Skip to content

Latest commit

 

History

History
713 lines (521 loc) · 17.2 KB

CHANGELOG.adoc

File metadata and controls

713 lines (521 loc) · 17.2 KB

Changelog for rescached

Log of new features, enhancements, and/or bug fixes for each release.

cmd/rescached: add sub command to print the current version

Running "rescached version" now will print the program version.

support SVCB record (type 64) and HTTPS record (type 65)

The latest update on "lib/dns" package support RFC 9460, SVCB record (type 64) and HTTPS record (type 65).

all: replace module "share" with "pakakeh.go"

The module "share" has been moved to new repository at SourceHut and we rename it to make it more unique instead of common English words "share".

all: move repository to SourceHut

The new repository and project page for rescached is at https://sr.ht/~shulhan/rescached .

all: remove loading system hosts file

Loading and caching system hosts file (for example, /etc/hosts in POSIX) will leaks internal hosts if the rescached server is open to public.

The system hosts file are handled by nssswitch.conf "files" internally so no need to loading it.

cmd/resolver: replace "math/rand" with "crypto/rand"

The random number from "math/rand" is predictable if the seed is known. Even though the random number here is only for generating unique request ID, we still need to prevent this by using more secure random number.

go.mod: set Go version to 1.19 and update share module

The latest share module has several fixes and enhancements regarding DNS library, including

  • lib/dns: simplify unpackDomainName return value for end

  • lib/dns: use the packet length to derive current offset

  • lib/dns: handle zone file with CRLF line ending

  • lib/dns: allow parsing TXT rdata without quote in zone file

  • lib/dns: fix parsing SRV record from zone file

  • lib/dns: fix packing and unpacking resource record HINFO

  • lib/dns: fix packing, parsing, and saving MINFO resource data

_www/doc: update the index and resolver documentation

While at it, rename the README.adoc to README and made symlink to it as README.adoc.

This release refactoring the resolver command as CLI to rescached server. The resolver command now can manage environment, caches, hosts.d, and zone.d in the server; not just query.

all: un-export HostsFiles and Zones fields on Environment

Previously those fields exported because web client need it to initialize the content for /hosts.d and /zone.d pages.

Since we now have HTTP API for that, web client can call get request to the respective API without depends on the environment.

all: refactoring the HTTP API for deleting zone record

Previously, the HTTP API for deleting a record is by passing the parameters as JSON in the body. This may cause issue if HTTP client does not support sending body in DELETE method.

This changes the method to pass the parameters in the query,

DELETE /zone.d/rr?zone=<string>&type=<string>&record=<base64 json>

Parameters,

  • zone: the zone name,

  • type: the record type,

  • record: the content of record with its domain name and value.

all: refactoring HTTP API for adding new zone.d record

Previously, the request for adding new record on zone file is by passing the zone name and type inside the path,

/zone.d/:name/rr/:type

This commit changes it to pass all parameters inside the request body as JSON,

{
	"zone": <string>,
	"kind": <string>,
	"record": <base64 string|base64 JSON>
}

For example, to add A record for subdomain "www" to zone file "my.zone", the request format would be,

{
	"zone": "my.zone",
	"kind": "A",
	"record": "eyJOYW1lIjoid3d3IiwiVmFsdWUiOiIxMjcuMC4wLjEifQ=="
}

Where "record" value is equal to {"Name":"www","Value":"127.0.0.1"}.

On the response, we changes it to return only the new record instead of all record in the zone.

all: refactor the HTTP API for zone.d

Previously, the the HTTP API for creating and deleting zone file is by passing the zone file name in path of URL.

This changes move the parameter name to POST body when creating new zone file and in the DELETE query when deleting zone file.

all: refactor the APIs to manage hosts.d resource records (RR)

There are two APIs to manage hosts.d RR: create and delete.

