Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve protection of DNS queries #43

Merged
merged 2 commits into from Jan 10, 2020
Merged

Improve protection of DNS queries #43

merged 2 commits into from Jan 10, 2020

Conversation

@bemasc
Copy link
Contributor

bemasc commented Jan 10, 2020

Go on Android cannot determine the system's preferred DNS servers.
This is normally fine, because Resolver.PreferGo defaults to false,
but we need to set PreferGo to true when protection is enabled,
in order to protect the DNS query's UDP socket.

This change requires a Protector to indicate the list of DNS
servers, so that the Resolver can create a protected socket to
one of those servers.

Go on Android cannot determine the system's preferred DNS servers.
This is normally fine, because Resolver.PreferGo defaults to false,
but we need to set PreferGo to true when protection is enabled,
in order to protect the DNS query's UDP socket.

This change requires a Protector to indicate the list of DNS
servers, so that the Resolver can create a protected socket to
one of those servers.
@bemasc bemasc requested a review from alalamav Jan 10, 2020
tunnel/intra/doh/ipmap/ipmap.go Outdated Show resolved Hide resolved
tunnel/intra/protect/protect.go Outdated Show resolved Hide resolved
bemasc added a commit to Jigsaw-Code/Intra that referenced this pull request Jan 10, 2020
This change depends on Jigsaw-Code/outline-go-tun2socks#43.

This change does not affect Intra's default behavior.  It adds a
remote configuration option that can be used to test full-VPN support
on versions below API 23.

If this configuration works well, we should be able to remove OkHttp
and related codepaths.
@bemasc bemasc merged commit 8f96431 into master Jan 10, 2020
1 check passed
1 check passed
cla/google All necessary CLAs are signed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.