Pull request: AG-25263 dns config
Merge in DNS/adguard-home from AG-25263-dns-config to master Squashed commit of the following: commit 478b607526391af65de67d6d7f1d904198610cdf Merge: b944d12fa51340adb3Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Mon Sep 4 18:04:56 2023 +0400 Merge remote-tracking branch 'origin/master' into AG-25263-dns-config commit b944d12fa812b05b9d9f22d2287425ca36630329 Merge: b474f712f0182b9ec1Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Fri Sep 1 09:13:36 2023 +0400 Merge remote-tracking branch 'origin/master' into AG-25263-dns-config # Conflicts: # internal/dnsforward/dnsforward.go commit b474f712f64daa1a7d7e32d89edc901d2f273c9a Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Fri Sep 1 09:11:17 2023 +0400 all: imp code commit 635a316b8244f13d90a8fe2209f1673c0765aaa9 Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Aug 30 16:18:25 2023 +0300 all: dnsfilter rm config embed commit 5aa6212e89bc38e3d283b8d6b1a78726d10b3f3a Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Wed Aug 30 12:45:01 2023 +0300 all: dnsfilter rm config embed
This commit is contained in:
Dimitry Kolyshev
@@ -492,9 +492,9 @@ func (s *Server) UpdatedProtectionStatus() (enabled bool, disabledUntil *time.Ti
|
||||
s.serverLock.RLock()
|
||||
defer s.serverLock.RUnlock()
|
||||
|
||||
disabledUntil = s.dnsFilter.ProtectionDisabledUntil
|
||||
enabled, disabledUntil = s.dnsFilter.ProtectionStatus()
|
||||
if disabledUntil == nil {
|
||||
return s.dnsFilter.ProtectionEnabled, nil
|
||||
return enabled, nil
|
||||
}
|
||||
|
||||
if time.Now().Before(*disabledUntil) {
|
||||
@@ -526,8 +526,7 @@ func (s *Server) enableProtectionAfterPause() {
|
||||
s.serverLock.Lock()
|
||||
defer s.serverLock.Unlock()
|
||||
|
||||
s.dnsFilter.ProtectionEnabled = true
|
||||
s.dnsFilter.ProtectionDisabledUntil = nil
|
||||
s.dnsFilter.SetProtectionStatus(true, nil)
|
||||
|
||||
log.Info("dns: protection is restarted after pause")
|
||||
}
|
||||
|
||||
@@ -544,11 +544,8 @@ func (s *Server) Prepare(conf *ServerConfig) (err error) {
|
||||
|
||||
// dnsFilter can be nil during application update.
|
||||
if s.dnsFilter != nil {
|
||||
err = validateBlockingMode(
|
||||
s.dnsFilter.BlockingMode,
|
||||
s.dnsFilter.BlockingIPv4,
|
||||
s.dnsFilter.BlockingIPv6,
|
||||
)
|
||||
mode, bIPv4, bIPv6 := s.dnsFilter.BlockingMode()
|
||||
err = validateBlockingMode(mode, bIPv4, bIPv6)
|
||||
if err != nil {
|
||||
return fmt.Errorf("checking blocking mode: %w", err)
|
||||
}
|
||||
|
||||
@@ -105,10 +105,6 @@ func createTestServer(
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
if s.dnsFilter.BlockingMode == "" {
|
||||
s.dnsFilter.BlockingMode = filtering.BlockingModeDefault
|
||||
}
|
||||
|
||||
err = s.Prepare(&forwardConf)
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -178,7 +174,9 @@ func createTestTLS(t *testing.T, tlsConf TLSConfig) (s *Server, certPem []byte)
|
||||
var keyPem []byte
|
||||
_, certPem, keyPem = createServerTLSConfig(t)
|
||||
|
||||
s = createTestServer(t, &filtering.Config{}, ServerConfig{
|
||||
s = createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, ServerConfig{
|
||||
UDPListenAddrs: []*net.UDPAddr{{}},
|
||||
TCPListenAddrs: []*net.TCPAddr{{}},
|
||||
Config: Config{
|
||||
@@ -351,9 +349,8 @@ func TestServer_timeout(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
s, err := NewServer(DNSCreateParams{DNSFilter: &filtering.DNSFilter{}})
|
||||
s, err := NewServer(DNSCreateParams{DNSFilter: createTestDNSFilter(t)})
|
||||
require.NoError(t, err)
|
||||
s.dnsFilter.BlockingMode = filtering.BlockingModeDefault
|
||||
|
||||
err = s.Prepare(srvConf)
|
||||
