Merge pull request #122 in DNS/adguard-dns from feature/dnsproxy to master

* commit '374a0dc2e5b8a93ada7e69242a909607756074c8':
  Fixing review comments
  fix imports
  changed to logrus
  Start using dnsproxy
This commit is contained in:
Andrey Meshkov 2018-12-24 22:51:02 +03:00
commit 8227970d39
21 changed files with 385 additions and 1665 deletions

View File

@ -12,6 +12,8 @@ import (
"strings" "strings"
"time" "time"
"github.com/AdguardTeam/dnsproxy/upstream"
"github.com/AdguardTeam/AdGuardHome/dnsforward" "github.com/AdguardTeam/AdGuardHome/dnsforward"
"github.com/miekg/dns" "github.com/miekg/dns"
@ -204,7 +206,7 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
func checkDNS(input string) error { func checkDNS(input string) error {
log.Printf("Checking if DNS %s works...", input) log.Printf("Checking if DNS %s works...", input)
u, err := dnsforward.AddressToUpstream(input, "") u, err := upstream.AddressToUpstream(input, "")
if err != nil { if err != nil {
return fmt.Errorf("Failed to choose upstream for %s: %s", input, err) return fmt.Errorf("Failed to choose upstream for %s: %s", input, err)
} }

6
dns.go
View File

@ -7,6 +7,7 @@ import (
"github.com/AdguardTeam/AdGuardHome/dnsfilter" "github.com/AdguardTeam/AdGuardHome/dnsfilter"
"github.com/AdguardTeam/AdGuardHome/dnsforward" "github.com/AdguardTeam/AdGuardHome/dnsforward"
"github.com/AdguardTeam/dnsproxy/upstream"
"github.com/joomcode/errorx" "github.com/joomcode/errorx"
) )
@ -37,7 +38,7 @@ func generateServerConfig() dnsforward.ServerConfig {
} }
for _, u := range config.DNS.UpstreamDNS { for _, u := range config.DNS.UpstreamDNS {
upstream, err := dnsforward.AddressToUpstream(u, config.DNS.BootstrapDNS) upstream, err := upstream.AddressToUpstream(u, config.DNS.BootstrapDNS)
if err != nil { if err != nil {
log.Printf("Couldn't get upstream: %s", err) log.Printf("Couldn't get upstream: %s", err)
// continue, just ignore the upstream // continue, just ignore the upstream
@ -67,7 +68,8 @@ func reconfigureDNSServer() error {
return fmt.Errorf("Refusing to reconfigure forwarding DNS server: not running") return fmt.Errorf("Refusing to reconfigure forwarding DNS server: not running")
} }
err := dnsServer.Reconfigure(generateServerConfig()) config := generateServerConfig()
err := dnsServer.Reconfigure(&config)
if err != nil { if err != nil {
return errorx.Decorate(err, "Couldn't start forwarding DNS server") return errorx.Decorate(err, "Couldn't start forwarding DNS server")
} }

View File

@ -1,107 +0,0 @@
package dnsforward
import (
"context"
"crypto/tls"
"fmt"
"net"
"net/url"
"strings"
"sync"
"github.com/joomcode/errorx"
)
type bootstrapper struct {
address string // in form of "tls://one.one.one.one:853"
resolver *net.Resolver // resolver to use to resolve hostname, if neccessary
resolved string // in form "IP:port"
resolvedConfig *tls.Config
sync.Mutex
}
func toBoot(address, bootstrapAddr string) bootstrapper {
var resolver *net.Resolver
if bootstrapAddr != "" {
resolver = &net.Resolver{
PreferGo: true,
Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
d := net.Dialer{}
return d.DialContext(ctx, network, bootstrapAddr)
},
}
}
return bootstrapper{
address: address,
resolver: resolver,
}
}
// will get usable IP address from Address field, and caches the result
func (n *bootstrapper) get() (string, *tls.Config, error) {
// TODO: RLock() here but atomically upgrade to Lock() if fast path doesn't work
n.Lock()
if n.resolved != "" { // fast path
retval, tlsconfig := n.resolved, n.resolvedConfig
n.Unlock()
return retval, tlsconfig, nil
}
//
// slow path
//
defer n.Unlock()
justHostPort := n.address
if strings.Contains(n.address, "://") {
url, err := url.Parse(n.address)
if err != nil {
return "", nil, errorx.Decorate(err, "Failed to parse %s", n.address)
}
justHostPort = url.Host
}
// convert host to IP if neccessary, we know that it's scheme://hostname:port/
// get a host without port
host, port, err := net.SplitHostPort(justHostPort)
if err != nil {
return "", nil, fmt.Errorf("bootstrapper requires port in address %s", n.address)
}
// if it's an IP
ip := net.ParseIP(host)
if ip != nil {
n.resolved = justHostPort
return n.resolved, nil, nil
}
//
// if it's a hostname
//
resolver := n.resolver // no need to check for nil resolver -- documented that nil is default resolver
addrs, err := resolver.LookupIPAddr(context.TODO(), host)
if err != nil {
return "", nil, errorx.Decorate(err, "Failed to lookup %s", host)
}
for _, addr := range addrs {
// TODO: support ipv6, support multiple ipv4
if addr.IP.To4() == nil {
continue
}
ip = addr.IP
break
}
if ip == nil {
// couldn't find any suitable IP address
return "", nil, fmt.Errorf("Couldn't find any suitable IP address for host %s", host)
}
n.resolved = net.JoinHostPort(ip.String(), port)
n.resolvedConfig = &tls.Config{ServerName: host}
return n.resolved, n.resolvedConfig, nil
}

View File

@ -1,225 +0,0 @@
package dnsforward
import (
"encoding/binary"
"log"
"math"
"strings"
"sync"
"time"
"github.com/miekg/dns"
)
type item struct {
m *dns.Msg
when time.Time
}
type cache struct {
items map[string]item
sync.RWMutex
}
func (c *cache) Get(request *dns.Msg) (*dns.Msg, bool) {
if request == nil {
return nil, false
}
ok, key := key(request)
if !ok {
log.Printf("Get(): key returned !ok")
return nil, false
}
c.RLock()
item, ok := c.items[key]
c.RUnlock()
if !ok {
return nil, false
}
// get item's TTL
ttl := findLowestTTL(item.m)
// zero TTL? delete and don't serve it
if ttl == 0 {
c.Lock()
delete(c.items, key)
c.Unlock()
return nil, false
}
// too much time has passed? delete and don't serve it
if time.Since(item.when) >= time.Duration(ttl)*time.Second {
c.Lock()
delete(c.items, key)
c.Unlock()
return nil, false
}
response := item.fromItem(request)
return response, true
}
func (c *cache) Set(m *dns.Msg) {
if m == nil {
return // no-op
}
if !isRequestCacheable(m) {
return
}
if !isResponseCacheable(m) {
return
}
ok, key := key(m)
if !ok {
return
}
i := toItem(m)
c.Lock()
if c.items == nil {
c.items = map[string]item{}
}
c.items[key] = i
c.Unlock()
}
// check only request fields
func isRequestCacheable(m *dns.Msg) bool {
// truncated messages aren't valid
if m.Truncated {
log.Printf("Refusing to cache truncated message")
return false
}
// if has wrong number of questions, also don't cache
if len(m.Question) != 1 {
log.Printf("Refusing to cache message with wrong number of questions")
return false
}
// only OK or NXdomain replies are cached
switch m.Rcode {
case dns.RcodeSuccess:
case dns.RcodeNameError: // that's an NXDomain
case dns.RcodeServerFailure:
return false // quietly refuse, don't log
default:
log.Printf("%s: Refusing to cache message with rcode: %s", m.Question[0].Name, dns.RcodeToString[m.Rcode])
return false
}
return true
}
func isResponseCacheable(m *dns.Msg) bool {
ttl := findLowestTTL(m)
if ttl == 0 {
return false
}
return true
}
func findLowestTTL(m *dns.Msg) uint32 {
var ttl uint32 = math.MaxUint32
found := false
if m.Answer != nil {
for _, r := range m.Answer {
if r.Header().Ttl < ttl {
ttl = r.Header().Ttl
found = true
}
}
}
if m.Ns != nil {
for _, r := range m.Ns {
if r.Header().Ttl < ttl {
ttl = r.Header().Ttl
found = true
}
}
}
if m.Extra != nil {
for _, r := range m.Extra {
if r.Header().Rrtype == dns.TypeOPT {
continue // OPT records use TTL for other purposes
}
if r.Header().Ttl < ttl {
ttl = r.Header().Ttl
found = true
}
}
}
if found == false {
return 0
}
return ttl
}
// key is binary little endian in sequence:
// uint16(qtype) then uint16(qclass) then name
func key(m *dns.Msg) (bool, string) {
if len(m.Question) != 1 {
log.Printf("got msg with len(m.Question) != 1: %d", len(m.Question))
return false, ""
}
bb := strings.Builder{}
b := make([]byte, 2)
binary.LittleEndian.PutUint16(b, m.Question[0].Qtype)
bb.Write(b)
binary.LittleEndian.PutUint16(b, m.Question[0].Qclass)
bb.Write(b)
name := strings.ToLower(m.Question[0].Name)
bb.WriteString(name)
return true, bb.String()
}
func toItem(m *dns.Msg) item {
return item{
m: m,
when: time.Now(),
}
}
func (i *item) fromItem(request *dns.Msg) *dns.Msg {
response := &dns.Msg{}
response.SetReply(request)
response.Authoritative = false
response.AuthenticatedData = i.m.AuthenticatedData
response.RecursionAvailable = i.m.RecursionAvailable
response.Rcode = i.m.Rcode
ttl := findLowestTTL(i.m)
timeleft := math.Round(float64(ttl) - time.Since(i.when).Seconds())
var newttl uint32
if timeleft > 0 {
newttl = uint32(timeleft)
}
for _, r := range i.m.Answer {
answer := dns.Copy(r)
answer.Header().Ttl = newttl
response.Answer = append(response.Answer, answer)
}
for _, r := range i.m.Ns {
ns := dns.Copy(r)
ns.Header().Ttl = newttl
response.Ns = append(response.Ns, ns)
}
for _, r := range i.m.Extra {
// don't return OPT records as these are hop-by-hop
if r.Header().Rrtype == dns.TypeOPT {
continue
}
extra := dns.Copy(r)
extra.Header().Ttl = newttl
response.Extra = append(response.Extra, extra)
}
return response
}

