Pull request: all: add $dnsrewrite handling

Merge in DNS/adguard-home from 2102-dnsrewrite to master Updates #2102. Squashed commit of the following: commit 8490fc18179d38c4b162ff9b257fea1f8535afbd Merge: d9448ddca e7f7799b3 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Dec 21 16:44:00 2020 +0300 Merge branch 'master' into 2102-dnsrewrite commit d9448ddca6d4ef3635d767e3e496e44c35d3fc6e Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Dec 21 15:44:54 2020 +0300 querylog: support dnsrewrite rules commit 40aa5d30acddf29fb90d249d8806941c6e1915a4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Dec 18 19:27:40 2020 +0300 all: improve documentation commit f776a0cd63b1640ba1e5210d9301e2a2801fd824 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Dec 18 19:09:08 2020 +0300 dnsfilter: prevent panics, improve docs commit e14073b7500d9ed827a151c5b8fb863c980c10e8 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Fri Dec 4 15:51:02 2020 +0300 all: add $dnsrewrite handling
2020-12-21 17:48:07 +03:00
parent e7f7799b3e
commit bdff46ec1d
23 changed files with 1009 additions and 169 deletions
--- a/internal/dnsforward/dns.go
+++ b/internal/dnsforward/dns.go
@@ -366,7 +366,9 @@ func processFilteringAfterResponse(ctx *dnsContext) int {
 	var err error

 	switch res.Reason {
-	case dnsfilter.ReasonRewrite:
+	case dnsfilter.ReasonRewrite,
+		dnsfilter.DNSRewriteRule:
+
 		if len(ctx.origQuestion.Name) == 0 {
 			// origQuestion is set in case we get only CNAME without IP from rewrites table
 			break
@@ -378,11 +380,11 @@ func processFilteringAfterResponse(ctx *dnsContext) int {
 		if len(d.Res.Answer) != 0 {
 			answer := []dns.RR{}
 			answer = append(answer, s.genCNAMEAnswer(d.Req, res.CanonName))
-			answer = append(answer, d.Res.Answer...) // host -> IP
+			answer = append(answer, d.Res.Answer...)
 			d.Res.Answer = answer
 		}

-	case dnsfilter.NotFilteredWhiteList:
+	case dnsfilter.NotFilteredAllowList:
 		// nothing

 	default:
--- a/internal/dnsforward/dnsrewrite.go
+++ b/internal/dnsforward/dnsrewrite.go
@@ -0,0 +1,79 @@
+package dnsforward
+
+import (
+	"fmt"
+	"net"
+
+	"github.com/AdguardTeam/AdGuardHome/internal/agherr"
+	"github.com/AdguardTeam/AdGuardHome/internal/dnsfilter"
+	"github.com/AdguardTeam/dnsproxy/proxy"
+	"github.com/AdguardTeam/golibs/log"
+	"github.com/AdguardTeam/urlfilter/rules"
+	"github.com/miekg/dns"
+)
+
+// filterDNSRewriteResponse handles a single DNS rewrite response entry.
+// It returns the constructed answer resource record.
+func (s *Server) filterDNSRewriteResponse(req *dns.Msg, rr rules.RRType, v rules.RRValue) (ans dns.RR, err error) {
+	switch rr {
+	case dns.TypeA, dns.TypeAAAA:
+		ip, ok := v.(net.IP)
+		if !ok {
+			return nil, fmt.Errorf("value has type %T, not net.IP", v)
+		}
+
+		if rr == dns.TypeA {
+			return s.genAAnswer(req, ip.To4()), nil
+		}
+
+		return s.genAAAAAnswer(req, ip), nil
+	case dns.TypeTXT:
+		str, ok := v.(string)
+		if !ok {
+			return nil, fmt.Errorf("value has type %T, not string", v)
+		}
+
+		return s.genTXTAnswer(req, []string{str}), nil
+	default:
+		log.Debug("don't know how to handle dns rr type %d, skipping", rr)
+
+		return nil, nil
+	}
+}
+
+// filterDNSRewrite handles dnsrewrite filters.  It constructs a DNS
+// response and sets it into d.Res.
+func (s *Server) filterDNSRewrite(req *dns.Msg, res dnsfilter.Result, d *proxy.DNSContext) (err error) {
+	resp := s.makeResponse(req)
+	dnsrr := res.DNSRewriteResult
+	if dnsrr == nil {
+		return agherr.Error("no dns rewrite rule content")
+	}
+
+	resp.Rcode = dnsrr.RCode
+	if resp.Rcode != dns.RcodeSuccess {
+		d.Res = resp
+
+		return nil
+	}
+
+	if dnsrr.Response == nil {
+		return agherr.Error("no dns rewrite rule responses")
+	}
+
+	rr := req.Question[0].Qtype
+	values := dnsrr.Response[rr]
+	for i, v := range values {
+		var ans dns.RR
+		ans, err = s.filterDNSRewriteResponse(req, rr, v)
+		if err != nil {
+			return fmt.Errorf("dns rewrite response for %d[%d]: %w", rr, i, err)
+		}
+
+		resp.Answer = append(resp.Answer, ans)
+	}
+
+	d.Res = resp
+
+	return nil
+}
--- a/internal/dnsforward/filter.go
+++ b/internal/dnsforward/filter.go
@@ -42,7 +42,8 @@ func (s *Server) getClientRequestFilteringSettings(d *proxy.DNSContext) *dnsfilt
 	return &setts
 }

