Skip to content

Update dependency DNSCrypt/dnscrypt-proxy to v2.1.16#646

Merged
klutchell-renovate[bot] merged 1 commit into
mainfrom
renovate/dnscrypt-dnscrypt-proxy-2.1.x
May 24, 2026
Merged

Update dependency DNSCrypt/dnscrypt-proxy to v2.1.16#646
klutchell-renovate[bot] merged 1 commit into
mainfrom
renovate/dnscrypt-dnscrypt-proxy-2.1.x

Conversation

@klutchell-renovate
Copy link
Copy Markdown
Contributor

@klutchell-renovate klutchell-renovate Bot commented May 24, 2026

This PR contains the following updates:

Package Update Change
DNSCrypt/dnscrypt-proxy patch 2.1.152.1.16

Release Notes

DNSCrypt/dnscrypt-proxy (DNSCrypt/dnscrypt-proxy)

v2.1.16

Compare Source

  • Dashboard HTML pages are no longer cached, preventing stale content from
    being served after upgrades.
  • The IP allow/block plugins now support CIDR ranges in addition to single
    addresses and prefix matching.
  • Forwarding rules now support $RESOLVCONF:<file> to pick up upstream
    resolvers from a resolv.conf-style file, complementing the existing $DHCP
    syntax.
  • Recursive cloaking rules are now rejected at load time instead of being
    detected only when a matching query arrives.
  • Servers that hit a transient high RTT could previously stay penalized
    forever and never come back into rotation; their RTT estimate now decays so
    they can recover.
  • Servers are no longer penalized for slow responses when the response is
    actually being served from the stale cache.
  • HTTP/3 probing now consults a negative cache before retrying, avoiding
    repeated probes against servers known not to support it.
  • The HTTP transport now handles Alt-Svc: clear properly and reuses HTTP
    connections more aggressively.
  • The cache TTL is now an explicit, configurable parameter rather than being
    derived implicitly.
  • Log entries now include the relay name when a query was sent through an
    anonymized DNS or ODoH relay.
  • A new tls_prefer_rsa option has been added to prefer RSA cipher suites
    during the TLS handshake, useful on systems without hardware AES.
  • The tls_cipher_suite option is now a no-op. Modern TLS stacks no longer
    expose cipher suite selection in a meaningful way, and the option had become
    misleading.
  • The -resolve command now reports incomplete DNSSEC support instead of
    silently treating partial signatures as a success.
  • ODoH: the 401 key-refresh path has been hardened against panics, races
    and bad server state, refreshes are now coalesced, and the blocking sleep
    on refresh has been removed.
  • A log size of 0 no longer means "unlimited"; it now correctly disables
    rotation by size.
  • jsdelivr is now offered as an alternative source URL for resolver
    lists, providing more redundancy when the primary mirrors are unreachable.
  • The miekg/dns library has been updated to the v2 series.

Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@klutchell-renovate klutchell-renovate Bot enabled auto-merge May 24, 2026 07:36
@klutchell-renovate klutchell-renovate Bot merged commit d680f3a into main May 24, 2026
100 of 102 checks passed
@klutchell-renovate klutchell-renovate Bot deleted the renovate/dnscrypt-dnscrypt-proxy-2.1.x branch May 24, 2026 13:59
@klutchell klutchell mentioned this pull request May 24, 2026
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants