2018-11-28 12:40:56 +00:00
|
|
|
package dnsforward
|
|
|
|
|
|
|
|
|
|
import (
|
2019-10-30 08:52:58 +00:00
|
|
|
"fmt"
|
2018-11-28 12:40:56 +00:00
|
|
|
"net"
|
2019-02-22 12:52:12 +00:00
|
|
|
"net/http"
|
2019-10-21 13:58:14 +01:00
|
|
|
"runtime"
|
2018-11-28 12:40:56 +00:00
|
|
|
"sync"
|
2018-12-05 11:03:41 +00:00
|
|
|
"time"
|
2018-11-28 12:40:56 +00:00
|
|
|
|
2020-06-23 10:13:13 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/dhcpd"
|
2018-11-28 12:40:56 +00:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
|
2019-08-26 09:54:38 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/querylog"
|
2019-08-22 14:34:58 +01:00
|
|
|
"github.com/AdguardTeam/AdGuardHome/stats"
|
2018-12-24 13:58:48 +00:00
|
|
|
"github.com/AdguardTeam/dnsproxy/proxy"
|
2019-02-25 13:44:22 +00:00
|
|
|
"github.com/AdguardTeam/golibs/log"
|
2018-11-28 12:40:56 +00:00
|
|
|
"github.com/joomcode/errorx"
|
|
|
|
|
"github.com/miekg/dns"
|
2018-12-24 12:19:52 +00:00
|
|
|
)
|
|
|
|
|
|
2018-12-24 22:59:38 +00:00
|
|
|
// DefaultTimeout is the default upstream timeout
|
|
|
|
|
const DefaultTimeout = 10 * time.Second
|
|
|
|
|
|
2018-12-24 12:19:52 +00:00
|
|
|
const (
|
|
|
|
|
safeBrowsingBlockHost = "standard-block.dns.adguard.com"
|
|
|
|
|
parentalBlockHost = "family-block.dns.adguard.com"
|
2018-11-28 12:40:56 +00:00
|
|
|
)
|
|
|
|
|
|
2019-10-31 09:32:14 +00:00
|
|
|
var defaultDNS = []string{
|
2020-03-05 10:12:21 +00:00
|
|
|
"https://dns10.quad9.net/dns-query",
|
2019-10-31 09:32:14 +00:00
|
|
|
}
|
2020-03-05 10:12:21 +00:00
|
|
|
var defaultBootstrap = []string{"9.9.9.10", "149.112.112.10", "2620:fe::10", "2620:fe::fe:10"}
|
2019-10-31 09:32:14 +00:00
|
|
|
|
2020-01-16 11:25:40 +00:00
|
|
|
var webRegistered bool
|
|
|
|
|
|
2018-12-05 09:52:23 +00:00
|
|
|
// Server is the main way to start a DNS server.
|
|
|
|
|
//
|
2018-11-28 12:40:56 +00:00
|
|
|
// Example:
|
2018-12-05 09:52:23 +00:00
|
|
|
// s := dnsforward.Server{}
|
|
|
|
|
// err := s.Start(nil) // will start a DNS server listening on default port 53, in a goroutine
|
|
|
|
|
// err := s.Reconfigure(ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53535}}) // will reconfigure running DNS server to listen on UDP port 53535
|
|
|
|
|
// err := s.Stop() // will stop listening on port 53535 and cancel all goroutines
|
|
|
|
|
// err := s.Start(nil) // will start listening again, on port 53535, in a goroutine
|
2018-11-28 12:40:56 +00:00
|
|
|
//
|
|
|
|
|
// The zero Server is empty and ready for use.
|
|
|
|
|
type Server struct {
|
2020-07-03 16:20:01 +01:00
|
|
|
dnsProxy *proxy.Proxy // DNS proxy instance
|
|
|
|
|
dnsFilter *dnsfilter.Dnsfilter // DNS filter instance
|
|
|
|
|
dhcpServer dhcpd.ServerInterface // DHCP server instance (optional)
|
|
|
|
|
queryLog querylog.QueryLog // Query log instance
|
2020-06-23 10:13:13 +01:00
|
|
|
stats stats.Stats
|
|
|
|
|
access *accessCtx
|
|
|
|
|
|
2020-09-02 12:13:45 +01:00
|
|
|
ipset ipsetCtx
|
|
|
|
|
|
2020-08-18 10:36:52 +01:00
|
|
|
tableHostToIP map[string]net.IP // "hostname -> IP" table for internal addresses (DHCP)
|
|
|
|
|
tableHostToIPLock sync.Mutex
|
|
|
|
|
|
2020-06-23 10:13:13 +01:00
|
|
|
tablePTR map[string]string // "IP -> hostname" table for reverse lookup
|
|
|
|
|
tablePTRLock sync.Mutex
|
2019-05-24 12:49:26 +01:00
|
|
|
|
2019-12-11 09:38:58 +00:00
|
|
|
// DNS proxy instance for internal usage
|
|
|
|
|
// We don't Start() it and so no listen port is required.
|
|
|
|
|
internalProxy *proxy.Proxy
|
|
|
|
|
|
2020-01-16 11:25:40 +00:00
|
|
|
isRunning bool
|
2019-10-30 08:52:58 +00:00
|
|
|
|
2018-11-28 12:40:56 +00:00
|
|
|
sync.RWMutex
|
2019-05-15 13:08:15 +01:00
|
|
|
conf ServerConfig
|
2018-11-28 12:40:56 +00:00
|
|
|
}
|
|
|
|
|
|
2020-06-23 10:13:13 +01:00
|
|
|
// DNSCreateParams - parameters for NewServer()
|
|
|
|
|
type DNSCreateParams struct {
|
|
|
|
|
DNSFilter *dnsfilter.Dnsfilter
|
|
|
|
|
Stats stats.Stats
|
|
|
|
|
QueryLog querylog.QueryLog
|
2020-07-03 16:20:01 +01:00
|
|
|
DHCPServer dhcpd.ServerInterface
|
2020-06-23 10:13:13 +01:00
|
|
|
}
|
|
|
|
|
|
2019-02-10 17:47:43 +00:00
|
|
|
// NewServer creates a new instance of the dnsforward.Server
|
2019-07-10 09:56:54 +01:00
|
|
|
// Note: this function must be called only once
|
2020-06-23 10:13:13 +01:00
|
|
|
func NewServer(p DNSCreateParams) *Server {
|
2019-08-26 09:54:38 +01:00
|
|
|
s := &Server{}
|
2020-06-23 10:13:13 +01:00
|
|
|
s.dnsFilter = p.DNSFilter
|
|
|
|
|
s.stats = p.Stats
|
|
|
|
|
s.queryLog = p.QueryLog
|
|
|
|
|
|
2020-08-24 18:06:53 +01:00
|
|
|
if p.DHCPServer != nil {
|
|
|
|
|
s.dhcpServer = p.DHCPServer
|
2020-06-23 10:13:13 +01:00
|
|
|
s.dhcpServer.SetOnLeaseChanged(s.onDHCPLeaseChanged)
|
|
|
|
|
s.onDHCPLeaseChanged(dhcpd.LeaseChangedAdded)
|
|
|
|
|
}
|
2019-10-31 09:32:14 +00:00
|
|
|
|
|
|
|
|
if runtime.GOARCH == "mips" || runtime.GOARCH == "mipsle" {
|
|
|
|
|
// Use plain DNS on MIPS, encryption is too slow
|
2019-10-31 09:43:33 +00:00
|
|
|
defaultDNS = defaultBootstrap
|
2019-10-31 09:32:14 +00:00
|
|
|
}
|
2019-07-10 09:56:54 +01:00
|
|
|
return s
|
2019-02-10 17:47:43 +00:00
|
|
|
}
|
|
|
|
|
|
2019-10-30 08:52:58 +00:00
|
|
|
// Close - close object
|
2019-09-16 13:54:41 +01:00
|
|
|
func (s *Server) Close() {
|
|
|
|
|
s.Lock()
|
2019-10-09 17:51:26 +01:00
|
|
|
s.dnsFilter = nil
|
2019-09-16 13:54:41 +01:00
|
|
|
s.stats = nil
|
|
|
|
|
s.queryLog = nil
|
