From 36da90868688f84b0f4409ab3bb2bd41e651f98e Mon Sep 17 00:00:00 2001 From: Star Brilliant Date: Sun, 1 Apr 2018 23:28:31 +0800 Subject: [PATCH] Add no_cookies option, update documentation for more instructions on privacy --- doh-client/client.go | 8 +++++--- doh-client/config.go | 1 + doh-client/doh-client.conf | 30 +++++++++++++++++++++++++++++- 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/doh-client/client.go b/doh-client/client.go index be8c3c2..441722e 100644 --- a/doh-client/client.go +++ b/doh-client/client.go @@ -102,9 +102,11 @@ func NewClient(conf *config) (c *Client, err error) { // Most CDNs require Cookie support to prevent DDoS attack. // Disabling Cookie does not effectively prevent tracking, // so I will leave it on to make anti-DDoS services happy. - c.cookieJar, err = cookiejar.New(nil) - if err != nil { - return nil, err + if !c.conf.NoCookies { + c.cookieJar, err = cookiejar.New(nil) + if err != nil { + return nil, err + } } c.httpClientMux = new(sync.RWMutex) err = c.newHTTPClient() diff --git a/doh-client/config.go b/doh-client/config.go index 414832b..50a0fcb 100644 --- a/doh-client/config.go +++ b/doh-client/config.go @@ -35,6 +35,7 @@ type config struct { UpstreamIETF []string `toml:"upstream_ietf"` Bootstrap []string `toml:"bootstrap"` Timeout uint `toml:"timeout"` + NoCookies bool `toml:"no_cookies"` NoECS bool `toml:"no_ecs"` Verbose bool `toml:"verbose"` } diff --git a/doh-client/doh-client.conf b/doh-client/doh-client.conf index aa0d2b1..5060626 100644 --- a/doh-client/doh-client.conf +++ b/doh-client/doh-client.conf @@ -4,28 +4,56 @@ listen = "127.0.0.1:53" # HTTP path for upstream resolver # If multiple servers are specified, a random one will be chosen each time. upstream_google = [ + + # Google's productive resolver, good ECS, bad DNSSEC "https://dns.google.com/resolve", + + # CloudFlare's resolver, bad ECS, good DNSSEC #"https://cloudflare-dns.com/dns-query", + ] upstream_ietf = [ + + # Google's experimental resolver, good ECS, good DNSSEC #"https://dns.google.com/experimental", + + # CloudFlare's resolver, bad ECS, good DNSSEC #"https://cloudflare-dns.com/dns-query", + ] # Bootstrap DNS server to resolve the address of the upstream resolver # If multiple servers are specified, a random one will be chosen each time. # If empty, use the system DNS settings. bootstrap = [ + + # Google's resolver, bad ECS, good DNSSEC "8.8.8.8:53", "8.8.4.4:53", + + # CloudFlare's resolver, bad ECS, good DNSSEC #"1.1.1.1:53", #"1.0.0.1:53", + ] # Timeout for upstream request timeout = 10 -# Disable EDNS0-Client-Subnet, do not send client's IP address +# Disable HTTP Cookies +# +# Cookies may be useful if your upstream resolver is protected by some +# anti-DDoS services to identify clients. +# Note that DNS Cookies (an DNS protocol extension to DNS) also has the ability +# to track uesrs and is not controlled by doh-client. +no_cookies = false + +# Disable EDNS0-Client-Subnet (ECS) +# +# DNS-over-HTTPS supports EDNS0-Client-Subnet protocol, which submits part of +# the client's IP address (/24 for IPv4, /48 for IPv6 by default) to the +# upstream server. This is useful for GeoDNS and CDNs to work, and is exactly +# the same configuration as most public DNS servers. no_ecs = false # Enable logging