Releases: fardog/secureoperator
Releases · fardog/secureoperator
v4.1.0
Changes
- Adds Quad9 support (#30, thanks @loganaden)
- Minor README changes (#31)
Known Issues
- None
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-auto-edns-subnet
By default, we use an EDNS subnet of 0.0.0.0/0 which does not reveal your
IP address or subnet to authoratative DNS servers. If privacy of your IP
address is not a concern and you want to take advantage of an authoratative
server determining the best DNS results for you, set this flag. This flag
specifies that Google should choose what subnet to send; if you'd like to
specify your own subnet, use the -edns-subnet option.
-cloudflare
Use Cloudflare defaults. When set, the following options will be used
unless explicitly overridden:
dns-servers: 1.0.0.1,1.1.1.1
params: ct=application/dns-json
endpoint: https://cloudflare-dns.com/dns-query
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-edns-subnet string
Specify a subnet to be sent in the edns0-client-subnet option; by default
we specify that this option should not be used, for privacy. If
-auto-edns-subnet is used, the value specified here is ignored.
(default "0.0.0.0/0")
-endpoint string
DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-google
Use Google defaults. When set, the following options will be used unless
explicitly overridden:
dns-servers: 8.8.8.8,8.8.4.4
endpoint: https://dns.google.com/resolve
-header value
Additional headers to be sent with http requests, as Key=Value; specify
multiple as:
-header Key-1=Value-1-1 -header Key-1=Value1-2 -header Key-2=Value-2
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-param value
Additional query parameters to be sent with http requests, as key=value;
specify multiple as:
-param key1=value1-1 -param key1=value1-2 -param key2=value2
-quad9
Use Quad9 defaults. When set, the following options will be used
unless explicitly overriden:
dns-servers: 9.9.9.9, 149.112.112.112
params: ct=application/dns-json
endpoint : https://dns.quad9.net/dns-query
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
v4.0.1
Changes
- Fixes a build issue in v4.0.0 where release binaries were not automatically built by CI
This version is code identical to v4.0.0
Known Issues
- None
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-auto-edns-subnet
By default, we use an EDNS subnet of 0.0.0.0/0 which does not reveal your
IP address or subnet to authoratative DNS servers. If privacy of your IP
address is not a concern and you want to take advantage of an authoratative
server determining the best DNS results for you, set this flag. This flag
specifies that Google should choose what subnet to send; if you'd like to
specify your own subnet, use the -edns-subnet option.
-cloudflare
Use Cloudflare defaults. When set, the following options will be used
unless explicitly overridden:
dns-servers: 1.0.0.1,1.1.1.1
params: ct=application/dns-json
endpoint: https://cloudflare-dns.com/dns-query
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-edns-subnet string
Specify a subnet to be sent in the edns0-client-subnet option; by default
we specify that this option should not be used, for privacy. If
-auto-edns-subnet is used, the value specified here is ignored.
(default "0.0.0.0/0")
-endpoint string
DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-google
Use Google defaults. When set, the following options will be used unless
explicitly overridden:
dns-servers: 8.8.8.8,8.8.4.4
endpoint: https://dns.google.com/resolve
-header value
Additional headers to be sent with http requests, as Key=Value; specify
multiple as:
-header Key-1=Value-1-1 -header Key-1=Value1-2 -header Key-2=Value-2
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-param value
Additional query parameters to be sent with http requests, as key=value;
specify multiple as:
-param key1=value1-1 -param key1=value1-2 -param key2=value2
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
v4.0.0
Changes
- Add provider defaults: specify
-googleor-cloudflareat the command line to get sane defaults for those providers (#27) - When doing DNS lookups for the DNS-over-HTTPS host, try available DNS servers in order, then fail if none respond. Previously, one would be tried at random, and if it failed we wouldn't move on to the next. (#29)
This involves some API changes when instantiating the SimpleDNSClient, now allowing an options struct to be passed.
Known Issues
- Binaries were not built for this version due to a build misconfiguration
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-auto-edns-subnet
By default, we use an EDNS subnet of 0.0.0.0/0 which does not reveal your
IP address or subnet to authoratative DNS servers. If privacy of your IP
address is not a concern and you want to take advantage of an authoratative
server determining the best DNS results for you, set this flag. This flag
specifies that Google should choose what subnet to send; if you'd like to
specify your own subnet, use the -edns-subnet option.
-cloudflare
Use Cloudflare defaults. When set, the following options will be used
unless explicitly overridden:
dns-servers: 1.0.0.1,1.1.1.1
params: ct=application/dns-json
endpoint: https://cloudflare-dns.com/dns-query
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-edns-subnet string
Specify a subnet to be sent in the edns0-client-subnet option; by default
we specify that this option should not be used, for privacy. If
-auto-edns-subnet is used, the value specified here is ignored.
(default "0.0.0.0/0")
-endpoint string
DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-google
Use Google defaults. When set, the following options will be used unless
explicitly overridden:
dns-servers: 8.8.8.8,8.8.4.4
endpoint: https://dns.google.com/resolve
-header value
Additional headers to be sent with http requests, as Key=Value; specify
multiple as:
-header Key-1=Value-1-1 -header Key-1=Value1-2 -header Key-2=Value-2
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-param value
Additional query parameters to be sent with http requests, as key=value;
specify multiple as:
-param key1=value1-1 -param key1=value1-2 -param key2=value2
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
v3.0.0
Changes
- Support sending EDNS information to upstream DNS-over-HTTPS server, or optionally specifying none and letting the server decide.
