all: sync with master; upd chlog

internal/client/addrproc.go

@@ -58,6 +58,12 @@ type DefaultAddrProcConfig struct {
 	// immediately by [NewDefaultAddrProc].
 	InitialAddresses []netip.Addr
 
+	// CatchPanics, if true, makes the address processor catch and log panics.
+	//
+	// TODO(a.garipov): Consider better ways to do this or apply this method to
+	// other parts of the codebase.
+	CatchPanics bool
+
 	// UseRDNS, if true, enables resolving of client IP addresses using reverse
 	// DNS.
 	UseRDNS bool
@@ -151,7 +157,7 @@ func NewDefaultAddrProc(c *DefaultAddrProcConfig) (p *DefaultAddrProc) {
 		p.whois = newWHOIS(c.DialContext)
 	}
 
-	go p.process()
+	go p.process(c.CatchPanics)
 
 	for _, ip := range c.InitialAddresses {
 		p.Process(ip)
@@ -214,8 +220,10 @@ func (p *DefaultAddrProc) Process(ip netip.Addr) {
 
 // process processes the incoming client IP-address information.  It is intended
 // to be used as a goroutine.  Once clientIPs is closed, process exits.
-func (p *DefaultAddrProc) process() {
-	defer log.OnPanic("addrProcessor.process")
+func (p *DefaultAddrProc) process(catchPanics bool) {
+	if catchPanics {
+		defer log.OnPanic("addrProcessor.process")
+	}
 
 	log.Info("clients: processing addresses")
 

internal/client/addrproc_test.go

@@ -2,6 +2,7 @@ package client_test
 
 import (
 	"context"
+	"fmt"
 	"io"
 	"net"
 	"net/netip"
@@ -112,6 +113,7 @@ func TestDefaultAddrProc_Process_rDNS(t *testing.T) {
 				AddressUpdater: &aghtest.AddressUpdater{
 					OnUpdateAddress: newOnUpdateAddress(tc.wantUpd, updIPCh, updHostCh, updInfoCh),
 				},
+				CatchPanics:    false,
 				UseRDNS:        true,
 				UsePrivateRDNS: tc.usePrivate,
 				UseWHOIS:       false,
@@ -146,8 +148,8 @@ func newOnUpdateAddress(
 	infos chan<- *whois.Info,
 ) (f func(ip netip.Addr, host string, info *whois.Info)) {
 	return func(ip netip.Addr, host string, info *whois.Info) {
-		if !want {
-			panic("got unexpected update")
+		if !want && (host != "" || info != nil) {
+			panic(fmt.Errorf("got unexpected update for %v with %q and %v", ip, host, info))
 		}
 
 		ips <- ip
@@ -222,6 +224,7 @@ func TestDefaultAddrProc_Process_WHOIS(t *testing.T) {
 				AddressUpdater: &aghtest.AddressUpdater{
 					OnUpdateAddress: newOnUpdateAddress(tc.wantUpd, updIPCh, updHostCh, updInfoCh),
 				},
+				CatchPanics:    false,
 				UseRDNS:        false,
 				UsePrivateRDNS: false,
 				UseWHOIS:       true,

internal/dnsforward/access.go

@@ -90,7 +90,7 @@ func newAccessCtx(allowed, blocked, blockedHosts []string) (a *accessManager, er
 
 	lists := []filterlist.RuleList{
 		&filterlist.StringRuleList{
-			ID:             int(0),
+			ID:             0,
 			RulesText:      b.String(),
 			IgnoreCosmetic: true,
 		},

internal/dnsforward/access_test.go

@@ -31,6 +31,7 @@ func TestIsBlockedHost(t *testing.T) {
 		"*.host.com",
 		"||host3.com^",
 		"||*^$dnstype=HTTPS",
+		"|.^",
 	})
 	require.NoError(t, err)
 
