Merge: *(dnsforward): fix safe search returning nxdomain

* commit '6c18b71010cf28e1dfe147fd6400058f6e9224be': *(dnsforward): fix safe search returning nxdomain
2020-02-05 15:35:57 +03:00 · 2020-02-05 15:35:57 +03:00 · 54c285001d
parent a5c2ad1b2f 6c18b71010
commit 54c285001d
3 changed files with 25 additions and 9 deletions
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@ -225,7 +225,7 @@ func (d *Dnsfilter) filtersInitializer() {
 // Close - close the object
 func (d *Dnsfilter) Close() {
 	if d.rulesStorage != nil {
-		d.rulesStorage.Close()
+		_ = d.rulesStorage.Close()
 	}
 }

--- a/dnsfilter/security.go
+++ b/dnsfilter/security.go
@ -127,8 +127,8 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
 	res := Result{IsFiltered: true, Reason: FilteredSafeSearch}
 	if ip := net.ParseIP(safeHost); ip != nil {
 		res.IP = ip
-		len := d.setCacheResult(gctx.safeSearchCache, host, res)
-		log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, len)
+		valLen := d.setCacheResult(gctx.safeSearchCache, host, res)
+		log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, valLen)
 		return res, nil
 	}

@ -151,8 +151,8 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
 	}

 	// Cache result
-	len := d.setCacheResult(gctx.safeSearchCache, host, res)
-	log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, len)
+	valLen := d.setCacheResult(gctx.safeSearchCache, host, res)
+	log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, valLen)
 	return res, nil
 }

@ -243,8 +243,8 @@ func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
 		result.Rule = "adguard-malware-shavar"
 	}

-	len := d.setCacheResult(gctx.safebrowsingCache, host, result)
-	log.Debug("SafeBrowsing: stored in cache: %s (%d bytes)", host, len)
+	valLen := d.setCacheResult(gctx.safebrowsingCache, host, result)
+	log.Debug("SafeBrowsing: stored in cache: %s (%d bytes)", host, valLen)
 	return result, nil
 }

@ -283,8 +283,8 @@ func (d *Dnsfilter) checkParental(host string) (Result, error) {
 		result.Rule = "parental CATEGORY_BLACKLISTED"
 	}

-	len := d.setCacheResult(gctx.parentalCache, host, result)
-	log.Debug("Parental: stored in cache: %s (%d bytes)", host, len)
+	valLen := d.setCacheResult(gctx.parentalCache, host, result)
+	log.Debug("Parental: stored in cache: %s (%d bytes)", host, valLen)
 	return result, err
 }

--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@ -883,7 +883,16 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
 	case dnsfilter.FilteredParental:
 		return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
 	default:
+		// If the query was filtered by "Safe search", dnsfilter also must return
+		// the IP address that must be used in response.
+		// In this case regardless of the filtering method, we should return it
+		if result.Reason == dnsfilter.FilteredSafeSearch && result.IP != nil {
+			return s.genResponseWithIP(m, result.IP)
+		}
+
 		if s.conf.BlockingMode == "null_ip" {
+			// it means that we should return 0.0.0.0 or :: for any blocked request
+
 			switch m.Question[0].Qtype {
 			case dns.TypeA:
 				return s.genARecord(m, []byte{0, 0, 0, 0})
@ -892,6 +901,8 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
 			}

 		} else if s.conf.BlockingMode == "custom_ip" {
+			// means that we should return custom IP for any blocked request
+
 			switch m.Question[0].Qtype {
 			case dns.TypeA:
 				return s.genARecord(m, s.conf.BlockingIPAddrv4)
@ -900,9 +911,14 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
 			}

 		} else if s.conf.BlockingMode == "nxdomain" {
+			// means that we should return NXDOMAIN for any blocked request
+
 			return s.genNXDomain(m)
 		}

+		// Default blocking mode
+		// If there's an IP specified in the rule, return it
+		// If there is no IP, return NXDOMAIN
 		if result.IP != nil {
 			return s.genResponseWithIP(m, result.IP)
 		}