Pull request: dnsforward: exclude docker dns
Updates #3064. Squashed commit of the following: commit 2cfeb830853dffcb26968d0a4d21b623f00da275 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 14:02:08 2021 +0300 all: imp code, expose pprof port commit a22656a3fd24253f7327eff5168ea84391c8d758 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 13:34:05 2021 +0300 all: imp code, dockerfile commit 35e2145fe061d0d803b46578539499ecfe9d3ea4 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Thu May 13 12:34:09 2021 +0300 dnsforward: exclude docker dns
This commit is contained in:
parent
29d847c366
commit
1b789b5f81
|
@ -19,11 +19,13 @@ and this project adheres to
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
- Local PTR request recursion in Docker containers ([#3064]).
|
||||||
- Ignoring client-specific filtering settings when filtering is disabled in
|
- Ignoring client-specific filtering settings when filtering is disabled in
|
||||||
general settings ([#2875]).
|
general settings ([#2875]).
|
||||||
- Disallowed domains are now case-insensitive ([#3115]).
|
- Disallowed domains are now case-insensitive ([#3115]).
|
||||||
|
|
||||||
[#2875]: https://github.com/AdguardTeam/AdGuardHome/issues/2875
|
[#2875]: https://github.com/AdguardTeam/AdGuardHome/issues/2875
|
||||||
|
[#3064]: https://github.com/AdguardTeam/AdGuardHome/issues/3064
|
||||||
[#3115]: https://github.com/AdguardTeam/AdGuardHome/issues/3115
|
[#3115]: https://github.com/AdguardTeam/AdGuardHome/issues/3115
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -229,7 +229,9 @@
|
||||||
- 'adg-docker': 'true'
|
- 'adg-docker': 'true'
|
||||||
|
|
||||||
'triggers':
|
'triggers':
|
||||||
- 'cron': '0 30 14 ? * MON-FRI *'
|
# Don't use minute values that end with a zero or a five as these are often used
|
||||||
|
# in CI and so resources during these minutes can be quite busy.
|
||||||
|
- 'cron': '0 42 13 ? * MON-FRI *'
|
||||||
'branches':
|
'branches':
|
||||||
'create': 'manually'
|
'create': 'manually'
|
||||||
'delete':
|
'delete':
|
||||||
|
|
|
@ -82,6 +82,12 @@ func validateDialedHost(host string) (err error) {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// dockerEmbeddedDNS is the address of Docker's embedded DNS server.
|
||||||
|
//
|
||||||
|
// See
|
||||||
|
// https://github.com/moby/moby/blob/v1.12.0/docs/userguide/networking/dockernetworks.md.
|
||||||
|
const dockerEmbeddedDNS = "127.0.0.11"
|
||||||
|
|
||||||
// dialFunc gets the resolver's address and puts it into internal cache.
|
// dialFunc gets the resolver's address and puts it into internal cache.
|
||||||
func (sr *systemResolvers) dialFunc(_ context.Context, _, address string) (_ net.Conn, err error) {
|
func (sr *systemResolvers) dialFunc(_ context.Context, _, address string) (_ net.Conn, err error) {
|
||||||
// Just validate the passed address is a valid IP.
|
// Just validate the passed address is a valid IP.
|
||||||
|
@ -93,6 +99,17 @@ func (sr *systemResolvers) dialFunc(_ context.Context, _, address string) (_ net
|
||||||
return nil, fmt.Errorf("%s: %w", err, errBadAddrPassed)
|
return nil, fmt.Errorf("%s: %w", err, errBadAddrPassed)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Exclude Docker's embedded DNS server, as it may cause recursion if
|
||||||
|
// the container is set as the host system's default DNS server.
|
||||||
|
//
|
||||||
|
// See https://github.com/AdguardTeam/AdGuardHome/issues/3064.
|
||||||
|
//
|
||||||
|
// TODO(a.garipov): Perhaps only do this when we are in the container?
|
||||||
|
// Maybe use an environment variable?
|
||||||
|
if host == dockerEmbeddedDNS {
|
||||||
|
return nil, errFakeDial
|
||||||
|
}
|
||||||
|
|
||||||
err = validateDialedHost(host)
|
err = validateDialedHost(host)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("validating dialed host: %w", err)
|
return nil, fmt.Errorf("validating dialed host: %w", err)
|
||||||
|
|
|
@ -37,13 +37,14 @@ RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
|
||||||
# 67, 68 : DHCP
|
# 67, 68 : DHCP
|
||||||
# 80 : HTTP
|
# 80 : HTTP
|
||||||
# 443 : HTTPS, DNS-over-HTTPS, DNSCrypt
|
# 443 : HTTPS, DNS-over-HTTPS, DNSCrypt
|
||||||
# 784 : DNS-over-QUIC
|
|
||||||
# 853 : DNS-over-TLS
|
# 853 : DNS-over-TLS
|
||||||
# 3000 : HTTP alt
|
# 3000 : HTTP alt
|
||||||
# 3001 : HTTP beta
|
# 3001 : HTTP beta
|
||||||
# 5443 : DNSCrypt alt
|
# 5443 : DNSCrypt alt
|
||||||
EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 443/udp 784/udp\
|
# 6060 : HTTP pprof
|
||||||
853/tcp 3000/tcp 3001/tcp 5443/tcp 5443/udp
|
# 8853 : DNS-over-QUIC
|
||||||
|
EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 443/udp 853/tcp\
|
||||||
|
3000/tcp 3001/tcp 5443/tcp 5443/udp 6060/tcp 8853/udp
|
||||||
|
|
||||||
WORKDIR /opt/adguardhome/work
|
WORKDIR /opt/adguardhome/work
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue