a
/
badguardhome
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* DNS: nxdomain: don't return IP address for a blocked domain 

Don't return IP address for a blocked domain
 when blocking mode is "nxdomain".
This commit is contained in:
Simon Zolin 2019-12-30 18:41:51 +03:00
parent 3166607540
commit 07ebcc2bf3
4 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
AGHTechDoc.md
View File

@ -831,7 +831,7 @@ Response:
{ {
"protection_enabled": true | false, "protection_enabled": true | false,
"ratelimit": 1234, "ratelimit": 1234,
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip", "blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
"blocking_ipv4": "1.2.3.4", "blocking_ipv4": "1.2.3.4",
"blocking_ipv6": "1:2:3::4", "blocking_ipv6": "1:2:3::4",
"edns_cs_enabled": true | false, "edns_cs_enabled": true | false,
@ -848,7 +848,7 @@ Request:
{ {
"protection_enabled": true | false, "protection_enabled": true | false,
"ratelimit": 1234, "ratelimit": 1234,
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip", "blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
"blocking_ipv4": "1.2.3.4", "blocking_ipv4": "1.2.3.4",
"blocking_ipv6": "1:2:3::4", "blocking_ipv6": "1:2:3::4",
"edns_cs_enabled": true | false, "edns_cs_enabled": true | false,
@ -859,6 +859,12 @@ Response:
200 OK 200 OK
`blocking_mode`:
* default: Respond with NXDOMAIN when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule
* NXDOMAIN: Respond with NXDOMAIN code
* Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA)
* Custom IP: Respond with a manually set IP address
`blocking_ipv4` and `blocking_ipv6` values are active when `blocking_mode` is set to `custom_ip`. `blocking_ipv4` and `blocking_ipv6` values are active when `blocking_mode` is set to `custom_ip`.

10
dnsforward/dnsforward.go
View File

@ -727,10 +727,6 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
case dnsfilter.FilteredParental: case dnsfilter.FilteredParental:
return s.genBlockedHost(m, s.conf.ParentalBlockHost, d) return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
default: default:
if result.IP != nil {
return s.genResponseWithIP(m, result.IP)
}
if s.conf.BlockingMode == "null_ip" { if s.conf.BlockingMode == "null_ip" {
switch m.Question[0].Qtype { switch m.Question[0].Qtype {
case dns.TypeA: case dns.TypeA:
@ -746,8 +742,14 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
case dns.TypeAAAA: case dns.TypeAAAA:
return s.genAAAARecord(m, s.conf.BlockingIPAddrv6) return s.genAAAARecord(m, s.conf.BlockingIPAddrv6)
} }
} else if s.conf.BlockingMode == "nxdomain" {
return s.genNXDomain(m)
} }
if result.IP != nil {
return s.genResponseWithIP(m, result.IP)
}
return s.genNXDomain(m) return s.genNXDomain(m)
} }
} }

2
dnsforward/dnsforward_http.go
View File

@ -54,7 +54,7 @@ func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
func checkBlockingMode(req dnsConfigJSON) bool { func checkBlockingMode(req dnsConfigJSON) bool {
bm := req.BlockingMode bm := req.BlockingMode
if !(bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") { if !(bm == "default" || bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") {
return false return false
} }

1
openapi/openapi.yaml
View File

@ -1075,6 +1075,7 @@ definitions:
blocking_mode: blocking_mode:
type: "string" type: "string"
enum: enum:
- "default"
- "nxdomain" - "nxdomain"
- "null_ip" - "null_ip"
- "custom_ip" - "custom_ip"