+ dns: add "edns_client_subnet" setting

2019-11-12 19:45:55 +03:00 · 2019-11-12 19:45:55 +03:00 · 19a94bf789
parent 197d07f32b
commit 19a94bf789
4 changed files with 14 additions and 0 deletions
--- a/AGHTechDoc.md
+++ b/AGHTechDoc.md
@ -822,6 +822,7 @@ Response:
 		"blocking_mode": "nxdomain" | "null_ip" | "custom_ip",
 		"blocking_ipv4": "1.2.3.4",
 		"blocking_ipv6": "1:2:3::4",
 		"edns_cs_enabled": true | false,
 	}
@ -837,6 +838,7 @@ Request:
 		"blocking_mode": "nxdomain" | "null_ip" | "custom_ip",
 		"blocking_ipv4": "1.2.3.4",
 		"blocking_ipv6": "1:2:3::4",
 		"edns_cs_enabled": true | false,
 	}
 Response:
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@ -112,6 +112,8 @@ type FilteringConfig struct {
 	BootstrapDNS       []string `yaml:"bootstrap_dns"`        // a list of bootstrap DNS for DoH and DoT (plain DNS only)
 	AllServers         bool     `yaml:"all_servers"`          // if true, parallel queries to all configured upstream servers are enabled
 	EnableEDNSClientSubnet bool `yaml:"edns_client_subnet"` // Enable EDNS Client Subnet option
 	AllowedClients    []string `yaml:"allowed_clients"`    // IP addresses of whitelist clients
 	DisallowedClients []string `yaml:"disallowed_clients"` // IP addresses of clients that should be blocked
 	BlockedHosts      []string `yaml:"blocked_hosts"`      // hosts that should be blocked
@ -229,6 +231,7 @@ func (s *Server) prepare(config *ServerConfig) error {
 		BeforeRequestHandler:     s.beforeRequestHandler,
 		RequestHandler:           s.handleDNSRequest,
 		AllServers:               s.conf.AllServers,
 		EnableEDNSClientSubnet:   s.conf.EnableEDNSClientSubnet,
 	}
 	s.access = &accessCtx{}
--- a/dnsforward/dnsforward_http.go
+++ b/dnsforward/dnsforward_http.go
@ -27,6 +27,7 @@ type dnsConfigJSON struct {
 	BlockingMode      string `json:"blocking_mode"`
 	BlockingIPv4      string `json:"blocking_ipv4"`
 	BlockingIPv6      string `json:"blocking_ipv6"`
 	EDNSCSEnabled     bool   `json:"edns_cs_enabled"`
 }
 func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
@ -37,6 +38,7 @@ func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
 	resp.BlockingIPv4 = s.conf.BlockingIPv4
 	resp.BlockingIPv6 = s.conf.BlockingIPv6
 	resp.RateLimit = s.conf.Ratelimit
 	resp.EDNSCSEnabled = s.conf.EnableEDNSClientSubnet
 	s.RUnlock()
 	js, err := json.Marshal(resp)
@ -110,6 +112,11 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
 		s.conf.Ratelimit = req.RateLimit
 	}
 	if js.Exists("edns_cs_enabled") {
 		s.conf.EnableEDNSClientSubnet = req.EDNSCSEnabled
 		restart = true
 	}
 	s.Unlock()
 	s.conf.ConfigModified()
--- a/openapi/openapi.yaml
+++ b/openapi/openapi.yaml
@ -1082,6 +1082,8 @@ definitions:
                type: "string"
            blocking_ipv6:
                type: "string"
            edns_cs_enabled:
                type: "boolean"
    UpstreamsConfig:
        type: "object"