* DNS: nxdomain: don't return IP address for a blocked domain
Don't return IP address for a blocked domain when blocking mode is "nxdomain".
This commit is contained in:
Simon Zolin
parent
3166607540
commit
07ebcc2bf3
|
|
@ -831,7 +831,7 @@ Response:
|
|||
{
|
||||
"protection_enabled": true | false,
|
||||
"ratelimit": 1234,
|
||||
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip",
|
||||
"blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
|
||||
"blocking_ipv4": "1.2.3.4",
|
||||
"blocking_ipv6": "1:2:3::4",
|
||||
"edns_cs_enabled": true | false,
|
||||
|
|
@ -848,7 +848,7 @@ Request:
|
|||
{
|
||||
"protection_enabled": true | false,
|
||||
"ratelimit": 1234,
|
||||
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip",
|
||||
"blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
|
||||
"blocking_ipv4": "1.2.3.4",
|
||||
"blocking_ipv6": "1:2:3::4",
|
||||
"edns_cs_enabled": true | false,
|
||||
|
|
@ -859,6 +859,12 @@ Response:
|
|||
|
||||
200 OK
|
||||
|
||||
`blocking_mode`:
|
||||
* default: Respond with NXDOMAIN when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule
|
||||
* NXDOMAIN: Respond with NXDOMAIN code
|
||||
* Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA)
|
||||
* Custom IP: Respond with a manually set IP address
|
||||
|
||||
`blocking_ipv4` and `blocking_ipv6` values are active when `blocking_mode` is set to `custom_ip`.
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -727,10 +727,6 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
|||
case dnsfilter.FilteredParental:
|
||||
return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
|
||||
default:
|
||||
if result.IP != nil {
|
||||
return s.genResponseWithIP(m, result.IP)
|
||||
}
|
||||
|
||||
if s.conf.BlockingMode == "null_ip" {
|
||||
switch m.Question[0].Qtype {
|
||||
case dns.TypeA:
|
||||
|
|
@ -746,8 +742,14 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
|||
case dns.TypeAAAA:
|
||||
return s.genAAAARecord(m, s.conf.BlockingIPAddrv6)
|
||||
}
|
||||
|
||||
} else if s.conf.BlockingMode == "nxdomain" {
|
||||
return s.genNXDomain(m)
|
||||
}
|
||||
|
||||
if result.IP != nil {
|
||||
return s.genResponseWithIP(m, result.IP)
|
||||
}
|
||||
return s.genNXDomain(m)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
func checkBlockingMode(req dnsConfigJSON) bool {
|
||||
bm := req.BlockingMode
|
||||
if !(bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") {
|
||||
if !(bm == "default" || bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") {
|
||||
return false
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1075,6 +1075,7 @@ definitions:
|
|||
blocking_mode:
|
||||
type: "string"
|
||||
enum:
|
||||
- "default"
|
||||
- "nxdomain"
|
||||
- "null_ip"
|
||||
- "custom_ip"
|
||||
|
|
|
|||
Loading…
Reference in New Issue