2019-12-11 09:38:58 +00:00
|
|
|
s.dnsProxy = nil
|
2019-09-16 13:54:41 +01:00
|
|
|
s.Unlock()
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 08:52:58 +00:00
|
|
|
// WriteDiskConfig - write configuration
|
|
|
|
|
func (s *Server) WriteDiskConfig(c *FilteringConfig) {
|
2019-12-17 10:09:03 +00:00
|
|
|
s.RLock()
|
2019-12-12 12:04:29 +00:00
|
|
|
sc := s.conf.FilteringConfig
|
|
|
|
|
*c = sc
|
|
|
|
|
c.RatelimitWhitelist = stringArrayDup(sc.RatelimitWhitelist)
|
|
|
|
|
c.BootstrapDNS = stringArrayDup(sc.BootstrapDNS)
|
|
|
|
|
c.AllowedClients = stringArrayDup(sc.AllowedClients)
|
|
|
|
|
c.DisallowedClients = stringArrayDup(sc.DisallowedClients)
|
|
|
|
|
c.BlockedHosts = stringArrayDup(sc.BlockedHosts)
|
|
|
|
|
c.UpstreamDNS = stringArrayDup(sc.UpstreamDNS)
|
2019-12-17 10:09:03 +00:00
|
|
|
s.RUnlock()
|
2019-10-30 08:52:58 +00:00
|
|
|
}
|
|
|
|
|
|
2019-12-11 09:38:58 +00:00
|
|
|
// Resolve - get IP addresses by host name from an upstream server.
|
|
|
|
|
// No request/response filtering is performed.
|
|
|
|
|
// Query log and Stats are not updated.
|
|
|
|
|
// This method may be called before Start().
|
|
|
|
|
func (s *Server) Resolve(host string) ([]net.IPAddr, error) {
|
|
|
|
|
s.RLock()
|
|
|
|
|
defer s.RUnlock()
|
|
|
|
|
return s.internalProxy.LookupIPAddr(host)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Exchange - send DNS request to an upstream server and receive response
|
|
|
|
|
// No request/response filtering is performed.
|
|
|
|
|
// Query log and Stats are not updated.
|
|
|
|
|
// This method may be called before Start().
|
|
|
|
|
func (s *Server) Exchange(req *dns.Msg) (*dns.Msg, error) {
|
|
|
|
|
s.RLock()
|
|
|
|
|
defer s.RUnlock()
|
|
|
|
|
|
|
|
|
|
ctx := &proxy.DNSContext{
|
|
|
|
|
Proto: "udp",
|
|
|
|
|
Req: req,
|
|
|
|
|
StartTime: time.Now(),
|
|
|
|
|
}
|
|
|
|
|
err := s.internalProxy.Resolve(ctx)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return ctx.Res, nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-24 12:19:52 +00:00
|
|
|
// Start starts the DNS server
|
2019-12-11 09:38:58 +00:00
|
|
|
func (s *Server) Start() error {
|
2018-11-28 12:40:56 +00:00
|
|
|
s.Lock()
|
|
|
|
|
defer s.Unlock()
|
2019-12-11 09:38:58 +00:00
|
|
|
return s.startInternal()
|
2018-12-24 12:19:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// startInternal starts without locking
|
2019-12-11 09:38:58 +00:00
|
|
|
func (s *Server) startInternal() error {
|
|
|
|
|
err := s.dnsProxy.Start()
|
|
|
|
|
if err == nil {
|
|
|
|
|
s.isRunning = true
|
2019-11-21 13:13:19 +00:00
|
|
|
}
|
2019-12-11 09:38:58 +00:00
|
|
|
return err
|
2019-11-21 13:13:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Prepare the object
|
2019-12-11 09:38:58 +00:00
|
|
|
func (s *Server) Prepare(config *ServerConfig) error {
|
2020-09-02 12:13:45 +01:00
|
|
|
// Initialize the server configuration
|
