DnsSafeguard v1.7.4

New Features

• Lifetime for DNS Queries: Added lifetime to DNS queries for DoT nonblocking protocol.
• Configuration Update: Introduced dot_nonblocking_dns_query_lifetime to the configuration file.
• Response Size Matching: Implemented DNS query response size matching based on RFC 7858 for both DoT and DoT nonblocking protocols.
• Custom HTTP Path: Added support for custom HTTP paths in HTTP-based protocols.
• Disable Domain SNI Option: Added disable_domain_sni option, providing an alternative to the fragmenting method (note: not supported by all DNS servers).

Improvements

• Memory Optimization: Changed Serde file configuration types to reduce memory usage.
• Dependency Upgrades: Upgraded various dependencies to their latest versions.
• Config File: The values of custom_http_path and rules in the config file can now be set to null to reduce memory usage and boost performance.

Configuration Changes

• Naming Consistency: Replaced h1 multi with h1_multi and dot nonblocking with dot_nonblocking for consistency.

DnsSafeguard v1.7.2

Release notes

Bug Fixes

• Domain Splitting: Fixed a bug in the rules domain splitting logic to ensure accurate domain handling.

Enhancements

• Connection Handling: Added more robust closed connection handlers for HTTP/2 (h2) to improve stability and resource management.
• Main Functions: Rewritten two main functions to enhance performance and reduce the likelihood of bugs.

Performance Improvements

• Heap Allocation: Eliminated heap allocation previously required for generating URLs for HTTP/1 (h1), HTTP/2 (h2), and HTTP/3 (h3), resulting in more efficient memory usage.
• Cryptographic Library: Replaced aws_lc_rs with rust-ring to reduce binary size and improve cryptographic performance.
• SNI Sharing: Removed heap allocation needed for sharing Server Name Indication (SNI) across asynchronous tasks for HTTP/2 (h2) and HTTP/3 (h3), enhancing performance and reducing memory overhead.

DnsSafeguard v1.7.1

Release notes

• Fixed DoQ reconnecting bug: Resolved an issue causing DoQ (DNS over QUIC) to fail reconnections under certain conditions.
• Enhanced H3 closed connection handling: Added additional handlers to manage closed connections more effectively in HTTP/3.
• Optimized memory usage for DoQ and DoT: Eliminated heap allocations previously required for adding DNS query size to DNS queries in both DoQ (DNS over QUIC) and DoT (DNS over TLS).
• Reduced heap allocation for multiple protocols: Removed unnecessary heap allocations for encoding DNS to base64 across H1, H2, H3, and H1 multi-protocols, improving overall performance.

DnsSafeguard v1.7.0

Release notes

• New DNS over QUIC protocol (DoQ).
• Improve error handling for H3.
• Remove double dns copy on stack.

DNS over QUIC Protocol (DoQ)

DNS over QUIC (DoQ) is a cutting-edge protocol designed to enhance the performance and security of DNS queries. It leverages the QUIC transport layer protocol, which is known for its low latency and robust security features. DoQ is considered one of the most performant DNS protocols available, offering several advantages:

• Low Latency: QUIC’s design reduces the time required to establish a connection, resulting in faster DNS query responses.
• Enhanced Security: DoQ provides encryption and authentication, protecting DNS queries from eavesdropping and tampering.
• Improved Reliability: QUIC’s built-in mechanisms for handling packet loss and network congestion ensure more reliable DNS resolution.

DnsSafeguard v1.6.0

Release notes

• Added Rules.
• Upgrade rustls to 0.23.14.
• Added connection option to config file.
• Improve overall performance.
• Fixed an issue with H3 on windows.

Rules

Block or bypass domains or domains containing the provided keywords.

DnsSafeguard v1.5.1

UDP Noise

• Introduced a new noise parameter: ntype. Variants include dns, str, lsd, and rand.
• Added a new noise parameter: continues.

QUIC

• Added a new parameter: connecting_timeout_sec.

DnsSafeguard v1.5.0

• New UDP Noise method
• Update dependencies.

Noise

This new method enables the use of the H3 protocol (QUIC) on networks where QUIC is blocked. While the first connection attempt might fail, the second attempt, which utilizes 0-RTT, typically succeeds.

DnsSafeguard v1.4.2

• Many bug fixes from Rustls dependency.
• Update dependencies.

DnsSafeguard v1.4.1

Release Notes

• Handle errors when there is no internet connection.
• Update H2.
• Some improvements.

DnsSafeguard v1.4.0

Release Notes

• Some improvements.
• Update dependencies.
• New fragmenting method jump.