require.NoError(t, err)
|
||||
@@ -362,10 +359,9 @@ func TestServer_timeout(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("default", func(t *testing.T) {
|
||||
s, err := NewServer(DNSCreateParams{DNSFilter: &filtering.DNSFilter{}})
|
||||
s, err := NewServer(DNSCreateParams{DNSFilter: createTestDNSFilter(t)})
|
||||
require.NoError(t, err)
|
||||
|
||||
s.dnsFilter.BlockingMode = filtering.BlockingModeDefault
|
||||
s.conf.Config.EDNSClientSubnet = &EDNSClientSubnet{
|
||||
Enabled: false,
|
||||
}
|
||||
@@ -377,7 +373,9 @@ func TestServer_timeout(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServerWithProtectionDisabled(t *testing.T) {
|
||||
s := createTestServer(t, &filtering.Config{}, ServerConfig{
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, ServerConfig{
|
||||
UDPListenAddrs: []*net.UDPAddr{{}},
|
||||
TCPListenAddrs: []*net.TCPAddr{{}},
|
||||
Config: Config{
|
||||
@@ -490,6 +488,7 @@ func TestSafeSearch(t *testing.T) {
|
||||
}
|
||||
|
||||
filterConf := &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
ProtectionEnabled: true,
|
||||
SafeSearchConf: safeSearchConf,
|
||||
SafeSearchCacheSize: 1000,
|
||||
@@ -564,7 +563,9 @@ func TestSafeSearch(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestInvalidRequest(t *testing.T) {
|
||||
s := createTestServer(t, &filtering.Config{}, ServerConfig{
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, ServerConfig{
|
||||
UDPListenAddrs: []*net.UDPAddr{{}},
|
||||
TCPListenAddrs: []*net.TCPAddr{{}},
|
||||
Config: Config{
|
||||
@@ -631,7 +632,9 @@ func TestServerCustomClientUpstream(t *testing.T) {
|
||||
},
|
||||
},
|
||||
}
|
||||
s := createTestServer(t, &filtering.Config{}, forwardConf, nil)
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, forwardConf, nil)
|
||||
s.conf.GetCustomUpstreamByClient = func(_ string) (conf *proxy.UpstreamConfig, err error) {
|
||||
ups := aghtest.NewUpstreamMock(func(req *dns.Msg) (resp *dns.Msg, err error) {
|
||||
return aghalg.Coalesce(
|
||||
@@ -674,7 +677,9 @@ var testIPv4 = map[string][]net.IP{
|
||||
}
|
||||
|
||||
func TestBlockCNAMEProtectionEnabled(t *testing.T) {
|
||||
s := createTestServer(t, &filtering.Config{}, ServerConfig{
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, ServerConfig{
|
||||
UDPListenAddrs: []*net.UDPAddr{{}},
|
||||
TCPListenAddrs: []*net.TCPAddr{{}},
|
||||
Config: Config{
|
||||
@@ -789,7 +794,9 @@ func TestClientRulesForCNAMEMatching(t *testing.T) {
|
||||
},
|
||||
},
|
||||
}
|
||||
s := createTestServer(t, &filtering.Config{}, forwardConf, nil)
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, forwardConf, nil)
|
||||
s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
|
||||
&aghtest.Upstream{
|
||||
CName: testCNAMEs,
|
||||
@@ -901,8 +908,10 @@ func TestBlockedCustomIP(t *testing.T) {
|
||||
err = s.Prepare(conf)
|
||||
assert.Error(t, err)
|
||||
|
||||
s.dnsFilter.BlockingIPv4 = netip.AddrFrom4([4]byte{0, 0, 0, 1})
|
||||
s.dnsFilter.BlockingIPv6 = netip.MustParseAddr("::1")
|
||||
s.dnsFilter.SetBlockingMode(
|
||||
filtering.BlockingModeCustomIP,
|
||||
netip.AddrFrom4([4]byte{0, 0, 0, 1}),
|
||||
netip.MustParseAddr("::1"))
|
||||
|
||||
err = s.Prepare(conf)
|
||||
require.NoError(t, err)
|
||||
@@ -980,6 +989,7 @@ func TestBlockedBySafeBrowsing(t *testing.T) {
|
||||
ans4, _ := aghtest.HostToIPs(hostname)
|
||||
|
||||
filterConf := &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
ProtectionEnabled: true,
|
||||
SafeBrowsingEnabled: true,
|
||||
SafeBrowsingChecker: sbChecker,
|
||||
|
||||
@@ -34,9 +34,14 @@ func TestServer_FilterDNSRewrite(t *testing.T) {
|
||||
}
|
||||
|
||||
// Helper functions and entities.