2020-05-08 16:39:37 +01:00
|
|
|
// --
|
2019-10-09 17:51:26 +01:00
|
|
|
if config != nil {
|
|
|
|
|
s.conf = *config
|
2019-12-16 14:04:30 +00:00
|
|
|
if s.conf.BlockingMode == "custom_ip" {
|
|
|
|
|
s.conf.BlockingIPAddrv4 = net.ParseIP(s.conf.BlockingIPv4)
|
|
|
|
|
s.conf.BlockingIPAddrv6 = net.ParseIP(s.conf.BlockingIPv6)
|
|
|
|
|
if s.conf.BlockingIPAddrv4 == nil || s.conf.BlockingIPAddrv6 == nil {
|
|
|
|
|
return fmt.Errorf("DNS: invalid custom blocking IP address specified")
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-08-14 17:27:36 +01:00
|
|
|
if s.conf.MaxGoroutines == 0 {
|
|
|
|
|
s.conf.MaxGoroutines = 50
|
|
|
|
|
}
|
2019-10-31 09:32:14 +00:00
|
|
|
}
|
2019-10-30 08:52:58 +00:00
|
|
|
|
2020-09-02 12:13:45 +01:00
|
|
|
// Set default values in the case if nothing is configured
|
2020-05-08 16:39:37 +01:00
|
|
|
// --
|
|
|
|
|
s.initDefaultSettings()
|
2019-10-31 09:32:14 +00:00
|
|
|
|
2020-09-02 12:13:45 +01:00
|
|
|
// Initialize IPSET configuration
|
|
|
|
|
// --
|
|
|
|
|
s.ipset.init(s.conf.IPSETList)
|
|
|
|
|
|
|
|
|
|
// Prepare DNS servers settings
|
2020-05-08 16:39:37 +01:00
|
|
|
// --
|
|
|
|
|
err := s.prepareUpstreamSettings()
|
2019-10-31 09:32:14 +00:00
|
|
|
if err != nil {
|
2020-05-08 16:39:37 +01:00
|
|
|
return err
|
2019-10-31 09:32:14 +00:00
|
|
|
}
|
2018-12-05 11:03:41 +00:00
|
|
|
|
2020-09-02 12:13:45 +01:00
|
|
|
// Create DNS proxy configuration
|
2020-05-08 16:39:37 +01:00
|
|
|
// --
|
|
|
|
|
var proxyConfig proxy.Config
|
|
|
|
|
proxyConfig, err = s.createProxyConfig()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2018-12-24 12:19:52 +00:00
|
|
|
}
|
2018-11-28 12:40:56 +00:00
|
|
|
|
2020-09-02 12:13:45 +01:00
|
|
|
// Prepare a DNS proxy instance that we use for internal DNS queries
|
2020-05-08 16:39:37 +01:00
|
|
|
// --
|
|
|
|
|
s.prepareIntlProxy()
|
2019-12-11 09:38:58 +00:00
|
|
|
|
2020-09-02 12:13:45 +01:00
|
|
|
// Initialize DNS access module
|
2020-05-08 16:39:37 +01:00
|
|
|
// --
|
2019-10-30 12:11:16 +00:00
|
|
|
s.access = &accessCtx{}
|
2019-10-31 09:32:14 +00:00
|
|
|
err = s.access.Init(s.conf.AllowedClients, s.conf.DisallowedClients, s.conf.BlockedHosts)
|
2019-05-24 12:49:26 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-02 12:13:45 +01:00
|
|
|
// Register web handlers if necessary
|
2020-05-08 16:39:37 +01:00
|
|
|
// --
|
2020-01-16 11:25:40 +00:00
|
|
|
if !webRegistered && s.conf.HTTPRegister != nil {
|
|
|
|
|
webRegistered = true
|
2019-10-30 08:52:58 +00:00
|
|
|
s.registerHandlers()
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-02 12:13:45 +01:00
|
|
|
// Create the main DNS proxy instance
|
2020-05-08 16:39:37 +01:00
|
|
|
// --
|
2018-12-24 12:19:52 +00:00
|
|
|
s.dnsProxy = &proxy.Proxy{Config: proxyConfig}
|
2019-11-21 13:13:19 +00:00
|
|
|
return nil
|
2018-12-24 12:27:14 +00:00
|
|
|
}
|
2018-12-24 12:19:52 +00:00
|
|
|
|
|
|
