Overhaul DNS behaviour, and add support for IPv6
-
The built-in DNS server has been significantly improved.
-
It now handles multiple questions, AAAA records, and actually responds to queries with 'not implemented' when you send it something it doesn't understand.
-
The addresses given out are now totally randomized within 10/8 or fec0::/10, instead of counting up from a base address in an easily-guessable pattern.
- Accordingly, the IPv4 addressing has changed to be
169.264.42.1/24instead of10.42.42.1on the client side. cc @cyberta
- Accordingly, the IPv4 addressing has changed to be
-
The addresses are now also isolated per-app (well, per-isolation-key at the onion-tunnel layer), to prevent data leakage.
-
Also, we now support IPv6.
-
We rewrite the hacky TCP parsing code to be a bit better laid-out to support this change, and hack in support for parsing out IPv6 Hop-by-Hop headers (as required to make this work).
-
Apart from the parser and DNS, very few other changes are required, since most of the code was version-agnostic anyway.
-
That said, the Arti proxy layer will try and get you a stream that aligns with the IP version you asked for.