- New flags were added to the binary for optionally specifying EDNS manually, or allowing Google to decide the behavior for you. The default behavior (disable EDNS) is unchanged.
Warning: prior to this release, secureoperator always sent 0.0.0.0/0 to upstream, which Google interprets as "send no value to authoritative servers for EDNS". In this release, it's possible to enable EDNS, which may reveal your IP address (or a portion of it) to authoritative DNS servers.
The default of both the binary release and the securoperator library is to use the old behavior (sending 0.0.0.0/0) however future versions of the library will default to letting Google decide the behavior. This will be changed at version 4. The behavior of the binary release will not change.
If you use secureoperator as a library; it's recommended that you begin specifying your preferred EDNS settings now, so that you're prepared for when the default changes in the future. To specify the current behavior:
provider, err := secop.NewGDNSProvider(*endpoint, &secop.GDNSOptions{
UseEDNSsubnetOption: true,
EDNSSubnet: secop.GoogleEDNSSentinelValue,
})For the version 3 release, the UseEDNSsubnetOption: true is required to be specified, otherwise EDNSSubnet value will be ignored. This is because the zero value of EDNSSubnet (a blank string) means "allow Google to specify EDNS". In version 4, UseEDNSsubnetOption will be removed and that behavior will become default in the library.
Please open an issue if you have any questions about this behavior or change.
Known Issues
- None
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-auto-edns-subnet
By default, we use an EDNS subnet of 0.0.0.0/0 which does not reveal your
IP address or subnet to authoratative DNS servers. If privacy of your IP
address is not a concern and you want to take advantage of an authoratative
server determining the best DNS results for you, set this flag. This flag
specifies that Google should choose what subnet to send; if you'd like to
specify your own subnet, use the -edns-subnet option.
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-edns-subnet string
Specify a subnet to be sent in the edns0-client-subnet option; by default
we specify that this option should not be used, for privacy. If
-auto-edns-subnet is used, the value specified here is ignored.
(default "0.0.0.0/0")
-endpoint string
Google DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the Google DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
Download the correct binary below for your platform, or install via docker pull fardog/secureoperator:v3.0.0
v2.2.1
Changes
- Use the latest
deplockfile formats - Ensure latest deps
Known Issues
- None
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-endpoint string
Google DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the Google DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
Download the correct binary below for your platform, or install via docker pull fardog/secureoperator:v2.2.1
v2.2.0
Changes
- Support latest Go versions (1.8, 1.9)
- Drop support for deprecated Go versions (1.7)
- Add new method for returning errors from
dns.RRgeneration fromDNSRR- Fixes bugs where a bad record could cause responses to hang
- Deprecate old method which swallowed error
- (Developer) Use dep to manage deps; remove
godep
Known Issues
- None
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-endpoint string
Google DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the Google DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
Download the correct binary below for your platform, or install via docker pull fardog/secureoperator:v2.2.0
v2.1.0
Changes
Known Issues
- None
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-endpoint string
Google DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the Google DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
Download the correct binary below for your platform, or install via docker pull fardog/secureoperator:v2.1.0
v2.0.1
Changes
- Google DNS Provider fixes — #8 (thanks toffaletti)
- reuse http.Client
- set timeouts
- limit connection pool size
- Seed math.rand on startup — #7 (suggestion from reddit user ar1819)
Known Issues
- None
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-endpoint string
Google DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the Google DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
Download the correct binary below for your platform, or install via docker pull fardog/secureoperator:v2.0.1
v2.0.0
Changes
- Add option to specify DNS resolvers, rather than using the system resolver
- Add option to specify Google endpoint IPs
- Improved help messages
Known Issues
- None
Version Info
output of secure-operator --help:
A DNS-protocol proxy for Google's DNS-over-HTTPS service.
Usage:
secure-operator [options]
Options:
-dns-servers string
DNS Servers used to look up the endpoint; system default is used if absent.
Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
The port section is optional, and 53 will be used by default.
-endpoint string
Google DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-endpoint-ips string
IPs of the Google DNS-over-HTTPS endpoint; if provided, endpoint lookup is
skipped, and the host value in "endpoint" is sent as the Host header. Comma
separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
randomly chosen for each request, failed requests are not retried.
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-no-pad
Disable padding of Google DNS-over-HTTPS requests to identical length
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
Download the correct binary below for your platform, or install via docker pull fardog/secureoperator:v2.0.0
v1.1.1
Changes
- Fixes a misleading help message
- Updates README with versioning/compatibility policy
Known Issues
- None
Version Info
output of secure-operator --help:
-endpoint string
Google DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
-level string
Log level, one of: debug, info, warn, error, fatal, panic (default "info")
-listen [host]:port
listen address, as [host]:port (default ":53")
-pad
Pad Google DNS-over-HTTPS requests to identical length (default true)
-tcp
Listen on TCP (default true)
-udp
Listen on UDP (default true)
Download the correct binary below for your platform, or install via docker pull fardog/secureoperator:v1.1.1