|
|
// Stop stops the DNS server
|
2018-11-28 12:40:56 +00:00
|
|
|
func (s *Server) Stop() error {
|
|
|
|
|
s.Lock()
|
|
|
|
|
defer s.Unlock()
|
2018-12-24 12:19:52 +00:00
|
|
|
return s.stopInternal()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// stopInternal stops without locking
|
|
|
|
|
func (s *Server) stopInternal() error {
|
|
|
|
|
if s.dnsProxy != nil {
|
|
|
|
|
err := s.dnsProxy.Stop()
|
2018-11-28 12:40:56 +00:00
|
|
|
if err != nil {
|
2018-12-24 12:19:52 +00:00
|
|
|
return errorx.Decorate(err, "could not stop the DNS server properly")
|
2018-11-28 12:40:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
2018-12-05 11:21:48 +00:00
|
|
|
|
2019-12-11 09:38:58 +00:00
|
|
|
s.isRunning = false
|
2019-08-26 09:54:38 +01:00
|
|
|
return nil
|
2018-11-28 12:40:56 +00:00
|
|
|
}
|
|
|
|
|
|
2018-12-24 12:19:52 +00:00
|
|
|
// IsRunning returns true if the DNS server is running
|
2018-11-28 13:43:50 +00:00
|
|
|
func (s *Server) IsRunning() bool {
|
|
|
|
|
s.RLock()
|
2019-12-11 09:38:58 +00:00
|
|
|
defer s.RUnlock()
|
|
|
|
|
return s.isRunning
|
2018-11-28 13:43:50 +00:00
|
|
|
}
|
|
|
|
|
|
2019-10-31 09:32:14 +00:00
|
|
|
// Reconfigure applies the new configuration to the DNS server
|
2018-12-24 12:19:52 +00:00
|
|
|
func (s *Server) Reconfigure(config *ServerConfig) error {
|
|
|
|
|
s.Lock()
|
|
|
|
|
defer s.Unlock()
|
2018-11-28 12:40:56 +00:00
|
|
|
|
2018-12-24 12:19:52 +00:00
|
|
|
log.Print("Start reconfiguring the server")
|
|
|
|
|
err := s.stopInternal()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errorx.Decorate(err, "could not reconfigure the server")
|
2018-11-28 12:40:56 +00:00
|
|
|
}
|
2019-10-21 13:58:14 +01:00
|
|
|
|
2019-12-11 14:54:34 +00:00
|
|
|
// It seems that net.Listener.Close() doesn't close file descriptors right away.
|
|
|
|
|
// We wait for some time and hope that this fd will be closed.
|
|
|
|
|
time.Sleep(100 * time.Millisecond)
|
2019-10-21 13:58:14 +01:00
|
|
|
|
2019-12-11 09:38:58 +00:00
|
|
|
err = s.Prepare(config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errorx.Decorate(err, "could not reconfigure the server")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = s.startInternal()
|
2018-12-24 12:19:52 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return errorx.Decorate(err, "could not reconfigure the server")
|
2018-11-28 12:40:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-02-22 12:52:12 +00:00
|
|
|
// ServeHTTP is a HTTP handler method we use to provide DNS-over-HTTPS
|
|
|
|
|
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
s.RLock()
|
2019-12-12 12:00:10 +00:00
|
|
|
p := s.dnsProxy
|
2019-02-22 12:52:12 +00:00
|
|
|
s.RUnlock()
|
2019-12-12 12:00:10 +00:00
|
|
|
if p != nil { // an attempt to protect against race in case we're here after Close() was called
|
|
|
|
|
p.ServeHTTP(w, r)
|
|
|
|
|
}
|
2019-02-22 12:52:12 +00:00
|
|
|
}
|
