. And the forwarder is logged instead of the regular server for forwarded responses.
Assets 52

@jedisct1 jedisct1 released this Sep 9, 2019

  • Version 2.0.27
  • The X25519 implementation was changed from using the Go standard implementation to using Cloudflare's CIRCL library. Unfortunately, CIRCL appears to be broken on big-endian systems. That change has been reverted.
  • All the dependencies have been updated.
Assets 52

@jedisct1 jedisct1 released this Sep 7, 2019

  • A new plugin was added to prevent Firefox from bypassing the system DNS settings.
  • New configuration parameter to set how to respond to blocked queries: blocked_query_response. Responses can now be empty record sets, REFUSED response codes, or predefined IPv4 and/or IPv6 addresses.
  • The refused_code_in_responses and blocked_query_response options have been folded into a new blocked_query_response option.
  • The fallback resolver is now accessed using TCP if force_tcp has been set to true.
  • CPU usage when enabling DNSCrypt ephemeral keys has been reduced.
  • New command-line option: -show-certs to print DoH certificate hashes.
  • Solaris packages are now provided.
  • DoH servers on a non-standard port, with stamps that don't include IP addresses, and without working system resolvers can now be properly bootstrapped.
  • A new option, query_meta, is now available to add optional records to client queries.
Assets 52

@jedisct1 jedisct1 released this Jun 3, 2019

The example IP address for network probes didn't work on Windows - This is a regression introduced in version 2.0.24.

The example configuration file has been updated and the fallback resolver IP is now used when no netprobe address has been configured.

Assets 50

@jedisct1 jedisct1 released this Jun 3, 2019

  • The query log now includes the time it took to complete the
    transaction, the name of the resolver that sent the response and if
    the response was served from the cache. Thanks to Ferdinand Holzer for
    his help!
  • The list of resolvers, sorted by latency, is now printed after all
    the resolvers have been probed.
  • The "fastest" load-balancing strategy has been renamed to "first".
  • On Windows, a nul byte is sent to the netprobe address. This is
    required to check for connectivity on this platform. Thanks to Mathias
  • The Malwaredomainlist URL was updated to directly parse the host
    list. Thanks to Encrypted.Town.
  • The Python script to generate lists of blacklisted domains is now
    compatible both with Python 2 and Python 3. Thanks to Simon R.
  • A warning is now displayed for DoH is requested but the server
    doesn't speak HTTP/2.
  • A crash with loaded-balanced sets of cloaked names was fixed.
    Thanks to @InkblotAdmirer for the report.
  • Resolvers are now tried in random order to avoid favoring the first
    ones at startup.
Assets 2

@jedisct1 jedisct1 released this Apr 28, 2019

Assets 50

@jedisct1 jedisct1 released this Apr 1, 2019

The previous version had issues with the .org TLD when used in conjunction with dnsmasq.

This has been fixed.

Assets 48

@jedisct1 jedisct1 released this Mar 14, 2019

The change to run the Windows service as NT AUTHORITY\NetworkService has been reverted, as it was reported to break logging (Windows only).

There are no other changes. If you are running version 2.0.20 on non-Windows platforms, or if you installed the service yourself, upgrading is not necessary.

Oh, and if you know how to switch back to NT AUTHORITY\NetworkService and still have the ability to write log files, your help would be welcome.

Assets 48

@jedisct1 jedisct1 released this Mar 14, 2019

  • Startup is now way faster, especially when using DoH servers.
  • A new action: CLOAK is logged when queries are being cloaked.
  • A cloaking rule can now map to multiple IPv4 and IPv6 addresses, with load-balancing.
  • New option: refused_code_in_responses to return (or not) a REFUSED code on blacklisted queries. This is disabled by default, in order to work around a bug in Android Pie.
  • Time-based restrictions are now properly handled in the script.
  • Other improvements have been made to the script.
  • The Windows service is now installed as NT AUTHORITY\NetworkService.
Assets 48
You can’t perform that action at this time.