View File

@ -1,144 +0,0 @@
package dnsforward
import (
"strings"
"testing"
"github.com/go-test/deep"
"github.com/miekg/dns"
)
func RR(rr string) dns.RR {
r, err := dns.NewRR(rr)
if err != nil {
panic(err)
}
return r
}
// deepEqual is same as deep.Equal, except:
// * ignores Id when comparing
// * question names are not case sensetive
func deepEqualMsg(left *dns.Msg, right *dns.Msg) []string {
temp := *left
temp.Id = right.Id
for i := range left.Question {
left.Question[i].Name = strings.ToLower(left.Question[i].Name)
}
for i := range right.Question {
right.Question[i].Name = strings.ToLower(right.Question[i].Name)
}
return deep.Equal(&temp, right)
}
func TestCacheSanity(t *testing.T) {
cache := cache{}
request := dns.Msg{}
request.SetQuestion("google.com.", dns.TypeA)
_, ok := cache.Get(&request)
if ok {
t.Fatal("empty cache replied with positive response")
}
}
type tests struct {
cache []testEntry
cases []testCase
}
type testEntry struct {
q string
t uint16
a []dns.RR
}
type testCase struct {
q string
t uint16
a []dns.RR
ok bool
}
func TestCache(t *testing.T) {
tests := tests{
cache: []testEntry{
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}},
},
cases: []testCase{
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
{q: "google.com.", t: dns.TypeMX, ok: false},
},
}
runTests(t, tests)
}
func TestCacheMixedCase(t *testing.T) {
tests := tests{
cache: []testEntry{
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}},
},
cases: []testCase{
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
{q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
{q: "GOOGLE.COM.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
{q: "gOOgle.com.", t: dns.TypeMX, ok: false},
{q: "google.com.", t: dns.TypeMX, ok: false},
{q: "GOOGLE.COM.", t: dns.TypeMX, ok: false},
},
}
runTests(t, tests)
}
func TestZeroTTL(t *testing.T) {
tests := tests{
cache: []testEntry{
{q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 0 IN A 8.8.8.8")}},
},
cases: []testCase{
{q: "google.com.", t: dns.TypeA, ok: false},
{q: "google.com.", t: dns.TypeA, ok: false},
{q: "google.com.", t: dns.TypeA, ok: false},
{q: "google.com.", t: dns.TypeMX, ok: false},
{q: "google.com.", t: dns.TypeMX, ok: false},
{q: "google.com.", t: dns.TypeMX, ok: false},
},
}
runTests(t, tests)
}
func runTests(t *testing.T, tests tests) {
t.Helper()
cache := cache{}
for _, tc := range tests.cache {
reply := dns.Msg{}
reply.SetQuestion(tc.q, tc.t)
reply.Response = true
reply.Answer = tc.a
cache.Set(&reply)
}
for _, tc := range tests.cases {
request := dns.Msg{}
request.SetQuestion(tc.q, tc.t)
val, ok := cache.Get(&request)
if diff := deep.Equal(ok, tc.ok); diff != nil {
t.Error(diff)
}
if tc.a != nil {
if ok == false {
continue
}
reply := dns.Msg{}
reply.SetQuestion(tc.q, tc.t)
reply.Response = true
reply.Answer = tc.a
cache.Set(&reply)
if diff := deepEqualMsg(val, &reply); diff != nil {
t.Error(diff)
} else {
if diff := deep.Equal(val, reply); diff == nil {
t.Error("different message ID were not caught")
}
}
}
}
}

