diff --git a/AGHTechDoc.md b/AGHTechDoc.md index 4ed2c4e3..c3b4b249 100644 --- a/AGHTechDoc.md +++ b/AGHTechDoc.md @@ -823,6 +823,7 @@ Response: "blocking_ipv4": "1.2.3.4", "blocking_ipv6": "1:2:3::4", "edns_cs_enabled": true | false, + "disable_ipv6": true | false, } @@ -839,6 +840,7 @@ Request: "blocking_ipv4": "1.2.3.4", "blocking_ipv6": "1:2:3::4", "edns_cs_enabled": true | false, + "disable_ipv6": true | false, } Response: diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go index e94b47cc..c51a25b3 100644 --- a/dnsforward/dnsforward.go +++ b/dnsforward/dnsforward.go @@ -132,6 +132,9 @@ type FilteringConfig struct { EnableEDNSClientSubnet bool `yaml:"edns_client_subnet"` // Enable EDNS Client Subnet option + // Respond with an empty answer to all AAAA requests + AAAADisabled bool `yaml:"aaaa_disabled"` + AllowedClients []string `yaml:"allowed_clients"` // IP addresses of whitelist clients DisallowedClients []string `yaml:"disallowed_clients"` // IP addresses of clients that should be blocked BlockedHosts []string `yaml:"blocked_hosts"` // hosts that should be blocked @@ -426,6 +429,11 @@ func (s *Server) beforeRequestHandler(p *proxy.Proxy, d *proxy.DNSContext) (bool func (s *Server) handleDNSRequest(p *proxy.Proxy, d *proxy.DNSContext) error { start := time.Now() + if s.conf.AAAADisabled && d.Req.Question[0].Qtype == dns.TypeAAAA { + _ = proxy.CheckDisabledAAAARequest(d, true) + return nil + } + if s.conf.OnDNSRequest != nil { s.conf.OnDNSRequest(d) } diff --git a/dnsforward/dnsforward_http.go b/dnsforward/dnsforward_http.go index 86bcdd3a..c20ac7fc 100644 --- a/dnsforward/dnsforward_http.go +++ b/dnsforward/dnsforward_http.go @@ -28,6 +28,7 @@ type dnsConfigJSON struct { BlockingIPv4 string `json:"blocking_ipv4"` BlockingIPv6 string `json:"blocking_ipv6"` EDNSCSEnabled bool `json:"edns_cs_enabled"` + DisableIPv6 bool `json:"disable_ipv6"` } func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) { @@ -39,6 +40,7 @@ func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) { resp.BlockingIPv6 = s.conf.BlockingIPv6 resp.RateLimit = s.conf.Ratelimit resp.EDNSCSEnabled = s.conf.EnableEDNSClientSubnet + resp.DisableIPv6 = s.conf.AAAADisabled s.RUnlock() js, err := json.Marshal(resp) @@ -117,6 +119,10 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) { restart = true } + if js.Exists("disable_ipv6") { + s.conf.AAAADisabled = req.DisableIPv6 + } + s.Unlock() s.conf.ConfigModified()