Tags give the ability to mark specific points in history as being important
-
v0.3.3
protectede4fb01a1 · ·v0.3.3: fix release-pipeline registry auth (re-release of v0.3.2) v0.3.2's release pipeline built all artifacts but failed pushing the Docker image to the GitLab registry ('denied') due to a ci-catalog component bump changing the DOCKER_* credential contract. This tag carries the same code as v0.3.2 plus the CI fix (log in with CI_JOB_TOKEN / CI_REGISTRY*). Content is identical to v0.3.2: DNS DoS hardening (bounded caches, rate limiting, recursion depth/bailiwick guards), upstream-pool failover fix, 501 for unenforced controls, /metrics auth, systemd sandboxing, go1.26.4. -
v0.3.2
protected89705879 · ·v0.3.2: DNS DoS hardening and security audit remediation Security + reliability release closing a full appsec (OWASP 2025 + CIS v8.1.2) and multi-domain audit, plus the upstream-pool failover fix. Hardening: - Bound the DNS forwarding cache and recursive NS/addr caches (fixes a confirmed remote OOM via unique-subdomain / water-torture floods). - Per-client + global DNS rate limiting with a count-capped tracking map. - Cap pipeline worker goroutines (stream.Scaler.Max). - Recursive resolver: bailiwick validation + recursion depth guard (cache-poisoning and stack-exhaustion defenses). - Upstream pool: bounded attempts + per-upstream failure cooldown; route OTel export errors through slog. API / ops: - Return 501 for unenforced blocking/CIDR controls; drop misleading MCP tools. - Require API-key auth for /metrics. - Fail loud on unimplemented JWT auth and non-udp listeners. - Periodic remote blocklist sync with last-good retention. - systemd sandboxing; CI goreleaser checksum + docker --password-stdin. - Pin go1.26.4 toolchain to clear reachable stdlib advisories.
-
v0.3.0
protectedb029eb1f · ·v0.3.0 — Runtime configuration management, persistence, auth, and MCP - Runtime configuration API (genapi, TLS): add/remove/replace allow/local/block entries and reload files without a restart; atomic Swappable updates (no dropped queries); persisted in an embedded bbolt store. - Authentication: argon2id API keys with scopes + short-TTL verify cache; mTLS-gated key management; secure-by-default TLS. - CLI + admin socket: void apikey create/list/revoke/delete, void reload; SIGHUP/endpoint reload. - Env-seeded admin key (VOID_ADMIN_API_KEY / _FILE) + offline void apikey generate for Docker/first-boot. - void mcp: MCP server (official SDK; stdio + streamable-HTTP) for LLM agents, bridging to the management API with the same auth + scopes. - Documentation refreshed with Mermaid architecture diagrams (docs/ARCHITECTURE.md).
-
v0.2.7
protected179ab014 · ·v0.2.7 Features - Split-DNS per-route exclusion list: `exclude: []` on a SplitRoute carves specific FQDNs (or `*.suffix` wildcards) out of an existing route. Excluded names fall through to the default dns.upstream pool without re-specifying it. Bare-only routes with an exclude are rejected at NewRouter time with an actionable diagnostic. Bug fixes - pkg/netbind wraps DNS and API binds with a short EADDRINUSE retry loop plus an operator-friendly diagnostic naming systemd-resolved (for :53) and the exact `ss`/`lsof` inspection command. Stops void.service from burning its systemd restart budget on bare `bind: address already in use` errors. - Config loader now includes the resolved config file path in load errors so duplicate-key YAML failures point at the offending file. - CI: default jobs route to the Company Cluster Runner with pinned tags to keep pipelines off the flaky Lab Servers pool while haleth DNS is broken.
-
v0.2.4
protecteda413c1c2 · ·v0.2.4 Fix the split DNS cache poisoning that made *.ts.net (Tailscale) lookups flaky and slow. - Do not cache non-success / non-NXDOMAIN responses; transient SERVFAIL from MagicDNS no longer pins a stale NOERROR/empty answer for DefaultTTL=3600s. - Preserve stored Rcode on cache hits (stop calling dns.Msg.SetReply on the stored msg, which was unconditionally rewriting Rcode to Success). - Deep-copy the cached *dns.Msg so concurrent hits cannot mutate it via SetReply / MsgHdr.Id (was a -race finding under concurrent A/AAAA). - Honor SOA MINIMUM (RFC 2308) for negative-cache TTL with a 300s cap and 60s fallback when no SOA is provided; skip caching when TTL is 0. - Coalesce N concurrent identical misses into a single upstream call (single-flight via sync.Map of *flight{done,msg}); reduces hammering of MagicDNS on cold-cache bursts. - Reproduction tests in pkg/resolver/cache_test.go and pkg/split/cache_integration_test.go lock in the contract. - Remove redundant Go 1.22+ loopvar copies in pkg/record/source.go and pkg/server/server.go to unblock the lint stage that failed on v0.2.3.