View File

@ -1,18 +1,24 @@
package dnsforward package dnsforward
import ( import (
"errors"
"fmt" "fmt"
"log"
"net" "net"
"reflect"
"strings" "strings"
"sync" "sync"
"time" "time"
"github.com/AdguardTeam/AdGuardHome/dnsfilter" "github.com/AdguardTeam/AdGuardHome/dnsfilter"
"github.com/AdguardTeam/dnsproxy/proxy"
"github.com/AdguardTeam/dnsproxy/upstream"
"github.com/joomcode/errorx" "github.com/joomcode/errorx"
"github.com/miekg/dns" "github.com/miekg/dns"
gocache "github.com/patrickmn/go-cache" log "github.com/sirupsen/logrus"
)
const (
safeBrowsingBlockHost = "standard-block.dns.adguard.com"
parentalBlockHost = "family-block.dns.adguard.com"
) )
// Server is the main way to start a DNS server. // Server is the main way to start a DNS server.
@ -26,66 +32,18 @@ import (
// //
// The zero Server is empty and ready for use. // The zero Server is empty and ready for use.
type Server struct { type Server struct {
udpListen *net.UDPConn dnsProxy *proxy.Proxy // DNS proxy instance
dnsFilter *dnsfilter.Dnsfilter dnsFilter *dnsfilter.Dnsfilter // DNS filter instance
cache cache
ratelimitBuckets *gocache.Cache // where the ratelimiters are stored, per IP
sync.RWMutex sync.RWMutex
ServerConfig ServerConfig
} }
const ( // FilteringConfig represents the DNS filtering configuration of AdGuard Home
safeBrowsingBlockHost = "standard-block.dns.adguard.com"
parentalBlockHost = "family-block.dns.adguard.com"
)
// uncomment this block to have tracing of locks
/*
func (s *Server) Lock() {
pc := make([]uintptr, 10) // at least 1 entry needed
runtime.Callers(2, pc)
f := runtime.FuncForPC(pc[0])
file, line := f.FileLine(pc[0])
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Lock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
s.RWMutex.Lock()
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Lock() -> done\n", path.Base(file), line, path.Base(f.Name()))
}
func (s *Server) RLock() {
pc := make([]uintptr, 10) // at least 1 entry needed
runtime.Callers(2, pc)
f := runtime.FuncForPC(pc[0])
file, line := f.FileLine(pc[0])
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RLock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
s.RWMutex.RLock()
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RLock() -> done\n", path.Base(file), line, path.Base(f.Name()))
}
func (s *Server) Unlock() {
pc := make([]uintptr, 10) // at least 1 entry needed
runtime.Callers(2, pc)
f := runtime.FuncForPC(pc[0])
file, line := f.FileLine(pc[0])
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Unlock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
s.RWMutex.Unlock()
fmt.Fprintf(os.Stderr, "%s:%d %s() -> Unlock() -> done\n", path.Base(file), line, path.Base(f.Name()))
}
func (s *Server) RUnlock() {
pc := make([]uintptr, 10) // at least 1 entry needed
runtime.Callers(2, pc)
f := runtime.FuncForPC(pc[0])
file, line := f.FileLine(pc[0])
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RUnlock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
s.RWMutex.RUnlock()
fmt.Fprintf(os.Stderr, "%s:%d %s() -> RUnlock() -> done\n", path.Base(file), line, path.Base(f.Name()))
}
*/
type FilteringConfig struct { type FilteringConfig struct {
ProtectionEnabled bool `yaml:"protection_enabled"` ProtectionEnabled bool `yaml:"protection_enabled"` // whether or not use any of dnsfilter features
FilteringEnabled bool `yaml:"filtering_enabled"` FilteringEnabled bool `yaml:"filtering_enabled"` // whether or not use filter lists
BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"` // if 0, then default is used (3600) BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"` // if 0, then default is used (3600)
QueryLogEnabled bool `yaml:"querylog_enabled"` QueryLogEnabled bool `yaml:"querylog_enabled"`
Ratelimit int `yaml:"ratelimit"` Ratelimit int `yaml:"ratelimit"`
@ -96,11 +54,12 @@ type FilteringConfig struct {
dnsfilter.Config `yaml:",inline"` dnsfilter.Config `yaml:",inline"`
} }
// ServerConfig represents server configuration.
// The zero ServerConfig is empty and ready for use. // The zero ServerConfig is empty and ready for use.
type ServerConfig struct { type ServerConfig struct {
UDPListenAddr *net.UDPAddr // if nil, then default is is used (port 53 on *) UDPListenAddr *net.UDPAddr // UDP listen address
Upstreams []Upstream Upstreams []upstream.Upstream // Configured upstreams
Filters []dnsfilter.Filter Filters []dnsfilter.Filter // A list of filters to use
FilteringConfig FilteringConfig
} }
@ -109,103 +68,47 @@ type ServerConfig struct {
var defaultValues = ServerConfig{ var defaultValues = ServerConfig{
UDPListenAddr: &net.UDPAddr{Port: 53}, UDPListenAddr: &net.UDPAddr{Port: 53},
FilteringConfig: FilteringConfig{BlockedResponseTTL: 3600}, FilteringConfig: FilteringConfig{BlockedResponseTTL: 3600},
Upstreams: []Upstream{
//// dns over HTTPS
// &dnsOverHTTPS{boot: toBoot("https://1.1.1.1/dns-query", "")},
// &dnsOverHTTPS{boot: toBoot("https://dns.google.com/experimental", "")},
// &dnsOverHTTPS{boot: toBoot("https://doh.cleanbrowsing.org/doh/security-filter/", "")},
// &dnsOverHTTPS{boot: toBoot("https://dns10.quad9.net/dns-query", "")},
// &dnsOverHTTPS{boot: toBoot("https://doh.powerdns.org", "")},
// &dnsOverHTTPS{boot: toBoot("https://doh.securedns.eu/dns-query", "")},
//// dns over TLS
// &dnsOverTLS{boot: toBoot("tls://8.8.8.8:853", "")},
// &dnsOverTLS{boot: toBoot("tls://8.8.4.4:853", "")},
// &dnsOverTLS{boot: toBoot("tls://1.1.1.1:853", "")},
// &dnsOverTLS{boot: toBoot("tls://1.0.0.1:853", "")},
//// plainDNS
&plainDNS{boot: toBoot("8.8.8.8:53", "")},
&plainDNS{boot: toBoot("8.8.4.4:53", "")},
&plainDNS{boot: toBoot("1.1.1.1:53", "")},
&plainDNS{boot: toBoot("1.0.0.1:53", "")},
},
} }
// func init() {
// packet loop defaultDNS := []string{"8.8.8.8:53", "8.8.4.4:53"}
//
func (s *Server) packetLoop() { defaultUpstreams := make([]upstream.Upstream, 0)
log.Printf("Entering packet handle loop") for _, addr := range defaultDNS {
b := make([]byte, dns.MaxMsgSize) u, err := upstream.AddressToUpstream(addr, "")
for { if err == nil {
s.RLock() defaultUpstreams = append(defaultUpstreams, u)
conn := s.udpListen
s.RUnlock()
if conn == nil {
log.Printf("udp socket has disappeared, exiting loop")
break
}
n, addr, err := conn.ReadFrom(b)
// documentation says to handle the packet even if err occurs, so do that first
if n > 0 {
// make a copy of all bytes because ReadFrom() will overwrite contents of b on next call
// we need the contents to survive the call because we're handling them in goroutine
p := make([]byte, n)
copy(p, b)
go s.handlePacket(p, addr, conn) // ignore errors
}
if err != nil {
if isConnClosed(err) {
log.Printf("ReadFrom() returned because we're reading from a closed connection, exiting loop")
// don't try to nullify s.udpListen here, because s.udpListen could be already re-bound to listen
break
}
log.Printf("Got error when reading from udp listen: %s", err)
} }
} }
defaultValues.Upstreams = defaultUpstreams
} }
// // Start starts the DNS server
// Control functions
//
func (s *Server) Start(config *ServerConfig) error { func (s *Server) Start(config *ServerConfig) error {
s.Lock() s.Lock()
defer s.Unlock() defer s.Unlock()
return s.startInternal(config)
}
// startInternal starts without locking
func (s *Server) startInternal(config *ServerConfig) error {
if config != nil { if config != nil {
s.ServerConfig = *config s.ServerConfig = *config
} }
// TODO: handle being called Start() second time after Stop()
if s.udpListen == nil { if s.dnsFilter != nil || s.dnsProxy != nil {
log.Printf("Creating UDP socket") return errors.New("DNS server is already started")
var err error
addr := s.UDPListenAddr
if addr == nil {
addr = defaultValues.UDPListenAddr
}
s.udpListen, err = net.ListenUDP("udp", addr)
if err != nil {
s.udpListen = nil
return errorx.Decorate(err, "Couldn't listen to UDP socket")
}
log.Println(s.udpListen.LocalAddr(), s.UDPListenAddr)
} }
if s.dnsFilter == nil { err := s.initDNSFilter()
log.Printf("Creating dnsfilter") if err != nil {
s.dnsFilter = dnsfilter.New(&s.Config) return err
// add rules only if they are enabled
if s.FilteringEnabled {
s.dnsFilter.AddRules(s.Filters)
}
} }
log.Printf("Loading stats from querylog") log.Printf("Loading stats from querylog")
err := fillStatsFromQueryLog() err = fillStatsFromQueryLog()
if err != nil { if err != nil {
log.Printf("Failed to load stats from querylog: %s", err) return errorx.Decorate(err, "failed to load stats from querylog")
return err
} }
once.Do(func() { once.Do(func() {
@ -214,20 +117,64 @@ func (s *Server) Start(config *ServerConfig) error {
go statsRotator() go statsRotator()
}) })
go s.packetLoop() // TODO: Add TCPListenAddr
proxyConfig := proxy.Config{
UDPListenAddr: s.UDPListenAddr,
Ratelimit: s.Ratelimit,
RatelimitWhitelist: s.RatelimitWhitelist,
RefuseAny: s.RefuseAny,
CacheEnabled: true,
Upstreams: s.Upstreams,
Handler: s.handleDNSRequest,
}
if proxyConfig.UDPListenAddr == nil {
proxyConfig.UDPListenAddr = defaultValues.UDPListenAddr
}
if len(proxyConfig.Upstreams) == 0 {
proxyConfig.Upstreams = defaultValues.Upstreams
}
// Initialize and start the DNS proxy
s.dnsProxy = &proxy.Proxy{Config: proxyConfig}
return s.dnsProxy.Start()
}
// Initializes the DNS filter
func (s *Server) initDNSFilter() error {
log.Printf("Creating dnsfilter")
s.dnsFilter = dnsfilter.New(&s.Config)
// add rules only if they are enabled
if s.FilteringEnabled {
err := s.dnsFilter.AddRules(s.Filters)
if err != nil {
return errorx.Decorate(err, "could not initialize dnsfilter")
}
}
return nil return nil
} }
// Stop stops the DNS server
func (s *Server) Stop() error { func (s *Server) Stop() error {
s.Lock() s.Lock()
defer s.Unlock() defer s.Unlock()
if s.udpListen != nil { return s.stopInternal()
err := s.udpListen.Close()
s.udpListen = nil
if err != nil {
return errorx.Decorate(err, "Couldn't close UDP listening socket")
} }
// stopInternal stops without locking
func (s *Server) stopInternal() error {
if s.dnsProxy != nil {
err := s.dnsProxy.Stop()
s.dnsProxy = nil
if err != nil {
return errorx.Decorate(err, "could not stop the DNS server properly")
}
}
if s.dnsFilter != nil {
s.dnsFilter.Destroy()
s.dnsFilter = nil
} }
// flush remainder to file // flush remainder to file
@ -244,283 +191,55 @@ func (s *Server) Stop() error {
return nil return nil
} }
// IsRunning returns true if the DNS server is running
func (s *Server) IsRunning() bool { func (s *Server) IsRunning() bool {
s.RLock() s.RLock()
isRunning := true isRunning := true
if s.udpListen == nil { if s.dnsProxy == nil {
isRunning = false isRunning = false
} }
s.RUnlock() s.RUnlock()
return isRunning return isRunning
} }
// // Reconfigure applies the new configuration to the DNS server
// Server reconfigure func (s *Server) Reconfigure(config *ServerConfig) error {
//
func (s *Server) reconfigureListenAddr(new ServerConfig) error {
oldAddr := s.UDPListenAddr
if oldAddr == nil {
oldAddr = defaultValues.UDPListenAddr
}
newAddr := new.UDPListenAddr
if newAddr == nil {
newAddr = defaultValues.UDPListenAddr
}
if newAddr.Port == 0 {
return errorx.IllegalArgument.New("new port cannot be 0")
}
if reflect.DeepEqual(oldAddr, newAddr) {
// do nothing, the addresses are exactly the same
log.Printf("Not going to rebind because addresses are same: %v -> %v", oldAddr, newAddr)
return nil
}
// rebind, using a strategy:
// * if ports are different, bind new first, then close old
// * if ports are same, close old first, then bind new
var newListen *net.UDPConn
var err error
