DnsSafeguard v1.8.2

• New: tracker noise method.
• New: cache_control local DoH option, allowing control over browser DNS caching.
• Removed: X-Xss-Protection header.
• Removed: Linear and Jump fragment methods.
• Optimized: Fragment random and single methods (fully dynamic, merged with segmentation method).
• New: fragment_size_min, fragment_size_max, and segments fragment config options, allowing control over fragmentation behavior.

DnsSafeguard v1.8.1

• Removed the Local DoH date header, which was unnecessary and reduced the binary size.
• Optimized tokio_rustls, resulting in a smaller binary size.
• Fixed Local DoH (H2) bugs and improved request handling.

New

• Added the disable_certificate_validation option, enabling domain fronting to bypass the GFW. This is the best option to trick the GFW. For example, if you use Google's DoH server with the H2 protocol, you can enable disable_certificate_validation in the config file and use www.google.com as the server_name. QUIC-based protocols (H3 and DoQ) do not support this feature.

DnsSafeguard v1.8.0

Release Notes

Features

• Added ip option for rules to respond to DNS queries with a static IP address.

Improvements

• Significant performance and memory usage improvements by reducing heap allocations.

Operating System Support

• Added support for 32-bit Windows OS.
• Added support for 32-bit Linux OS.

DnsSafeguard v1.7.7

Release Notes

Enhancements

• Optimized DoQ and DoT by reducing memory allocation.
• Improved fragmenting by removing heap allocation.
• Enhanced error handling for the h1 protocol.
• Optimized error handling across all protocols.
• Added sleep_interval_min and sleep_interval_max to the fragmenting option in the config file.

Bug Fixes

• Fixed numerous bugs.
• Resolved DNS query drops when connections close for all protocols.

New Features

• Block DNS queries based on query type.

Rules

• Blocked DNS queries with empty responses to avoid client timeouts.

Local DoH

• Improved error handling.
• Enhanced timeout handling.
• Added multiple HTTP headers in responses for better browser compatibility.

@brian6932 Thanks for test and reports.

DnsSafeguard v1.7.6

Release Notes

• Upgraded DNS query response buffer size to 4096 bytes.
• Removed Windows DNS cache clearing.
• Eliminated unnecessary buffer copying in rules checking for h1 and dot protocols.
• Fixed buffer reallocation issues.
• Removed redundant buffers for dot.

Local DoH

• Added support for HTTP/1.1.
• Added support for POST method for both HTTP/1.1 and H2.
• Fixed numerous bugs.
• Added alpn option to the config file to adjust local DoH protocols (http/1.1, h2).

A huge thank you to @brian6932 for testing and debugging support.

DnsSafeguard v1.7.5

Release Notes

Improvements

• Removed heap allocation for server names as strings in H2 and H3, enhancing performance.
• Upgraded dependencies to ensure compatibility and security.
• Eliminated unnecessary clones, reducing memory usage.
• Fixed TCP connection handler to improve stability and reliability.
• Added DNS cache clearing functionality for Windows, enhancing DNS resolution accuracy.

New Feature: Local DoH Server

• Local DNS over HTTPS (DoH) Server: Enables setting up a local DoH server using HTTP/2, allowing other applications to interact with DnsSafeguard directly. Go to local DoH server page

DnsSafeguard v1.7.4

New Features

• Lifetime for DNS Queries: Added lifetime to DNS queries for DoT nonblocking protocol.
• Configuration Update: Introduced dot_nonblocking_dns_query_lifetime to the configuration file.
• Response Size Matching: Implemented DNS query response size matching based on RFC 7858 for both DoT and DoT nonblocking protocols.
• Custom HTTP Path: Added support for custom HTTP paths in HTTP-based protocols.
• Disable Domain SNI Option: Added disable_domain_sni option, providing an alternative to the fragmenting method (note: not supported by all DNS servers).

Improvements

• Memory Optimization: Changed Serde file configuration types to reduce memory usage.
• Dependency Upgrades: Upgraded various dependencies to their latest versions.
• Config File: The values of custom_http_path and rules in the config file can now be set to null to reduce memory usage and boost performance.

Configuration Changes

• Naming Consistency: Replaced h1 multi with h1_multi and dot nonblocking with dot_nonblocking for consistency.

DnsSafeguard v1.7.2

Release notes

Bug Fixes

• Domain Splitting: Fixed a bug in the rules domain splitting logic to ensure accurate domain handling.

Enhancements

• Connection Handling: Added more robust closed connection handlers for HTTP/2 (h2) to improve stability and resource management.
• Main Functions: Rewritten two main functions to enhance performance and reduce the likelihood of bugs.

Performance Improvements

• Heap Allocation: Eliminated heap allocation previously required for generating URLs for HTTP/1 (h1), HTTP/2 (h2), and HTTP/3 (h3), resulting in more efficient memory usage.
• Cryptographic Library: Replaced aws_lc_rs with rust-ring to reduce binary size and improve cryptographic performance.
• SNI Sharing: Removed heap allocation needed for sharing Server Name Indication (SNI) across asynchronous tasks for HTTP/2 (h2) and HTTP/3 (h3), enhancing performance and reducing memory overhead.

DnsSafeguard v1.7.1

Release notes

• Fixed DoQ reconnecting bug: Resolved an issue causing DoQ (DNS over QUIC) to fail reconnections under certain conditions.
• Enhanced H3 closed connection handling: Added additional handlers to manage closed connections more effectively in HTTP/3.
• Optimized memory usage for DoQ and DoT: Eliminated heap allocations previously required for adding DNS query size to DNS queries in both DoQ (DNS over QUIC) and DoT (DNS over TLS).
• Reduced heap allocation for multiple protocols: Removed unnecessary heap allocations for encoding DNS to base64 across H1, H2, H3, and H1 multi-protocols, improving overall performance.

DnsSafeguard v1.7.0

Release notes

• New DNS over QUIC protocol (DoQ).
• Improve error handling for H3.
• Remove double dns copy on stack.

DNS over QUIC Protocol (DoQ)

DNS over QUIC (DoQ) is a cutting-edge protocol designed to enhance the performance and security of DNS queries. It leverages the QUIC transport layer protocol, which is known for its low latency and robust security features. DoQ is considered one of the most performant DNS protocols available, offering several advantages:

• Low Latency: QUIC’s design reduces the time required to establish a connection, resulting in faster DNS query responses.
• Enhanced Security: DoQ provides encryption and authentication, protecting DNS queries from eavesdropping and tampering.
• Improved Reliability: QUIC’s built-in mechanisms for handling packet loss and network congestion ensure more reliable DNS resolution.