Merge branch 'master' into 6902-doc-fix

internal/home/clients.go

@@ -249,8 +249,6 @@ func (o *clientObject) toPersistent(
 	}
 
 	if o.SafeSearchConf.Enabled {
-		o.SafeSearchConf.CustomResolver = safeSearchResolver{}
-
 		err = cli.SetSafeSearch(
 			o.SafeSearchConf,
 			filteringConf.SafeSearchCacheSize,
@@ -414,7 +412,11 @@ func (clients *clientsContainer) clientOrArtificial(
 	}()
 
 	cli, ok := clients.find(id)
-	if ok {
+	if !ok {
+		cli = clients.clientIndex.FindByIPWithoutZone(ip)
+	}
+
+	if cli != nil {
 		return &querylog.Client{
 			Name:           cli.Name,
 			IgnoreQueryLog: cli.IgnoreQueryLog,

internal/home/config.go

@@ -203,15 +203,24 @@ type dnsConfig struct {
 	// resolver should be used.
 	PrivateNets []netutil.Prefix `yaml:"private_networks"`
 
-	// UsePrivateRDNS defines if the PTR requests for unknown addresses from
-	// locally-served networks should be resolved via private PTR resolvers.
+	// UsePrivateRDNS enables resolving requests containing a private IP address
+	// using private reverse DNS resolvers.  See PrivateRDNSResolvers.
+	//
+	// TODO(e.burkov):  Rename in YAML.
 	UsePrivateRDNS bool `yaml:"use_private_ptr_resolvers"`
 
-	// LocalPTRResolvers is the slice of addresses to be used as upstreams
-	// for PTR queries for locally-served networks.
-	LocalPTRResolvers []string `yaml:"local_ptr_upstreams"`
+	// PrivateRDNSResolvers is the slice of addresses to be used as upstreams
+	// for private requests.  It's only used for PTR, SOA, and NS queries,
+	// containing an ARPA subdomain, came from the the client with private
+	// address.  The address considered private according to PrivateNets.
+	//
+	// If empty, the OS-provided resolvers are used for private requests.
+	PrivateRDNSResolvers []string `yaml:"local_ptr_upstreams"`
 
-	// UseDNS64 defines if DNS64 should be used for incoming requests.
+	// UseDNS64 defines if DNS64 should be used for incoming requests.  Requests
+	// of type PTR for addresses within the configured prefixes will be resolved
+	// via [PrivateRDNSResolvers], so those should be valid and UsePrivateRDNS
+	// be set to true.
 	UseDNS64 bool `yaml:"use_dns64"`
 
 	// DNS64Prefixes is the list of NAT64 prefixes to be used for DNS64.
@@ -658,7 +667,7 @@ func (c *configuration) write() (err error) {
 		dns := &config.DNS
 		dns.Config = c
 
-		dns.LocalPTRResolvers = s.LocalPTRResolvers()
+		dns.PrivateRDNSResolvers = s.LocalPTRResolvers()
 
 		addrProcConf := s.AddrProcConfig()
 		config.Clients.Sources.RDNS = addrProcConf.UseRDNS

internal/home/dns.go

@@ -1,7 +1,6 @@
 package home
 
 import (
-	"context"
 	"fmt"
 	"net"
 	"net/netip"
@@ -18,7 +17,6 @@ import (
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/AdGuardHome/internal/querylog"
 	"github.com/AdguardTeam/AdGuardHome/internal/stats"
-	"github.com/AdguardTeam/dnsproxy/upstream"
 	"github.com/AdguardTeam/golibs/errors"
 	"github.com/AdguardTeam/golibs/log"
 	"github.com/AdguardTeam/golibs/netutil"
@@ -157,14 +155,12 @@ func initDNSServer(
 		return fmt.Errorf("newServerConfig: %w", err)
 	}
 
+	// Try to prepare the server with disabled private RDNS resolution if it
+	// failed to prepare as is.  See TODO on [ErrBadPrivateRDNSUpstreams].
 	err = Context.dnsServer.Prepare(dnsConf)
+	if privRDNSErr := (&dnsforward.PrivateRDNSError{}); errors.As(err, &privRDNSErr) {
+		log.Info("WARNING: %s; trying to disable private RDNS resolution", err)
 
-	// TODO(e.burkov):  Recreate the server with private RDNS disabled.  This
-	// should go away once the private RDNS resolution is moved to the proxy.
-	var locResErr *dnsforward.LocalResolversError
-	if errors.As(err, &locResErr) && errors.Is(locResErr.Err, upstream.ErrNoUpstreams) {
-		log.Info("WARNING: no local resolvers configured while private RDNS " +
-			"resolution enabled, trying to disable")
 		dnsConf.UsePrivateRDNS = false
 		err = Context.dnsServer.Prepare(dnsConf)
 	}
@@ -245,7 +241,7 @@ func newServerConfig(
 		TLSv12Roots:            Context.tlsRoots,
 		ConfigModified:         onConfigModified,
 		HTTPRegister:           httpReg,
-		LocalPTRResolvers:      dnsConf.LocalPTRResolvers,
+		LocalPTRResolvers:      dnsConf.PrivateRDNSResolvers,
 		UseDNS64:               dnsConf.UseDNS64,
 		DNS64Prefixes:          dnsConf.DNS64Prefixes,
 		UsePrivateRDNS:         dnsConf.UsePrivateRDNS,
@@ -531,36 +527,6 @@ func closeDNSServer() {
 	log.Debug("all dns modules are closed")
 }
 
-// safeSearchResolver is a [filtering.Resolver] implementation used for safe
-// search.
-type safeSearchResolver struct{}
-
-// type check
-var _ filtering.Resolver = safeSearchResolver{}
-
-// LookupIP implements [filtering.Resolver] interface for safeSearchResolver.
-// It returns the slice of net.Addr with IPv4 and IPv6 instances.
-func (r safeSearchResolver) LookupIP(
-	ctx context.Context,
-	network string,
-	host string,
-) (ips []net.IP, err error) {
-	addrs, err := Context.dnsServer.Resolve(ctx, network, host)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(addrs) == 0 {
-		return nil, fmt.Errorf("couldn't lookup host: %s", host)
-	}
-
-	for _, a := range addrs {
-		ips = append(ips, a.AsSlice())
-	}
-
-	return ips, nil
-}
-
 // checkStatsAndQuerylogDirs checks and returns directory paths to store
 // statistics and query log.
 func checkStatsAndQuerylogDirs(

internal/home/home.go

@@ -439,7 +439,6 @@ func setupDNSFilteringConf(conf *filtering.Config) (err error) {
 		conf.ParentalBlockHost = host
 	}
 
-	conf.SafeSearchConf.CustomResolver = safeSearchResolver{}
 	conf.SafeSearch, err = safesearch.NewDefault(
 		conf.SafeSearchConf,
 		"default",

internal/home/service.go

@@ -649,11 +649,6 @@ status() {
 
 // freeBSDScript is the source of the daemon script for FreeBSD.  Keep as close
 // as possible to the https://github.com/kardianos/service/blob/18c957a3dc1120a2efe77beb401d476bade9e577/service_freebsd.go#L204.
-//
-// TODO(a.garipov): Don't use .WorkingDirectory here.  There are currently no
-// guarantees that it will actually be the required directory.
-//
-// See https://github.com/AdguardTeam/AdGuardHome/issues/2614.
 const freeBSDScript = `#!/bin/sh
 # PROVIDE: {{.Name}}
 # REQUIRE: networking
@@ -667,7 +662,9 @@ name="{{.Name}}"
 pidfile_child="/var/run/${name}.pid"
 pidfile="/var/run/${name}_daemon.pid"
 command="/usr/sbin/daemon"
-command_args="-P ${pidfile} -p ${pidfile_child} -T ${name} -r {{.WorkingDirectory}}/{{.Name}}"
+daemon_args="-P ${pidfile} -p ${pidfile_child} -r -t ${name}"
+command_args="${daemon_args} {{.Path}}{{range .Arguments}} {{.}}{{end}}"
+
 run_rc_command "$1"
 `