diff --git a/Gopkg.lock b/Gopkg.lock index 035c6de9..7d1613bb 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -41,6 +41,14 @@ revision = "78b5fff24e6df8886ef8eca9411f683a884349a5" version = "v0.4.1" +[[projects]] + digest = "1:0deddd908b6b4b768cfc272c16ee61e7088a60f7fe2f06c547bd3d8e1f8b8e77" + name = "github.com/davecgh/go-spew" + packages = ["spew"] + pruneopts = "" + revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73" + version = "v1.1.1" + [[projects]] digest = "1:b6581f9180e0f2d5549280d71819ab951db9d511478c87daca95669589d505c0" name = "github.com/go-ole/go-ole" @@ -120,6 +128,14 @@ revision = "2905694a1b00c5574f1418a7dbf8a22a7d247559" version = "v1.3.1" +[[projects]] + digest = "1:256484dbbcd271f9ecebc6795b2df8cad4c458dd0f5fd82a8c2fa0c29f233411" + name = "github.com/pmezard/go-difflib" + packages = ["difflib"] + pruneopts = "" + revision = "792786c7400a136282c1664665ae0a8db921c6c2" + version = "v1.0.0" + [[projects]] digest = "1:7f569d906bdd20d906b606415b7d794f798f91a62fcfb6a4daa6d50690fb7a3f" name = "github.com/satori/go.uuid" @@ -166,6 +182,14 @@ revision = "298182f68c66c05229eb03ac171abe6e309ee79a" version = "v1.0.3" +[[projects]] + digest = "1:cc4eb6813da8d08694e557fcafae8fcc24f47f61a0717f952da130ca9a486dfc" + name = "github.com/stretchr/testify" + packages = ["assert"] + pruneopts = "" + revision = "3ebf1ddaeb260c4b1ae502a01c7844fa8c1fa0e9" + version = "v1.5.1" + [[projects]] branch = "master" digest = "1:86e6712cfd4070a2120c03fcec41cfcbbc51813504a74e28d74479edfaf669ee" @@ -259,6 +283,14 @@ revision = "342b2e1fbaa52c93f31447ad2c6abc048c63e475" version = "v0.3.2" +[[projects]] + digest = "1:2efc9662a6a1ff28c65c84fc2f9030f13d3afecdb2ecad445f3b0c80e75fc281" + name = "gopkg.in/yaml.v2" + packages = ["."] + pruneopts = "" + revision = "53403b58ad1b561927d19068c655246f2db79d48" + version = "v2.2.8" + [solve-meta] analyzer-name = "dep" analyzer-version = 1 @@ -278,6 +310,7 @@ "github.com/satori/go.uuid", "github.com/shirou/gopsutil/process", "github.com/spf13/cobra", + "github.com/stretchr/testify/assert", "github.com/tevino/abool", "github.com/umahmood/haversine", "golang.org/x/net/icmp", diff --git a/firewall/config.go b/firewall/config.go index 721d1382..53d607e5 100644 --- a/firewall/config.go +++ b/firewall/config.go @@ -8,11 +8,13 @@ import ( var ( CfgOptionEnableFilterKey = "filter/enable" - CfgOptionPermanentVerdictsKey = "filter/permanentVerdicts" - permanentVerdicts config.BoolOption + CfgOptionPromptTimeoutKey = "filter/promptTimeout" + CfgOptionPromptTimeoutOrder = 2 + promptTimeout config.IntOption - CfgOptionPromptTimeoutKey = "filter/promptTimeout" - promptTimeout config.IntOption + CfgOptionPermanentVerdictsKey = "filter/permanentVerdicts" + CfgOptionPermanentVerdictsOrder = 128 + permanentVerdicts config.BoolOption devMode config.BoolOption apiListenAddress config.StringOption @@ -23,6 +25,7 @@ func registerConfig() error { Name: "Permanent Verdicts", Key: CfgOptionPermanentVerdictsKey, Description: "With permanent verdicts, control of a connection is fully handed back to the OS after the initial decision. This brings a great performance increase, but makes it impossible to change the decision of a link later on.", + Order: CfgOptionPermanentVerdictsOrder, OptType: config.OptTypeBool, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelExperimental, @@ -37,6 +40,7 @@ func registerConfig() error { Name: "Timeout for prompt notifications", Key: CfgOptionPromptTimeoutKey, Description: "Amount of time how long Portmaster will wait for a response when prompting about a connection via a notification. In seconds.", + Order: CfgOptionPromptTimeoutOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelUser, ReleaseLevel: config.ReleaseLevelBeta, diff --git a/profile/config.go b/profile/config.go index 8842530e..9f0e3ad3 100644 --- a/profile/config.go +++ b/profile/config.go @@ -12,53 +12,75 @@ var ( cfgIntOptions = make(map[string]config.IntOption) cfgBoolOptions = make(map[string]config.BoolOption) - CfgOptionDefaultActionKey = "filter/defaultAction" - cfgOptionDefaultAction config.StringOption + // Enable Filter Order = 0 - CfgOptionDisableAutoPermitKey = "filter/disableAutoPermit" - cfgOptionDisableAutoPermit config.IntOption // security level option + CfgOptionDefaultActionKey = "filter/defaultAction" + cfgOptionDefaultAction config.StringOption + cfgOptionDefaultActionOrder = 1 - CfgOptionEndpointsKey = "filter/endpoints" - cfgOptionEndpoints config.StringArrayOption + // Prompt Timeout Order = 2 - CfgOptionServiceEndpointsKey = "filter/serviceEndpoints" - cfgOptionServiceEndpoints config.StringArrayOption + CfgOptionBlockScopeInternetKey = "filter/blockInternet" + cfgOptionBlockScopeInternet config.IntOption // security level option + cfgOptionBlockScopeInternetOrder = 16 - CfgOptionFilterListKey = "filter/lists" - cfgOptionFilterLists config.StringArrayOption + CfgOptionBlockScopeLANKey = "filter/blockLAN" + cfgOptionBlockScopeLAN config.IntOption // security level option + cfgOptionBlockScopeLANOrder = 17 - CfgOptionFilterSubDomainsKey = "filter/includeSubdomains" - cfgOptionFilterSubDomains config.IntOption // security level option + CfgOptionBlockScopeLocalKey = "filter/blockLocal" + cfgOptionBlockScopeLocal config.IntOption // security level option + cfgOptionBlockScopeLocalOrder = 18 - CfgOptionFilterCNAMEKey = "filter/includeCNAMEs" - cfgOptionFilterCNAME config.IntOption // security level option + CfgOptionBlockP2PKey = "filter/blockP2P" + cfgOptionBlockP2P config.IntOption // security level option + cfgOptionBlockP2POrder = 19 - CfgOptionBlockScopeLocalKey = "filter/blockLocal" - cfgOptionBlockScopeLocal config.IntOption // security level option + CfgOptionBlockInboundKey = "filter/blockInbound" + cfgOptionBlockInbound config.IntOption // security level option + cfgOptionBlockInboundOrder = 20 - CfgOptionBlockScopeLANKey = "filter/blockLAN" - cfgOptionBlockScopeLAN config.IntOption // security level option + CfgOptionEndpointsKey = "filter/endpoints" + cfgOptionEndpoints config.StringArrayOption + cfgOptionEndpointsOrder = 32 - CfgOptionBlockScopeInternetKey = "filter/blockInternet" - cfgOptionBlockScopeInternet config.IntOption // security level option + CfgOptionServiceEndpointsKey = "filter/serviceEndpoints" + cfgOptionServiceEndpoints config.StringArrayOption + cfgOptionServiceEndpointsOrder = 33 - CfgOptionBlockP2PKey = "filter/blockP2P" - cfgOptionBlockP2P config.IntOption // security level option + CfgOptionPreventBypassingKey = "filter/preventBypassing" + cfgOptionPreventBypassing config.IntOption // security level option + cfgOptionPreventBypassingOrder = 48 - CfgOptionBlockInboundKey = "filter/blockInbound" - cfgOptionBlockInbound config.IntOption // security level option + CfgOptionFilterListsKey = "filter/lists" + cfgOptionFilterLists config.StringArrayOption + cfgOptionFilterListsOrder = 64 - CfgOptionEnforceSPNKey = "filter/enforceSPN" - cfgOptionEnforceSPN config.IntOption // security level option + CfgOptionFilterSubDomainsKey = "filter/includeSubdomains" + cfgOptionFilterSubDomains config.IntOption // security level option + cfgOptionFilterSubDomainsOrder = 65 - CfgOptionRemoveOutOfScopeDNSKey = "filter/removeOutOfScopeDNS" - cfgOptionRemoveOutOfScopeDNS config.IntOption // security level option + CfgOptionFilterCNAMEKey = "filter/includeCNAMEs" + cfgOptionFilterCNAME config.IntOption // security level option + cfgOptionFilterCNAMEOrder = 66 - CfgOptionRemoveBlockedDNSKey = "filter/removeBlockedDNS" - cfgOptionRemoveBlockedDNS config.IntOption // security level option + CfgOptionDisableAutoPermitKey = "filter/disableAutoPermit" + cfgOptionDisableAutoPermit config.IntOption // security level option + cfgOptionDisableAutoPermitOrder = 80 - CfgOptionPreventBypassingKey = "filter/preventBypassing" - cfgOptionPreventBypassing config.IntOption // security level option + CfgOptionEnforceSPNKey = "filter/enforceSPN" + cfgOptionEnforceSPN config.IntOption // security level option + cfgOptionEnforceSPNOrder = 96 + + CfgOptionRemoveOutOfScopeDNSKey = "filter/removeOutOfScopeDNS" + cfgOptionRemoveOutOfScopeDNS config.IntOption // security level option + cfgOptionRemoveOutOfScopeDNSOrder = 112 + + CfgOptionRemoveBlockedDNSKey = "filter/removeBlockedDNS" + cfgOptionRemoveBlockedDNS config.IntOption // security level option + cfgOptionRemoveBlockedDNSOrder = 113 + + // Permanent Verdicts Order = 128 ) func registerConfiguration() error { @@ -70,6 +92,7 @@ func registerConfiguration() error { Name: "Default Filter Action", Key: CfgOptionDefaultActionKey, Description: `The default filter action when nothing else permits or blocks a connection.`, + Order: cfgOptionDefaultActionOrder, OptType: config.OptTypeString, DefaultValue: "permit", ExternalOptType: "string list", @@ -86,6 +109,7 @@ func registerConfiguration() error { Name: "Disable Auto Permit", Key: CfgOptionDisableAutoPermitKey, Description: "Auto Permit searches for a relation between an app and the destionation of a connection - if there is a correlation, the connection will be permitted. This setting is negated in order to provide a streamlined user experience, where higher settings are better.", + Order: cfgOptionDisableAutoPermitOrder, OptType: config.OptTypeInt, ExternalOptType: "security level", DefaultValue: status.SecurityLevelsAll, @@ -121,6 +145,7 @@ Examples: + .example.com */HTTP - .example.com + 192.168.0.1/24`, + Order: cfgOptionEndpointsOrder, OptType: config.OptTypeStringArray, DefaultValue: []string{}, ExternalOptType: "endpoint list", @@ -156,6 +181,7 @@ Examples: + .example.com */HTTP - .example.com + 192.168.0.1/24`, + Order: cfgOptionServiceEndpointsOrder, OptType: config.OptTypeStringArray, DefaultValue: []string{}, ExternalOptType: "endpoint list", @@ -170,8 +196,9 @@ Examples: // Filter list IDs err = config.Register(&config.Option{ Name: "Filter List", - Key: CfgOptionFilterListKey, + Key: CfgOptionFilterListsKey, Description: "Filter connections by matching the endpoint against configured filterlists", + Order: cfgOptionFilterListsOrder, OptType: config.OptTypeStringArray, DefaultValue: []string{"TRAC", "MAL"}, ExternalOptType: "filter list", @@ -180,14 +207,15 @@ Examples: if err != nil { return err } - cfgOptionFilterLists = config.Concurrent.GetAsStringArray(CfgOptionFilterListKey, []string{}) - cfgStringArrayOptions[CfgOptionFilterListKey] = cfgOptionFilterLists + cfgOptionFilterLists = config.Concurrent.GetAsStringArray(CfgOptionFilterListsKey, []string{}) + cfgStringArrayOptions[CfgOptionFilterListsKey] = cfgOptionFilterLists // Include CNAMEs err = config.Register(&config.Option{ Name: "Filter CNAMEs", Key: CfgOptionFilterCNAMEKey, Description: "Also filter requests where a CNAME would be blocked", + Order: cfgOptionFilterCNAMEOrder, OptType: config.OptTypeInt, ExternalOptType: "security level", DefaultValue: status.SecurityLevelsAll, @@ -205,6 +233,7 @@ Examples: Name: "Filter SubDomains", Key: CfgOptionFilterSubDomainsKey, Description: "Also filter sub-domains if a parent domain is blocked by a filter list", + Order: cfgOptionFilterSubDomainsOrder, OptType: config.OptTypeInt, ExternalOptType: "security level", DefaultValue: status.SecurityLevelOff, @@ -221,6 +250,7 @@ Examples: Name: "Block Scope Local", Key: CfgOptionBlockScopeLocalKey, Description: "Block connections to your own device, ie. localhost.", + Order: cfgOptionBlockScopeLocalOrder, OptType: config.OptTypeInt, ExternalOptType: "security level", DefaultValue: status.SecurityLevelOff, @@ -237,6 +267,7 @@ Examples: Name: "Block Scope LAN", Key: CfgOptionBlockScopeLANKey, Description: "Block connections to the Local Area Network.", + Order: cfgOptionBlockScopeLANOrder, OptType: config.OptTypeInt, ExternalOptType: "security level", DefaultValue: status.SecurityLevelOff, @@ -253,6 +284,7 @@ Examples: Name: "Block Scope Internet", Key: CfgOptionBlockScopeInternetKey, Description: "Block connections to the Internet.", + Order: cfgOptionBlockScopeInternetOrder, OptType: config.OptTypeInt, ExternalOptType: "security level", DefaultValue: status.SecurityLevelOff, @@ -269,6 +301,7 @@ Examples: Name: "Block Peer to Peer Connections", Key: CfgOptionBlockP2PKey, Description: "Block peer to peer connections. These are connections that are established directly to an IP address on the Internet without resolving a domain name via DNS first.", + Order: cfgOptionBlockP2POrder, OptType: config.OptTypeInt, ExternalOptType: "security level", DefaultValue: status.SecurityLevelsAll, @@ -285,6 +318,7 @@ Examples: Name: "Block Inbound Connections", Key: CfgOptionBlockInboundKey, Description: "Block inbound connections to your device. This will usually only be the case if you are running a network service or are using peer to peer software.", + Order: cfgOptionBlockInboundOrder, OptType: config.OptTypeInt, ExternalOptType: "security level", DefaultValue: status.SecurityLevelsHighAndExtreme, @@ -301,6 +335,7 @@ Examples: Name: "Enforce SPN", Key: CfgOptionEnforceSPNKey, Description: "This setting enforces connections to be routed over the SPN. If this is not possible for any reason, connections will be blocked.", + Order: cfgOptionEnforceSPNOrder, OptType: config.OptTypeInt, ReleaseLevel: config.ReleaseLevelExperimental, ExternalOptType: "security level", @@ -318,6 +353,7 @@ Examples: Name: "Filter Out-of-Scope DNS Records", Key: CfgOptionRemoveOutOfScopeDNSKey, Description: "Filter DNS answers that are outside of the scope of the server. A server on the public Internet may not respond with a private LAN address.", + Order: cfgOptionRemoveOutOfScopeDNSOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelBeta, @@ -336,6 +372,7 @@ Examples: Name: "Filter DNS Records that would be blocked", Key: CfgOptionRemoveBlockedDNSKey, Description: "Pre-filter DNS answers that an application would not be allowed to connect to.", + Order: cfgOptionRemoveBlockedDNSOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelBeta, @@ -353,6 +390,7 @@ Examples: Name: "Prevent Bypassing", Key: CfgOptionPreventBypassingKey, Description: "Prevent apps from bypassing the privacy filter: Firefox by disabling DNS-over-HTTPs", + Order: cfgOptionPreventBypassingOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelUser, ReleaseLevel: config.ReleaseLevelBeta, diff --git a/profile/profile.go b/profile/profile.go index 70f7c162..bf228fdb 100644 --- a/profile/profile.go +++ b/profile/profile.go @@ -143,7 +143,7 @@ func (profile *Profile) parseConfig() error { } } - list, ok = profile.configPerspective.GetAsStringArray(CfgOptionFilterListKey) + list, ok = profile.configPerspective.GetAsStringArray(CfgOptionFilterListsKey) if ok { profile.filterListIDs, err = filterlists.ResolveListIDs(list) if err != nil { diff --git a/resolver/config.go b/resolver/config.go index ac9567b0..bb83fda3 100644 --- a/resolver/config.go +++ b/resolver/config.go @@ -22,28 +22,28 @@ var ( // - Available logging data may not be used against the user, ie. unethically. // Sadly, only a few services come close to fulfilling these requirements. - // For now, we have settled for two bigger and well known services: Cloudflare and Quad9. + // For now, we have settled for two bigger and well known services: Quad9 and Cloudflare. // TODO: monitor situation and re-evaluate when new services become available // TODO: explore other methods of making queries more private // We encourage everyone who has the technical abilities to set their own preferred servers. - // Default 1: Cloudflare - "dot://1.1.1.1:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip", // Cloudflare - "dot://1.0.0.1:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip", // Cloudflare - - // Default 2: Quad9 + // Default 1: Quad9 "dot://9.9.9.9:853?verify=dns.quad9.net&name=Quad9&blockedif=empty", // Quad9 "dot://149.112.112.112:853?verify=dns.quad9.net&name=Quad9&blockedif=empty", // Quad9 - // Fallback 1: Cloudflare - "dns://1.1.1.1:53?name=Cloudflare&blockedif=zeroip", // Cloudflare - "dns://1.0.0.1:53?name=Cloudflare&blockedif=zeroip", // Cloudflare + // Default 2: Cloudflare + "dot://1.1.1.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip", // Cloudflare + "dot://1.0.0.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip", // Cloudflare - // Fallback 2: Quad9 + // Fallback 1: Quad9 "dns://9.9.9.9:53?name=Quad9&blockedif=empty", // Quad9 "dns://149.112.112.112:53?name=Quad9&blockedif=empty", // Quad9 + // Fallback 2: Cloudflare + "dns://1.1.1.2:53?name=Cloudflare&blockedif=zeroip", // Cloudflare + "dns://1.0.0.2:53?name=Cloudflare&blockedif=zeroip", // Cloudflare + // supported parameters // - `verify=domain`: verify domain (dot only) // future parameters: @@ -55,38 +55,70 @@ var ( // - `zeroip`: Answer only contains zeroip } - CfgOptionNameServersKey = "dns/nameservers" - configuredNameServers config.StringArrayOption + CfgOptionNameServersKey = "dns/nameservers" + configuredNameServers config.StringArrayOption + cfgOptionNameServersOrder = 0 - CfgOptionNameserverRetryRateKey = "dns/nameserverRetryRate" - nameserverRetryRate config.IntOption + CfgOptionNoAssignedNameserversKey = "dns/noAssignedNameservers" + noAssignedNameservers status.SecurityLevelOption + cfgOptionNoAssignedNameserversOrder = 1 - CfgOptionNoMulticastDNSKey = "dns/noMulticastDNS" - noMulticastDNS status.SecurityLevelOption + CfgOptionNoMulticastDNSKey = "dns/noMulticastDNS" + noMulticastDNS status.SecurityLevelOption + cfgOptionNoMulticastDNSOrder = 2 - CfgOptionNoAssignedNameserversKey = "dns/noAssignedNameservers" - noAssignedNameservers status.SecurityLevelOption + CfgOptionNoInsecureProtocolsKey = "dns/noInsecureProtocols" + noInsecureProtocols status.SecurityLevelOption + cfgOptionNoInsecureProtocolsOrder = 3 - CfgOptionNoInsecureProtocolsKey = "dns/noInsecureProtocols" - noInsecureProtocols status.SecurityLevelOption + CfgOptionDontResolveSpecialDomainsKey = "dns/dontResolveSpecialDomains" + dontResolveSpecialDomains status.SecurityLevelOption + cfgOptionDontResolveSpecialDomainsOrder = 16 - CfgOptionDontResolveSpecialDomainsKey = "dns/dontResolveSpecialDomains" - dontResolveSpecialDomains status.SecurityLevelOption + CfgOptionDontResolveTestDomainsKey = "dns/dontResolveTestDomains" + dontResolveTestDomains status.SecurityLevelOption + cfgOptionDontResolveTestDomainsOrder = 17 - CfgOptionDontResolveTestDomainsKey = "dns/dontResolveTestDomains" - dontResolveTestDomains status.SecurityLevelOption + CfgOptionNameserverRetryRateKey = "dns/nameserverRetryRate" + nameserverRetryRate config.IntOption + cfgOptionNameserverRetryRateOrder = 32 ) func prepConfig() error { err := config.Register(&config.Option{ - Name: "DNS Servers", - Key: CfgOptionNameServersKey, - Description: "DNS Servers to use for resolving DNS requests.", + Name: "DNS Servers", + Key: CfgOptionNameServersKey, + Description: "DNS Servers to use for resolving DNS requests.", + Help: `Format: + +DNS Servers are configured in a URL format. This allows you to specify special settings for a resolver. If you just want to use a resolver at IP 10.2.3.4, please enter: dns://10.2.3.4:53 +The format is: protocol://ip:port?parameter=value¶meter=value + +Protocols: + dot: DNS-over-TLS (recommended) + dns: plain old DNS + tcp: plain old DNS over TCP + +IP: + always use the IP address and _not_ the domain name! + +Port: + always add the port! + +Parameters: + name: give your DNS Server a name that is used for messages and logs + verify: domain name to verify for "dot", required and only valid for "dot" + blockedif: detect if the name server blocks a query, options: + empty: server replies with NXDomain status, but without any other record in any section + refused: server replies with Refused status + zeroip: server replies with an IP address, but it is zero +`, + Order: cfgOptionNameServersOrder, OptType: config.OptTypeStringArray, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelStable, DefaultValue: defaultNameServers, - ValidationRegex: "^(dns|dot|tls)://.*", + ValidationRegex: fmt.Sprintf("^(%s|%s|%s)://.*", ServerTypeDoT, ServerTypeDNS, ServerTypeTCP), }) if err != nil { return err @@ -97,6 +129,7 @@ func prepConfig() error { Name: "DNS Server Retry Rate", Key: CfgOptionNameserverRetryRateKey, Description: "Rate at which to retry failed DNS Servers, in seconds.", + Order: cfgOptionNameserverRetryRateOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelStable, @@ -111,6 +144,7 @@ func prepConfig() error { Name: "Do not use Multicast DNS", Key: CfgOptionNoMulticastDNSKey, Description: "Multicast DNS queries other devices in the local network", + Order: cfgOptionNoMulticastDNSOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelStable, @@ -127,6 +161,7 @@ func prepConfig() error { Name: "Do not use assigned Nameservers", Key: CfgOptionNoAssignedNameserversKey, Description: "that were acquired by the network (dhcp) or system", + Order: cfgOptionNoAssignedNameserversOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelStable, @@ -143,6 +178,7 @@ func prepConfig() error { Name: "Do not resolve insecurely", Key: CfgOptionNoInsecureProtocolsKey, Description: "Do not resolve domains with insecure protocols, ie. plain DNS", + Order: cfgOptionNoInsecureProtocolsOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelStable, @@ -159,6 +195,7 @@ func prepConfig() error { Name: "Do not resolve special domains", Key: CfgOptionDontResolveSpecialDomainsKey, Description: fmt.Sprintf("Do not resolve the special top level domains %s", formatScopeList(specialServiceScopes)), + Order: cfgOptionDontResolveSpecialDomainsOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelStable, @@ -175,6 +212,7 @@ func prepConfig() error { Name: "Do not resolve test domains", Key: CfgOptionDontResolveTestDomainsKey, Description: fmt.Sprintf("Do not resolve the special testing top level domains %s", formatScopeList(localTestScopes)), + Order: cfgOptionDontResolveTestDomainsOrder, OptType: config.OptTypeInt, ExpertiseLevel: config.ExpertiseLevelExpert, ReleaseLevel: config.ReleaseLevelStable,