Merge: - DNS: fix security checks via PC/SB services

Squashed commit of the following:

commit e73bc282d77a11c923a86166035f1b44427d7066
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 17:17:36 2019 +0300

    fix

commit f8b5c174816c6fd57fb3930cc465318f468fc8ff
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 17:03:13 2019 +0300

    fix

commit 9d5483a2fb89a172218547b5ee356e7122dca609
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Dec 13 16:54:30 2019 +0300

    - fix security checks via PC/SB services

dnsfilter/dnsfilter.go

@@ -270,10 +270,6 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		return Result{Reason: NotFilteredNotFound}, nil
 	}
 	host = strings.ToLower(host)
-	// prevent recursion
-	if host == d.parentalServer || host == d.safeBrowsingServer {
-		return Result{}, nil
-	}
 
 	var result Result
 	var err error

dnsfilter/security.go

@@ -26,6 +26,9 @@ import (
 	"golang.org/x/net/publicsuffix"
 )
 
+// Servers to use for resolution of SB/PC server name
+var bootstrapServers = []string{"176.103.130.130", "176.103.130.131"}
+
 const dnsTimeout = 3 * time.Second
 const defaultSafebrowsingServer = "https://dns-family.adguard.com/dns-query"
 const defaultParentalServer = "https://dns-family.adguard.com/dns-query"
@@ -36,13 +39,14 @@ func (d *Dnsfilter) initSecurityServices() error {
 	var err error
 	d.safeBrowsingServer = defaultSafebrowsingServer
 	d.parentalServer = defaultParentalServer
+	opts := upstream.Options{Timeout: dnsTimeout, Bootstrap: bootstrapServers}
 
-	d.parentalUpstream, err = upstream.AddressToUpstream(d.parentalServer, upstream.Options{Timeout: dnsTimeout})
+	d.parentalUpstream, err = upstream.AddressToUpstream(d.parentalServer, opts)
 	if err != nil {
 		return err
 	}
 
-	d.safeBrowsingUpstream, err = upstream.AddressToUpstream(d.safeBrowsingServer, upstream.Options{Timeout: dnsTimeout})
+	d.safeBrowsingUpstream, err = upstream.AddressToUpstream(d.safeBrowsingServer, opts)
 	if err != nil {
 		return err
 	}