5de0341ab4
Enhanced DNS security with ephemeral ports and DNS 0x20 encoding
...
Significantly improve DNS client security against cache poisoning attacks through multiple defense layers:
Security Improvements:
- Bind UDP sockets to OS-assigned ephemeral ports (0.0.0.0:0) instead of predictable random ports, eliminating port-based attack vectors
- Implement DNS 0x20 encoding with strict case validation, adding 10-15 bits of entropy per query by randomizing domain name case
- Randomize transaction ID starting point using AtomicU16 for better entropy distribution
Attack difficulty increased from ~16 bits (65K attempts) to ~42-47 bits
(4.4-140 trillion attempts), making spoofing 1,000x to 32,000x harder.
Configuration:
- Add 'enable_0x20' option to DNS settings (default: true)
- Users can disable for compatibility with legacy resolvers if needed
- Feature is configurable via alfis.toml
2025-10-27 14:39:47 +01:00
a92799fb2d
Updated crypto dependencies.
2024-01-11 01:32:18 +01:00
a27b6cc75c
Fixed block precedence calculation.
2022-07-10 23:07:59 +02:00
63d3593e10
Fixed default AdGuard DNS IP.
2022-01-03 22:08:59 +01:00
08f49d52da
Fix typo
2022-01-02 12:05:54 +02:00
903a3b1550
Fixed OPT record forwarding.
2021-09-09 18:18:03 +02:00
08328c95fe
Added DNS-over-HTTPS support for forwarded queries.
2021-09-08 17:53:38 +02:00
66b03c0dff
Verson increment. Disabled start of DNS server if threads set to zero.
2021-07-17 13:16:00 +02:00
31ba599662
Implemented support for multiple keys.
2021-05-14 14:14:45 +02:00
aa6ae581d6
Pushing new origin hash.
2021-05-13 13:18:27 +02:00
ec635b19f2
Config update to support new chain.
2021-05-05 10:41:32 +02:00
fcb920e0de
Refactored Chain a lot to make it possible to test.
...
Added a CPU hard test for Chain, checking all current DB.
Added an option to config file to set a count of checked top blocks on start.
2021-04-26 21:49:01 +02:00
c0e49bbab5
Optimized p2p connections a bit.
2021-04-24 19:02:24 +02:00
6ed4fb4830
Made p2p connections somewhat more reliable.
2021-04-20 23:36:48 +02:00
27352ba0d8
Increased DNS client timeout from 3 second to 10. Changed 1 bootstrap address.
2021-04-13 23:16:09 +02:00
2b58d063dd
Increased DNS client timeout from 1 second to 3. Added YGGv6 address to bootstrap peers. Incremented version.
2021-04-13 19:17:05 +02:00
551af8e6a0
fix typo in alfis.toml
2021-04-10 15:39:11 +03:00
3900790f03
Returned low thread priorty as it seems after thorough tests that there is an impact afterall. But this functionality is now controlled by option 'mining.lower'.
2021-04-10 14:03:52 +02:00
6ae6852670
Small update to config file.
2021-04-03 14:27:43 +02:00
4721ff8f88
Config fix.
2021-04-03 11:29:57 +02:00
8168ab37b3
(Hopefully) fixed network stucks.
2021-04-03 11:28:55 +02:00
882d826c26
Implemented hosts-file support. You can resolve local names or block ads on DNS level!
2021-04-01 20:59:52 +02:00
89cb23306a
Fix typo.
2021-03-31 16:57:46 +02:00
e806cf5612
Added config option to ignore all nodes except from Yggdrasil.
2021-03-31 16:50:22 +02:00
4e0b0b3d1c
Added mining threads count option.
2021-03-29 11:10:48 +02:00
98b00eb8e2
Changed version number.
2021-03-23 18:56:29 +01:00
f5949e6ec0
Reworked handling appropriate (mined) keys absence. Now that info handled in UI as well. It won't allow users without keys to mine domains or zones.
2021-03-23 18:55:11 +01:00
4ddacd2f57
Tuned up difficulty constant for comfortable use with new algo.
...
Mined new origin block to start over test network.
2021-03-22 22:57:54 +01:00
c5204aaed1
Refactored a lot of cryptography. Moved from "rust-crypto" to https://github.com/RustCrypto
2021-03-22 19:20:51 +01:00
a4e9d92680
Fixed getting zone difficulty.
2021-03-17 20:05:05 +01:00
1d9833db0f
Implemented right way to constrain zone difficulty.
2021-03-17 14:55:05 +01:00
85c2a7e668
Removed old origin from config.
2021-03-16 22:16:14 +01:00
c7e845af05
Made it possible to run ALFIS without settings file. It will be created if not found.
2021-03-16 14:00:14 +01:00
9718fa8a81
Tuned some constants adn options.
2021-03-07 17:47:33 +01:00
1cd1fed178
Added full IPv6 support for DNS-resolver upstreams.
2021-03-06 23:53:30 +01:00
ce212ab749
Changed format of DNS-listen options. Added DNS-thread count options to config.
2021-03-06 22:54:17 +01:00
ac915a1e92
Changed settings format file from JSON to Toml.
2021-03-06 22:40:19 +01:00
Revertron
Dimitris Apostolou
R4SAS