-// filterDNSRequest applies the dnsFilter and sets d.Res if the request was filtered
+// filterDNSRequest applies the dnsFilter and sets d.Res if the request
+// was filtered.
 func (s *Server) filterDNSRequest(ctx *dnsContext) (*dnsfilter.Result, error) {
 	d := ctx.proxyCtx
 	req := d.Req
@@ -54,9 +55,13 @@ func (s *Server) filterDNSRequest(ctx *dnsContext) (*dnsfilter.Result, error) {
 	} else if res.IsFiltered {
 		log.Tracef("Host %s is filtered, reason - %q, matched rule: %q", host, res.Reason, res.Rules[0].Text)
 		d.Res = s.genDNSFilterMessage(d, &res)
-	} else if res.Reason == dnsfilter.ReasonRewrite && len(res.CanonName) != 0 && len(res.IPList) == 0 {
+	} else if res.Reason.In(dnsfilter.ReasonRewrite, dnsfilter.DNSRewriteRule) &&
+		res.CanonName != "" &&
+		len(res.IPList) == 0 {
+		// Resolve the new canonical name, not the original host
+		// name.  The original question is readded in
+		// processFilteringAfterResponse.
 		ctx.origQuestion = d.Req.Question[0]
-		// resolve canonical name, not the original host name
 		d.Req.Question[0].Name = dns.Fqdn(res.CanonName)
 	} else if res.Reason == dnsfilter.RewriteAutoHosts && len(res.ReverseHosts) != 0 {
 		resp := s.makeResponse(req)
@@ -99,6 +104,11 @@ func (s *Server) filterDNSRequest(ctx *dnsContext) (*dnsfilter.Result, error) {
 		}

 		d.Res = resp
+	} else if res.Reason == dnsfilter.DNSRewriteRule {
+		err = s.filterDNSRewrite(req, res, d)
+		if err != nil {
+			return nil, err
+		}
 	}

 	return &res, err
--- a/internal/dnsforward/msg.go
+++ b/internal/dnsforward/msg.go
@@ -11,12 +11,17 @@ import (
 )

 // Create a DNS response by DNS request and set necessary flags
-func (s *Server) makeResponse(req *dns.Msg) *dns.Msg {
-	resp := dns.Msg{}
+func (s *Server) makeResponse(req *dns.Msg) (resp *dns.Msg) {
+	resp = &dns.Msg{
+		MsgHdr: dns.MsgHdr{
+			RecursionAvailable: true,
+		},
+		Compress: true,
+	}
+
 	resp.SetReply(req)
-	resp.RecursionAvailable = true
-	resp.Compress = true
-	return &resp
+
+	return resp
 }

 // genDNSFilterMessage generates a DNS message corresponding to the filtering result
@@ -121,6 +126,18 @@ func (s *Server) genAAAAAnswer(req *dns.Msg, ip net.IP) *dns.AAAA {
 	return answer
 }

+func (s *Server) genTXTAnswer(req *dns.Msg, strs []string) (answer *dns.TXT) {
+	return &dns.TXT{
+		Hdr: dns.RR_Header{
+			Name:   req.Question[0].Name,
+			Rrtype: dns.TypeTXT,
+			Ttl:    s.conf.BlockedResponseTTL,
+			Class:  dns.ClassINET,
+		},
+		Txt: strs,
+	}
+}
+
 // generate DNS response message with an IP address
 func (s *Server) genResponseWithIP(req *dns.Msg, ip net.IP) *dns.Msg {
 	if req.Question[0].Qtype == dns.TypeA && ip.To4() != nil {
--- a/internal/dnsforward/stats.go
+++ b/internal/dnsforward/stats.go
@@ -91,7 +91,7 @@ func (s *Server) updateStats(d *proxy.DNSContext, elapsed time.Duration, res dns
 	case dnsfilter.FilteredSafeSearch:
 		e.Result = stats.RSafeSearch

-	case dnsfilter.FilteredBlackList:
+	case dnsfilter.FilteredBlockList:
 		fallthrough
 	case dnsfilter.FilteredInvalid:
 		fallthrough