Skip to content

v4.0.0
Compare
Choose a tag to compare
@fardog fardog released this 19 Jun 20:52
· 5 commits to master since this release
v4.0.0
This tag was signed with the committer’s verified signature.
fardog Nathan Wittstock
GPG key ID: EE7DBC2B8863ABA4
Learn about vigilant mode.
03f4d27
This commit was signed with the committer’s verified signature.
fardog Nathan Wittstock
GPG key ID: EE7DBC2B8863ABA4
Learn about vigilant mode.

Changes

  • Add provider defaults: specify -google or -cloudflare at the command line to get sane defaults for those providers (#27)
  • When doing DNS lookups for the DNS-over-HTTPS host, try available DNS servers in order, then fail if none respond. Previously, one would be tried at random, and if it failed we wouldn't move on to the next. (#29)

This involves some API changes when instantiating the SimpleDNSClient, now allowing an options struct to be passed.

Known Issues

  • Binaries were not built for this version due to a build misconfiguration

Version Info

output of secure-operator --help:

A DNS-protocol proxy for Google's DNS-over-HTTPS service.

Usage:

  secure-operator [options]

Options:

  -auto-edns-subnet
    	By default, we use an EDNS subnet of 0.0.0.0/0 which does not reveal your
    	IP address or subnet to authoratative DNS servers. If privacy of your IP
    	address is not a concern and you want to take advantage of an authoratative
    	server determining the best DNS results for you, set this flag. This flag
    	specifies that Google should choose what subnet to send; if you'd like to
    	specify your own subnet, use the -edns-subnet option.
  -cloudflare
    	Use Cloudflare defaults. When set, the following options will be used
    	unless explicitly overridden:
    		dns-servers: 1.0.0.1,1.1.1.1
    		params: ct=application/dns-json
    		endpoint: https://cloudflare-dns.com/dns-query
  -dns-servers string
    	DNS Servers used to look up the endpoint; system default is used if absent.
    	Ignored if "endpoint-ips" is set. Comma separated, e.g. "8.8.8.8,8.8.4.4:53".
    	The port section is optional, and 53 will be used by default.
  -edns-subnet string
    	Specify a subnet to be sent in the edns0-client-subnet option; by default
    	we specify that this option should not be used, for privacy. If
    	-auto-edns-subnet is used, the value specified here is ignored.
    	        (default "0.0.0.0/0")
  -endpoint string
    	DNS-over-HTTPS endpoint url (default "https://dns.google.com/resolve")
  -endpoint-ips string
    	IPs of the DNS-over-HTTPS endpoint; if provided, endpoint lookup is
    	skipped, and the host value in "endpoint" is sent as the Host header. Comma
    	separated with no spaces; e.g. "74.125.28.139,74.125.28.102". One server is
    	randomly chosen for each request, failed requests are not retried.
  -google
    	Use Google defaults. When set, the following options will be used unless
    	explicitly overridden:
    		dns-servers: 8.8.8.8,8.8.4.4
    		endpoint: https://dns.google.com/resolve
  -header value
    	Additional headers to be sent with http requests, as Key=Value; specify
    	multiple as:
    	    -header Key-1=Value-1-1 -header Key-1=Value1-2 -header Key-2=Value-2
  -level string
    	Log level, one of: debug, info, warn, error, fatal, panic (default "info")
  -listen [host]:port
    	listen address, as [host]:port (default ":53")
  -no-pad
    	Disable padding of Google DNS-over-HTTPS requests to identical length
  -param value
    	Additional query parameters to be sent with http requests, as key=value;
    	specify multiple as:
    	    -param key1=value1-1 -param key1=value1-2 -param key2=value2
  -tcp
    	Listen on TCP (default true)
  -udp
    	Listen on UDP (default true)
Assets 2
Loading