|
||||
srv := &Server{
|
||||
dnsFilter: &filtering.DNSFilter{},
|
||||
}
|
||||
srv := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, ServerConfig{
|
||||
Config: Config{
|
||||
EDNSClientSubnet: &EDNSClientSubnet{Enabled: false},
|
||||
},
|
||||
}, nil)
|
||||
|
||||
makeQ := func(qtype rules.RRType) (req *dns.Msg) {
|
||||
return &dns.Msg{
|
||||
Question: []dns.Question{{
|
||||
|
||||
@@ -114,9 +114,7 @@ func (s *Server) getDNSConfig() (c *jsonDNSConfig) {
|
||||
upstreamFile := s.conf.UpstreamDNSFileName
|
||||
bootstraps := stringutil.CloneSliceOrEmpty(s.conf.BootstrapDNS)
|
||||
fallbacks := stringutil.CloneSliceOrEmpty(s.conf.FallbackDNS)
|
||||
blockingMode := s.dnsFilter.BlockingMode
|
||||
blockingIPv4 := s.dnsFilter.BlockingIPv4
|
||||
blockingIPv6 := s.dnsFilter.BlockingIPv6
|
||||
blockingMode, blockingIPv4, blockingIPv6 := s.dnsFilter.BlockingMode()
|
||||
ratelimit := s.conf.Ratelimit
|
||||
|
||||
customIP := s.conf.EDNSClientSubnet.CustomIP
|
||||
@@ -320,11 +318,11 @@ func (s *Server) setConfig(dc *jsonDNSConfig) (shouldRestart bool) {
|
||||
defer s.serverLock.Unlock()
|
||||
|
||||
if dc.BlockingMode != nil {
|
||||
s.dnsFilter.BlockingMode = *dc.BlockingMode
|
||||
if *dc.BlockingMode == filtering.BlockingModeCustomIP {
|
||||
s.dnsFilter.BlockingIPv4 = dc.BlockingIPv4
|
||||
s.dnsFilter.BlockingIPv6 = dc.BlockingIPv6
|
||||
}
|
||||
s.dnsFilter.SetBlockingMode(*dc.BlockingMode, dc.BlockingIPv4, dc.BlockingIPv6)
|
||||
}
|
||||
|
||||
if dc.ProtectionEnabled != nil {
|
||||
s.dnsFilter.SetProtectionEnabled(*dc.ProtectionEnabled)
|
||||
}
|
||||
|
||||
if dc.UpstreamMode != nil {
|
||||
@@ -336,7 +334,6 @@ func (s *Server) setConfig(dc *jsonDNSConfig) (shouldRestart bool) {
|
||||
s.conf.EDNSClientSubnet.CustomIP = dc.EDNSCSCustomIP
|
||||
}
|
||||
|
||||
setIfNotNil(&s.dnsFilter.ProtectionEnabled, dc.ProtectionEnabled)
|
||||
setIfNotNil(&s.conf.EnableDNSSEC, dc.DNSSECEnabled)
|
||||
setIfNotNil(&s.conf.AAAADisabled, dc.DisableIPv6)
|
||||
|
||||
@@ -690,8 +687,8 @@ func (s *Server) parseUpstreamLine(
|
||||
}
|
||||
|
||||
// dnsFilter can be nil during application update.
