Release 2.1.0

According to Apple: Swift compiler no longer supports statically linking the Swift libraries. They're included in the OS by default starting with macOS Mojave 10.14.4. For macOS Mojave 10.14.3 and earlier, there's an optional Swift library package that can be downloaded from "More Downloads" for Apple Developers at https://developer.apple.com/download/more/

.gitignore

@@ -3,7 +3,6 @@
 *.dll
 *.so
 *.dylib
-build/
 
 # Test binary, build with `go test -c`
 *.test

Changelog.md

@@ -4,6 +4,13 @@ This Changelog records major changes between versions.
 
 Not all changes are recorded. Please check git log for details.
 
+## Version 2.1.0
+
+- Add `local_addr` configuration for doh-server (#39)
+- Fix a problem when compiling on macOS 10.14.4 or newer
+- Add Quad9 DoH server to the example `doh-client.conf`
+- Use TCP when appropriate for the given query type/response (AXFR/IXFR)
+
 ## Version 2.0.1
 
 - Fix a crash with the random load balancing algorithm.

contrib/package.sh

@@ -1,173 +0,0 @@
-#!/bin/bash 
-set -euo pipefail
-
-# This is a script used for automated packaging.
-# Debian maintainers please don't use this.
-# 
-# Environment assumption:
-#  * Ubuntu 16.04
-#  * run with normal user
-#  * sudo with no password
-#  * go and fpm is pre-installed
-#  * rpmbuild is required if you need rpm packages
-#
-# Compatible with Azure DevOps hosted Ubuntu 16.04 agent
-
-export DEBIAN_FRONTEND="noninteractive"
-export DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"/..
-export BUILD_BINARIESDIRECTORY="${BUILD_BINARIESDIRECTORY:-${DIR}/build/bin}"
-export BUILD_ARTIFACTSTAGINGDIRECTORY="${BUILD_ARTIFACTSTAGINGDIRECTORY:-${DIR}/build/packages}"
-export TMP_DIRECTORY="/tmp/dohbuild"
-export GOPATH="${GOPATH:-/tmp/go}"
-export GOBIN="${GOBIN:-/tmp/go/bin}"
-
-function prepare_env() {
-    echo "Checking dependencies"
-
-    if ! [ -x "$(command -v go)" ]; then
-        echo "Please install golang"
-        exit 1
-    fi
-
-    if [ -x "$(command -v apt-get)" ]; then
-        sudo apt-get -y update
-    fi
-
-    if ! [ -x "$(command -v rpmbuild)" ]; then
-        # TODO: correctly install rpmbuild
-        ! sudo apt-get -y install rpmbuild
-    fi
-
-    # if ! [ -x "$(command -v upx)" ]; then
-    #     sudo apt-get -y install upx
-    # fi
-
-    echo "Creating directories"
-
-    mkdir -p "${BUILD_BINARIESDIRECTORY}/nm-dispatcher"
-    mkdir -p "${BUILD_BINARIESDIRECTORY}/launchd"
-    mkdir -p "${BUILD_BINARIESDIRECTORY}/systemd"
-    mkdir -p "${BUILD_BINARIESDIRECTORY}/config"
-    mkdir -p "${BUILD_ARTIFACTSTAGINGDIRECTORY}"
-    mkdir -p "${TMP_DIRECTORY}"
-}
-
-function build_common() {
-    cp NetworkManager/dispatcher.d/* "${BUILD_BINARIESDIRECTORY}"/nm-dispatcher
-    cp launchd/*.plist "${BUILD_BINARIESDIRECTORY}"/launchd
-    cp systemd/*.service "${BUILD_BINARIESDIRECTORY}"/systemd
-    cp doh-server/doh-server.conf "${BUILD_BINARIESDIRECTORY}"/config
-    cp doh-client/doh-client.conf "${BUILD_BINARIESDIRECTORY}"/config
-}
-
-# used to get version
-function build_native() {
-    echo "Building a native binary..."
-
-    go build -ldflags="-s -w" -o ${BUILD_BINARIESDIRECTORY}/"${EXE}"-native
-}
-
-function build() {
-    echo "Building ${EXE} for OS=$1 ARCH=$2"