if oldAddr.Port != newAddr.Port {
log.Printf("Rebinding -- ports are different so bind first then close")
newListen, err = net.ListenUDP("udp", newAddr)
if err != nil {
return errorx.Decorate(err, "Couldn't bind to %v", newAddr)
}
s.Lock() s.Lock()
if s.udpListen != nil { defer s.Unlock()
err = s.udpListen.Close()
s.udpListen = nil
}
s.Unlock()
if err != nil {
return errorx.Decorate(err, "Couldn't close UDP listening socket")
}
} else {
log.Printf("Rebinding -- ports are same so close first then bind")
s.Lock()
if s.udpListen != nil {
err = s.udpListen.Close()
s.udpListen = nil
}
s.Unlock()
if err != nil {
return errorx.Decorate(err, "Couldn't close UDP listening socket")
}
newListen, err = net.ListenUDP("udp", newAddr)
if err != nil {
return errorx.Decorate(err, "Couldn't bind to %v", newAddr)
}
}
s.Lock()
s.udpListen = newListen
s.UDPListenAddr = new.UDPListenAddr
s.Unlock()
log.Println(s.udpListen.LocalAddr(), s.UDPListenAddr)
go s.packetLoop() // the old one has quit, use new one log.Print("Start reconfiguring the server")
err := s.stopInternal()
if err != nil {
return errorx.Decorate(err, "could not reconfigure the server")
}
err = s.startInternal(config)
if err != nil {
return errorx.Decorate(err, "could not reconfigure the server")
}
return nil return nil
} }
func (s *Server) reconfigureBlockedResponseTTL(new ServerConfig) { // handleDNSRequest filters the incoming DNS requests and writes them to the query log
newVal := new.BlockedResponseTTL func (s *Server) handleDNSRequest(p *proxy.Proxy, d *proxy.DNSContext) error {
if newVal == 0 {
newVal = defaultValues.BlockedResponseTTL
}
oldVal := s.BlockedResponseTTL
if oldVal == 0 {
oldVal = defaultValues.BlockedResponseTTL
}
if newVal != oldVal {
s.BlockedResponseTTL = new.BlockedResponseTTL
}
}
func (s *Server) reconfigureUpstreams(new ServerConfig) {
newVal := new.Upstreams
if len(newVal) == 0 {
newVal = defaultValues.Upstreams
}
oldVal := s.Upstreams
if len(oldVal) == 0 {
oldVal = defaultValues.Upstreams
}
if reflect.DeepEqual(newVal, oldVal) {
// they're exactly the same, do nothing
return
}
s.Upstreams = new.Upstreams
}
func (s *Server) reconfigureFiltering(new ServerConfig) {
newFilters := new.Filters
if len(newFilters) == 0 {
newFilters = defaultValues.Filters
}
oldFilters := s.Filters
if len(oldFilters) == 0 {
oldFilters = defaultValues.Filters
}
needUpdate := false
if !reflect.DeepEqual(newFilters, oldFilters) {
needUpdate = true
}
if !reflect.DeepEqual(new.FilteringConfig, s.FilteringConfig) {
needUpdate = true
}
if !needUpdate {
// nothing to do, everything is same
return
}
// TODO: instead of creating new dnsfilter, change existing one's settings and filters
dnsFilter := dnsfilter.New(&new.Config) // sets safebrowsing, safesearch and parental
// add rules only if they are enabled
if new.FilteringEnabled {
dnsFilter.AddRules(newFilters)
}
s.Lock()
oldDNSFilter := s.dnsFilter
s.dnsFilter = dnsFilter
s.FilteringConfig = new.FilteringConfig
s.Unlock()
oldDNSFilter.Destroy()
}
func (s *Server) Reconfigure(new ServerConfig) error {
s.reconfigureBlockedResponseTTL(new)
s.reconfigureUpstreams(new)
s.reconfigureFiltering(new)
err := s.reconfigureListenAddr(new)
if err != nil {
return errorx.Decorate(err, "Couldn't reconfigure to new listening address %+v", new.UDPListenAddr)
}
return nil
}
//
// packet handling functions
//
// handlePacketInternal processes the incoming packet bytes and returns with an optional response packet.
//
// If an empty dns.Msg is returned, do not try to send anything back to client, otherwise send contents of dns.Msg.
//
// If an error is returned, log it, don't try to generate data based on that error.
func (s *Server) handlePacketInternal(msg *dns.Msg, addr net.Addr, conn *net.UDPConn) (*dns.Msg, *dnsfilter.Result, Upstream, error) {
// log.Printf("Got packet %d bytes from %s: %v", len(p), addr, p)
//
// DNS packet byte format is valid
//
// any errors below here require a response to client
// log.Printf("Unpacked: %v", msg.String())
if len(msg.Question) != 1 {
log.Printf("Got invalid number of questions: %v", len(msg.Question))
return s.genServerFailure(msg), nil, nil, nil
}
if msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
return s.genNotImpl(msg), nil, nil, nil
}
// we need upstream to resolve A records
upstream := s.chooseUpstream()
host := strings.TrimSuffix(msg.Question[0].Name, ".")
// use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
var res dnsfilter.Result
var err error
if s.ProtectionEnabled {
res, err = s.dnsFilter.CheckHost(host)
if err != nil {
log.Printf("dnsfilter failed to check host '%s': %s", host, err)
return s.genServerFailure(msg), &res, nil, err
} else if res.IsFiltered {
log.Printf("Host %s is filtered, reason - '%s', matched rule: '%s'", host, res.Reason, res.Rule)
switch res.Reason {
case dnsfilter.FilteredSafeBrowsing:
return s.genArecord(msg, safeBrowsingBlockHost, upstream), &res, nil, nil
case dnsfilter.FilteredParental:
return s.genArecord(msg, parentalBlockHost, upstream), &res, nil, nil
}
return s.genNXDomain(msg), &res, nil, nil
}
}
{
val, ok := s.cache.Get(msg)
if ok && val != nil {
return val, &res, nil, nil
}
}
// TODO: replace with single-socket implementation
reply, err := upstream.Exchange(msg)
if err != nil {
log.Printf("talking to upstream failed for host '%s': %s", host, err)
return s.genServerFailure(msg), &res, upstream, err
}
if reply == nil {
log.Printf("SHOULD NOT HAPPEN upstream returned empty message for host '%s'. Request is %v", host, msg.String())
return s.genServerFailure(msg), &res, upstream, nil
}
s.cache.Set(reply)
return reply, &res, upstream, nil
}
func (s *Server) handlePacket(p []byte, addr net.Addr, conn *net.UDPConn) {
start := time.Now() start := time.Now()
ip, _, err := net.SplitHostPort(addr.String())
// use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
res, err := s.filterDNSRequest(d)
if err != nil { if err != nil {
log.Printf("Failed to split %v into host/port: %s", addr, err) return err
// not a fatal error, move on
} }
// ratelimit based on IP only, protects CPU cycles and outbound connections if d.Res == nil {
if s.isRatelimited(ip) { // request was not filtered so let it be processed further
// log.Printf("Ratelimiting %s based on IP only", ip) err = p.Resolve(d)
return // do nothing, don't reply, we got ratelimited
}
msg := &dns.Msg{}
err = msg.Unpack(p)
if err != nil { if err != nil {
log.Printf("got invalid DNS packet: %s", err) return err
return // do nothing
}
reply, result, upstream, err := s.handlePacketInternal(msg, addr, conn)
if reply != nil {
// ratelimit based on reply size now
replysize := reply.Len()
if s.isRatelimitedForReply(ip, replysize) {
log.Printf("Ratelimiting %s based on IP and size %d", ip, replysize)
return // do nothing, don't reply, we got ratelimited
}
// we're good to respond
rerr := s.respond(reply, addr, conn)
if rerr != nil {
log.Printf("Couldn't respond to UDP packet: %s", err)
} }
} }
//
// query logging and stats counters
//
shouldLog := true shouldLog := true
msg := d.Req
// don't log ANY request if refuseAny is enabled // don't log ANY request if refuseAny is enabled
if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny { if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
@ -530,37 +249,66 @@ func (s *Server) handlePacket(p []byte, addr net.Addr, conn *net.UDPConn) {
if s.QueryLogEnabled && shouldLog { if s.QueryLogEnabled && shouldLog {
elapsed := time.Since(start) elapsed := time.Since(start)
upstreamAddr := "" upstreamAddr := ""
if upstream != nil { if d.Upstream != nil {
upstreamAddr = upstream.Address() upstreamAddr = d.Upstream.Address()
}
logRequest(msg, reply, result, elapsed, ip, upstreamAddr)
} }
logRequest(msg, d.Res, res, elapsed, d.Addr.String(), upstreamAddr)
} }
//
// packet sending functions
//
func (s *Server) respond(resp *dns.Msg, addr net.Addr, conn *net.UDPConn) error {
// log.Printf("Replying to %s with %s", addr, resp)
resp.Compress = true
bytes, err := resp.Pack()
if err != nil {
return errorx.Decorate(err, "Couldn't convert message into wire format")
}
n, err := conn.WriteTo(bytes, addr)
if n == 0 && isConnClosed(err) {
return err
}
if n != len(bytes) {
return fmt.Errorf("WriteTo() returned with %d != %d", n, len(bytes))
}
if err != nil {
return errorx.Decorate(err, "WriteTo() returned error")
}
return nil return nil
} }
// filterDNSRequest applies the dnsFilter and sets d.Res if the request was filtered
func (s *Server) filterDNSRequest(d *proxy.DNSContext) (*dnsfilter.Result, error) {
msg := d.Req
host := strings.TrimSuffix(msg.Question[0].Name, ".")
s.RLock()
protectionEnabled := s.ProtectionEnabled
dnsFilter := s.dnsFilter
s.RUnlock()
if !protectionEnabled {
return nil, nil
}
var res dnsfilter.Result
var err error
res, err = dnsFilter.CheckHost(host)
if err != nil {
// Return immediately if there's an error
return nil, errorx.Decorate(err, "dnsfilter failed to check host '%s'", host)
} else if res.IsFiltered {
log.Debugf("Host %s is filtered, reason - '%s', matched rule: '%s'", host, res.Reason, res.Rule)
d.Res = s.genDNSFilterMessage(d, &res)
}
return &res, err
}
// genDNSFilterMessage generates a DNS message corresponding to the filtering result
func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Result) *dns.Msg {
m := d.Req
if m.Question[0].Qtype != dns.TypeA {
return s.genNXDomain(m)
}
switch result.Reason {
case dnsfilter.FilteredSafeBrowsing:
return s.genBlockedHost(m, safeBrowsingBlockHost, d.Upstream)
case dnsfilter.FilteredParental:
return s.genBlockedHost(m, parentalBlockHost, d.Upstream)
default:
if result.Ip != nil {
return s.genARecord(m, result.Ip)
}
return s.genNXDomain(m)
}
}
func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg { func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
resp := dns.Msg{} resp := dns.Msg{}
resp.SetRcode(request, dns.RcodeServerFailure) resp.SetRcode(request, dns.RcodeServerFailure)
@ -568,29 +316,19 @@ func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
return &resp return &resp
} }
func (s *Server) genNotImpl(request *dns.Msg) *dns.Msg { func (s *Server) genARecord(request *dns.Msg, ip net.IP) *dns.Msg {
resp := dns.Msg{}
resp.SetRcode(request, dns.RcodeNotImplemented)
resp.RecursionAvailable = true
resp.SetEdns0(1452, false) // NOTIMPL without EDNS is treated as 'we don't support EDNS', so explicitly set it
return &resp
}
func (s *Server) genArecord(request *dns.Msg, newAddr string, upstream Upstream) *dns.Msg {
addr := net.ParseIP(newAddr)
if addr != nil {
// this is an IP address, return it
resp := dns.Msg{} resp := dns.Msg{}
resp.SetReply(request) resp.SetReply(request)
answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, newAddr)) answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, ip.String()))
if err != nil { if err != nil {
log.Printf("Couldn't generate A record for up replacement host '%s': %s", newAddr, err) log.Warnf("Couldn't generate A record for up replacement host '%s': %s", ip.String(), err)
return s.genServerFailure(request) return s.genServerFailure(request)
} }
resp.Answer = append(resp.Answer, answer) resp.Answer = append(resp.Answer, answer)
return &resp return &resp
} }
func (s *Server) genBlockedHost(request *dns.Msg, newAddr string, upstream upstream.Upstream) *dns.Msg {
// look up the hostname, TODO: cache // look up the hostname, TODO: cache
replReq := dns.Msg{} replReq := dns.Msg{}
replReq.SetQuestion(dns.Fqdn(newAddr), request.Question[0].Qtype) replReq.SetQuestion(dns.Fqdn(newAddr), request.Question[0].Qtype)