|
||||
if s.dnsFilter != nil && s.dnsFilter.EtcHosts != nil {
|
||||
recs := s.dnsFilter.EtcHosts.MatchName(extractUpstreamHost(upstreamAddr))
|
||||
if s.dnsFilter != nil {
|
||||
recs := s.dnsFilter.EtcHostsRecords(extractUpstreamHost(upstreamAddr))
|
||||
for _, rec := range recs {
|
||||
opts.ServerIPAddrs = append(opts.ServerIPAddrs, rec.Addr.AsSlice())
|
||||
}
|
||||
@@ -832,8 +829,7 @@ func (s *Server) handleSetProtection(w http.ResponseWriter, r *http.Request) {
|
||||
s.serverLock.Lock()
|
||||
defer s.serverLock.Unlock()
|
||||
|
||||
s.dnsFilter.ProtectionEnabled = protectionReq.Enabled
|
||||
s.dnsFilter.ProtectionDisabledUntil = disabledUntil
|
||||
s.dnsFilter.SetProtectionStatus(protectionReq.Enabled, disabledUntil)
|
||||
}()
|
||||
|
||||
s.conf.ConfigModified()
|
||||
|
||||
@@ -157,7 +157,6 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
|
||||
s.sysResolvers = &fakeSystemResolvers{}
|
||||
|
||||
defaultConf := s.conf
|
||||
defaultFilterConf := filterConf
|
||||
|
||||
err := s.Start()
|
||||
assert.NoError(t, err)
|
||||
@@ -248,7 +247,7 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
|
||||
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
t.Cleanup(func() {
|
||||
s.dnsFilter.Config = *defaultFilterConf
|
||||
s.dnsFilter.SetBlockingMode(filtering.BlockingModeDefault, netip.Addr{}, netip.Addr{})
|
||||
s.conf = defaultConf
|
||||
s.conf.Config.EDNSClientSubnet = &EDNSClientSubnet{}
|
||||
})
|
||||
@@ -500,7 +499,8 @@ func TestServer_HandleTestUpstreamDNS(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
srv := createTestServer(t, &filtering.Config{
|
||||
EtcHosts: hc,
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
EtcHosts: hc,
|
||||
}, ServerConfig{
|
||||
UDPListenAddrs: []*net.UDPAddr{{}},
|
||||
TCPListenAddrs: []*net.TCPAddr{{}},
|
||||
|
||||
@@ -50,7 +50,8 @@ func (s *Server) genDNSFilterMessage(
|
||||
req := dctx.Req
|
||||
qt := req.Question[0].Qtype
|
||||
if qt != dns.TypeA && qt != dns.TypeAAAA {
|
||||
if s.dnsFilter.BlockingMode == filtering.BlockingModeNullIP {
|
||||
m, _, _ := s.dnsFilter.BlockingMode()
|
||||
if m == filtering.BlockingModeNullIP {
|
||||
return s.makeResponse(req)
|
||||
}
|
||||
|
||||
@@ -59,9 +60,9 @@ func (s *Server) genDNSFilterMessage(
|
||||
|
||||
switch res.Reason {
|
||||
case filtering.FilteredSafeBrowsing:
|
||||
return s.genBlockedHost(req, s.dnsFilter.SafeBrowsingBlockHost, dctx)
|
||||
return s.genBlockedHost(req, s.dnsFilter.SafeBrowsingBlockHost(), dctx)
|
||||
case filtering.FilteredParental:
|
||||
return s.genBlockedHost(req, s.dnsFilter.ParentalBlockHost, dctx)
|
||||
return s.genBlockedHost(req, s.dnsFilter.ParentalBlockHost(), dctx)
|
||||
case filtering.FilteredSafeSearch:
|
||||
// If Safe Search generated the necessary IP addresses, use them.
|
||||
// Otherwise, if there were no errors, there are no addresses for the
|
||||
@@ -75,21 +76,9 @@ func (s *Server) genDNSFilterMessage(
|
||||
// genForBlockingMode generates a filtered response to req based on the server's
|
||||
// blocking mode.
|
||||
func (s *Server) genForBlockingMode(req *dns.Msg, ips []netip.Addr) (resp *dns.Msg) {
|
||||
qt := req.Question[0].Qtype
|
||||
switch m := s.dnsFilter.BlockingMode; m {
|
||||
switch mode, bIPv4, bIPv6 := s.dnsFilter.BlockingMode(); mode {
|
||||
case filtering.BlockingModeCustomIP:
|
||||
switch qt {
|
||||
case dns.TypeA:
|
||||
return s.genARecord(req, s.dnsFilter.BlockingIPv4)
|
||||
case dns.TypeAAAA:
|
||||
return s.genAAAARecord(req, s.dnsFilter.BlockingIPv6)
|
||||
default:
|
||||
// Generally shouldn't happen, since the types are checked in
|
||||
// genDNSFilterMessage.
