* Version 2.0.25
- The example IP address for network probes didn't work on Windows.
The example configuration file has been updated and the fallback
resolver IP is now used when no netprobe address has been configured.
* Version 2.0.24
- The query log now includes the time it took to complete the
transaction, the name of the resolver that sent the response and if
the response was served from the cache. Thanks to Ferdinand Holzer for
his help!
- The list of resolvers, sorted by latency, is now printed after all
the resolvers have been probed.
- The "fastest" load-balancing strategy has been renamed to "first".
- On Windows, a nul byte is sent to the netprobe address. This is
required to check for connectivity on this platform. Thanks to Mathias
Berchtold.
- The Malwaredomainlist URL was updated to directly parse the host
list. Thanks to Encrypted.Town.
- The Python script to generate lists of blacklisted domains is now
compatible both with Python 2 and Python 3. Thanks to Simon R.
- A warning is now displayed for DoH is requested but the server
doesn't speak HTTP/2.
- A crash with loaded-balanced sets of cloaked names was fixed.
Thanks to @inkblotadmirer for the report.
- Resolvers are now tried in random order to avoid favoring the first
ones at startup.
Changes since 2.0.22:
- .onion servers are now automatically ignored if Tor routing is not
enabled.
- Caching of server addresses has been improved, especially when
using proxies.
- DNSCrypt communications are now automatically forced to using TCP
when a SOCKS proxy has been set up.
* Startup is now way faster, especially when using DoH servers.
* A new action: CLOAK is logged when queries are being cloaked.
* A cloaking rule can now map to multiple IPv4 and IPv6 addresses, with load-balancing.
* New option: refused_code_in_responses to return (or not) a REFUSED code on blacklisted queries. This is disabled by default, in order to work around a bug in Android Pie.
* Time-based restrictions are now properly handled in the generate-domains-blacklist.py script.
* Other improvements have been made to the generate-domains-blacklist.py script.
* The Windows service is now installed as NT AUTHORITY\NetworkService.
Changelog:
* The value for netprobe_timeout was read from the command-line, but not from the configuration file any more. This is a regression introduced in the previous version, that has been fixed.
* The default value for netprobe timeouts has been raised to 60 seconds.
* A hash of the body is added to query parameters when sending DoH queries with the POST method in order to work around badly configured proxies.
* Version 2.0.18
- Official builds now support TLS 1.3.
- The timeout for the initial connectivity check can now be set from
the command line.
- An `Accept:` header is now always sent with `GET` queries.
- BOMs are now ignored in configuration files.
- In addition to SOCKS, HTTP and HTTPS proxies are now supported for
DoH servers.
Changes:
* Go >= 1.11 is now supported
* When dropping privileges, there is no supervisor process any more.
* DNS options used to be cleared from DNS queries, with the exception of flags and payload sizes. This is not the case any more.
* DoH queries are smaller, since workarounds are not required any more after Google updated their implementation.
Changes:
- On Unix-like systems, the server can run as an unprivileged user,
and the main process will automatically restart if an error occurs.
- pledge() on OpenBSD.
- New "offline" mode to serve queries locally without contacting any
upstream servers. This can be especially useful along with the
cloaking module for local development.
- New logo.
- TTL of OPT records is properly ignored by the caching module.
- The proxy doesn't quit any more if new TCP connections cannot be
created.