Previously, the create API pass the hosts name inside and values inside the path,

POST /hosts.d/<name>/rr?domain=&value=

This commit changes the request type to form, so all parameters move to body,

POST /hosts.d/rr
Content-Type: application/x-www-form-urlencoded

name=&domain=&value=

On delete API, we changes the name parameter to be send on query parameter along with domain to be deleted. Previously, the delete API was

DELETE /hosts.d/<name>/rr?domain=

now it become

DELETE /hosts.d/rr?name=&domain=
all: rename the page and HTTP API for hosts_blocks to block.d

This is to make all terminology to be consistent, from configuration to page URL, and API.

all: implement HTTP API to fetch list of block.d

Given the following request,

GET /api/block.d

It will return list of hosts in block.d as JSON format:

{
	"data": {
		"<name>": <Blockd>
		...
	}
}
all: implement HTTP API to fetch records in zone

Sending the following request to HTTP server:

GET /api/zone.d/rr?zone=<string>

where zone parameter is the zone name, it will return list of records in that zone.

all: add new HTTP API to get all zones

The HTTP API has the following format,

GET /api/zone.d

On success, it will return HTTP status code 200 with all zone formatted as JSON in the body.

all: implement HTTP API to enable or disable hosts on block.d

The URL /api/block.d/enable activate the hosts in block.d, while The URL /api/block.d/disable deactivate the hosts in block.d.

Both of this API accept single parameter "name" in the body as application/x-www-form-urlencoded.

all: implement HTTP API to update hosts.d

The API receive the block.d name and if it valid, the server will fetch latest hosts file from the block provider based on the registered URL.

all: implement HTTP API to remove all caches

On the HTTP side, if the query parameter "name" for "DELETE /api/caches" is "all" it will remove all caches.

On the resolver side, if the parameter for "caches remove" is "all" it will remove all caches.

This changes require latest lib/dns on share module.

all: fix panic if a nil HostsFiles and/or Zones is accessed
all: fix error updating hosts block if directory not exist

If the hosts block file never created before and the directory to hosts block file is not exist, the hostsBlock update method will return an error.

This changes fix this issue by creating the path to hosts block directory first before fetching and storing the new update.

all: return the hosts file in response of hosts.d create and delete

Instead of returning empty data, return the affected hosts file when creating a new one or when deleting existing one.

cmd/resolver: refactor the resolver as client of DNS and rescached

Previously, the resolver command only for querying DNS server.

In this changes and in the future, the resolver command will be client for DNS and rescached server.

all: move the documentation under _www/doc directory

This also allow the latest/released documentation viewed on the web user interface under /doc path.

While at it, reformat HTML and CSS files using js-beautify and JavaScript files using clang-format [1].

all: move all installation files into directory _sys

Previously, all files required for installing rescached scattered in different directories.

This changes move all files into single directory _sys with the directory structure matched with target system.

all: remove malwaredomainlist.com from provider of hosts block

The URL and contents from this provider is now empty and has not been updated.

This release re-licensing the rescached under GPL 3.0 or later.

See https://kilabit.info/journal/2022/gpl/ for more information.

www: implement functionality to remove cache by record name

In the web user interface (WUI), we have a button "Remove from cache" that displayed per record, but somehow this feature is not implemented, probably missing from commits due to rebase or I completely forgot about it.

Anyway, this commit implement the feature to remove record from cache by clicking the button. On success, it will remove the removed record from search result.

Fix #10

www: check for possible null on NameServers environment
www: fix caches record type showing "undefined"

Due to refactoring on DNS library, we forgot to rename the field QType to RType on the frontend. This cause the record type on caches showed on the page as "undefined".

all: fix format of all asciidoc files

This is to make the adoc files parsed and rendered correctly by asciidocgo and asciidoc tools.

cmd/rescached: add command "embed" and to run in development mode

This two commands is used internally for development.

The "embed" command embed all files inside "_www" directory into Go file "memfs_generate.go". This command replace "internal/generate_memfs.go".

The "dev" command run the rescached server in development mode using "cmd/rescached/rescached.cfg.test" as the configuration.

The "dev" command listen on DNS port 5350, so to prevent conflict with live rescached server, we run script _bin/nft_dnstest_chain.sh to redirect UDP and TCP requests from port 53 to port 5350.

all: remove using tcp scheme in config and documentation

Using TCP for parent name server is discouraged, because most of server disallow keeping the connection alive.

The valid use case for TCP connection is when server received truncated UDP answer.

Using UDP as parent scheme, will automatically assume that the server also capable of handling query in TCP. This is required when client (for example, your browser) re-send the query after receiving truncated UDP answer. Any query received by rescached through TCP will forwarded to the parent name server as TCP too, using the same address and port defined in one of UDP parent.

While at it, use Cloudflare DNS server as default in configuration and as example in documentation.

