diff --git a/@dnscrypt-proxy/LICENSE b/@dnscrypt-proxy/LICENSE index 3bc3ae4..cf873f5 100644 --- a/@dnscrypt-proxy/LICENSE +++ b/@dnscrypt-proxy/LICENSE @@ -1,18 +1,15 @@ -/* - * ISC License - * - * Copyright (c) 2018-2021 - * Frank Denis - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ +ISC License + +Copyright (c) 2018-2021, Frank Denis + +Permission to use, copy, modify, and/or distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR +OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. diff --git a/@dnscrypt-proxy/dnscrypt-proxy.toml b/@dnscrypt-proxy/dnscrypt-proxy.toml index 2a24387..d3f6521 100644 --- a/@dnscrypt-proxy/dnscrypt-proxy.toml +++ b/@dnscrypt-proxy/dnscrypt-proxy.toml @@ -35,6 +35,11 @@ ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6. ## Example with both IPv4 and IPv6: ## listen_addresses = ['127.0.0.1:53', '[::1]:53'] +## +## To listen to all IPv4 addresses, use `listen_addresses = ['0.0.0.0:53']` +## To listen to all IPv4+IPv6 addresses, use `listen_addresses = ['[::]:53']` + +listen_addresses = ['127.0.0.1:53'] ## Maximum number of simultaneous client connections to accept @@ -50,7 +55,7 @@ max_clients = 250 # user_name = 'nobody' -## Require servers (from static + remote sources) to satisfy specific properties +## Require servers (from remote sources) to satisfy specific properties # Use servers reachable over IPv4 ipv4_servers = true @@ -64,6 +69,9 @@ dnscrypt_servers = true # Use servers implementing the DNS-over-HTTPS protocol doh_servers = true +# Use servers implementing the Oblivious DoH protocol +odoh_servers = false + ## Require servers defined by remote sources to satisfy specific properties @@ -146,7 +154,7 @@ keepalive = 30 ## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors) -log_level = 6 +# log_level = 2 ## Log file for the application, as an alternative to sending logs to @@ -203,30 +211,40 @@ cert_refresh_delay = 240 # tls_cipher_suite = [52392, 49199] -## Fallback resolvers +## Bootstrap resolvers +## ## These are normal, non-encrypted DNS resolvers, that will be only used -## for one-shot queries when retrieving the initial resolvers list, and -## only if the system DNS configuration doesn't work. +## for one-shot queries when retrieving the initial resolvers list and if +## the system DNS configuration doesn't work. ## -## No user application queries will ever be leaked through these resolvers, -## and they will not be used after IP addresses of resolvers URLs have been found. -## They will never be used if lists have already been cached, and if stamps -## don't include host names without IP addresses. +## No user queries will ever be leaked through these resolvers, and they will +## not be used after IP addresses of DoH resolvers have been found (if you are +## using DoH). +## +## They will never be used if lists have already been cached, and if the stamps +## of the configured servers already include IP addresses (which is the case for +## most of DoH servers, and for all DNSCrypt servers and relays). +## +## They will not be used if the configured system DNS works, or after the +## proxy already has at least one usable secure resolver. ## -## They will not be used if the configured system DNS works. ## Resolvers supporting DNSSEC are recommended, and, if you are using -## DoH, fallback resolvers should ideally be operated by a different entity than -## the DoH servers you will be using, especially if you have IPv6 enabled. +## DoH, bootstrap resolvers should ideally be operated by a different entity +## than the DoH servers you will be using, especially if you have IPv6 enabled. ## -## People in China may need to use 114.114.114.114:53 here. -## Other popular options include 8.8.8.8 and 1.1.1.1. +## People in China may want to use 114.114.114.114:53 here. +## Other popular options include 8.8.8.8, 9.9.9.9 and 1.1.1.1. ## ## If more than one resolver is specified, they will be tried in sequence. +## +## TL;DR: put valid standard resolver addresses here. Your actual queries will +## not be sent there. If you're using DNSCrypt or Anonymized DNS and your +## lists are up to date, these resolvers will not even be used. -fallback_resolvers = ['9.9.9.9:53', '8.8.8.8:53'] +bootstrap_resolvers = ['9.9.9.9:53', '8.8.8.8:53'] -## Always use the fallback resolver before the system DNS settings. +## Always use the bootstrap resolver before the system DNS settings. ignore_system_dns = true @@ -313,7 +331,7 @@ block_undelegated = true ## TTL for synthetic responses sent when a request has been blocked (due to ## IPv6 or blocklists). -reject_ttl = 600 +reject_ttl = 10 @@ -651,36 +669,51 @@ cache_neg_max_ttl = 600 ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers [sources.'public-resolvers'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://download.dnscrypt.net/resolvers-list/v3/public-resolvers.md'] - cache_file = 'public-resolvers.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - refresh_delay = 72 - prefix = '' + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md', 'https://download.dnscrypt.net/resolvers-list/v3/public-resolvers.md'] + cache_file = 'public-resolvers.