5de0341ab4
Enhanced DNS security with ephemeral ports and DNS 0x20 encoding
...
Significantly improve DNS client security against cache poisoning attacks through multiple defense layers:
Security Improvements:
- Bind UDP sockets to OS-assigned ephemeral ports (0.0.0.0:0) instead of predictable random ports, eliminating port-based attack vectors
- Implement DNS 0x20 encoding with strict case validation, adding 10-15 bits of entropy per query by randomizing domain name case
- Randomize transaction ID starting point using AtomicU16 for better entropy distribution
Attack difficulty increased from ~16 bits (65K attempts) to ~42-47 bits
(4.4-140 trillion attempts), making spoofing 1,000x to 32,000x harder.
Configuration:
- Add 'enable_0x20' option to DNS settings (default: true)
- Users can disable for compatibility with legacy resolvers if needed
- Feature is configurable via alfis.toml
2025-10-27 14:39:47 +01:00
61f2d89ef1
Fixed GLUE records return on NS requests.
2025-10-23 22:48:48 +02:00
4169ede074
Added DNS timeouts here and there.
...
Fixed macOS and Ubuntu pipelines.
2025-10-23 21:26:03 +02:00
d2b7080c96
Many DNS fixes!
2025-10-22 22:55:58 +02:00
3f36f4ede3
Small DNS fix.
2024-11-18 12:43:18 +01:00
4945f18fae
A lot of DNS fixes.
2024-11-18 00:44:04 +01:00
e2f0fdf2d8
Fixed TLSA records resolution.
2023-03-27 22:58:40 +02:00
594dabcab8
Implemented resolution of domain records through NS-servers. Updated dependencies.
2022-04-01 13:03:32 +02:00
797584c516
Fixed multiple clippy warnings.
2021-12-25 18:40:36 +01:00
08328c95fe
Added DNS-over-HTTPS support for forwarded queries.
2021-09-08 17:53:38 +02:00
d513c29cfe
Code reformatting.
2021-06-09 20:36:36 +02:00
9949d13e62
First commit of 0.5.* branch.
2021-05-02 12:55:51 +02:00
a4d9a64989
Implemented consistent SOA serial for internal zones.
2021-04-28 20:12:06 +02:00
d9e9d53df7
Fixed a regression in DNS filter.
2021-04-28 12:20:26 +02:00
fcb920e0de
Refactored Chain a lot to make it possible to test.
...
Added a CPU hard test for Chain, checking all current DB.
Added an option to config file to set a count of checked top blocks on start.
2021-04-26 21:49:01 +02:00
5994622f59
Fixed resolve of SOA records #40 .
2021-04-15 12:33:47 +02:00
aef30818be
Changed some logging.
2021-04-13 23:19:47 +02:00
ee9b73b190
Fixed negative DNS responses.
2021-04-13 18:46:48 +02:00
e1d0df33d5
Fixed resolve of CNAME records.
2021-04-02 03:24:53 +02:00
a4ecb1f0f7
Very important DNS resolver fix.
2021-03-30 20:50:20 +02:00
7e742c1553
Fixed DNS answers for provided zones.
2021-03-30 19:10:26 +02:00
4e0b0b3d1c
Added mining threads count option.
2021-03-29 11:10:48 +02:00
dcf5bb72b0
Eliminated connection loops.
...
Optimized network processes.
Removed some unnecessary logging.
Fixed status bar info inconsistency.
2021-03-21 00:19:09 +01:00
1d9833db0f
Implemented right way to constrain zone difficulty.
2021-03-17 14:55:05 +01:00
5d57473122
Major refactoring. Changed mining algorithm to Blakeout. Changed keypair mining algorithm.
2021-03-10 22:21:50 +01:00
46c49fe4c9
Fixed filtering of existing zones in blockchain.
2021-02-26 21:00:08 +01:00
193275da7f
Implemented rotating DNS upstreams from config. Fixed warnings.
2021-02-21 21:56:56 +01:00
38feb11cff
Fixed DNS-records search.
2021-02-21 12:29:09 +01:00
93d688c479
Added a decent logging.
2021-02-20 16:28:10 +01:00
d135204af7
Implemented DNS on blockchain. Beautified a lot of code, fixed some things.
2021-02-19 16:41:43 +01:00
Revertron