@@ -94,6 +95,11 @@ func TestIsBlockedHost(t *testing.T) {
 		name: "by_qtype_other",
 		host: "site-with-https-record.example",
 		qt:   dns.TypeA,
+	}, {
+		want: assert.True,
+		name: "ns_root",
+		host: ".",
+		qt:   dns.TypeNS,
 	}}
 
 	for _, tc := range testCases {

internal/dnsforward/dnsforward.go

@@ -346,19 +346,21 @@ func (s *Server) Exchange(ip netip.Addr) (host string, ttl time.Duration, err er
 	}
 
 	var resolver *proxy.Proxy
+	var errMsg string
 	if s.privateNets.Contains(ip.AsSlice()) {
 		if !s.conf.UsePrivateRDNS {
 			return "", 0, nil
 		}
 
 		resolver = s.localResolvers
+		errMsg = "resolving a private address: %w"
 		s.recDetector.add(*req)
 	} else {
 		resolver = s.internalProxy
+		errMsg = "resolving an address: %w"
 	}
-
 	if err = resolver.Resolve(dctx); err != nil {
-		return "", 0, err
+		return "", 0, fmt.Errorf(errMsg, err)
 	}
 
 	return hostFromPTR(dctx.Res)
@@ -377,13 +379,18 @@ func hostFromPTR(resp *dns.Msg) (host string, ttl time.Duration, err error) {
 
 	var ttlSec uint32
 
+	log.Debug("dnsforward: resolving ptr, received %d answers", len(resp.Answer))
 	for _, ans := range resp.Answer {
 		ptr, ok := ans.(*dns.PTR)
 		if !ok {
 			continue
 		}
 
-		if ptr.Hdr.Ttl > ttlSec {
+		// Respect zero TTL records since some DNS servers use it to
+		// locally-resolved addresses.
+		//
+		// See https://github.com/AdguardTeam/AdGuardHome/issues/6046.
+		if ptr.Hdr.Ttl >= ttlSec {
 			host = ptr.Ptr
 			ttlSec = ptr.Hdr.Ttl
 		}
@@ -465,6 +472,7 @@ func (s *Server) filterOurDNSAddrs(addrs []string) (filtered []string, err error
 	}
 
 	ourAddrsSet := stringutil.NewSet(ourAddrs...)
+	log.Debug("dnsforward: filtering out %s", ourAddrsSet.String())
 
 	// TODO(e.burkov): The approach of subtracting sets of strings is not
 	// really applicable here since in case of listening on all network
@@ -501,7 +509,7 @@ func (s *Server) setupLocalResolvers() (err error) {
 		PreferIPv6: s.conf.BootstrapPreferIPv6,
 	})
 	if err != nil {
-		return fmt.Errorf("parsing private upstreams: %w", err)
+		return fmt.Errorf("preparing private upstreams: %w", err)
 	}
 
 	s.localResolvers = &proxy.Proxy{

internal/dnsforward/dnsforward_test.go

@@ -72,13 +72,6 @@ func startDeferStop(t *testing.T, s *Server) {
 	testutil.CleanupAndRequireSuccess(t, s.Stop)
 }
 
-// packageUpstreamVariableMu is used to serialize access to the package-level
-// variables of package upstream.
-//
-// TODO(s.chzhen): Move these parameters to upstream options and remove this
-// crutch.
-var packageUpstreamVariableMu = &sync.Mutex{}
-
 func createTestServer(
 	t *testing.T,
 	filterConf *filtering.Config,
@@ -87,9 +80,6 @@ func createTestServer(
 ) (s *Server) {
 	t.Helper()
 
