Sweetbread/Alfis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
697 Commits 3 Branches 0 Tags
5de0341ab495ec7c7dbd4220aa56ae384e9cc5db
Commit Graph

697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Revertron 5de0341ab4 Enhanced DNS security with ephemeral ports and DNS 0x20 encoding 
Significantly improve DNS client security against cache poisoning attacks through multiple defense layers:

Security Improvements:
- Bind UDP sockets to OS-assigned ephemeral ports (0.0.0.0:0) instead of predictable random ports, eliminating port-based attack vectors
- Implement DNS 0x20 encoding with strict case validation, adding 10-15 bits of entropy per query by randomizing domain name case
- Randomize transaction ID starting point using AtomicU16 for better entropy distribution

Attack difficulty increased from ~16 bits (65K attempts) to ~42-47 bits
(4.4-140 trillion attempts), making spoofing 1,000x to 32,000x harder.

Configuration:
- Add 'enable_0x20' option to DNS settings (default: true)
- Users can disable for compatibility with legacy resolvers if needed
- Feature is configurable via alfis.toml
 2025-10-27 14:39:47 +01:00
Revertron d3cdf6ea76 Fixed warnings in some tests. 2025-10-27 01:37:38 +01:00
Revertron 81f5568957 Updated all dependencies. 2025-10-27 01:22:02 +01:00
Revertron 61f2d89ef1 Fixed GLUE records return on NS requests. 2025-10-23 22:48:48 +02:00
Revertron 429563eee9 Another try to build for macOS. 2025-10-23 21:46:16 +02:00
Revertron fc7360ea00 Another try to build for macOS. 2025-10-23 21:43:22 +02:00
Revertron 914e8b6d67 Another try to build for macOS. 2025-10-23 21:35:45 +02:00
Revertron 4169ede074 Added DNS timeouts here and there. 
Fixed macOS and Ubuntu pipelines.
 2025-10-23 21:26:03 +02:00
Revertron d2b7080c96 Many DNS fixes! 2025-10-22 22:55:58 +02:00
Revertron a9d7ec1093 Merge pull request #375 from WaffleLapkin/patch-2 
Correctly scale nixos logo in readme
 2025-02-07 13:02:41 +01:00
waffle 8ad1e53375 correctly scale nix logo in readme 2025-02-06 17:51:26 +01:00
Revertron 3f36f4ede3 Small DNS fix. 2024-11-18 12:43:18 +01:00
Revertron 4945f18fae A lot of DNS fixes. 2024-11-18 00:44:04 +01:00
Revertron 2f7df4859d Small changes, updated dependencies. 2024-11-17 13:39:23 +01:00
Revertron 95188ec0bd Updated readme. 2024-07-29 20:04:59 +02:00
Revertron dd12397c39 Removed mips and mipsel from build matrix. 2024-07-13 13:39:22 +02:00
Revertron 7c5cc1879b Another fix of CI for releases. 2024-07-12 15:02:32 +02:00
Revertron 083d304e61 Last (I hope) fix of CI for releases. 2024-07-12 14:50:50 +02:00
Revertron b4f68c6a05 Another fix of CI for releases. 2024-07-12 14:42:20 +02:00
Revertron eebd53b177 Fixed linux builds. 2024-07-12 14:31:31 +02:00
Revertron 38a0239f19 Fixed CI for releases. 2024-07-12 13:50:20 +02:00
Revertron e7eb383a35 Small network fix. 2024-07-10 22:46:44 +02:00
Revertron de46148e01 Fixed UI for TXT records, updated all dependencies, made better connectivity, added log info to network thread. 2024-07-10 20:15:33 +02:00
Revertron 28431ec053 Merge pull request #365 from rex4539/pipes 
Fix RUSTSEC-2024-0019
 2024-03-09 01:53:57 +01:00
Dimitris Apostolou 9bd80f5115 Fix RUSTSEC-2024-0019 2024-03-08 22:11:22 +02:00
Revertron 080d4f3eb2 More dependencies updates. 2024-01-11 01:49:06 +01:00
Revertron a92799fb2d Updated crypto dependencies. 2024-01-11 01:32:18 +01:00
Revertron b74b0e00a0 Added a debug system to catch some deadlock. 2023-12-03 02:11:40 +01:00
Revertron 709125752f Fixed linux builds. 2023-10-04 00:54:08 +02:00
Revertron aa500b3ad8 Added Windows service mode! 2023-06-08 00:07:15 +02:00
Revertron 09303149d9 Attempt to eliminate stale peers. 2023-05-27 13:09:06 +02:00
Revertron e2f0fdf2d8 Fixed TLSA records resolution. 2023-03-27 22:58:40 +02:00
Revertron 8d36119332 Small UI fix. 2023-03-18 18:15:04 +01:00
Revertron 829ee753a0 Stability fixes. 2023-03-18 18:07:30 +01:00
Revertron 167b6db426 Updated sqlite dependency. 2023-03-01 13:57:08 +01:00
Revertron 748ec8273f Updated dependencies. 2023-03-01 13:18:18 +01:00
Revertron 17456e7a6c Optimized failing nodes banning. 2023-01-30 15:19:36 +01:00
Revertron c199a62a04 Optimized network connections (added write timeouts). 2023-01-30 14:40:59 +01:00
Revertron da7db8dfa4 Update FUNDING.yml 2022-12-18 10:42:24 +01:00
Revertron 58e595c759 Merge pull request #320 from wegank/alfis-aarch64-darwin 
build: fix build on aarch64-darwin
 2022-11-13 19:23:42 +01:00
Weijia Wang 03b461a740 build: fix build on aarch64-darwin 2022-11-11 08:59:13 +01:00
Revertron aa246571a7 Fixed unimportant warning, and changed some constants in DoH client. 2022-11-03 17:55:32 +01:00
Revertron 0d50fc44c6 Updated adblock list. 2022-11-03 16:59:13 +01:00
Revertron b3d077c2a0 Fixed max-nodes constant, changed by mistake. 2022-11-03 14:48:23 +01:00
Revertron e5657d6802 Reworked DNS-resolver. 2022-11-03 14:46:35 +01:00
Revertron 287e88c7e2 Updated dependencies. 2022-11-03 13:56:17 +01:00
Revertron c230875eb0 Merge pull request #310 from exepirit/master 
build: create build for armv6
 2022-10-04 15:37:33 +02:00
exepirit a3593cf3c1 build: create build for armv6 2022-10-04 13:46:43 +07:00
Revertron 89a6126cd7 Merge pull request #302 from ilyar/make-binary-smaller 
make binary smaller
 2022-09-12 12:40:34 +02:00
Ilyar f8aef96041 make binary smaller 2022-09-11 11:43:01 +02:00