Releases: DNSCrypt/dnscrypt-proxy
Releases · DNSCrypt/dnscrypt-proxy
2.0.9b2
New in beta 2:
- Patterns can now be prefixed with
=to do exact matching:=example.commatchesexample.combut will not matchwww.example.com. - Patterns are now fully supported by the cloaking module.
- A new option was added to use a specific cipher suite instead of the server's provided one. Using RSA+ChaChaPoly over ECDSA+AES-GCM has shown to decrease CPU usage and latency when connecting to Cloudflare, especially on Mips and ARM systems.
- The ephemeral keys mode of dnscrypt-proxy v1.x was reimplemented: this creates a new unique key for every single query.
In beta 1:
- Whitelists have been implemented: one a name matches a pattern in the whitelist, rules from the name-based and IP-based blacklists will be bypassed. Whitelists support the same patterns as blacklists, as well as time-based rules, so that some website can be normally blocked, but accessible on specific days or times of the day.
- Lists are now faster to load, and large lists require significantly less memory than before.
- New options have been added to disable TLS session tickets as well as use a specific cipher suite. See the example configuration file for a recommended configuration to speed up DoH servers on ARM such as Android devices and Raspberry Pi.
- The
-service installcommand now remembers what the current directory was when the service was installed, in order to later load configuration files with relative paths. - DoH: The "Cache-Control: max-age" header is now ignored.
2.0.9b1
- Whitelists have been implemented: one a name matches a pattern in the whitelist, rules from the name-based and IP-based blacklists will be bypassed. Whitelists support the same patterns as blacklists, as
well as time-based rules, so that some website can be normally blocked, but accessible on specific days or times of the day. - Lists are now faster to load, and large lists require significantly less memory than before.
- New options have been added to disable TLS session tickets as well as use a specific cipher suite. See the example configuration file for a recommended configuration to speed up DoH servers on ARM such as Android devices and Raspberry Pi.
- The
-service installcommand now remembers what the current directory was when the service was installed, in order to later load configuration files with relative paths. - DoH: The "Cache-Control: max-age" header is now ignored.
2.0.8
2.0.7
2.0.6
- Version 2.0.6
- Automatic log files rotation was finally implemented.
- A new -pidfile command-line option to write the PID file was added.
- A bug with source names including
CNAMErecords was fixed.
2.0.5
- Version 2.0.5
- Fixes a crash occasionally happening when using DoH servers, with stamps not containing any IP addresses, a DNSSEC-signed name, a non-working system DNS configuration, and a fallback server supporting DNSSEC.
2.0.4
2.0.3
2.0.2
- Version 2.0.2
- Properly error out on FreeBSD and other platforms where built-in service installation is not supported yet.
- Improved load-balancing algorithm, which should result in lower latency.
2.0.1
- Version 2.0.1
- Cached source data were not redownloaded if the proxy was used without interruption. This has been fixed.
- If the network is down at startup time, fall back to cached source data, even if is it out of date, and schedule an immediate update after the networks is back.
- RTT estimation for DNS-over-HTTP/2 servers was off. This has been fixed.
- The generate-domains-blacklist script now has a configurable timeout value, and can produce time-based rules.
- The timeout parameter in the example configuration file didn't had the correct name; this has been fixed.
- Cache: TTLs are now decreasing.