-	packageUpstreamVariableMu.Lock()
-	defer packageUpstreamVariableMu.Unlock()
-
 	rules := `||nxdomain.example.org
 ||NULL.example.org^
 127.0.0.1	host.example.org
@@ -1374,6 +1364,24 @@ func TestServer_Exchange(t *testing.T) {
 	refusingUpstream := aghtest.NewUpstreamMock(func(req *dns.Msg) (resp *dns.Msg, err error) {
 		return new(dns.Msg).SetRcode(req, dns.RcodeRefused), nil
 	})
+	zeroTTLUps := &aghtest.UpstreamMock{
+		OnAddress: func() (addr string) { return "zero.ttl.example" },
+		OnExchange: func(req *dns.Msg) (resp *dns.Msg, err error) {
+			resp = new(dns.Msg).SetReply(req)
+			hdr := dns.RR_Header{
+				Name:   req.Question[0].Name,
+				Rrtype: dns.TypePTR,
+				Class:  dns.ClassINET,
+				Ttl:    0,
+			}
+			resp.Answer = []dns.RR{&dns.PTR{
+				Hdr: hdr,
+				Ptr: localDomainHost,
+			}}
+
+			return resp, nil
+		},
+	}
 
 	srv := &Server{
 		recDetector: newRecursionDetector(0, 1),
@@ -1445,6 +1453,13 @@ func TestServer_Exchange(t *testing.T) {
 		locUpstream: nil,
 		req:         twosIP,
 		wantTTL:     defaultTTL * 2,
+	}, {
+		name:        "zero_ttl",
+		want:        localDomainHost,
+		wantErr:     nil,
+		locUpstream: zeroTTLUps,
+		req:         localIP,
+		wantTTL:     0,
 	}}
 
 	for _, tc := range testCases {
@@ -1468,6 +1483,7 @@ func TestServer_Exchange(t *testing.T) {
 
 	t.Run("resolving_disabled", func(t *testing.T) {
 		srv.conf.UsePrivateRDNS = false
+		t.Cleanup(func() { srv.conf.UsePrivateRDNS = true })
 
 		host, _, eerr := srv.Exchange(localIP)
 

internal/dnsforward/filter.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/AdguardTeam/AdGuardHome/internal/aghnet"
 	"github.com/AdguardTeam/AdGuardHome/internal/filtering"
 	"github.com/AdguardTeam/dnsproxy/proxy"
 	"github.com/AdguardTeam/golibs/log"
@@ -33,9 +34,9 @@ func (s *Server) beforeRequestHandler(
 	if len(pctx.Req.Question) == 1 {
 		q := pctx.Req.Question[0]
 		qt := q.Qtype
-		host := strings.TrimSuffix(q.Name, ".")
+		host := aghnet.NormalizeDomain(q.Name)
 		if s.access.isBlockedHost(host, qt) {
-			log.Debug("request %s %s is in access blocklist", dns.Type(qt), host)
+			log.Debug("access: request %s %s is in access blocklist", dns.Type(qt), host)
 
 			return s.preBlockedResponse(pctx)
 		}
@@ -79,7 +80,12 @@ func (s *Server) filterDNSRequest(dctx *dnsContext) (res *filtering.Result, err
 	res = &resVal
 	switch {
 	case res.IsFiltered:
-		log.Tracef("host %q is filtered, reason %q, rule: %q", host, res.Reason, res.Rules[0].Text)
+		log.Debug(
+			"dnsforward: host %q is filtered, reason: %q; rule: %q",
+			host,
+			res.Reason,
+			res.Rules[0].Text,
+		)
 		pctx.Res = s.genDNSFilterMessage(pctx, res)
 	case res.Reason.In(filtering.Rewritten, filtering.RewrittenRule) &&
 		res.CanonName != "" &&
@@ -189,7 +195,7 @@ func (s *Server) filterDNSResponse(
 			continue
 		} else if res.IsFiltered {
 			pctx.Res = s.genDNSFilterMessage(pctx, res)
-			log.Debug("DNSFwd: Matched %s by response: %s", pctx.Req.Question[0].Name, host)
+			log.Debug("dnsforward: matched %q by response: %q", pctx.Req.Question[0].Name, host)
 
 			return res, nil
 		}

internal/dnsforward/process.go

@@ -719,6 +719,8 @@ func (s *Server) processLocalPTR(dctx *dnsContext) (rc resultCode) {
 	if s.conf.UsePrivateRDNS {
 		s.recDetector.add(*pctx.Req)
 		if err := s.localResolvers.Resolve(pctx); err != nil {
+			log.Debug("dnsforward: resolving private address: %s", err)
+
 			// Generate the server failure if the private upstream configuration
 			// is empty.
 			//

internal/dnsforward/upstreams.go

@@ -42,16 +42,6 @@ func (s *Server) loadUpstreams() (upstreams []string, err error) {
 
 // prepareUpstreamSettings sets upstream DNS server settings.
 func (s *Server) prepareUpstreamSettings() (err error) {
-	// Use a customized set of RootCAs, because Go's default mechanism of
-	// loading TLS roots does not always work properly on some routers so we're
-	// loading roots manually and pass it here.
-	//
-	// See [aghtls.SystemRootCAs].
-	//
-	// TODO(a.garipov): Investigate if that's true.
-	upstream.RootCAs = s.conf.TLSv12Roots
-	upstream.CipherSuites = s.conf.TLSCiphers
-
 	// Load upstreams either from the file, or from the settings
 	var upstreams []string
 	upstreams, err = s.loadUpstreams()
@@ -64,6 +54,15 @@ func (s *Server) prepareUpstreamSettings() (err error) {
 		Timeout:      s.conf.UpstreamTimeout,
 		HTTPVersions: UpstreamHTTPVersions(s.conf.UseHTTP3Upstreams),
 		PreferIPv6:   s.conf.BootstrapPreferIPv6,
+		// Use a customized set of RootCAs, because Go's default mechanism of
+		// loading TLS roots does not always work properly on some routers so we're
+		// loading roots manually and pass it here.
+		//
+		// See [aghtls.SystemRootCAs].
+		//
+		// TODO(a.garipov): Investigate if that's true.
+		RootCAs:      s.conf.TLSv12Roots,
+		CipherSuites: s.conf.TLSCiphers,
 	})
 	if err != nil {
 		return fmt.Errorf("preparing upstream config: %w", err)

