This Changelog records major changes between versions.
Not all changes are recorded. Please check git log for details.
- systemd: Use DynamicUser=yes instead of User=nobody (Fixed #139)
- Migrate deprecated Go packages
ioutiltoioandos - Fix a bug that truncates the response improperly, causing malformed DNS responsed (Fixed #144)
- Documentation updates, including deploying recommenation alongside DoT, thanks @gdm85
- Add unit tests for CIDR subnets parsing, thanks @gdm85
- Removing Firefox 61-62 patch
Since this version, @gdm85, @GreyXor, @Jamesits will be able to maintain this repository alongside @m13253. Anyone who contributed to this project can also apply to be a maintainer. This is because changes in life have delayed the development of this project. By constructing a community hopefully can we restore the pace of development.
- No new features in this release
- Bumped versions of Go toolchain and third-party dependencies, requested by #128
- The repository now conforms to the Go semvar standard (Fixed #115, thanks to @leiless)
- Add client certificate authentication
- Fixing documentation related to Docker
- Add options to configure ECS netmask length
- Add an option to disable TLS verification (Note: dangerous)
- Use the library ipTree to determine whether an IP is global routable, improving the performance
- Google's 8.8.8.8 resolver is now marked as "Good ECS" in the example configuration file
- Allow client to opt-out EDNS0 Client Support
- [JSON-DoH] Honor DNSSEC OK flag for incoming DNS requests
- [JSON-DoH] Add support for non-standard response formats
X-Real-IPis now used in logging if set by frontend load balancer- Fix documentation
- Fix messy log
- Breaking change: The configuration format of doh-server is changed
- Add support for type prefix for upstream addresses of doh-server
- Add support for DNS-over-TLS upstream addresses of doh-server
- Remove
tcp_onlyconfiguration option in doh-server - Add
no_user_agentconfiguration option in doh-server - Add an RPM package script with SELinux policy
- Fix Opcode never assigned in
jsonDNS.PrepareReply - Improve error logging / checking
- Updated Readme
- Update address for google's resolver
- Fix a typo
- Add a set of Dockerfile contributed by the community
- Include DNS.SB's resolver in example configuration
- Add
local_addrconfiguration for doh-server (#39) - Fix a problem when compiling on macOS 10.14.4 or newer
- Add Quad9 DoH server to the example
doh-client.conf - Use TCP when appropriate for the given query type/response (AXFR/IXFR)
- Fix a crash with the random load balancing algorithm.
This is a breaking change! Please update the configuration file after upgrading.
- Implemented two upstream server selector algorithms:
weighted_round_robinandlvs_weighted_round_robin. - Add a configuration option for doh-server:
log_guessed_client_ip.
- Add PID file feature for systems which lacks a cgroup-based process tracker.
- Remove dns.ErrTruncated according to miekg/dns#815.
- Add a configuration option:
debug_http_headers(e.g. AddCF-Rayto diagnose Cloudflare's resolver) - Add a configuration option:
passrthrough - macOS logger is rebuilt with static libswiftCore
- Fix HTTP stream leaking problem, which may cause massive half-open connections if HTTP/1 is in use
- Utilize Go's cancelable context to detect timeouts more reliably.
- Fix interoperation problems with gDNS
- CORS is enabled by default in doh-server
- Documentation updates
- Enable application/dns-message (draft-13) by default, since Google has finally supported it
- Fix client crash with
no_cookies = true - Add 5380 as an additional default doh-client port
- If
$GOROOTis defined, Makefile now respects the value for the convenience of Debian/Ubuntu users - Change the ECS prefix length from /48 to /56 for IPv6, per RFC 7871
- Workaround a bug causing Firefox 61-62 to reject responses with Content-Type = application/dns-message
- Workaround a bug causing DNSCrypt-Proxy to expect a response with TransactionID = 0xcafe
- TransactionID is now preserved to maintain compatibility with some clients
- Turn on
no_cookiesby default according to the IETF draft - Update Documentation
- Add CloudFlare DNS resolver for Tor to the preset
- It is now able to print upstream information if error happens
- Updated default configuration files are now installed to
*.conf.example - Workaround a bug causing Unbound to refuse returning anything about the root
- Workaround a bug causing DNSCrypt-Proxy to expect a response with TransactionID = 0xcafe
- We have a logger for macOS platform now, so logs can be sent to Console.app
- Add an option to disable IPv6, this option is available to client only
- Limit the frequency of creating HTTP client on bad network condition
- doh-client now silently fails in case of network error to prevent caching of SERVFAIL
- EDNS0 is now inserted to the beginning of OPT section, to ensure DNSSEC signatures are at the end
- Improve building system
- Update documents
- Take User-Agent out of common library, that would be better for packaging
- Fix version string in HTTP User-Agent
- Fix the "address already in use" issue
- Breaking change: Add client / server support for multiple listen address
The
listenoption in the configuration file is a list now
- Update protocol to IETF draft-07
- Update installation documentations for Ubuntu / Debian
- Add installation documentations for Ubuntu / Debian
- Include CloudFlare DOH server (1.1.1.1, 1.0.0.1) in default configuration
- Fix a problem causing
go getto fail due to relative paths - Add documentation about
/etc/hostspreloading
- Add
no_cookiesoption - Add documentation on privacy issues
- Adapt for CloudFlare DNS service
- Fix a problem causing a single network failure blocking future requests
- Add experimental macOS support
- Unsupported Content-Type now generates HTTP error code 415
- Adapt to IETF protocol
- Optimize for HTTP caches
- Adapt to IETF protocol
- Optimize for HTTP caches
- Add documentation for uninstallation instructions
- Fix build issues
- Adpat to IETF protocol
- Fix issues regarding to HTTP caching
- Require Go 1.9 to build now
- Fix systemd issue
- Fix build issues
- First release
- Relicense as MIT license