@jedisct1 jedisct1 released this Jul 9, 2018 · 16 commits to master since this release

Assets 48
2.0.16

@jedisct1 jedisct1 released this Jun 6, 2018 · 65 commits to master since this release

Assets 48
  • Support for proxies (HTTP/SOCKS) was added. All it takes to route all TCP queries to Tor is add proxy = "socks5://127.0.0.1:9050" to the configuration file.
  • Querylog files have a new record indicating the outcome of each transaction.
  • Pre-built binaries for Linux are statically linked on all architectures.

@jedisct1 jedisct1 released this May 19, 2018 · 79 commits to master since this release

Assets 48
  • Supports DNS-over-HTTPS draft 08.
  • Netprobes don't use port 0 by default, as this causes issues with Little Snitch and FreeBSD.

@jedisct1 jedisct1 released this May 16, 2018 · 85 commits to master since this release

Assets 48
2.0.13

@jedisct1 jedisct1 released this May 10, 2018 · 90 commits to master since this release

Assets 48
  • Further compatibility fixes for Alpine Linux/i386 and Android/i386 have been made. Thanks to @aead for his help!
  • The proxy will now wait for network connectivity before starting. This is useful if the proxy is automatically started at boot, possibly before the network is fully configured.
  • The IPv6 blocking module now returns synthetic SOA records to improve compatibility with downstream resolvers and stub resolvers.

@jedisct1 jedisct1 released this Apr 27, 2018 · 115 commits to master since this release

Assets 48
  • Version 2.0.11
  • This release fixes a long-standing bug that caused the proxy to block or crash when Position-Independent Executables were produced.
    This bug only showed up when compiled on (not for) Alpine Linux and Android, for some CPU architectures.
  • New configuration settings: cache_neg_min_ttl and cache_neg_max_ttl, to clamp the negative caching TTL.

@jedisct1 jedisct1 released this Apr 11, 2018 · 148 commits to master since this release

Assets 25
  • Whitelists have been implemented: one a name matches a pattern in the whitelist, rules from the name-based and IP-based blacklists will be bypassed. Whitelists support the same patterns as blacklists, as
    well as time-based rules, so that some website can be normally blocked, but accessible on specific days or times of the day.
  • Lists are now faster to load, and large lists require significantly less memory than before.
  • New options have been added to disable TLS session tickets as well as use a specific cipher suite. See the example configuration file for a recommended configuration to speed up DoH servers on ARM such as Android devices and Raspberry Pi.
  • The -service install command now remembers what the current directory was when the service was installed, in order to later load configuration files with relative paths.
  • DoH: The "Cache-Control: max-age" header is now ignored.
  • Patterns can now be prefixed with = to do exact matching: =example.com matches example.com but will not match www.example.com.
  • Patterns are now fully supported by the cloaking module.
  • A new option was added to use a specific cipher suite instead of the server's provided one. Using RSA+ChaChaPoly over ECDSA+AES-GCM has shown to decrease CPU usage and latency when connecting to Cloudflare, especially on Mips and ARM systems.
  • The ephemeral keys mode of dnscrypt-proxy v1.x was reimplemented: this creates a new unique key for every single query.

@jedisct1 jedisct1 released this Apr 9, 2018 · 167 commits to master since this release

Assets 25

New in beta 2:

  • Patterns can now be prefixed with = to do exact matching: =example.com matches example.com but will not match www.example.com.
  • Patterns are now fully supported by the cloaking module.
  • A new option was added to use a specific cipher suite instead of the server's provided one. Using RSA+ChaChaPoly over ECDSA+AES-GCM has shown to decrease CPU usage and latency when connecting to Cloudflare, especially on Mips and ARM systems.
  • The ephemeral keys mode of dnscrypt-proxy v1.x was reimplemented: this creates a new unique key for every single query.

In beta 1:

  • Whitelists have been implemented: one a name matches a pattern in the whitelist, rules from the name-based and IP-based blacklists will be bypassed. Whitelists support the same patterns as blacklists, as well as time-based rules, so that some website can be normally blocked, but accessible on specific days or times of the day.
  • Lists are now faster to load, and large lists require significantly less memory than before.
  • New options have been added to disable TLS session tickets as well as use a specific cipher suite. See the example configuration file for a recommended configuration to speed up DoH servers on ARM such as Android devices and Raspberry Pi.
  • The -service install command now remembers what the current directory was when the service was installed, in order to later load configuration files with relative paths.
  • DoH: The "Cache-Control: max-age" header is now ignored.

@jedisct1 jedisct1 released this Apr 7, 2018 · 177 commits to master since this release

Assets 25
  • Whitelists have been implemented: one a name matches a pattern in the whitelist, rules from the name-based and IP-based blacklists will be bypassed. Whitelists support the same patterns as blacklists, as
    well as time-based rules, so that some website can be normally blocked, but accessible on specific days or times of the day.
  • Lists are now faster to load, and large lists require significantly less memory than before.
  • New options have been added to disable TLS session tickets as well as use a specific cipher suite. See the example configuration file for a recommended configuration to speed up DoH servers on ARM such as Android devices and Raspberry Pi.
  • The -service install command now remembers what the current directory was when the service was installed, in order to later load configuration files with relative paths.
  • DoH: The "Cache-Control: max-age" header is now ignored.