internal/filtering/servicelist.go

@@ -253,6 +253,30 @@ var blockedServices = []blockedService{{
 		"||z.cn^",
 		"||zappos^",
 	},
+}, {
+	ID:      "apple_streaming",
+	Name:    "Apple Streaming",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 0 50 50\"><path d=\"M33.375 0c-2.836.191-5.871 1.879-7.75 4.156-1.645 2.004-3.023 4.946-2.5 8-.469-.144-.895-.16-1.406-.344-1.395-.496-2.989-1.03-4.969-1.03-3.934 0-7.96 2.34-10.5 6.25C2.555 22.71 3.297 32.706 8.906 41.25c.989 1.5 2.14 3.137 3.563 4.438 1.422 1.3 3.14 2.292 5.156 2.312 1.723.02 2.922-.555 4-1.031 1.078-.477 2.082-.899 3.969-.907h.031c1.879-.015 2.852.399 3.906.876 1.055.476 2.242 1.078 3.969 1.062 2.055-.016 3.8-1.14 5.25-2.531 1.45-1.39 2.64-3.098 3.625-4.594 1.41-2.148 1.977-3.32 3.063-5.719a1.001 1.001 0 0 0-.563-1.344C41.32 32.47 39.293 29.325 39 26c-.293-3.324 1.113-6.746 4.656-8.688a1 1 0 0 0 .508-.675 1.007 1.007 0 0 0-.195-.825c-2.543-3.16-6.121-5.03-9.625-5.03-2.235 0-3.875.527-5.219 1.03-.223.086-.387.079-.594.157 1.364-.719 2.567-1.715 3.469-2.875 1.64-2.106 2.906-5.102 2.438-8.25A.999.999 0 0 0 33.374 0Zm-1.063 2.375c-.066 2.02-.757 3.996-1.906 5.469-1.203 1.547-3.226 2.617-5.187 2.937.035-1.941.8-3.953 1.968-5.375 1.227-1.484 3.258-2.554 5.125-3.031ZM16.75 12.781c1.613 0 2.906.418 4.281.906 1.375.489 2.824 1.063 4.532 1.063 1.667 0 2.988-.578 4.28-1.063 1.294-.484 2.583-.906 4.5-.906 2.505 0 5.212 1.301 7.344 3.563-3.414 2.41-5.011 6.168-4.687 9.812.324 3.684 2.543 7.18 6.188 9-.79 1.719-1.31 2.856-2.47 4.625-.956 1.457-2.093 3.051-3.343 4.25-1.25 1.2-2.574 1.957-3.906 1.969-1.285.012-2.016-.371-3.125-.875-1.11-.504-2.543-1.082-4.75-1.063-2.203.012-3.657.567-4.782 1.063s-1.863.887-3.156.875c-1.367-.012-2.636-.676-3.843-1.781-1.208-1.106-2.297-2.614-3.25-4.063-5.25-8-5.672-17.398-2.657-22.031 2.211-3.402 5.723-5.344 8.844-5.344Z\"/></svg>"),
+	Rules: []string{
+		"||applemusic.apple^",
+		"||hls-svod-aoc-ve.itunes.g.aaplimg.com^",
+		"||itun.es^",
+		"||itunes.apple.com^",
+		"||itunes.ca^",
+		"||itunes.co.th^",
+		"||itunes.co^",
+		"||itunes.com^",
+		"||itunes.es^",
+		"||itunes.g.aaplimg.com^",
+		"||itunes.hk^",
+		"||itunes.mx^",
+		"||itunes.org^",
+		"||itunes.us^",
+		"||music.apple.com^",
+		"||tv.apple.com^",
+		"||tv.g.apple.com^",
+		"||tv.v.aaplimg.com^",
+	},
 }, {
 	ID:      "battle_net",
 	Name:    "Battle.net",
@@ -327,6 +351,34 @@ var blockedServices = []blockedService{{
 		"||bnet.cn^",
 		"||lizzard.com^",
 	},
+}, {
+	ID:      "claro",
+	Name:    "Claro",
+	IconSVG: []byte("<svg xmlns=\"http://www.w3.org/2000/svg\" fill=\"currentColor\" viewBox=\"0 -21 67 67\"><path d=\"M49.004 0c.933.01 1.866.002 2.8.003.003 2.842.001 5.684 0 8.525-.934.001-1.867.002-2.8.001 0-2.842-.002-5.686 0-8.529ZM55.2 9.622c2.564-2.63 5.1-5.292 7.662-7.926.657.69 1.334 1.36 1.978 2.064-2.535 2.654-5.096 5.282-7.632 7.933-.68-.679-1.339-1.38-2.008-2.07ZM6.091 8.06a7.942 7.942 0 0 1 2.155-.233c2.405-.058 4.742 1.202 6.232 3.131a8.516 8.516 0 0 1 1.514 3.12c-1.102.004-2.204 0-3.306 0-.486-1.001-1.23-1.893-2.2-2.413a4.756 4.756 0 0 0-1.728-.58c-.565-.012-1.142-.062-1.695.086a4.798 4.798 0 0 0-2.452 1.427c-.859.836-1.434 2.013-1.485 3.243-.11 1.171.105 2.399.749 3.384.619.944 1.494 1.73 2.53 2.135 1.739.666 3.843.265 5.174-1.095a6.18 6.18 0 0 0 1.118-1.604c1.098-.006 2.195-.006 3.292 0-.271 1.202-.863 2.316-1.611 3.27-.513.556-1.016 1.138-1.648 1.552-2.835 2.024-6.953 1.91-9.618-.379-.829-.73-1.586-1.572-2.107-2.57-.96-1.765-1.199-3.886-.859-5.863.286-1.676 1.135-3.22 2.305-4.4.987-1.065 2.25-1.868 3.64-2.21Zm11.58-.234h3.142c0 5.723.003 11.446-.002 17.169-1.047.002-2.093-.002-3.14-.001V7.826Zm9.493 3.417c.596-.125 1.205-.054 1.807-.07.698.062 1.398.166 2.062.41.665.24 1.35.54 1.817 1.111.548.676.742 1.574.785 2.435-.002 3.288.002 6.577-.002 9.866-1.062-.006-2.126.023-3.187-.015-.01-.447.009-.895-.007-1.341-.924.826-2.147 1.207-3.346 1.303-.756.135-1.54.013-2.261-.238a3.151 3.151 0 0 1-1.968-2.1c-.297-1.042-.235-2.183.112-3.204.377-1.04 1.285-1.78 2.284-2.117 1.28-.469 2.647-.541 3.97-.812.458 0 .91-.294 1.08-.74.123-.486.017-1.096-.397-1.405-.455-.311-1.011-.376-1.543-.392-.473.015-.973.02-1.392.28-.544.32-.788.956-.895 1.564-1.052-.023-2.105.001-3.157-.018.13-1.072.347-2.217 1.09-3.031.777-.943 1.982-1.392 3.148-1.486Zm2.316 7.423c-.622.149-1.234.34-1.866.44-.502.103-1.031.271-1.389.674-.497.608-.533 1.547-.148 2.224.168.31.5.463.809.574.997.2 2.091-.122 2.819-.864.746-.967.614-2.278.612-3.437-.294.097-.53.33-.837.389Zm11.644-7.032c.648-.164 1.284-.44 1.965-.375.007 1.111.065 2.224.043 3.337-.58-.083-1.184-.15-1.752.03-1.225.351-2.25 1.471-2.394 2.801-.008.293-.084.58-.087.873-.002 2.233.003 4.464 0 6.696-1.044-.002-2.09.008-3.134-.006-.012-4.395-.003-8.791.006-13.187 1.012-.01 2.023.03 3.035.068.001.543-.013 1.086.006 1.63.592-.819 1.369-1.527 2.312-1.867Zm7.824-.34c.466-.049.94-.095 1.409-.055 2.817.037 5.389 2.29 6.06 5.1.58 2.296.017 4.946-1.66 6.612-.97 1.086-2.302 1.823-3.714 2.044-.681.006-1.362.002-2.042.001-2.033-.296-3.8-1.735-4.802-3.557-1.042-2-1.046-4.535-.024-6.545.97-1.849 2.736-3.299 4.773-3.6Zm.253 3.255c-.938.22-1.737.902-2.215 1.757-.714 1.244-.6 2.94.29 4.06.907 1.354 2.77 1.811 4.194 1.117.828-.386 1.46-1.144 1.811-2.002.39-.985.32-2.141-.148-3.084-.492-.954-1.395-1.703-2.436-1.875-.497-.042-1.003-.057-1.496.027Zm9.407.496c2.796 0 5.594-.002 8.392.002-.002.963.002 1.927-.001 2.892-2.797-.004-5.593.006-8.39.001-.004-.965.003-1.93-.002-2.895Z\"/></svg>"),
+	Rules: []string{
+		"||claro.com.ar^",
+		"||claro.com.br^",
+		"||claro.com.co^",
+		"||claro.com.do^",
+		"||claro.com.ec^",
+		"||claro.com.gt^",
+		"||claro.com.hn^",
+		"||claro.com.ni^",
+		"||claro.com.pa^",
+		"||claro.com.pe^",
+		"||claro.com.py^",
+		"||claro.com.sv^",
+		"||claro.com.uy^",
+		"||claro.com^",
+		"||claro.cr^",
+		"||claro.net.br^",
+		"||claro.net.co^",
+		"||clarochile.cl^",
+		"||claromusica.com^",
+		"||claropr.com^",
+		"||clarovideo.com^",
+		"||usclaro.com^",
+	},
 }, {
 	ID:      "cloudflare",
 	Name:    "CloudFlare",
@@ -1505,6 +1557,7 @@ var blockedServices = []blockedService{{
 		"||aus.social^",
 		"||awscommunity.social^",
 		"||climatejustice.social^",
+		"||cupoftea.social^",
 		"||cyberplace.social^",
 		"||defcon.social^",
 		"||det.social^",
@@ -1595,7 +1648,6 @@ var blockedServices = []blockedService{{
 		"||toot.io^",
 		"||toot.wales^",
 		"||troet.cafe^",
-		"||twingyeo.kr^",
 		"||union.place^",
 		"||universeodon.com^",
 		"||urbanists.social^",

