Pull request: dnsforward: exclude docker dns

Updates #3064. Squashed commit of the following: commit 2cfeb830853dffcb26968d0a4d21b623f00da275 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 14:02:08 2021 +0300 all: imp code, expose pprof port commit a22656a3fd24253f7327eff5168ea84391c8d758 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 13:34:05 2021 +0300 all: imp code, dockerfile commit 35e2145fe061d0d803b46578539499ecfe9d3ea4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 12:34:09 2021 +0300 dnsforward: exclude docker dns
2021-05-13 14:30:40 +03:00
parent 29d847c366
commit 1b789b5f81
4 changed files with 26 additions and 4 deletions
--- a/internal/aghnet/systemresolvers_others.go
+++ b/internal/aghnet/systemresolvers_others.go
@@ -82,6 +82,12 @@ func validateDialedHost(host string) (err error) {
 	return nil
 }

+// dockerEmbeddedDNS is the address of Docker's embedded DNS server.
+//
+// See
+// https://github.com/moby/moby/blob/v1.12.0/docs/userguide/networking/dockernetworks.md.
+const dockerEmbeddedDNS = "127.0.0.11"
+
 // dialFunc gets the resolver's address and puts it into internal cache.
 func (sr *systemResolvers) dialFunc(_ context.Context, _, address string) (_ net.Conn, err error) {
 	// Just validate the passed address is a valid IP.
@@ -93,6 +99,17 @@ func (sr *systemResolvers) dialFunc(_ context.Context, _, address string) (_ net
 		return nil, fmt.Errorf("%s: %w", err, errBadAddrPassed)
 	}

+	// Exclude Docker's embedded DNS server, as it may cause recursion if
+	// the container is set as the host system's default DNS server.
+	//
+	// See https://github.com/AdguardTeam/AdGuardHome/issues/3064.
+	//
+	// TODO(a.garipov): Perhaps only do this when we are in the container?
+	// Maybe use an environment variable?
+	if host == dockerEmbeddedDNS {
+		return nil, errFakeDial
+	}
+
 	err = validateDialedHost(host)
 	if err != nil {
 		return nil, fmt.Errorf("validating dialed host: %w", err)