View File

@ -3,6 +3,9 @@ package dnsforward
import ( import (
"net" "net"
"testing" "testing"
"time"
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
"github.com/miekg/dns" "github.com/miekg/dns"
) )
@ -14,12 +17,9 @@ func TestServer(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("Failed to start server: %s", err) t.Fatalf("Failed to start server: %s", err)
} }
if s.udpListen == nil {
t.Fatal("Started server has nil udpListen")
}
// server is running, send a message // server is running, send a message
addr := s.udpListen.LocalAddr() addr := s.dnsProxy.Addr("udp")
req := dns.Msg{} req := dns.Msg{}
req.Id = dns.Id() req.Id = dns.Id()
req.RecursionDesired = true req.RecursionDesired = true
@ -44,6 +44,171 @@ func TestServer(t *testing.T) {
err = s.Stop() err = s.Stop()
if err != nil { if err != nil {
t.Fatalf("DNS server %s failed to stop: %s", addr, err) t.Fatalf("DNS server failed to stop: %s", err)
} }
} }
func TestInvalidRequest(t *testing.T) {
s := Server{}
s.UDPListenAddr = &net.UDPAddr{Port: 0}
err := s.Start(nil)
if err != nil {
t.Fatalf("Failed to start server: %s", err)
}
// server is running, send a message
addr := s.dnsProxy.Addr("udp")
req := dns.Msg{}
req.Id = dns.Id()
req.RecursionDesired = true
// send a DNS request without question
client := dns.Client{Net: "udp", Timeout: 500 * time.Millisecond}
_, _, err = client.Exchange(&req, addr.String())
if err != nil {
t.Fatalf("got a response to an invalid query")
}
err = s.Stop()
if err != nil {
t.Fatalf("DNS server failed to stop: %s", err)
}
}
func TestBlockedRequest(t *testing.T) {
s := createTestServer()
err := s.Start(nil)
if err != nil {
t.Fatalf("Failed to start server: %s", err)
}
addr := s.dnsProxy.Addr("udp")
//
// NXDomain blocking
//
req := dns.Msg{}
req.Id = dns.Id()
req.RecursionDesired = true
req.Question = []dns.Question{
{Name: "nxdomain.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
}
reply, err := dns.Exchange(&req, addr.String())
if err != nil {
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
}
if reply.Rcode != dns.RcodeNameError {
t.Fatalf("Wrong response: %s", reply.String())
}
err = s.Stop()
if err != nil {
t.Fatalf("DNS server failed to stop: %s", err)
}
}
func TestBlockedByHosts(t *testing.T) {
s := createTestServer()
err := s.Start(nil)
if err != nil {
t.Fatalf("Failed to start server: %s", err)
}
addr := s.dnsProxy.Addr("udp")
//
// Hosts blocking
//
req := dns.Msg{}
req.Id = dns.Id()
req.RecursionDesired = true
req.Question = []dns.Question{
{Name: "host.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
}
reply, err := dns.Exchange(&req, addr.String())
if err != nil {
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
}
if len(reply.Answer) != 1 {
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
}
if a, ok := reply.Answer[0].(*dns.A); ok {
if !net.IPv4(127, 0, 0, 1).Equal(a.A) {
t.Fatalf("DNS server %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
}
} else {
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
}
err = s.Stop()
if err != nil {
t.Fatalf("DNS server failed to stop: %s", err)
}
}
func TestBlockedBySafeBrowsing(t *testing.T) {
s := createTestServer()
err := s.Start(nil)
if err != nil {
t.Fatalf("Failed to start server: %s", err)
}
addr := s.dnsProxy.Addr("udp")
//
// Safebrowsing blocking
//
req := dns.Msg{}
req.Id = dns.Id()
req.RecursionDesired = true
req.Question = []dns.Question{
{Name: "wmconvirus.narod.ru.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
}
reply, err := dns.Exchange(&req, addr.String())
if err != nil {
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
}
if len(reply.Answer) != 1 {
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
}
if a, ok := reply.Answer[0].(*dns.A); ok {
addrs, lookupErr := net.LookupHost(safeBrowsingBlockHost)
if lookupErr != nil {
t.Fatalf("cannot resolve %s due to %s", safeBrowsingBlockHost, lookupErr)
}
found := false
for _, blockAddr := range addrs {
if blockAddr == a.A.String() {
found = true
}
}
if !found {
t.Fatalf("DNS server %s returned wrong answer: %v", addr, a.A)
}
} else {
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
}
err = s.Stop()
if err != nil {
t.Fatalf("DNS server failed to stop: %s", err)
}
}
func createTestServer() *Server {
s := Server{}
s.UDPListenAddr = &net.UDPAddr{Port: 0}
s.FilteringConfig.FilteringEnabled = true
s.FilteringConfig.ProtectionEnabled = true
s.FilteringConfig.SafeBrowsingEnabled = true
s.Filters = make([]dnsfilter.Filter, 0)
rules := []string{
"||nxdomain.example.org^",
"127.0.0.1 host.example.org",
}
filter := dnsfilter.Filter{ID: 1, Rules: rules}
s.Filters = append(s.Filters, filter)
return &s
}

View File

@ -1,50 +0,0 @@
package dnsforward
import (
"fmt"
"net"
"os"
"path"
"runtime"
"strings"
)
func isConnClosed(err error) bool {
if err == nil {
return false
}
nerr, ok := err.(*net.OpError)
if !ok {
return false
}
if strings.Contains(nerr.Err.Error(), "use of closed network connection") {
return true
}
return false
}
// ---------------------
// debug logging helpers
// ---------------------
func _Func() string {
pc := make([]uintptr, 10) // at least 1 entry needed
runtime.Callers(2, pc)
f := runtime.FuncForPC(pc[0])
return path.Base(f.Name())
}
func trace(format string, args ...interface{}) {
pc := make([]uintptr, 10) // at least 1 entry needed
runtime.Callers(2, pc)
f := runtime.FuncForPC(pc[0])
var buf strings.Builder
buf.WriteString(fmt.Sprintf("%s(): ", path.Base(f.Name())))
text := fmt.Sprintf(format, args...)
buf.WriteString(text)
if len(text) == 0 || text[len(text)-1] != '\n' {
buf.WriteRune('\n')
}
fmt.Fprint(os.Stderr, buf.String())
}

View File

@ -3,7 +3,6 @@ package dnsforward
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"log"
"net/http" "net/http"
"strconv" "strconv"
"strings" "strings"
@ -12,6 +11,7 @@ import (
"github.com/AdguardTeam/AdGuardHome/dnsfilter" "github.com/AdguardTeam/AdGuardHome/dnsfilter"
"github.com/miekg/dns" "github.com/miekg/dns"
log "github.com/sirupsen/logrus"
) )
const ( const (
@ -53,6 +53,7 @@ func logRequest(question *dns.Msg, answer *dns.Msg, result *dnsfilter.Result, el
return return
} }
} }
if answer != nil { if answer != nil {
a, err = answer.Pack() a, err = answer.Pack()
if err != nil { if err != nil {

