Pull request: all: fix doh ddr
Merge in DNS/adguard-home from fix-ddr-doh to master Squashed commit of the following: commit 53d3147b22044061d78b3bf4badca60505ac245a Author: Dimitry Kolyshev <dkolyshev@adguard.com> Date: Tue May 31 15:02:17 2022 +0200 all: fix doh ddr
This commit is contained in:
parent
7ce7e90865
commit
4b884ace62
|
@ -134,8 +134,9 @@ type FilteringConfig struct {
|
||||||
|
|
||||||
// TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
|
// TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
|
||||||
type TLSConfig struct {
|
type TLSConfig struct {
|
||||||
TLSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`
|
TLSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`
|
||||||
QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"`
|
QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"`
|
||||||
|
HTTPSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`
|
||||||
|
|
||||||
// Reject connection if the client uses server name (in SNI) that doesn't match the certificate
|
// Reject connection if the client uses server name (in SNI) that doesn't match the certificate
|
||||||
StrictSNICheck bool `yaml:"strict_sni_check" json:"-"`
|
StrictSNICheck bool `yaml:"strict_sni_check" json:"-"`
|
||||||
|
|
|
@ -260,7 +260,7 @@ func (s *Server) processDDRQuery(ctx *dnsContext) (rc resultCode) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if question.Name == ddrHostFQDN {
|
if question.Name == ddrHostFQDN {
|
||||||
if s.dnsProxy.TLSListenAddr == nil && s.dnsProxy.HTTPSListenAddr == nil &&
|
if s.dnsProxy.TLSListenAddr == nil && s.conf.HTTPSListenAddrs == nil &&
|
||||||
s.dnsProxy.QUICListenAddr == nil || question.Qtype != dns.TypeSVCB {
|
s.dnsProxy.QUICListenAddr == nil || question.Qtype != dns.TypeSVCB {
|
||||||
d.Res = s.makeResponse(d.Req)
|
d.Res = s.makeResponse(d.Req)
|
||||||
|
|
||||||
|
@ -278,11 +278,11 @@ func (s *Server) processDDRQuery(ctx *dnsContext) (rc resultCode) {
|
||||||
// makeDDRResponse creates DDR answer according to server configuration.
|
// makeDDRResponse creates DDR answer according to server configuration.
|
||||||
func (s *Server) makeDDRResponse(req *dns.Msg) (resp *dns.Msg) {
|
func (s *Server) makeDDRResponse(req *dns.Msg) (resp *dns.Msg) {
|
||||||
resp = s.makeResponse(req)
|
resp = s.makeResponse(req)
|
||||||
// TODO(e.burkov): Think about stroing the FQDN version of the server's
|
// TODO(e.burkov): Think about storing the FQDN version of the server's
|
||||||
// name somewhere.
|
// name somewhere.
|
||||||
domainName := dns.Fqdn(s.conf.ServerName)
|
domainName := dns.Fqdn(s.conf.ServerName)
|
||||||
|
|
||||||
for _, addr := range s.dnsProxy.HTTPSListenAddr {
|
for _, addr := range s.conf.HTTPSListenAddrs {
|
||||||
values := []dns.SVCBKeyValue{
|
values := []dns.SVCBKeyValue{
|
||||||
&dns.SVCBAlpn{Alpn: []string{"h2"}},
|
&dns.SVCBAlpn{Alpn: []string{"h2"}},
|
||||||
&dns.SVCBPort{Port: uint16(addr.Port)},
|
&dns.SVCBPort{Port: uint16(addr.Port)},
|
||||||
|
|
|
@ -156,10 +156,6 @@ func prepareTestServer(t *testing.T, portDoH, portDoT, portDoQ int, ddrEnabled b
|
||||||
|
|
||||||
proxyConf := proxy.Config{}
|
proxyConf := proxy.Config{}
|
||||||
|
|
||||||
if portDoH > 0 {
|
|
||||||
proxyConf.HTTPSListenAddr = []*net.TCPAddr{{Port: portDoH}}
|
|
||||||
}
|
|
||||||
|
|
||||||
if portDoT > 0 {
|
if portDoT > 0 {
|
||||||
proxyConf.TLSListenAddr = []*net.TCPAddr{{Port: portDoT}}
|
proxyConf.TLSListenAddr = []*net.TCPAddr{{Port: portDoT}}
|
||||||
}
|
}
|
||||||
|
@ -182,6 +178,10 @@ func prepareTestServer(t *testing.T, portDoH, portDoT, portDoQ int, ddrEnabled b
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if portDoH > 0 {
|
||||||
|
s.conf.TLSConfig.HTTPSListenAddrs = []*net.TCPAddr{{Port: portDoH}}
|
||||||
|
}
|
||||||
|
|
||||||
return s
|
return s
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -221,6 +221,10 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
|
||||||
newConf.TLSConfig = tlsConf.TLSConfig
|
newConf.TLSConfig = tlsConf.TLSConfig
|
||||||
newConf.TLSConfig.ServerName = tlsConf.ServerName
|
newConf.TLSConfig.ServerName = tlsConf.ServerName
|
||||||
|
|
||||||
|
if tlsConf.PortHTTPS != 0 {
|
||||||
|
newConf.HTTPSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortHTTPS)
|
||||||
|
}
|
||||||
|
|
||||||
if tlsConf.PortDNSOverTLS != 0 {
|
if tlsConf.PortDNSOverTLS != 0 {
|
||||||
newConf.TLSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortDNSOverTLS)
|
newConf.TLSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortDNSOverTLS)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue