Pull request 2076: 1660-disable-plain

Updates #1660. Squashed commit of the following: commit d928a00b7c77a33717fe3e77aace1f1b41a960d2 Merge: 38e401d78 0f5e8ca56 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Nov 22 13:39:34 2023 +0300 Merge branch 'master' into 1660-disable-plain commit 38e401d7827ce1ea190b5328cadb3bb0ff5a5cba Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Nov 21 20:17:53 2023 +0300 dnsforward: imp validation commit f9e99cec209078128fef1b147294c7abe3f6ae70 Merge: cb7529682 c8f1112d4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Nov 20 16:02:31 2023 +0300 Merge branch 'master' into 1660-disable-plain commit cb75296821cae594e8c4d17dfdd8be2190aee7f7 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Nov 17 14:20:02 2023 +0300 all: add serve_plain_dns
2023-11-22 13:49:02 +03:00
parent 0f5e8ca56f
commit 73358263e8
12 changed files with 94 additions and 21 deletions
--- a/internal/home/config.go
+++ b/internal/home/config.go
@@ -228,6 +228,9 @@ type dnsConfig struct {
 	// TODO(a.garipov): Add to the UI when HTTP/3 support is no longer
 	// experimental.
 	UseHTTP3Upstreams bool `yaml:"use_http3_upstreams"`
+
+	// ServePlainDNS defines if plain DNS is allowed for incoming requests.
+	ServePlainDNS bool `yaml:"serve_plain_dns"`
 }

 type tlsConfigSettings struct {
@@ -335,6 +338,7 @@ var config = &configuration{
 		},
 		UpstreamTimeout: timeutil.Duration{Duration: dnsforward.DefaultTimeout},
 		UsePrivateRDNS:  true,
+		ServePlainDNS:   true,
 	},
 	TLS: tlsConfigSettings{
 		PortHTTPS:       defaultPortHTTPS,
--- a/internal/home/dns.go
+++ b/internal/home/dns.go
@@ -142,9 +142,12 @@ func initDNSServer(
 		EtcHosts:    Context.etcHosts,
 		LocalDomain: config.DHCP.LocalDomainName,
 	})
+	defer func() {
+		if err != nil {
+			closeDNSServer()
+		}
+	}()
 	if err != nil {
-		closeDNSServer()
-
 		return fmt.Errorf("dnsforward.NewServer: %w", err)
 	}

@@ -152,15 +155,11 @@ func initDNSServer(

 	dnsConf, err := newServerConfig(&config.DNS, config.Clients.Sources, tlsConf, httpReg)
 	if err != nil {
-		closeDNSServer()
-
 		return fmt.Errorf("newServerConfig: %w", err)
 	}

 	err = Context.dnsServer.Prepare(dnsConf)
 	if err != nil {
-		closeDNSServer()
-
 		return fmt.Errorf("dnsServer.Prepare: %w", err)
 	}

@@ -253,6 +252,7 @@ func newServerConfig(
 		UsePrivateRDNS:         dnsConf.UsePrivateRDNS,
 		ServeHTTP3:             dnsConf.ServeHTTP3,
 		UseHTTP3Upstreams:      dnsConf.UseHTTP3Upstreams,
+		ServePlainDNS:          dnsConf.ServePlainDNS,
 	}

 	var initialAddresses []netip.Addr