Release 1.3.4

Bump version to 1.3.4
Do not respond to network error, silently fail to prevent caching of SERVFAIL
2026-03-31 09:45:38 +00:00 · 2018-04-26 10:33:38 +08:00 · 2018-04-26 10:18:36 +08:00 · 2018-04-26 10:17:14 +08:00 · 2018-04-25 18:36:06 +08:00 · 2018-04-25 14:23:24 +08:00
11 changed files with 38 additions and 23 deletions
--- a/Changelog.md
+++ b/Changelog.md
@@ -4,6 +4,13 @@ This Changelog records major changes between versions.
 Not all changes are recorded. Please check git log for details.
 ## Version 1.3.4
 - doh-client now silently fails in case of network error to prevent caching of SERVFAIL
 - EDNS0 is now inserted to the beginning of OPT section, to ensure DNSSEC signatures are at the end
 - Improve building system
 - Update documents
 ## Version 1.3.3
 - Take User-Agent out of common library, that would be better for packaging
--- a/4
+++ b/4
@@ -45,8 +45,8 @@ deps:
 	$(GOGET_UPDATE) github.com/m13253/dns-over-https/json-dns
 	$(GOGET) ./doh-client ./doh-server
-doh-client/doh-client: deps doh-client/client.go doh-client/config.go doh-client/google.go doh-client/ietf.go doh-client/main.go json-dns/error.go json-dns/globalip.go json-dns/marshal.go json-dns/response.go json-dns/unmarshal.go
+doh-client/doh-client: deps doh-client/client.go doh-client/config.go doh-client/google.go doh-client/ietf.go doh-client/main.go doh-client/version.go json-dns/error.go json-dns/globalip.go json-dns/marshal.go json-dns/response.go json-dns/unmarshal.go
 	cd doh-client && $(GOBUILD)
-doh-server/doh-server: deps doh-server/config.go doh-server/google.go doh-server/ietf.go doh-server/main.go doh-server/server.go json-dns/error.go json-dns/globalip.go json-dns/marshal.go json-dns/response.go json-dns/unmarshal.go
+doh-server/doh-server: deps doh-server/config.go doh-server/google.go doh-server/ietf.go doh-server/main.go doh-server/server.go doh-server/version.go json-dns/error.go json-dns/globalip.go json-dns/marshal.go json-dns/response.go json-dns/unmarshal.go
 	cd doh-server && $(GOBUILD)
--- a/Readme.md
+++ b/Readme.md
@@ -70,6 +70,9 @@ The following is a typical DNS-over-HTTPS architecture:
 Although DNS-over-HTTPS can work alone, a HTTP service muxer would be useful as
 you can host DNS-over-HTTPS along with other HTTPS services.
 HTTP/2 with at least TLS v1.3 is recommended. OCSP stapling must be enabled,
 otherwise DNS recursion may happen.
 ## DNSSEC
 DNS-over-HTTPS is compatible with DNSSEC, and requests DNSSEC signatures by
@@ -90,8 +93,10 @@ EDNS0-Client-Subnet is affecting your privacy, you can set `no_ecs = true` in
 `/etc/dns-over-https/doh-client.conf`, with the cost of slower video streaming
 or software downloading speed.
-If your server is backed by `unbound` or `bind`, you probably want to enable
+To ultilize ECS, `X-Forwarded-For` or `X-Real-IP` should be enabled on your
-the EDNS0-Client-Subnet feature in their configuration files as well.
+HTTP service muxer. If your server is backed by `unbound` or `bind`, you
 probably want to configure it to enable the EDNS0-Client-Subnet feature as
 well.
 ## Protocol compatibility
--- a/doh-client/client.go
+++ b/doh-client/client.go
@@ -65,19 +65,19 @@ func NewClient(conf *config) (c *Client, err error) {
 		conf: conf,
 	}
-	udpH := dns.HandlerFunc(c.udpHandlerFunc)
+	udpHandler := dns.HandlerFunc(c.udpHandlerFunc)
-	tcpH := dns.HandlerFunc(c.tcpHandlerFunc)
+	tcpHandler := dns.HandlerFunc(c.tcpHandlerFunc)
 	for _, addr := range conf.Listen {
 		c.udpServers = append(c.udpServers, &dns.Server{
 			Addr:    addr,
 			Net:     "udp",
-			Handler: udpH,
+			Handler: udpHandler,
-			UDPSize: 4096,
+			UDPSize: dns.DefaultMsgSize,
 		})
 		c.tcpServers = append(c.tcpServers, &dns.Server{
 			Addr:    addr,
 			Net:     "tcp",
-			Handler: tcpH,
+			Handler: tcpHandler,
 		})
 	}
 	c.bootstrapResolver = net.DefaultResolver
--- a/doh-client/doh-client.conf
+++ b/doh-client/doh-client.conf
@@ -47,7 +47,7 @@ bootstrap = [
 ]
 # Timeout for upstream request
-timeout = 10
+timeout = 30
 # Disable HTTP Cookies
 #
--- a/doh-client/ietf.go
+++ b/doh-client/ietf.go
@@ -73,9 +73,9 @@ func (c *Client) generateRequestIETF(w dns.ResponseWriter, r *dns.Msg, isTCP boo
 		opt = new(dns.OPT)
 		opt.Hdr.Name = "."
 		opt.Hdr.Rrtype = dns.TypeOPT
-		opt.SetUDPSize(4096)
+		opt.SetUDPSize(dns.DefaultMsgSize)
 		opt.SetDo(false)
-		r.Extra = append(r.Extra, opt)
+		r.Extra = append([]dns.RR{opt}, r.Extra...)
 	} else {
 		udpSize = opt.UDPSize()
 	}
@@ -134,9 +134,8 @@ func (c *Client) generateRequestIETF(w dns.ResponseWriter, r *dns.Msg, isTCP boo
 	if len(requestURL) < 2048 {
 		req, err = http.NewRequest("GET", requestURL, nil)
 		if err != nil {
 			// Do not respond, silently fail to prevent caching of SERVFAIL
 			log.Println(err)
 			reply.Rcode = dns.RcodeServerFailure
 			w.WriteMsg(reply)
 			return &DNSRequest{
 				err: err,
 			}
@@ -144,9 +143,8 @@ func (c *Client) generateRequestIETF(w dns.ResponseWriter, r *dns.Msg, isTCP boo
 	} else {
 		req, err = http.NewRequest("POST", upstream, bytes.NewReader(requestBinary))
 		if err != nil {
 			// Do not respond, silently fail to prevent caching of SERVFAIL
 			log.Println(err)
 			reply.Rcode = dns.RcodeServerFailure
 			w.WriteMsg(reply)
 			return &DNSRequest{
 				err: err,
 			}
--- a/doh-client/version.go
+++ b/doh-client/version.go
@@ -23,5 +23,7 @@
 package main
-const VERSION = "1.3.3"
+const (
-const USER_AGENT = "DNS-over-HTTPS/" + VERSION + " (+https://github.com/m13253/dns-over-https)"
+	VERSION    = "1.3.4"
 	USER_AGENT = "DNS-over-HTTPS/" + VERSION + " (+https://github.com/m13253/dns-over-https)"
 )
--- a/doh-server/google.go
+++ b/doh-server/google.go
@@ -150,7 +150,7 @@ func (s *Server) parseRequestGoogle(w http.ResponseWriter, r *http.Request) *DNS
 	opt := new(dns.OPT)
 	opt.Hdr.Name = "."
 	opt.Hdr.Rrtype = dns.TypeOPT
-	opt.SetUDPSize(4096)
+	opt.SetUDPSize(dns.DefaultMsgSize)
 	opt.SetDo(true)
 	if ednsClientAddress != nil {
 		edns0Subnet := new(dns.EDNS0_SUBNET)
--- a/doh-server/ietf.go
+++ b/doh-server/ietf.go
@@ -93,9 +93,9 @@ func (s *Server) parseRequestIETF(w http.ResponseWriter, r *http.Request) *DNSRe
 		opt = new(dns.OPT)
 		opt.Hdr.Name = "."
 		opt.Hdr.Rrtype = dns.TypeOPT
-		opt.SetUDPSize(4096)
+		opt.SetUDPSize(dns.DefaultMsgSize)
 		opt.SetDo(false)
-		msg.Extra = append(msg.Extra, opt)
+		msg.Extra = append([]dns.RR{opt}, msg.Extra...)
 	}
 	var edns0Subnet *dns.EDNS0_SUBNET
 	for _, option := range opt.Option {
--- a/doh-server/server.go
+++ b/doh-server/server.go
@@ -58,6 +58,7 @@ func NewServer(conf *config) (s *Server) {
 		conf: conf,
 		udpClient: &dns.Client{
 			Net:     "udp",
 			UDPSize: dns.DefaultMsgSize,
 			Timeout: time.Duration(conf.Timeout) * time.Second,
 		},
 		tcpClient: &dns.Client{
--- a/doh-server/version.go
+++ b/doh-server/version.go
@@ -23,5 +23,7 @@
 package main
-const VERSION = "1.3.3"
+const (
-const USER_AGENT = "DNS-over-HTTPS/" + VERSION + " (+https://github.com/m13253/dns-over-https)"
+	VERSION    = "1.3.4"
 	USER_AGENT = "DNS-over-HTTPS/" + VERSION + " (+https://github.com/m13253/dns-over-https)"
 )
Author	SHA1	Message	Date
Star Brilliant	4cbe7c8c98	Release 1.3.4	2018-04-26 10:33:38 +08:00
Star Brilliant	7839d2c7b1	Bump version to 1.3.4	2018-04-26 10:18:36 +08:00
Star Brilliant	c4b2236cf9	Do not respond to network error, silently fail to prevent caching of SERVFAIL Hopefully we can improve the availability of DoH under unstable network environments.	2018-04-26 10:17:14 +08:00
Star Brilliant	1b90731f20	Add version.go to Makefile	2018-04-25 18:36:06 +08:00
Star Brilliant	20624acf20	Update documents	2018-04-25 14:23:24 +08:00
Star Brilliant	01385b6d29	Update documents	2018-04-25 14:19:40 +08:00
Star Brilliant	5afdee6315	Put EDNS0 at the beginning of the OPT section	2018-04-25 03:05:06 +08:00
Star Brilliant	874a3613e4	Use dns.DefaultMsgSize instead of magic number 4096	2018-04-25 03:04:31 +08:00
Star Brilliant	dc14a70e9d	Use dns.DefaultMsgSize instead of magic number 4096	2018-04-24 20:46:34 +08:00
Star Brilliant	58e4018ab2	Rename variables	2018-04-24 20:43:24 +08:00