internal/home/dns.go

@@ -254,6 +254,7 @@ func newServerConfig(
 		Exchanger:        Context.dnsServer,
 		AddressUpdater:   &Context.clients,
 		InitialAddresses: initialAddresses,
+		CatchPanics:      true,
 		UseRDNS:          config.Clients.Sources.RDNS,
 		UseWHOIS:         config.Clients.Sources.WHOIS,
 	}

internal/querylog/decode_test.go

@@ -127,7 +127,7 @@ func TestDecodeLogEntry(t *testing.T) {
 	}, {
 		name: "bad_time",
 		log:  `{"IP":"127.0.0.1","T":"12/09/1998T15:00:00.000000+05:00","QH":"an.yandex.ru","QT":"A","QC":"IN","CP":"","Answer":"Qz+BgAABAAEAAAAAAmFuBnlhbmRleAJydQAAAQABwAwAAQABAAAACgAEAAAAAA==","Result":{"IsFiltered":true,"Reason":3},"Elapsed":837429}`,
-		want: "decodeLogEntry handler err: parsing time \"12/09/1998T15:00:00.000000+05:00\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"9/1998T15:00:00.000000+05:00\" as \"2006\"\n",
+		want: "decodeLogEntry handler err: parsing time \"12/09/1998T15:00:00.000000+05:00\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"12/09/1998T15:00:00.000000+05:00\" as \"2006\"\n",
 	}, {
 		name: "bad_host",
 		log:  `{"IP":"127.0.0.1","T":"2020-11-25T18:55:56.519796+03:00","QH":6,"QT":"A","QC":"IN","CP":"","Answer":"Qz+BgAABAAEAAAAAAmFuBnlhbmRleAJydQAAAQABwAwAAQABAAAACgAEAAAAAA==","Result":{"IsFiltered":true,"Reason":3},"Elapsed":837429}`,

internal/rdns/rdns.go

@@ -101,6 +101,8 @@ func (r *Default) Process(ip netip.Addr) (host string, changed bool) {
 		log.Debug("rdns: cache: adding item %q: %s", ip, err)
 	}
 
+	// TODO(e.burkov):  The name doesn't change if it's neither stored in cache
+	// nor resolved successfully.  Is it correct?
 	return host, fromCache == "" || host != fromCache
 }
 

internal/rdns/rdns_test.go

@@ -25,11 +25,6 @@ func TestDefault_Process(t *testing.T) {
 	localRevAddr1, err := netutil.IPToReversedAddr(localIP.AsSlice())
 	require.NoError(t, err)
 
-	config := &rdns.Config{
-		CacheSize: 100,
-		CacheTTL:  time.Hour,
-	}
-
 	testCases := []struct {
 		name string
 		addr netip.Addr
@@ -60,21 +55,21 @@ func TestDefault_Process(t *testing.T) {
 
 				switch ip {
 				case ip1:
-					return revAddr1, 0, nil
+					return revAddr1, time.Hour, nil
 				case ip2:
-					return revAddr2, 0, nil
+					return revAddr2, time.Hour, nil
 				case localIP:
-					return localRevAddr1, 0, nil
+					return localRevAddr1, time.Hour, nil
 				default:
-					return "", 0, nil
+					return "", time.Hour, nil
 				}
 			}
-			exchanger := &aghtest.Exchanger{
-				OnExchange: onExchange,
-			}
 