View File

@ -5,11 +5,12 @@ import (
"compress/gzip" "compress/gzip"
"encoding/json" "encoding/json"
"fmt" "fmt"
"log"
"os" "os"
"sync" "sync"
"time" "time"
log "github.com/sirupsen/logrus"
"github.com/go-test/deep" "github.com/go-test/deep"
) )
@ -191,15 +192,12 @@ func genericLoader(onEntry func(entry *logEntry) error, needMore func() bool, ti
var d *json.Decoder var d *json.Decoder
if enableGzip { if enableGzip {
trace("Creating gzip reader")
zr, err := gzip.NewReader(f) zr, err := gzip.NewReader(f)
if err != nil { if err != nil {
log.Printf("Failed to create gzip reader: %s", err) log.Printf("Failed to create gzip reader: %s", err)
continue continue
} }
defer zr.Close() defer zr.Close()
trace("Creating json decoder")
d = json.NewDecoder(zr) d = json.NewDecoder(zr)
} else { } else {
d = json.NewDecoder(f) d = json.NewDecoder(f)

View File

@ -3,7 +3,6 @@ package dnsforward
import ( import (
"bytes" "bytes"
"fmt" "fmt"
"log"
"net/http" "net/http"
"os" "os"
"path" "path"
@ -14,6 +13,8 @@ import (
"sync" "sync"
"time" "time"
log "github.com/sirupsen/logrus"
"github.com/bluele/gcache" "github.com/bluele/gcache"
"github.com/miekg/dns" "github.com/miekg/dns"
) )

View File

@ -1,80 +0,0 @@
package dnsforward
import (
"log"
"sort"
"time"
"github.com/beefsack/go-rate"
gocache "github.com/patrickmn/go-cache"
)
func (s *Server) limiterForIP(ip string) interface{} {
if s.ratelimitBuckets == nil {
s.ratelimitBuckets = gocache.New(time.Hour, time.Hour)
}
// check if ratelimiter for that IP already exists, if not, create
value, found := s.ratelimitBuckets.Get(ip)
if !found {
value = rate.New(s.Ratelimit, time.Second)
s.ratelimitBuckets.Set(ip, value, time.Hour)
}
return value
}
func (s *Server) isRatelimited(ip string) bool {
if s.Ratelimit == 0 { // 0 -- disabled
return false
}
if len(s.RatelimitWhitelist) > 0 {
i := sort.SearchStrings(s.RatelimitWhitelist, ip)
if i < len(s.RatelimitWhitelist) && s.RatelimitWhitelist[i] == ip {
// found, don't ratelimit
return false
}
}
value := s.limiterForIP(ip)
rl, ok := value.(*rate.RateLimiter)
if !ok {
log.Println("SHOULD NOT HAPPEN: non-bool entry found in safebrowsing lookup cache")
return false
}
allow, _ := rl.Try()
return !allow
}
func (s *Server) isRatelimitedForReply(ip string, size int) bool {
if s.Ratelimit == 0 { // 0 -- disabled
return false
}
if len(s.RatelimitWhitelist) > 0 {
i := sort.SearchStrings(s.RatelimitWhitelist, ip)
if i < len(s.RatelimitWhitelist) && s.RatelimitWhitelist[i] == ip {
// found, don't ratelimit
return false
}
}
value := s.limiterForIP(ip)
rl, ok := value.(*rate.RateLimiter)
if !ok {
log.Println("SHOULD NOT HAPPEN: non-bool entry found in safebrowsing lookup cache")
return false
}
// For large UDP responses we try more times, effectively limiting per bandwidth
// The exact number of times depends on the response size
for i := 0; i < size/1000; i++ {
allow, _ := rl.Try()
if !allow { // not allowed -> ratelimited
return true
}
}
return false
}

View File

@ -1,42 +0,0 @@
package dnsforward
import (
"testing"
)
func TestRatelimiting(t *testing.T) {
// rate limit is 1 per sec
p := Server{}
p.Ratelimit = 1
limited := p.isRatelimited("127.0.0.1")
if limited {
t.Fatal("First request must have been allowed")
}
limited = p.isRatelimited("127.0.0.1")
if !limited {
t.Fatal("Second request must have been ratelimited")
}
}
func TestWhitelist(t *testing.T) {
// rate limit is 1 per sec with whitelist
p := Server{}
p.Ratelimit = 1
p.RatelimitWhitelist = []string{"127.0.0.1", "127.0.0.2", "127.0.0.125"}
limited := p.isRatelimited("127.0.0.1")
if limited {
t.Fatal("First request must have been allowed")
}
limited = p.isRatelimited("127.0.0.1")
if limited {
t.Fatal("Second request must have been allowed due to whitelist")
}
}

View File

@ -1 +0,0 @@
/standalone

View File

@ -1,51 +0,0 @@
package main
import (
"log"
"net"
"net/http"
_ "net/http/pprof"
"os"
"os/signal"
"runtime"
"syscall"
"time"
"github.com/AdguardTeam/AdGuardHome/dnsforward"
)
//
// main function
//
func main() {
go func() {
log.Println(http.ListenAndServe("localhost:6060", nil))
}()
go func() {
for range time.Tick(time.Second) {
log.Printf("goroutines = %d", runtime.NumGoroutine())
}
}()
s := dnsforward.Server{}
err := s.Start(nil)
if err != nil {
panic(err)
}
time.Sleep(time.Second)
err = s.Stop()
if err != nil {
panic(err)
}
err = s.Start(&dnsforward.ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53535}})
if err != nil {
panic(err)
}
err = s.Reconfigure(dnsforward.ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53, IP: net.ParseIP("0.0.0.0")}})
if err != nil {
panic(err)
}
log.Printf("Now serving DNS")
signal_channel := make(chan os.Signal)
signal.Notify(signal_channel, syscall.SIGINT, syscall.SIGTERM)
<-signal_channel
}

View File

@ -3,11 +3,12 @@ package dnsforward
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"log"
"net/http" "net/http"
"sync" "sync"
"time" "time"
log "github.com/sirupsen/logrus"
"github.com/AdguardTeam/AdGuardHome/dnsfilter" "github.com/AdguardTeam/AdGuardHome/dnsfilter"
) )

