Pull request: all: fix doh ddr

Merge in DNS/adguard-home from fix-ddr-doh to master

Squashed commit of the following:

commit 53d3147b22044061d78b3bf4badca60505ac245a
Author: Dimitry Kolyshev <dkolyshev@adguard.com>
Date:   Tue May 31 15:02:17 2022 +0200

    all: fix doh ddr
This commit is contained in:
Dimitry Kolyshev 2022-05-31 17:28:50 +03:00
parent 7ce7e90865
commit 4b884ace62
4 changed files with 14 additions and 9 deletions

View File

@ -134,8 +134,9 @@ type FilteringConfig struct {
// TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS // TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
type TLSConfig struct { type TLSConfig struct {
TLSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"` TLSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`
QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"` QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"`
HTTPSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`
// Reject connection if the client uses server name (in SNI) that doesn't match the certificate // Reject connection if the client uses server name (in SNI) that doesn't match the certificate
StrictSNICheck bool `yaml:"strict_sni_check" json:"-"` StrictSNICheck bool `yaml:"strict_sni_check" json:"-"`

View File

@ -260,7 +260,7 @@ func (s *Server) processDDRQuery(ctx *dnsContext) (rc resultCode) {
} }
if question.Name == ddrHostFQDN { if question.Name == ddrHostFQDN {
if s.dnsProxy.TLSListenAddr == nil && s.dnsProxy.HTTPSListenAddr == nil && if s.dnsProxy.TLSListenAddr == nil && s.conf.HTTPSListenAddrs == nil &&
s.dnsProxy.QUICListenAddr == nil || question.Qtype != dns.TypeSVCB { s.dnsProxy.QUICListenAddr == nil || question.Qtype != dns.TypeSVCB {
d.Res = s.makeResponse(d.Req) d.Res = s.makeResponse(d.Req)
@ -278,11 +278,11 @@ func (s *Server) processDDRQuery(ctx *dnsContext) (rc resultCode) {
// makeDDRResponse creates DDR answer according to server configuration. // makeDDRResponse creates DDR answer according to server configuration.
func (s *Server) makeDDRResponse(req *dns.Msg) (resp *dns.Msg) { func (s *Server) makeDDRResponse(req *dns.Msg) (resp *dns.Msg) {
resp = s.makeResponse(req) resp = s.makeResponse(req)
// TODO(e.burkov): Think about stroing the FQDN version of the server's // TODO(e.burkov): Think about storing the FQDN version of the server's
// name somewhere. // name somewhere.
domainName := dns.Fqdn(s.conf.ServerName) domainName := dns.Fqdn(s.conf.ServerName)
for _, addr := range s.dnsProxy.HTTPSListenAddr { for _, addr := range s.conf.HTTPSListenAddrs {
values := []dns.SVCBKeyValue{ values := []dns.SVCBKeyValue{
&dns.SVCBAlpn{Alpn: []string{"h2"}}, &dns.SVCBAlpn{Alpn: []string{"h2"}},
&dns.SVCBPort{Port: uint16(addr.Port)}, &dns.SVCBPort{Port: uint16(addr.Port)},

View File

@ -156,10 +156,6 @@ func prepareTestServer(t *testing.T, portDoH, portDoT, portDoQ int, ddrEnabled b
proxyConf := proxy.Config{} proxyConf := proxy.Config{}
if portDoH > 0 {
proxyConf.HTTPSListenAddr = []*net.TCPAddr{{Port: portDoH}}
}
if portDoT > 0 { if portDoT > 0 {
proxyConf.TLSListenAddr = []*net.TCPAddr{{Port: portDoT}} proxyConf.TLSListenAddr = []*net.TCPAddr{{Port: portDoT}}
} }
@ -182,6 +178,10 @@ func prepareTestServer(t *testing.T, portDoH, portDoT, portDoQ int, ddrEnabled b
}, },
} }
if portDoH > 0 {
s.conf.TLSConfig.HTTPSListenAddrs = []*net.TCPAddr{{Port: portDoH}}
}
return s return s
} }

View File

@ -221,6 +221,10 @@ func generateServerConfig() (newConf dnsforward.ServerConfig, err error) {
newConf.TLSConfig = tlsConf.TLSConfig newConf.TLSConfig = tlsConf.TLSConfig
newConf.TLSConfig.ServerName = tlsConf.ServerName newConf.TLSConfig.ServerName = tlsConf.ServerName
if tlsConf.PortHTTPS != 0 {
newConf.HTTPSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortHTTPS)
}
if tlsConf.PortDNSOverTLS != 0 { if tlsConf.PortDNSOverTLS != 0 {
newConf.TLSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortDNSOverTLS) newConf.TLSListenAddrs = ipsToTCPAddrs(hosts, tlsConf.PortDNSOverTLS)
} }