-			config.Exchanger = exchanger
-			r := rdns.New(config)
+			r := rdns.New(&rdns.Config{
+				CacheSize: 100,
+				CacheTTL:  time.Hour,
+				Exchanger: &aghtest.Exchanger{OnExchange: onExchange},
+			})
 
 			got, changed := r.Process(tc.addr)
 			require.True(t, changed)
@@ -90,4 +85,40 @@ func TestDefault_Process(t *testing.T) {
 			assert.Equal(t, 1, hit)
 		})
 	}
+
+	t.Run("zero_ttl", func(t *testing.T) {
+		const cacheTTL = time.Second / 2
+
+		zeroTTLExchanger := &aghtest.Exchanger{
+			OnExchange: func(ip netip.Addr) (host string, ttl time.Duration, err error) {
+				return revAddr1, 0, nil
+			},
+		}
+
+		r := rdns.New(&rdns.Config{
+			CacheSize: 1,
+			CacheTTL:  cacheTTL,
+			Exchanger: zeroTTLExchanger,
+		})
+
+		got, changed := r.Process(ip1)
+		require.True(t, changed)
+		assert.Equal(t, revAddr1, got)
+
+		zeroTTLExchanger.OnExchange = func(ip netip.Addr) (host string, ttl time.Duration, err error) {
+			return revAddr2, time.Hour, nil
+		}
+
+		require.EventuallyWithT(t, func(t *assert.CollectT) {
+			got, changed = r.Process(ip1)
+			assert.True(t, changed)
+			assert.Equal(t, revAddr2, got)
+		}, 2*cacheTTL, time.Millisecond*100)
+
+		assert.Never(t, func() (changed bool) {
+			_, changed = r.Process(ip1)
+
+			return changed
+		}, 2*cacheTTL, time.Millisecond*100)
+	})
 }

internal/tools/go.mod

@@ -1,6 +1,6 @@
 module github.com/AdguardTeam/AdGuardHome/internal/tools
 
-go 1.19
+go 1.20
 
 require (
 	github.com/fzipp/gocyclo v0.6.0
@@ -10,7 +10,7 @@ require (
 	github.com/kyoh86/looppointer v0.2.1
 	github.com/securego/gosec/v2 v2.16.0
 	github.com/uudashr/gocognit v1.0.7
-	golang.org/x/tools v0.11.0
+	golang.org/x/tools v0.11.1
 	golang.org/x/vuln v1.0.0
 	// TODO(a.garipov): Return to tagged releases once a new one appears.
 	honnef.co/go/tools v0.5.0-0.dev.0.20230709092525-bc759185c5ee
@@ -27,7 +27,7 @@ require (
 	github.com/nbutton23/zxcvbn-go v0.0.0-20210217022336-fa2cb2858354 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	golang.org/x/exp v0.0.0-20230321023759-10a507213a29 // indirect
-	golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090 // indirect
+	golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b // indirect
 	golang.org/x/mod v0.12.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
 	golang.org/x/sys v0.10.0 // indirect

internal/tools/go.sum

@@ -52,8 +52,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29 h1:ooxPy7fPvB4kwsA2h+iBNHkAbp/4JxTSwCmvdjEYmug=
 golang.org/x/exp v0.0.0-20230321023759-10a507213a29/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc=
-golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090 h1:qOYhjyK9OeXREdh7Zrta8JRvnmnFIzhkosQpp+852Ag=
-golang.org/x/exp/typeparams v0.0.0-20230725093048-515e97ebf090/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b h1:3dfup1Bt5y1sKG6rbyAX4qNymwAtJcqx+Aqm1DPP/Qg=
+golang.org/x/exp/typeparams v0.0.0-20230801115018-d63ba01acd4b/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
@@ -96,8 +96,8 @@ golang.org/x/tools v0.0.0-20201007032633-0806396f153e/go.mod h1:z6u4i615ZeAfBE4X
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4=
-golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8=
-golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
+golang.org/x/tools v0.11.1 h1:ojD5zOW8+7dOGzdnNgersm8aPfcDjhMp12UfG93NIMc=
+golang.org/x/tools v0.11.1/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
 golang.org/x/vuln v1.0.0 h1:tYLAU3jD9LQr98Y+3el06lWyGMCnvzw06PIWP3LIy7g=
 golang.org/x/vuln v1.0.0/go.mod h1:V0eyhHwaAaHrt42J9bgrN6rd12f6GU4T0Lu0ex2wDg4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=