From 07ffcbec3dfb58f0df22b9c842231135653fa4a3 Mon Sep 17 00:00:00 2001 From: Alexander Turcic Date: Sat, 4 May 2019 22:51:14 +0200 Subject: [PATCH] * dnsforward, config: add unspecified IP blocking option * dnsforward: prioritize host files over null filter * dnsforward, config: adjust setting variable to blocking_mode * dnsforward: use net.IPv4zero for null IP --- config.go | 1 + dnsforward/dnsforward.go | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/config.go b/config.go index dcee1d39..24ee8605 100644 --- a/config.go +++ b/config.go @@ -115,6 +115,7 @@ var config = configuration{ FilteringConfig: dnsforward.FilteringConfig{ ProtectionEnabled: true, // whether or not use any of dnsfilter features FilteringEnabled: true, // whether or not use filter lists + BlockingMode: "nxdomain", // mode how to answer filtered requests BlockedResponseTTL: 10, // in seconds QueryLogEnabled: true, Ratelimit: 20, diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go index 224f4b28..bd6cf75a 100644 --- a/dnsforward/dnsforward.go +++ b/dnsforward/dnsforward.go @@ -61,6 +61,7 @@ func NewServer(baseDir string) *Server { type FilteringConfig struct { ProtectionEnabled bool `yaml:"protection_enabled"` // whether or not use any of dnsfilter features FilteringEnabled bool `yaml:"filtering_enabled"` // whether or not use filter lists + BlockingMode string `yaml:"blocking_mode"` // mode how to answer filtered requests BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"` // if 0, then default is used (3600) QueryLogEnabled bool `yaml:"querylog_enabled"` // if true, query log is enabled Ratelimit int `yaml:"ratelimit"` // max number of requests per second from a given IP (0 to disable) @@ -401,6 +402,10 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu return s.genARecord(m, result.IP) } + if s.BlockingMode == "null_ip" { + return s.genARecord(m, net.IPv4zero) + } + return s.genNXDomain(m) } }