Add support to save and load caches to/from storage upon restart

rescached now able to save and load caches to local storage upon restart.

On POSIX, the caches is stored in /var/cache/rescached/rescached.gob, encoded using gob.

Update #9

make the TCP forwarders as complementary of UDP

The TCP forwarders only active when client send the DNS request as TCP. When the server receive that request it should also forward the request as TCP not as UDP to prevent the truncated response.

Another use case for TCP is when the response is truncated, the client will send the query back through TCP connection. The server should forward this request using TCP instead of UDP.

Remove the fallback name servers (NS) from server options

The original idea of fallback NS is to send the query to the one define in resolv.conf, instead of using the one defined by user in ServerOptions NameServers, when an error occured.

But, most of error usually caused by network (disconnected, time out), so re-sending query to fallback NS does not have any effect if the network it self is not working.

This changes remove the unnecessary and complex fallback NS from server.

Do not cache truncated answer

Previously only answer with non-zero response code is ignored.

This changes ignore also answer where response header is truncated.

Rescached now have a web user interface (wui) that can be accessed at http://127.0.0.1:5380.

The interface can be used to monitoring caches, managing caches, environment, blocked hosts, internal hosts files, and zone files.

The rescached\::dir.hosts now default to "/etc/rescached/hosts.d"
The rescached\::dir.master now default to "/etc/rescached/zone.d"
go.mod: comment replace directive

This cause package is un-buildable using normal go get or git clone.

Sorry :/

dns: change the mark of input/output in log output

Previously, the character '<' is used to indicate incoming request from client and '>' to indicate outgoing response. This change reverse it because '<' make more sense for output and '>' is for input (looks like cin and cout on C++ world)

dns: fix index out of range when unpacking OPT RR
dns: forward the request to fallback queue if there is no forwarders
Add prefix "_" to all non-Go source directories

This is to ignore the directory being scanned by Go tools.

Makefile: remove unused option "CGO_ENABLED=0"
Makefile: remove invalid task "install-service-systemd"
cmd: fix formatting arguments

== rescached v3.0.0-alpha (2019-12-26)

All the server core functionalities (caches and forwarding) now implemented inside "dns.Server". The main function of this package are for reading options from configuration file (or from command line options) and watching changes from system resolv.conf.

  • Support serving and forwarding DNS over TLS

  • Add launchd script for macOS and make tasks to install and uninstall on macOS

There are also some major changes on configuration file. All configuration now break into two section '[rescached]' and '[dns "server"]'. For more information see new rescached.cfg manual page or an example in cmd/rescached/rescached.cfg.

Some detailed changes are,

  • "parent" option now use URI format instead of IP:PORT. This will allow parent name servers to be UDP, TCP, and/or DoH simultaneously.

  • "server.doh.parent" and "server.parent.connection" are removed, redundant with new "server.parent" format.

  • "cache.threshold" is renamed to "cache.prune_threshold".

  • "file.pid" is removed.

    The concept of writing PID file when the program start on networking service is not applicable or relevant anymore on systemd or launchd. If the program already started, the second program will fail because the port is already used.

Use single Go routine to handle request. This fix mismatched ID in response due to single response is being use by multiple routines.

  • Run multiple (4) go routines to handle request

  • Make the debug output to be more human readable

  • cmd/resolver: fix query with zero ID

Change default parent nameservers to Cloudflare DNS

We believe in Cloudflare! Please read Cloudflare DNS policy for more information: https://developers.cloudflare.com/1.1.1.1/commitment-to-privacy/privacy-policy/privacy-policy/

Improve response performance::. Previously we can serve around 93k request per second (RPS). The new enhancement increase the RPS to around 115k.

  • Fix the example certificate and key for DNS over HTTPS

  • Fix the hosts.block destination file in script to update blocked host file

  • Fix response with different query type that may not get pruned

  • Enable to handle request from UDP and TCP connections

  • Enable to forward request using UDP or TCP connection

  • Load and serve addresses and hostnames in /etc/hosts

  • Load and serve hosts formated files inside directory /etc/rescached/hosts.d/

  • Blocking ads and/or malicious websites through host list in /etc/rescached/hosts.d/hosts.block

  • Support loading and serving master (zone) file format from /etc/rescached/master.d

  • Integration with openresolv

  • Support DNS over HTTPS (DoH) (draft 14)