-    env GOOS="$1" GOARCH="$2" go build -ldflags="-s -w" -o ${BUILD_BINARIESDIRECTORY}/"${EXE}"-"$3"
-
-    # echo "Compressing executable"
-    # ! upx --ultra-brute ${BUILD_BINARIESDIRECTORY}/${EXE}-"$3" || true
-}
-
-function package() {
-    VERSION=$("${BUILD_BINARIESDIRECTORY}/${EXE}-native" --version | head -n 1 | cut -d" " -f2)
-    REVISION=$(git log --pretty=format:'%h' -n 1)
-
-    echo "Packaging ${EXE} ${VERSION} for OS=$1 ARCH=$2 TYPE=$3 DST=$4"
-
-    ! rm -rf "${TMP_DIRECTORY}"/*
-
-    mkdir -p "${TMP_DIRECTORY}"/usr/bin
-    cp "${BUILD_BINARIESDIRECTORY}"/"${EXE}"-"$3" "${TMP_DIRECTORY}"/usr/bin/"${EXE}"
-
-    mkdir -p "${TMP_DIRECTORY}"/usr/lib/systemd/system
-    cp "${BUILD_BINARIESDIRECTORY}"/systemd/"${EXE}".service "${TMP_DIRECTORY}"/usr/lib/systemd/system
-
-    mkdir -p "${TMP_DIRECTORY}"/etc/dns-over-https
-    cp "${BUILD_BINARIESDIRECTORY}"/config/"${EXE}".conf "${TMP_DIRECTORY}"/etc/dns-over-https
-
-    mkdir -p "${TMP_DIRECTORY}"/etc/NetworkManager/dispatcher.d
-    cp "${BUILD_BINARIESDIRECTORY}"/nm-dispatcher/"${EXE}" "${TMP_DIRECTORY}"/etc/NetworkManager/dispatcher.d
-
-    # call fpm
-    fpm --input-type dir \
-        --output-type $4 \
-        --chdir "${TMP_DIRECTORY}" \
-        --package "${BUILD_ARTIFACTSTAGINGDIRECTORY}" \
-        --name "${EXE}" \
-        --description "${DESCR}" \
-        --version "${VERSION}" \
-        --iteration "${REVISION}" \
-        --url "https://github.com/m13253/dns-over-https" \
-        --vendor "Star Brilliant <coder@poorlab.com>" \
-        --license "MIT License" \
-        --category "net" \
-        --maintainer "James Swineson <autopkg@public.swineson.me>" \
-        --architecture "$2" \
-        --force \
-        .
-}
-
-cd "${DIR}"/..
-prepare_env
-make deps
-build_common
-
-pushd doh-server
-export EXE="doh-server"
-export DESCR="DNS-over-HTTPS Server"
-
-build_native
-
-build linux amd64 linux-amd64
-package linux amd64 linux-amd64 deb
-! package linux amd64 linux-amd64 rpm
-package linux amd64 linux-amd64 pacman
-
-build linux arm linux-armhf
-package linux arm linux-armhf deb
-! package linux arm linux-armhf rpm
-package linux arm linux-armhf pacman
-
-build linux arm64 linux-arm64
-package linux arm64 linux-arm64 deb
-! package linux arm64 linux-arm64 rpm
-package linux arm64 linux-arm64 pacman
-
-# build darwin amd64 darwin-amd64
-# build windows 386 windows-x86.exe
-# build windows amd64 windows-amd64.exe
-popd
-
-pushd doh-client
-export EXE="doh-client"
-export DESCR="DNS-over-HTTPS Client"
-
-build_native
-
-build linux amd64 linux-amd64
-package linux amd64 linux-amd64 deb
-! package linux amd64 linux-amd64 rpm
-package linux amd64 linux-amd64 pacman
-
-build linux arm linux-armhf
-package linux arm linux-armhf deb
-! package linux arm linux-armhf rpm
-package linux arm linux-armhf pacman
-
-build linux arm64 linux-arm64
-package linux arm64 linux-arm64 deb
-! package linux arm64 linux-arm64 rpm
-package linux arm64 linux-arm64 pacman
-
-# build darwin amd64 darwin-amd64
-# build windows 386 windows-x86.exe
-# build windows amd64 windows-amd64.exe
-popd
-

darwin-wrapper/Makefile

@@ -6,7 +6,7 @@ PREFIX = /usr/local
 all: doh-logger
 
 doh-logger: doh-logger.swift
-	$(SWIFTC) -o $@ -O -static-stdlib $<
+	$(SWIFTC) -o $@ -O $<
 
 clean:
 	rm -f doh-logger

doh-client/doh-client.conf

@@ -21,25 +21,24 @@ upstream_selector = "random"
 #    weight = 50
 
 ## CloudFlare's resolver, bad ECS, good DNSSEC
-#[[upstream.upstream_google]]
+## ECS is disabled for privacy by design: https://developers.cloudflare.com/1.1.1.1/nitty-gritty-details/#edns-client-subnet
-#    url = "https://cloudflare-dns.com/dns-query"
-#    weight = 50
-
-## CloudFlare's resolver, bad ECS, good DNSSEC
-#[[upstream.upstream_google]]
-#    url = "https://1.1.1.1/dns-query"
-#    weight = 50
-
-# CloudFlare's resolver, bad ECS, good DNSSEC
 [[upstream.upstream_ietf]]
     url = "https://cloudflare-dns.com/dns-query"
     weight = 50
 
 ## CloudFlare's resolver, bad ECS, good DNSSEC
+## ECS is disabled for privacy by design: https://developers.cloudflare.com/1.1.1.1/nitty-gritty-details/#edns-client-subnet
+## Note that some ISPs have problems connecting to 1.1.1.1, try 1.0.0.1 if problems happen.
 #[[upstream.upstream_ietf]]
 #    url = "https://1.1.1.1/dns-query"
 #    weight = 50
 
+## Quad9's resolver, bad ECS, good DNSSEC
+## ECS is disabled for privacy by design: https://www.quad9.net/faq/#What_is_EDNS_Client-Subnet
+#[[upstream.upstream_ietf]]
+#    url = "https://9.9.9.9/dns-query"
+#    weight = 50
+
 ## Google's experimental resolver, good ECS, good DNSSEC
 #[[upstream.upstream_ietf]]
 #    url = "https://dns.google.com/experimental"

doh-client/version.go

@@ -24,6 +24,6 @@
 package main
 
 const (
-	VERSION    = "2.0.1"
+	VERSION    = "2.1.0"
 	USER_AGENT = "DNS-over-HTTPS/" + VERSION + " (+https://github.com/m13253/dns-over-https)"
 )

doh-server/server.go

@@ -263,19 +263,38 @@ func (s *Server) patchRootRD(req *DNSRequest) *DNSRequest {
 	return req
 }
 
+// Return the position index for the question of qtype from a DNS msg, otherwise return -1
+func (s *Server) indexQuestionType(msg *dns.Msg, qtype uint16) int {
+	for i, question := range msg.Question {
+		if question.Qtype == qtype {
+			return i
+		}
+	}
+	return -1
+}
+
 func (s *Server) doDNSQuery(ctx context.Context, req *DNSRequest) (resp *DNSRequest, err error) {
 	// TODO(m13253): Make ctx work. Waiting for a patch for ExchangeContext from miekg/dns.
 	numServers := len(s.conf.Upstream)
 	for i := uint(0); i < s.conf.Tries; i++ {
 		req.currentUpstream = s.conf.Upstream[rand.Intn(numServers)]
-		if !s.conf.TCPOnly {
+
+		// Use TCP if always configured to or if the Query type dictates it (AXFR)
+		if s.conf.TCPOnly || (s.indexQuestionType(req.request, dns.TypeAXFR) > -1) {
+			req.response, _, err = s.tcpClient.Exchange(req.request, req.currentUpstream)
+		} else {
 			req.response, _, err = s.udpClient.Exchange(req.request, req.currentUpstream)
 			if err == nil && req.response != nil && req.response.Truncated {
 				log.Println(err)
 				req.response, _, err = s.tcpClient.Exchange(req.request, req.currentUpstream)
 			}
-		} else {
+
-			req.response, _, err = s.tcpClient.Exchange(req.request, req.currentUpstream)
+			// Retry with TCP if this was an IXFR request and we only received an SOA
+			if (s.indexQuestionType(req.request, dns.TypeIXFR) > -1) &&
+				(len(req.response.Answer) == 1) &&
+				(req.response.Answer[0].Header().Rrtype == dns.TypeSOA) {
+				req.response, _, err = s.tcpClient.Exchange(req.request, req.currentUpstream)
+			}
 		}
 		if err == nil {
 			return req, nil

doh-server/version.go

@@ -24,6 +24,6 @@
 package main
 
 const (
-	VERSION    = "2.0.1"
+	VERSION    = "2.1.0"
 	USER_AGENT = "DNS-over-HTTPS/" + VERSION + " (+https://github.com/m13253/dns-over-https)"
 )