From f151f8c3139a0d8ac8cc5cf4926710b8d3f98846 Mon Sep 17 00:00:00 2001 From: Eugene Burkov Date: Fri, 16 Aug 2024 13:12:36 +0300 Subject: [PATCH] all: upd proxy --- go.mod | 2 +- go.sum | 4 +- internal/dnsforward/config.go | 2 - internal/dnsforward/msg.go | 96 ++++++++++++++++++---------------- internal/dnsforward/process.go | 2 +- 5 files changed, 54 insertions(+), 52 deletions(-) diff --git a/go.mod b/go.mod index f95ffd50..e3748933 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/AdguardTeam/AdGuardHome go 1.22.5 require ( - github.com/AdguardTeam/dnsproxy v0.72.3-0.20240806061520-4cc9af6704ef + github.com/AdguardTeam/dnsproxy v0.72.4-0.20240816100403-7b95e9d45693 github.com/AdguardTeam/golibs v0.25.2 github.com/AdguardTeam/urlfilter v0.19.0 github.com/NYTimes/gziphandler v1.1.1 diff --git a/go.sum b/go.sum index 09bf94b7..36baa4be 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,5 @@ -github.com/AdguardTeam/dnsproxy v0.72.3-0.20240806061520-4cc9af6704ef h1:j6MtYGWnMOj5TdRFeLA/YmUuS4GKsatt1z3bmIJQtZ8= -github.com/AdguardTeam/dnsproxy v0.72.3-0.20240806061520-4cc9af6704ef/go.mod h1:DCHTuklaAuvCgtZzpoA0TrqCdOBZJQnKjgKxbC9/kQ8= +github.com/AdguardTeam/dnsproxy v0.72.4-0.20240816100403-7b95e9d45693 h1:C7zs6ZWYA2VwIORIdmJ868tXueR8ON/ezkGuObIbKIg= +github.com/AdguardTeam/dnsproxy v0.72.4-0.20240816100403-7b95e9d45693/go.mod h1:DCHTuklaAuvCgtZzpoA0TrqCdOBZJQnKjgKxbC9/kQ8= github.com/AdguardTeam/golibs v0.25.2 h1:4+c9LjAIdd9trRk71hXghJ5OL/VRosBm+/0dKH+H39U= github.com/AdguardTeam/golibs v0.25.2/go.mod h1:HaTyS2wCbxFudjht9N/+/Qf1b5cMad2BAYSwe7DPCXI= github.com/AdguardTeam/urlfilter v0.19.0 h1:q7eH13+yNETlpD/VD3u5rLQOripcUdEktqZFy+KiQLk= diff --git a/internal/dnsforward/config.go b/internal/dnsforward/config.go index d0f2ca51..7b1fe1f7 100644 --- a/internal/dnsforward/config.go +++ b/internal/dnsforward/config.go @@ -427,8 +427,6 @@ func parseBogusNXDOMAIN(confBogusNXDOMAIN []string) (subnets []netip.Prefix, err return subnets, nil } -const defaultBlockedResponseTTL = 3600 - // initDefaultSettings initializes default settings if nothing // is configured func (s *Server) initDefaultSettings() { diff --git a/internal/dnsforward/msg.go b/internal/dnsforward/msg.go index f645ab90..e9f1f2d7 100644 --- a/internal/dnsforward/msg.go +++ b/internal/dnsforward/msg.go @@ -58,7 +58,7 @@ func (s *Server) genDNSFilterMessage( return s.replyCompressed(req) } - return s.newMsgNODATA(req) + return s.NewMsgNODATA(req) } switch res.Reason { @@ -344,51 +344,6 @@ func (s *Server) makeResponseREFUSED(req *dns.Msg) *dns.Msg { return s.reply(req, dns.RcodeRefused) } -// newMsgNODATA returns a properly initialized NODATA response. -// -// See https://www.rfc-editor.org/rfc/rfc2308#section-2.2. -func (s *Server) newMsgNODATA(req *dns.Msg) (resp *dns.Msg) { - resp = s.reply(req, dns.RcodeSuccess) - resp.Ns = s.genSOA(req) - - return resp -} - -func (s *Server) genSOA(request *dns.Msg) []dns.RR { - zone := "" - if len(request.Question) > 0 { - zone = request.Question[0].Name - } - - soa := dns.SOA{ - // values copied from verisign's nonexistent .com domain - // their exact values are not important in our use case because they are used for domain transfers between primary/secondary DNS servers - Refresh: 1800, - Retry: 900, - Expire: 604800, - Minttl: 86400, - // copied from AdGuard DNS - Ns: "fake-for-negative-caching.adguard.com.", - Serial: 100500, - // rest is request-specific - Hdr: dns.RR_Header{ - Name: zone, - Rrtype: dns.TypeSOA, - Ttl: s.dnsFilter.BlockedResponseTTL(), - Class: dns.ClassINET, - }, - Mbox: "hostmaster.", // zone will be appended later if it's not empty or "." - } - if soa.Hdr.Ttl == 0 { - soa.Hdr.Ttl = defaultBlockedResponseTTL - } - if len(zone) > 0 && zone[0] != '.' { - soa.Mbox += zone - } - - return []dns.RR{&soa} -} - // type check var _ proxy.MessageConstructor = (*Server)(nil) @@ -425,3 +380,52 @@ func (s *Server) NewMsgNOTIMPLEMENTED(req *dns.Msg) (resp *dns.Msg) { return resp } + +// NewMsgNODATA implements the [proxy.MessageConstructor] interface for *Server. +func (s *Server) NewMsgNODATA(req *dns.Msg) (resp *dns.Msg) { + resp = s.reply(req, dns.RcodeSuccess) + resp.Ns = s.genSOA(req) + + return resp +} + +func (s *Server) genSOA(req *dns.Msg) []dns.RR { + zone := "" + if len(req.Question) > 0 { + zone = req.Question[0].Name + } + + const defaultBlockedResponseTTL = 3600 + + soa := dns.SOA{ + // Values copied from verisign's nonexistent.com domain. + // + // Their exact values are not important in our use case because they are + // used for domain transfers between primary/secondary DNS servers. + Refresh: 1800, + Retry: 900, + Expire: 604800, + Minttl: 86400, + // copied from AdGuard DNS + Ns: "fake-for-negative-caching.adguard.com.", + Serial: 100500, + // rest is request-specific + Hdr: dns.RR_Header{ + Name: zone, + Rrtype: dns.TypeSOA, + Ttl: s.dnsFilter.BlockedResponseTTL(), + Class: dns.ClassINET, + }, + // zone will be appended later if it's not ".". + Mbox: "hostmaster.", + } + if soa.Hdr.Ttl == 0 { + soa.Hdr.Ttl = defaultBlockedResponseTTL + } + + if zone != "." { + soa.Mbox += zone + } + + return []dns.RR{&soa} +} diff --git a/internal/dnsforward/process.go b/internal/dnsforward/process.go index 967956d0..1a3dbc2e 100644 --- a/internal/dnsforward/process.go +++ b/internal/dnsforward/process.go @@ -159,7 +159,7 @@ func (s *Server) processInitial(dctx *dnsContext) (rc resultCode) { q := pctx.Req.Question[0] qt := q.Qtype if s.conf.AAAADisabled && qt == dns.TypeAAAA { - pctx.Res = s.newMsgNODATA(pctx.Req) + pctx.Res = s.NewMsgNODATA(pctx.Req) return resultCodeFinish }