2.0.25

The example IP address for network probes didn't work on Windows - This is a regression introduced in version 2.0.24.

The example configuration file has been updated and the fallback resolver IP is now used when no netprobe address has been configured.

2.0.24

• The query log now includes the time it took to complete the
  transaction, the name of the resolver that sent the response and if
  the response was served from the cache. Thanks to Ferdinand Holzer for
  his help!
• The list of resolvers, sorted by latency, is now printed after all
  the resolvers have been probed.
• The "fastest" load-balancing strategy has been renamed to "first".
• On Windows, a nul byte is sent to the netprobe address. This is
  required to check for connectivity on this platform. Thanks to Mathias
  Berchtold.
• The Malwaredomainlist URL was updated to directly parse the host
  list. Thanks to Encrypted.Town.
• The Python script to generate lists of blacklisted domains is now
  compatible both with Python 2 and Python 3. Thanks to Simon R.
• A warning is now displayed for DoH is requested but the server
  doesn't speak HTTP/2.
• A crash with loaded-balanced sets of cloaked names was fixed.
  Thanks to @InkblotAdmirer for the report.
• Resolvers are now tried in random order to avoid favoring the first
  ones at startup.

2.0.23

2.0.23

2.0.22

The previous version had issues with the .org TLD when used in conjunction with dnsmasq.

This has been fixed.

2.0.21

The change to run the Windows service as NT AUTHORITY\NetworkService has been reverted, as it was reported to break logging (Windows only).

There are no other changes. If you are running version 2.0.20 on non-Windows platforms, or if you installed the service yourself, upgrading is not necessary.

Oh, and if you know how to switch back to NT AUTHORITY\NetworkService and still have the ability to write log files, your help would be welcome.

2.0.20

• Startup is now way faster, especially when using DoH servers.
• A new action: CLOAK is logged when queries are being cloaked.
• A cloaking rule can now map to multiple IPv4 and IPv6 addresses, with load-balancing.
• New option: refused_code_in_responses to return (or not) a REFUSED code on blacklisted queries. This is disabled by default, in order to work around a bug in Android Pie.
• Time-based restrictions are now properly handled in the generate-domains-blacklist.py script.
• Other improvements have been made to the generate-domains-blacklist.py script.
• The Windows service is now installed as NT AUTHORITY\NetworkService.

2.0.19

• The value for netprobe_timeout was read from the command-line, but not from the configuration file any more. This is a regression introduced in the previous version, that has been fixed.
• The default value for netprobe timeouts has been raised to 60 seconds.
• A hash of the body is added to query parameters when sending DoH queries with the POST method in order to work around badly configured proxies.

2.0.18

• Official builds now support TLS 1.3.
• The timeout for the initial connectivity check can now be set from the command line.
• An Accept: header is now always sent with GET queries.
• BOMs are now ignored in configuration files.
• In addition to SOCKS, HTTP and HTTPS proxies are now supported for DoH servers.

2.0.17

• Go >= 1.11 is now supported
• The flipside is that Windows XP is not supported any more :(
• When dropping privileges, there is no supervisor process any more.
• DNS options used to be cleared from DNS queries, with the exception of flags and payload sizes. This is not the case any more.
• Android builds use a newer NDK, and add compatibility with API 19.
• DoH queries are smaller, since workarounds are not required any more after Google updated their implementation.

2.0.16

2.0.16