From 864c91e52412c8dc7d47d6d550fa4e96f08e49b4 Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Fri, 13 Dec 2019 17:42:01 +0300
Subject: [PATCH] Merge: - DNS: fix security checks via PC/SB services

Squashed commit of the following:

commit e73bc282d77a11c923a86166035f1b44427d7066
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 17:17:36 2019 +0300

    fix

commit f8b5c174816c6fd57fb3930cc465318f468fc8ff
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 17:03:13 2019 +0300

    fix

commit 9d5483a2fb89a172218547b5ee356e7122dca609
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 16:54:30 2019 +0300

    - fix security checks via PC/SB services
---
 dnsfilter/dnsfilter.go | 4 ----
 dnsfilter/security.go  | 8 ++++++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go
index 705631fa..3843f1dc 100644
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -270,10 +270,6 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		return Result{Reason: NotFilteredNotFound}, nil
 	}
 	host = strings.ToLower(host)
-	// prevent recursion
-	if host == d.parentalServer || host == d.safeBrowsingServer {
-		return Result{}, nil
-	}
 
 	var result Result
 	var err error
diff --git a/dnsfilter/security.go b/dnsfilter/security.go
index 1de5cc8a..14751c6e 100644
--- a/dnsfilter/security.go
+++ b/dnsfilter/security.go
@@ -26,6 +26,9 @@ import (
 	"golang.org/x/net/publicsuffix"
 )
 
+// Servers to use for resolution of SB/PC server name
+var bootstrapServers = []string{"176.103.130.130", "176.103.130.131"}
+
 const dnsTimeout = 3 * time.Second
 const defaultSafebrowsingServer = "https://dns-family.adguard.com/dns-query"
 const defaultParentalServer = "https://dns-family.adguard.com/dns-query"
@@ -36,13 +39,14 @@ func (d *Dnsfilter) initSecurityServices() error {
 	var err error
 	d.safeBrowsingServer = defaultSafebrowsingServer
 	d.parentalServer = defaultParentalServer
+	opts := upstream.Options{Timeout: dnsTimeout, Bootstrap: bootstrapServers}
 
-	d.parentalUpstream, err = upstream.AddressToUpstream(d.parentalServer, upstream.Options{Timeout: dnsTimeout})
+	d.parentalUpstream, err = upstream.AddressToUpstream(d.parentalServer, opts)
 	if err != nil {
 		return err
 	}
 
-	d.safeBrowsingUpstream, err = upstream.AddressToUpstream(d.safeBrowsingServer, upstream.Options{Timeout: dnsTimeout})
+	d.safeBrowsingUpstream, err = upstream.AddressToUpstream(d.safeBrowsingServer, opts)
 	if err != nil {
 		return err
 	}