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + refresh_delay = 72 + prefix = '' ## Anonymized DNS relays [sources.'relays'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/relays.md'] - cache_file = 'relays.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - refresh_delay = 72 - prefix = '' + urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/relays.md'] + cache_file = 'relays.md' + minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + refresh_delay = 72 + prefix = '' - ## Quad9 over DNSCrypt - https://quad9.net/ + ## ODoH (Oblivious DoH) servers and relays + + # [sources.'odoh-servers'] + # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-servers.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-servers.md', 'https://download.dnscrypt.net/resolvers-list/v3/odoh-servers.md'] + # cache_file = 'odoh-servers.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + # refresh_delay = 24 + # prefix = '' + # [sources.'odoh-relays'] + # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/odoh-relays.md', 'https://download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/odoh-relays.md', 'https://download.dnscrypt.net/resolvers-list/v3/odoh-relays.md'] + # cache_file = 'odoh-relays.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + # refresh_delay = 24 + # prefix = '' + + ## Quad9 # [sources.quad9-resolvers] - # urls = ['https://www.quad9.net/quad9-resolvers.md'] - # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' - # cache_file = 'quad9-resolvers.md' - # prefix = 'quad9-' + # urls = ['https://www.quad9.net/quad9-resolvers.md'] + # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN' + # cache_file = 'quad9-resolvers.md' + # prefix = 'quad9-' ## Another example source, with resolvers censoring some websites not appropriate for children ## This is a subset of the `public-resolvers` list, so enabling both is useless # [sources.'parental-control'] - # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://download.dnscrypt.net/resolvers-list/v3/parental-control.md'] - # cache_file = 'parental-control.md' - # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' + # urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://ipv6.download.dnscrypt.info/resolvers-list/v3/parental-control.md', 'https://download.dnscrypt.net/resolvers-list/v3/parental-control.md'] + # cache_file = 'parental-control.md' + # minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' @@ -719,7 +752,7 @@ fragments_blocked = ['cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familys # # creds = [ -# { server_name='myserver', client_cert='client.crt', client_key='client.key' } +# { server_name='*', client_cert='client.crt', client_key='client.key' } # ] diff --git a/@dnscrypt-proxy/linux-x64/dnscrypt-proxy b/@dnscrypt-proxy/linux-x64/dnscrypt-proxy index b1390ab..170f503 100644 Binary files a/@dnscrypt-proxy/linux-x64/dnscrypt-proxy and b/@dnscrypt-proxy/linux-x64/dnscrypt-proxy differ diff --git a/@dnscrypt-proxy/osx-x64/dnscrypt-proxy b/@dnscrypt-proxy/osx-x64/dnscrypt-proxy index 973af6b..a4e468b 100644 Binary files a/@dnscrypt-proxy/osx-x64/dnscrypt-proxy and b/@dnscrypt-proxy/osx-x64/dnscrypt-proxy differ diff --git a/@dnscrypt-proxy/win-x64/dnscrypt-proxy.exe b/@dnscrypt-proxy/win-x64/dnscrypt-proxy.exe index 7fe07d8..8ccb040 100644 Binary files a/@dnscrypt-proxy/win-x64/dnscrypt-proxy.exe and b/@dnscrypt-proxy/win-x64/dnscrypt-proxy.exe differ diff --git a/FastGithub.DomainResolve/DnscryptProxy.cs b/FastGithub.DomainResolve/DnscryptProxy.cs index e00dc0e..4a105da 100644 --- a/FastGithub.DomainResolve/DnscryptProxy.cs +++ b/FastGithub.DomainResolve/DnscryptProxy.cs @@ -71,6 +71,7 @@ namespace FastGithub.DomainResolve var localEndPoint = new IPEndPoint(IPAddress.Loopback, port); await TomlUtil.SetListensAsync(tomlPath, localEndPoint, cancellationToken); + await TomlUtil.SetlogLevelAsync(tomlPath, 6, cancellationToken); await TomlUtil.SetEdnsClientSubnetAsync(tomlPath, cancellationToken); foreach (var process in Process.GetProcessesByName(NAME)) diff --git a/FastGithub.DomainResolve/TomlUtil.cs b/FastGithub.DomainResolve/TomlUtil.cs index 148c4d1..29845ef 100644 --- a/FastGithub.DomainResolve/TomlUtil.cs +++ b/FastGithub.DomainResolve/TomlUtil.cs @@ -30,6 +30,18 @@ namespace FastGithub.DomainResolve return SetAsync(tomlPath, "listen_addresses", value, cancellationToken); } + /// + /// 设置日志等级 + /// + /// + /// + /// + /// + public static Task SetlogLevelAsync(string tomlPath, int logLevel, CancellationToken cancellationToken) + { + return SetAsync(tomlPath, "log_level", new TomlInteger { Value = logLevel }); + } + /// /// 设置ecs /// diff --git a/FastGithub.HttpServer/FastGithub.HttpServer.csproj b/FastGithub.HttpServer/FastGithub.HttpServer.csproj index 77316f7..d702999 100644 --- a/FastGithub.HttpServer/FastGithub.HttpServer.csproj +++ b/FastGithub.HttpServer/FastGithub.HttpServer.csproj @@ -7,7 +7,7 @@ - +