SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for dnscrypt-proxy-2.1.5-3.1.x86_64.rpm :

* Sun Apr 21 2024 cunixAATTmail.de- added patch quic-go.patch (boo#1222473)
* Mon Feb 05 2024 cunixAATTmail.de- use systemd sysusers
* Sun Aug 13 2023 cunixAATTmail.de - 2.1.5- Update to version 2.1.5
* Responses to blocked queries now include extended error codes
* Reliability of connections using HTTP/3 has been improved
* New configuration directive: \"tls_key_log_file\" to dump TLS secret keys
* Sat Feb 11 2023 cunixAATTmail.de - 2.1.4- Update to version 2.1.4
* Fixes a regression from version 2.1.3: when cloaking was enabled, blocked responses were returned for records that were not A/AAAA/PTR even for names that were not in the cloaked list.
* Sun Feb 05 2023 cunixAATTmail.de - 2.1.3- Update to version 2.1.3
* DNS-over-HTTP/3 (QUIC) should be more reliable. In particular, version 2.1.2 required another (non-QUIC) resolver to be present for bootstrapping, or the resolver\'s IP address to be present in the stamp. This is not the case any more.
* dnscrypt-proxy is now compatible with Go 1.20+
* Commands (-check, -show-certs, -list, -list-all) now ignore log files and directly output the result to the standard output.
* The \"cert_ignore_timestamp\" configuration switch is now documented. It allows ignoring timestamps for DNSCrypt certificate verification, until a first server is available. This should only be used on devices that don\'t have any ways to set the clock before DNS service is up. However, a safer alternative remains to use an NTP server with a fixed IP address (such as time.google.com), configured in the captive portals file.
* Cloaking: when a name is cloaked, unsupported record types now return a blocked response rather than the actual records.
* systemd: report Ready earlier as dnscrypt-proxy can itself manage retries for updates/refreshes.
* vendored dependencies updated
* Tue Aug 02 2022 cunixAATTmail.de - 2.1.2- Update to version 2.1.2
* Support for DoH over HTTP/3 (DoH3, HTTP over QUIC) Compatible servers will automatically use it. Note that QUIC uses UDP (usually over port 443, like DNSCrypt) instead of TCP.
* fixed memory usage kept growing due to channels not being properly closed
* DNS64: \"CNAME\" records are now translated like other responses
* A relay whose name has been configured, but doesn\'t exist in the list of available relays is now a hard error
* \"dnscrypt-proxy -resolve\" now reports if ECS (EDNS-clientsubnet) is supported by the server
* \"dnscrypt-proxy -list\" now includes ODoH (Oblivious DoH) servers
* Local DoH: queries made using the \"GET\" method are now handled
* \"PTR\" queries are now supported for cloaked domains- Minimum golang version now at 1.18
* Tue Mar 22 2022 cunixAATTmail.de- switched to vendored_licenses_packager as build dependency
* Fri Oct 01 2021 cunixAATTmail.de - 2.1.1- Update to version 2.1.1
* Serve cached DoH responses when experiencing connectivity issues.
* Time attributes in allow/block lists were ignored.
* TTL served to clients is now rounded and starts decreasing before the first query is received.
* Time-based rules are properly handled again in generate-domains-blocklist.
* DoH/ODoH: entries with an IP address and using a non-standard port should not require help from a bootstrap resolver any more.
* Sun Aug 15 2021 cunixAATTmail.de - 2.1.0- Update to version 2.1.0
* \"fallback_resolvers\" was renamed to \"bootstrap_resolvers\" Please update your configuration file accordingly.
* Support for Oblivious DoH.
* If the proxy is overloaded, cached and synthetic queries now keep being served, while non-cached queries are delayed.
* Source URLs are now randomized.
* Default \"reject_ttl\" reduced from 600 to 10- Minimum golang version now at 1.16- Find more \"legal\" files to include.
* Sat Jan 30 2021 cunixAATTmail.de- Use less predictable temporary files during build (bsc#1181502).
* Thu Jan 07 2021 cunixAATTmail.de- Added optional resolvconf support via systemd unit.
* Mon Jan 04 2021 cunixAATTmail.de- Minimum golang version now at 1.15- Include \'notice\' and \'patents\' files of vendored packages.- Paths and hints in configuration file adjusted and added.
* Mon Jan 04 2021 Ismail Dönmez - Update to version 2.0.45
* Configuration changes (to be required in versions 2.1.x): - [blacklist] has been renamed to [blocked_names] - [ip_blacklist] has been renamed to [blocked_ips] - [whitelist] has been renamed to [allowed_names] - generate-domains-blacklist.py has been renamed to generate-domains-blocklist.py, and the configuration files have been renamed as well.
* dnscrypt-proxy -resolve has been completely revamped, and now requires the configuration file to be accessible. It will send a query to an IP address of the dnscrypt-proxy server by default. Sending queries to arbitrary servers is also supported with the new -resolve name,address syntax.
* Relay lists can be set to
* for automatic relay selection. When a wildcard is used, either for the list of servers or relays, the proxy ensures that relays and servers are on distinct networks.
* Lying resolvers are detected and reported.
* New return code: NOT_READY for queries received before the proxy has been initialized.
* Server lists can\'t be older than a week any more, even if directory permissions are incorrect and cache files cannot be written.
* New feature: allowed_ips, to configure a set of IP addresses to never block no matter what DNS name resolves to them.
* Hard-coded IP addresses can be immediately returned for test queries sent by operating systems in order to check for connectivity and captive portals. Such responses can be sent even before an interface is considered as enabled by the operating system. This can be configured in a new section called [captive_portals].
* On Linux, OpenBSD and FreeBSD, listen_addresses can now include IP addresses that haven\'t been assigned to an interface yet.
* generate-domains-blocklist.py: regular expressions are now ignored in time-based entries.
* Minor bug fixes and logging improvements.
* Cloaking plugin: if an entry has multiple IP addresses for a type, all the IP addresses are now returned instead of a random one.
* Static entries can now include DNSCrypt relays.
* Name blocking: aliases relying on SVCB and HTTPS records can now be blocked in addition to aliases via regular CNAME records.
* EDNS-Client-Subnet information can be added to outgoing queries. Instead of sending the actual client IP, ECS information is user configurable, and IP addresses will be randomly chosen for every query.
* Initial DoH queries are now checked using random names in order to properly measure CDNs such as Tencent that ignore the padding.
* DoH: the max-stale cache control directive is now present in queries.
* Logs can now be sent to /dev/stdout instead of actual files.
* New download mirror (https://download.dnscrypt.net) for resolvers, relays and parental-control.
 
ICM