|
||||
log.Error("dns: invalid msg type %s for blocking mode %s", dns.Type(qt), m)
|
||||
|
||||
return s.makeResponse(req)
|
||||
}
|
||||
return s.makeResponseCustomIP(req, bIPv4, bIPv6)
|
||||
case filtering.BlockingModeDefault:
|
||||
if len(ips) > 0 {
|
||||
return s.genResponseWithIPs(req, ips)
|
||||
@@ -103,7 +92,28 @@ func (s *Server) genForBlockingMode(req *dns.Msg, ips []netip.Addr) (resp *dns.M
|
||||
case filtering.BlockingModeREFUSED:
|
||||
return s.makeResponseREFUSED(req)
|
||||
default:
|
||||
log.Error("dns: invalid blocking mode %q", s.dnsFilter.BlockingMode)
|
||||
log.Error("dns: invalid blocking mode %q", mode)
|
||||
|
||||
return s.makeResponse(req)
|
||||
}
|
||||
}
|
||||
|
||||
// makeResponseCustomIP generates a DNS response message for Custom IP blocking
|
||||
// mode with the provided IP addresses and an appropriate resource record type.
|
||||
func (s *Server) makeResponseCustomIP(
|
||||
req *dns.Msg,
|
||||
bIPv4 netip.Addr,
|
||||
bIPv6 netip.Addr,
|
||||
) (resp *dns.Msg) {
|
||||
switch qt := req.Question[0].Qtype; qt {
|
||||
case dns.TypeA:
|
||||
return s.genARecord(req, bIPv4)
|
||||
case dns.TypeAAAA:
|
||||
return s.genAAAARecord(req, bIPv6)
|
||||
default:
|
||||
// Generally shouldn't happen, since the types are checked in
|
||||
// genDNSFilterMessage.
|
||||
log.Error("dns: invalid msg type %s for custom IP blocking mode", dns.Type(qt))
|
||||
|
||||
return s.makeResponse(req)
|
||||
}
|
||||
@@ -132,7 +142,7 @@ func (s *Server) hdr(req *dns.Msg, rrType rules.RRType) (h dns.RR_Header) {
|
||||
return dns.RR_Header{
|
||||
Name: req.Question[0].Name,
|
||||
Rrtype: rrType,
|
||||
Ttl: s.dnsFilter.BlockedResponseTTL,
|
||||
Ttl: s.dnsFilter.BlockedResponseTTL(),
|
||||
Class: dns.ClassINET,
|
||||
}
|
||||
}
|
||||
@@ -352,7 +362,7 @@ func (s *Server) genSOA(request *dns.Msg) []dns.RR {
|
||||
Hdr: dns.RR_Header{
|
||||
Name: zone,
|
||||
Rrtype: dns.TypeSOA,
|
||||
Ttl: s.dnsFilter.BlockedResponseTTL,
|
||||
Ttl: s.dnsFilter.BlockedResponseTTL(),
|
||||
Class: dns.ClassINET,
|
||||
},
|
||||
Mbox: "hostmaster.", // zone will be appended later if it's not empty or "."
|
||||
|
||||
@@ -607,7 +607,7 @@ func (s *Server) processDHCPAddrs(dctx *dnsContext) (rc resultCode) {
|
||||
Rrtype: dns.TypePTR,
|
||||
// TODO(e.burkov): Use [dhcpsvc.Lease.Expiry]. See
|
||||
// https://github.com/AdguardTeam/AdGuardHome/issues/3932.
|
||||
Ttl: s.dnsFilter.BlockedResponseTTL,
|
||||
Ttl: s.dnsFilter.BlockedResponseTTL(),
|
||||
Class: dns.ClassINET,
|
||||
},
|
||||
Ptr: dns.Fqdn(strings.Join([]string{host, s.localDomainSuffix}, ".")),
|
||||
|
||||
@@ -83,7 +83,9 @@ func TestServer_ProcessInitial(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
s := createTestServer(t, &filtering.Config{}, c, nil)
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, c, nil)
|
||||
|
||||
var gotAddr netip.Addr
|
||||
s.addrProc = &aghtest.AddressProcessor{
|
||||
@@ -180,7 +182,9 @@ func TestServer_ProcessFilteringAfterResponse(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
s := createTestServer(t, &filtering.Config{}, c, nil)
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, c, nil)
|
||||
|
||||
resp := newResp(dns.RcodeSuccess, tc.req, tc.respAns)
|
||||
dctx := &dnsContext{
|
||||
@@ -338,11 +342,23 @@ func TestServer_ProcessDDRQuery(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
// createTestDNSFilter returns the minimum valid DNSFilter.