View File

@ -1,313 +0,0 @@
package dnsforward
import (
"bytes"
"fmt"
"io/ioutil"
"log"
"math/rand"
"net"
"net/http"
"net/url"
"strings"
"sync"
"time"
"github.com/jedisct1/go-dnsstamps"
"github.com/ameshkov/dnscrypt"
"github.com/joomcode/errorx"
"github.com/miekg/dns"
)
const defaultTimeout = time.Second * 10
type Upstream interface {
Exchange(m *dns.Msg) (*dns.Msg, error)
Address() string
}
//
// plain DNS
//
type plainDNS struct {
boot bootstrapper
preferTCP bool
}
var defaultUDPClient = dns.Client{
Timeout: defaultTimeout,
UDPSize: dns.MaxMsgSize,
}
var defaultTCPClient = dns.Client{
Net: "tcp",
UDPSize: dns.MaxMsgSize,
Timeout: defaultTimeout,
}
// Address returns the original address that we've put in initially, not resolved one
func (p *plainDNS) Address() string { return p.boot.address }
func (p *plainDNS) Exchange(m *dns.Msg) (*dns.Msg, error) {
addr, _, err := p.boot.get()
if err != nil {
return nil, err
}
if p.preferTCP {
reply, _, err := defaultTCPClient.Exchange(m, addr)
return reply, err
}
reply, _, err := defaultUDPClient.Exchange(m, addr)
if err != nil && reply != nil && reply.Truncated {
log.Printf("Truncated message was received, retrying over TCP, question: %s", m.Question[0].String())
reply, _, err = defaultTCPClient.Exchange(m, addr)
}
return reply, err
}
//
// DNS-over-TLS
//
type dnsOverTLS struct {
boot bootstrapper
pool *TLSPool
sync.RWMutex // protects pool
}
func (p *dnsOverTLS) Address() string { return p.boot.address }
func (p *dnsOverTLS) Exchange(m *dns.Msg) (*dns.Msg, error) {
var pool *TLSPool
p.RLock()
pool = p.pool
p.RUnlock()
if pool == nil {
p.Lock()
// lazy initialize it
p.pool = &TLSPool{boot: &p.boot}
p.Unlock()
}
p.RLock()
poolConn, err := p.pool.Get()
p.RUnlock()
if err != nil {
return nil, errorx.Decorate(err, "Failed to get a connection from TLSPool to %s", p.Address())
}
c := dns.Conn{Conn: poolConn}
err = c.WriteMsg(m)
if err != nil {
poolConn.Close()
return nil, errorx.Decorate(err, "Failed to send a request to %s", p.Address())
}
reply, err := c.ReadMsg()
if err != nil {
poolConn.Close()
return nil, errorx.Decorate(err, "Failed to read a request from %s", p.Address())
}
p.RLock()
p.pool.Put(poolConn)
p.RUnlock()
return reply, nil
}
//
// DNS-over-https
//
type dnsOverHTTPS struct {
boot bootstrapper
}
func (p *dnsOverHTTPS) Address() string { return p.boot.address }
func (p *dnsOverHTTPS) Exchange(m *dns.Msg) (*dns.Msg, error) {
addr, tlsConfig, err := p.boot.get()
if err != nil {
return nil, errorx.Decorate(err, "Couldn't bootstrap %s", p.boot.address)
}
buf, err := m.Pack()
if err != nil {
return nil, errorx.Decorate(err, "Couldn't pack request msg")
}
bb := bytes.NewBuffer(buf)
// set up a custom request with custom URL
url, err := url.Parse(p.boot.address)
if err != nil {
return nil, errorx.Decorate(err, "Couldn't parse URL %s", p.boot.address)
}
req := http.Request{
Method: "POST",
URL: url,
Body: ioutil.NopCloser(bb),
Header: make(http.Header),
Host: url.Host,
}
url.Host = addr
req.Header.Set("Content-Type", "application/dns-message")
client := http.Client{
Transport: &http.Transport{TLSClientConfig: tlsConfig},
}
resp, err := client.Do(&req)
if resp != nil && resp.Body != nil {
defer resp.Body.Close()
}
if err != nil {
return nil, errorx.Decorate(err, "Couldn't do a POST request to '%s'", addr)
}
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
return nil, errorx.Decorate(err, "Couldn't read body contents for '%s'", addr)
}
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("Got an unexpected HTTP status code %d from '%s'", resp.StatusCode, addr)
}
if len(body) == 0 {
return nil, fmt.Errorf("Got an unexpected empty body from '%s'", addr)
}
response := dns.Msg{}
err = response.Unpack(body)
if err != nil {
return nil, errorx.Decorate(err, "Couldn't unpack DNS response from '%s': body is %s", addr, string(body))
}
return &response, nil
}
//
// DNSCrypt
//
type dnsCrypt struct {
boot bootstrapper
client *dnscrypt.Client // DNSCrypt client properties
serverInfo *dnscrypt.ServerInfo // DNSCrypt server info
sync.RWMutex // protects DNSCrypt client
}
func (p *dnsCrypt) Address() string { return p.boot.address }
func (p *dnsCrypt) Exchange(m *dns.Msg) (*dns.Msg, error) {
var client *dnscrypt.Client
var serverInfo *dnscrypt.ServerInfo
p.RLock()
client = p.client
serverInfo = p.serverInfo
p.RUnlock()
now := uint32(time.Now().Unix())
if client == nil || serverInfo == nil || (serverInfo != nil && serverInfo.ServerCert.NotAfter < now) {
p.Lock()
// Using "udp" for DNSCrypt upstreams by default
client = &dnscrypt.Client{Timeout: defaultTimeout, AdjustPayloadSize: true}
si, _, err := client.Dial(p.boot.address)
if err != nil {
p.Unlock()
return nil, errorx.Decorate(err, "Failed to fetch certificate info from %s", p.Address())
}
p.client = client
p.serverInfo = si
serverInfo = si
p.Unlock()
}
reply, _, err := client.Exchange(m, serverInfo)
if err, ok := err.(net.Error); ok && err.Timeout() {
// If request times out, it is possible that the server configuration has been changed.
// It is safe to assume that the key was rotated (for instance, as it is described here: https://dnscrypt.pl/2017/02/26/how-key-rotation-is-automated/).
// We should re-fetch the server certificate info so that the new requests were not failing.
p.Lock()
p.client = nil
p.serverInfo = nil
p.Unlock()
}
return reply, err
}
func (s *Server) chooseUpstream() Upstream {
upstreams := s.Upstreams
if upstreams == nil {
upstreams = defaultValues.Upstreams
}
if len(upstreams) == 0 {
panic("SHOULD NOT HAPPEN: no default upstreams specified")
}
if len(upstreams) == 1 {
return upstreams[0]
}
n := rand.Intn(len(upstreams))
upstream := upstreams[n]
return upstream
}
func AddressToUpstream(address string, bootstrap string) (Upstream, error) {
if strings.Contains(address, "://") {
url, err := url.Parse(address)
if err != nil {
return nil, errorx.Decorate(err, "Failed to parse %s", address)
}
switch url.Scheme {
case "sdns":
stamp, err := dnsstamps.NewServerStampFromString(address)
if err != nil {
return nil, errorx.Decorate(err, "Failed to parse %s", address)
}
switch stamp.Proto {
case dnsstamps.StampProtoTypeDNSCrypt:
return &dnsCrypt{boot: toBoot(url.String(), bootstrap)}, nil
case dnsstamps.StampProtoTypeDoH:
return AddressToUpstream(fmt.Sprintf("https://%s%s", stamp.ProviderName, stamp.Path), bootstrap)
}
return nil, fmt.Errorf("Unsupported protocol %v in %s", stamp.Proto, address)
case "dns":
if url.Port() == "" {
url.Host += ":53"
}
return &plainDNS{boot: toBoot(url.Host, bootstrap)}, nil
case "tcp":
if url.Port() == "" {
url.Host += ":53"
}
return &plainDNS{boot: toBoot(url.Host, bootstrap), preferTCP: true}, nil
case "tls":
if url.Port() == "" {
url.Host += ":853"
}
return &dnsOverTLS{boot: toBoot(url.String(), bootstrap)}, nil
case "https":
if url.Port() == "" {
url.Host += ":443"
}
return &dnsOverHTTPS{boot: toBoot(url.String(), bootstrap)}, nil
default:
// assume it's plain DNS
if url.Port() == "" {
url.Host += ":53"
}
return &plainDNS{boot: toBoot(url.String(), bootstrap)}, nil
}
}
// we don't have scheme in the url, so it's just a plain DNS host:port
_, _, err := net.SplitHostPort(address)
if err != nil {
// doesn't have port, default to 53
address = net.JoinHostPort(address, "53")
}
return &plainDNS{boot: toBoot(address, bootstrap)}, nil
}

View File

@ -1,74 +0,0 @@
package dnsforward
import (
"crypto/tls"
"net"
"sync"
"github.com/joomcode/errorx"
)
// Upstream TLS pool.
//
// Example:
// pool := TLSPool{Address: "tls://1.1.1.1:853"}
// netConn, err := pool.Get()
// if err != nil {panic(err)}
// c := dns.Conn{Conn: netConn}
// q := dns.Msg{}
// q.SetQuestion("google.com.", dns.TypeA)
// log.Println(q)
// err = c.WriteMsg(&q)
// if err != nil {panic(err)}
// r, err := c.ReadMsg()
// if err != nil {panic(err)}
// log.Println(r)
// pool.Put(c.Conn)
type TLSPool struct {
boot *bootstrapper
// connections
conns []net.Conn
connsMutex sync.Mutex // protects conns
}
func (n *TLSPool) Get() (net.Conn, error) {
address, tlsConfig, err := n.boot.get()
if err != nil {
return nil, err
}
// get the connection from the slice inside the lock
var c net.Conn
n.connsMutex.Lock()
num := len(n.conns)
if num > 0 {
last := num - 1
c = n.conns[last]
n.conns = n.conns[:last]
}
n.connsMutex.Unlock()
// if we got connection from the slice, return it
if c != nil {
// log.Printf("Returning existing connection to %s", host)
return c, nil
}
// we'll need a new connection, dial now
// log.Printf("Dialing to %s", address)
conn, err := tls.Dial("tcp", address, tlsConfig)
if err != nil {
return nil, errorx.Decorate(err, "Failed to connect to %s", address)
}
return conn, nil
}
func (n *TLSPool) Put(c net.Conn) {
if c == nil {
return
}
n.connsMutex.Lock()
n.conns = append(n.conns, c)
n.connsMutex.Unlock()
}

View File

@ -1,123 +0,0 @@
package dnsforward
import (
"net"
"testing"
"github.com/miekg/dns"
)
func TestUpstreams(t *testing.T) {
upstreams := []struct {
address string
bootstrap string
}{
{
address: "8.8.8.8:53",
bootstrap: "8.8.8.8:53",
},
{
address: "1.1.1.1",
bootstrap: "",
},
{
address: "tcp://1.1.1.1:53",
bootstrap: "",
},
{
address: "176.103.130.130:5353",
bootstrap: "",
},
{
address: "tls://1.1.1.1",
bootstrap: "",
},
{
address: "tls://9.9.9.9:853",
bootstrap: "",
},
{
address: "tls://security-filter-dns.cleanbrowsing.org",
bootstrap: "8.8.8.8:53",
},
{
address: "tls://adult-filter-dns.cleanbrowsing.org:853",
bootstrap: "8.8.8.8:53",
},
{
address: "https://cloudflare-dns.com/dns-query",
bootstrap: "8.8.8.8:53",
},
{
address: "https://dns.google.com/experimental",
bootstrap: "8.8.8.8:53",
},
{
address: "https://doh.cleanbrowsing.org/doh/security-filter/",
bootstrap: "",
},
{
// AdGuard DNS (DNSCrypt)
address: "sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
bootstrap: "",
},
{
// Cisco OpenDNS (DNSCrypt)
address: "sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ",
bootstrap: "8.8.8.8:53",
},
{
// Cloudflare DNS (DoH)
address: "sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk",
bootstrap: "8.8.8.8:53",
},
{
// doh-cleanbrowsing-security (https://doh.cleanbrowsing.org/doh/security-filter/)
address: "sdns://AgMAAAAAAAAAAAAVZG9oLmNsZWFuYnJvd3Npbmcub3JnFS9kb2gvc2VjdXJpdHktZmlsdGVyLw",
bootstrap: "8.8.8.8:53",
},
{
// Google (DNS-over-HTTPS)
address: "sdns://AgUAAAAAAAAAACAe9iTP_15r07rd8_3b_epWVGfjdymdx-5mdRZvMAzBuQ5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs",
bootstrap: "8.8.8.8:53",
},
}
for _, test := range upstreams {
t.Run(test.address, func(t *testing.T) {
u, err := AddressToUpstream(test.address, test.bootstrap)
if err != nil {
t.Fatalf("Failed to generate upstream from address %s: %s", test.address, err)
}
checkUpstream(t, u, test.address)
})
}
}
func checkUpstream(t *testing.T, u Upstream, addr string) {
t.Helper()
req := dns.Msg{}
req.Id = dns.Id()
req.RecursionDesired = true
req.Question = []dns.Question{
{Name: "google-public-dns-a.google.com.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
}
reply, err := u.Exchange(&req)
if err != nil {
t.Fatalf("Couldn't talk to upstream %s: %s", addr, err)
}
if len(reply.Answer) != 1 {
t.Fatalf("DNS upstream %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
}
if a, ok := reply.Answer[0].(*dns.A); ok {
if !net.IPv4(8, 8, 8, 8).Equal(a.A) {
t.Fatalf("DNS upstream %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
}
} else {
t.Fatalf("DNS upstream %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
}
}

8
go.mod
View File

@ -1,6 +1,7 @@
module github.com/AdguardTeam/AdGuardHome module github.com/AdguardTeam/AdGuardHome
require ( require (
github.com/AdguardTeam/dnsproxy v0.9.1
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
github.com/ameshkov/dnscrypt v1.0.0 github.com/ameshkov/dnscrypt v1.0.0
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6 github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6
@ -12,12 +13,15 @@ require (
github.com/joomcode/errorx v0.1.0 github.com/joomcode/errorx v0.1.0
github.com/miekg/dns v1.1.1 github.com/miekg/dns v1.1.1
github.com/patrickmn/go-cache v2.1.0+incompatible github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/pkg/errors v0.8.0
github.com/shirou/gopsutil v2.18.10+incompatible github.com/shirou/gopsutil v2.18.10+incompatible
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
github.com/sirupsen/logrus v1.2.0
go.uber.org/goleak v0.10.0 go.uber.org/goleak v0.10.0
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
golang.org/x/net v0.0.0-20181217023233-e147a9138326 golang.org/x/net v0.0.0-20181220203305-927f97764cc3
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb // indirect golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6 // indirect
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477 gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477
gopkg.in/yaml.v2 v2.2.1 gopkg.in/yaml.v2 v2.2.1
) )

22
go.sum
View File

@ -1,11 +1,13 @@
github.com/AdguardTeam/dnsproxy v0.9.0 h1:doHDmVE9bV1fhiBV8rX76WWaSAB9w1H3u8WIiez5OFs=
github.com/AdguardTeam/dnsproxy v0.9.0/go.mod h1:CKZVVknYdoHVirXqqbALEkC+DBY65yCQrzSKYS78GoE=
github.com/AdguardTeam/dnsproxy v0.9.1 h1:+F6jqrVOrUjpbzhALjtbwqHfxW4M2YS3mYdhGxLXQ08=
github.com/AdguardTeam/dnsproxy v0.9.1/go.mod h1:CKZVVknYdoHVirXqqbALEkC+DBY65yCQrzSKYS78GoE=
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY= github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw= github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us= github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
github.com/ameshkov/dnscrypt v0.0.0-20181217090431-1215bb8b150f h1:vOaSvI9B3wqzV1g8raDeVzRJnq5RHQxsz0MVXudxdNU=
github.com/ameshkov/dnscrypt v0.0.0-20181217090431-1215bb8b150f/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
github.com/ameshkov/dnscrypt v1.0.0 h1:Y7YexPCxtVCTDXlXu9n17+1H5YS25vftx8vV8Dhuu+E= github.com/ameshkov/dnscrypt v1.0.0 h1:Y7YexPCxtVCTDXlXu9n17+1H5YS25vftx8vV8Dhuu+E=
github.com/ameshkov/dnscrypt v1.0.0/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo= github.com/ameshkov/dnscrypt v1.0.0/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6 h1:KXlsf+qt/X5ttPGEjR0tPH1xaWWoKBEg9Q1THAj2h3I= github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6 h1:KXlsf+qt/X5ttPGEjR0tPH1xaWWoKBEg9Q1THAj2h3I=
@ -29,10 +31,16 @@ github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86 h1:Olj4M6T1o
github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86/go.mod h1:j/ONpSHHmPgDwmFKXg9vhQvIjADe/ft1X4a3TVOmp9g= github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86/go.mod h1:j/ONpSHHmPgDwmFKXg9vhQvIjADe/ft1X4a3TVOmp9g=
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a h1:2nyBWKszM41RO/gt5ElUXigAFiRgJ9KifHDlWOlw0lc= github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a h1:2nyBWKszM41RO/gt5ElUXigAFiRgJ9KifHDlWOlw0lc=
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a/go.mod h1:YlN58h704uRFD0BwsEGTq+7Wx+WG2i7P49bc+HwHyAY= github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a/go.mod h1:YlN58h704uRFD0BwsEGTq+7Wx+WG2i7P49bc+HwHyAY=
github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jmcvetta/randutil v0.0.0-20150817122601-2bb1b664bcff h1:6NvhExg4omUC9NfA+l4Oq3ibNNeJUdiAF3iBVB0PlDk=
github.com/jmcvetta/randutil v0.0.0-20150817122601-2bb1b664bcff/go.mod h1:ddfPX8Z28YMjiqoaJhNBzWHapTHXejnB5cDCUWDwriw=
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc= github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
github.com/joomcode/errorx v0.1.0 h1:QmJMiI1DE1UFje2aI1ZWO/VMT5a32qBoXUclGOt8vsc= github.com/joomcode/errorx v0.1.0 h1:QmJMiI1DE1UFje2aI1ZWO/VMT5a32qBoXUclGOt8vsc=
github.com/joomcode/errorx v0.1.0/go.mod h1:kgco15ekB6cs+4Xjzo7SPeXzx38PbJzBwbnu9qfVNHQ= github.com/joomcode/errorx v0.1.0/go.mod h1:kgco15ekB6cs+4Xjzo7SPeXzx38PbJzBwbnu9qfVNHQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4 h1:Mlji5gkcpzkqTROyE4ZxZ8hN7osunMb2RuGVrbvMvCc= github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4 h1:Mlji5gkcpzkqTROyE4ZxZ8hN7osunMb2RuGVrbvMvCc=
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE= github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
github.com/miekg/dns v1.1.1 h1:DVkblRdiScEnEr0LR9nTnEQqHYycjkXW9bOjd+2EL2o= github.com/miekg/dns v1.1.1 h1:DVkblRdiScEnEr0LR9nTnEQqHYycjkXW9bOjd+2EL2o=
@ -47,14 +55,18 @@ github.com/shirou/gopsutil v2.18.10+incompatible h1:cy84jW6EVRPa5g9HAHrlbxMSIjBh
github.com/shirou/gopsutil v2.18.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/shirou/gopsutil v2.18.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 h1:udFKJ0aHUL60LboW/A+DfgoHVedieIzIXE8uylPue0U= github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 h1:udFKJ0aHUL60LboW/A+DfgoHVedieIzIXE8uylPue0U=
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8= github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg= github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
go.uber.org/goleak v0.10.0 h1:G3eWbSNIskeRqtsN/1uI5B+eP73y3JUuBsv9AZjehb4= go.uber.org/goleak v0.10.0 h1:G3eWbSNIskeRqtsN/1uI5B+eP73y3JUuBsv9AZjehb4=
go.uber.org/goleak v0.10.0/go.mod h1:VCZuO8V8mFPlL0F5J5GK1rtHV3DrFcQ1R8ryq7FK0aI= go.uber.org/goleak v0.10.0/go.mod h1:VCZuO8V8mFPlL0F5J5GK1rtHV3DrFcQ1R8ryq7FK0aI=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -62,14 +74,20 @@ golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6 h1:gT0Y6H7hbVPUtvtk0YGxMXPgN
golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181213202711-891ebc4b82d6/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181217023233-e147a9138326 h1:iCzOf0xz39Tstp+Tu/WwyGjUXCk34QhQORRxBeXXTA4= golang.org/x/net v0.0.0-20181217023233-e147a9138326 h1:iCzOf0xz39Tstp+Tu/WwyGjUXCk34QhQORRxBeXXTA4=
golang.org/x/net v0.0.0-20181217023233-e147a9138326/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181217023233-e147a9138326/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis=
golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 h1:0oC8rFnE+74kEmuHZ46F6KHsMr5Gx2gUQPuNz28iQZM= golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 h1:0oC8rFnE+74kEmuHZ46F6KHsMr5Gx2gUQPuNz28iQZM=
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb h1:zzdd4xkMwu/GRxhSUJaCPh4/jil9kAbsU7AUmXboO+A= golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb h1:zzdd4xkMwu/GRxhSUJaCPh4/jil9kAbsU7AUmXboO+A=
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6 h1:IcgEB62HYgAhX0Nd/QrVgZlxlcyxbGQHElLUhW2X4Fo=
golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477 h1:5xUJw+lg4zao9W4HIDzlFbMYgSgtvNVHh00MEHvbGpQ= gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477 h1:5xUJw+lg4zao9W4HIDzlFbMYgSgtvNVHh00MEHvbGpQ=
gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477/go.mod h1:QDV1vrFSrowdoOba0UM8VJPUZONT7dnfdLsM+GG53Z8= gopkg.in/asaskevich/govalidator.v4 v4.0.0-20160518190739-766470278477/go.mod h1:QDV1vrFSrowdoOba0UM8VJPUZONT7dnfdLsM+GG53Z8=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=