|
||||
func createTestDNSFilter(t *testing.T) (f *filtering.DNSFilter) {
|
||||
t.Helper()
|
||||
|
||||
f, err := filtering.New(&filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, []filtering.Filter{})
|
||||
require.NoError(t, err)
|
||||
|
||||
return f
|
||||
}
|
||||
|
||||
func prepareTestServer(t *testing.T, portDoH, portDoT, portDoQ int, ddrEnabled bool) (s *Server) {
|
||||
t.Helper()
|
||||
|
||||
s = &Server{
|
||||
dnsFilter: &filtering.DNSFilter{},
|
||||
dnsFilter: createTestDNSFilter(t),
|
||||
dnsProxy: &proxy.Proxy{
|
||||
Config: proxy.Config{},
|
||||
},
|
||||
@@ -467,7 +483,7 @@ func TestServer_ProcessDHCPHosts_localRestriction(t *testing.T) {
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
s := &Server{
|
||||
dnsFilter: &filtering.DNSFilter{},
|
||||
dnsFilter: createTestDNSFilter(t),
|
||||
dhcpServer: dhcp,
|
||||
localDomainSuffix: localDomainSuffix,
|
||||
}
|
||||
@@ -602,7 +618,7 @@ func TestServer_ProcessDHCPHosts(t *testing.T) {
|
||||
}
|
||||
|
||||
s := &Server{
|
||||
dnsFilter: &filtering.DNSFilter{},
|
||||
dnsFilter: createTestDNSFilter(t),
|
||||
dhcpServer: testDHCP,
|
||||
localDomainSuffix: tc.suffix,
|
||||
}
|
||||
@@ -673,7 +689,9 @@ func TestServer_ProcessRestrictLocal(t *testing.T) {
|
||||
), nil
|
||||
})
|
||||
|
||||
s := createTestServer(t, &filtering.Config{}, ServerConfig{
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, ServerConfig{
|
||||
UDPListenAddrs: []*net.UDPAddr{{}},
|
||||
TCPListenAddrs: []*net.TCPAddr{{}},
|
||||
// TODO(s.chzhen): Add tests where EDNSClientSubnet.Enabled is true.
|
||||
@@ -749,7 +767,9 @@ func TestServer_ProcessLocalPTR_usingResolvers(t *testing.T) {
|
||||
|
||||
s := createTestServer(
|
||||
t,
|
||||
&filtering.Config{},
|
||||
&filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
},
|
||||
ServerConfig{
|
||||
UDPListenAddrs: []*net.UDPAddr{{}},
|
||||
TCPListenAddrs: []*net.TCPAddr{{}},
|
||||
|
||||
@@ -13,9 +13,13 @@ import (
|
||||
func TestGenAnswerHTTPS_andSVCB(t *testing.T) {
|
||||
// Preconditions.
|
||||
|
||||
s := &Server{
|
||||
dnsFilter: &filtering.DNSFilter{},
|
||||
}
|
||||
s := createTestServer(t, &filtering.Config{
|
||||
BlockingMode: filtering.BlockingModeDefault,
|
||||
}, ServerConfig{
|
||||
Config: Config{
|
||||
EDNSClientSubnet: &EDNSClientSubnet{Enabled: false},
|
||||
},
|
||||
}, nil)
|
||||
|
||||
req := &dns.Msg{
|
||||
Question: []dns.Question{{
|
||||
|
||||
@@ -93,7 +93,7 @@ func (s *Server) prepareUpstreamConfig(
|
||||
}
|
||||
|
||||
// dnsFilter can be nil during application update.
|
||||
if s.dnsFilter != nil && s.dnsFilter.EtcHosts != nil {
|
||||
if s.dnsFilter != nil {
|
||||
err = s.replaceUpstreamsWithHosts(uc, opts)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("resolving upstreams with hosts: %w", err)
|
||||
@@ -157,7 +157,7 @@ func (s *Server) resolveUpstreamsWithHosts(
|
||||
|
||||
withIPs, ok := resolved[host]
|
||||
if !ok {
|
||||
recs := s.dnsFilter.EtcHosts.MatchName(host)
|
||||
recs := s.dnsFilter.EtcHostsRecords(host)
|
||||
if len(recs) == 0 {
|
||||
resolved[host] = nil
|
||||
|
||||
|
||||
Reference in New Issue
Block a user