Merge: + Add "parental_block_host" and "safebrowsing_block_host" settings
#454 * commit 'fdf7ee2c08d4177d78fcdc20571bc7d2b61320ae': * refactor: don't set new configuration while running DNS server * refactor * dnsforward: parental control server can be an IP address, not just host name + dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings
This commit is contained in:
commit
a9fbb93f0f
|
@ -92,6 +92,10 @@ type FilteringConfig struct {
|
||||||
DisallowedClients []string `yaml:"disallowed_clients"` // IP addresses of clients that should be blocked
|
DisallowedClients []string `yaml:"disallowed_clients"` // IP addresses of clients that should be blocked
|
||||||
BlockedHosts []string `yaml:"blocked_hosts"` // hosts that should be blocked
|
BlockedHosts []string `yaml:"blocked_hosts"` // hosts that should be blocked
|
||||||
|
|
||||||
|
// IP (or domain name) which is used to respond to DNS requests blocked by parental control or safe-browsing
|
||||||
|
ParentalBlockHost string `yaml:"parental_block_host"`
|
||||||
|
SafeBrowsingBlockHost string `yaml:"safebrowsing_block_host"`
|
||||||
|
|
||||||
dnsfilter.Config `yaml:",inline"`
|
dnsfilter.Config `yaml:",inline"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -173,15 +177,11 @@ func processIPCIDRArray(dst *map[string]bool, dstIPNet *[]net.IPNet, src []strin
|
||||||
|
|
||||||
// startInternal starts without locking
|
// startInternal starts without locking
|
||||||
func (s *Server) startInternal(config *ServerConfig) error {
|
func (s *Server) startInternal(config *ServerConfig) error {
|
||||||
if config != nil {
|
|
||||||
s.conf = *config
|
|
||||||
}
|
|
||||||
|
|
||||||
if s.dnsFilter != nil || s.dnsProxy != nil {
|
if s.dnsFilter != nil || s.dnsProxy != nil {
|
||||||
return errors.New("DNS server is already started")
|
return errors.New("DNS server is already started")
|
||||||
}
|
}
|
||||||
|
|
||||||
err := s.initDNSFilter()
|
err := s.initDNSFilter(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -242,9 +242,13 @@ func (s *Server) startInternal(config *ServerConfig) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initializes the DNS filter
|
// Initializes the DNS filter
|
||||||
func (s *Server) initDNSFilter() error {
|
func (s *Server) initDNSFilter(config *ServerConfig) error {
|
||||||
log.Tracef("Creating dnsfilter")
|
log.Tracef("Creating dnsfilter")
|
||||||
|
|
||||||
|
if config != nil {
|
||||||
|
s.conf = *config
|
||||||
|
}
|
||||||
|
|
||||||
var filters map[int]string
|
var filters map[int]string
|
||||||
filters = nil
|
filters = nil
|
||||||
if s.conf.FilteringEnabled {
|
if s.conf.FilteringEnabled {
|
||||||
|
@ -258,6 +262,13 @@ func (s *Server) initDNSFilter() error {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if len(s.conf.ParentalBlockHost) == 0 {
|
||||||
|
s.conf.ParentalBlockHost = parentalBlockHost
|
||||||
|
}
|
||||||
|
if len(s.conf.SafeBrowsingBlockHost) == 0 {
|
||||||
|
s.conf.SafeBrowsingBlockHost = safeBrowsingBlockHost
|
||||||
|
}
|
||||||
|
|
||||||
s.dnsFilter = dnsfilter.New(&s.conf.Config, filters)
|
s.dnsFilter = dnsfilter.New(&s.conf.Config, filters)
|
||||||
if s.dnsFilter == nil {
|
if s.dnsFilter == nil {
|
||||||
return fmt.Errorf("could not initialize dnsfilter")
|
return fmt.Errorf("could not initialize dnsfilter")
|
||||||
|
@ -515,21 +526,12 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
||||||
|
|
||||||
switch result.Reason {
|
switch result.Reason {
|
||||||
case dnsfilter.FilteredSafeBrowsing:
|
case dnsfilter.FilteredSafeBrowsing:
|
||||||
return s.genBlockedHost(m, safeBrowsingBlockHost, d)
|
return s.genBlockedHost(m, s.conf.SafeBrowsingBlockHost, d)
|
||||||
case dnsfilter.FilteredParental:
|
case dnsfilter.FilteredParental:
|
||||||
return s.genBlockedHost(m, parentalBlockHost, d)
|
return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
|
||||||
default:
|
default:
|
||||||
if result.IP != nil {
|
if result.IP != nil {
|
||||||
if m.Question[0].Qtype == dns.TypeA {
|
return s.genResponseWithIP(m, result.IP)
|
||||||
return s.genARecord(m, result.IP)
|
|
||||||
} else if m.Question[0].Qtype == dns.TypeAAAA {
|
|
||||||
return s.genAAAARecord(m, result.IP)
|
|
||||||
}
|
|
||||||
|
|
||||||
// empty response
|
|
||||||
resp := dns.Msg{}
|
|
||||||
resp.SetReply(m)
|
|
||||||
return &resp
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.conf.BlockingMode == "null_ip" {
|
if s.conf.BlockingMode == "null_ip" {
|
||||||
|
@ -590,7 +592,27 @@ func (s *Server) genAAAAAnswer(req *dns.Msg, ip net.IP) *dns.AAAA {
|
||||||
return answer
|
return answer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// generate DNS response message with an IP address
|
||||||
|
func (s *Server) genResponseWithIP(req *dns.Msg, ip net.IP) *dns.Msg {
|
||||||
|
if req.Question[0].Qtype == dns.TypeA && ip.To4() != nil {
|
||||||
|
return s.genARecord(req, ip.To4())
|
||||||
|
} else if req.Question[0].Qtype == dns.TypeAAAA && ip.To4() == nil {
|
||||||
|
return s.genAAAARecord(req, ip)
|
||||||
|
}
|
||||||
|
|
||||||
|
// empty response
|
||||||
|
resp := dns.Msg{}
|
||||||
|
resp.SetReply(req)
|
||||||
|
return &resp
|
||||||
|
}
|
||||||
|
|
||||||
func (s *Server) genBlockedHost(request *dns.Msg, newAddr string, d *proxy.DNSContext) *dns.Msg {
|
func (s *Server) genBlockedHost(request *dns.Msg, newAddr string, d *proxy.DNSContext) *dns.Msg {
|
||||||
|
|
||||||
|
ip := net.ParseIP(newAddr)
|
||||||
|
if ip != nil {
|
||||||
|
return s.genResponseWithIP(request, ip)
|
||||||
|
}
|
||||||
|
|
||||||
// look up the hostname, TODO: cache
|
// look up the hostname, TODO: cache
|
||||||
replReq := dns.Msg{}
|
replReq := dns.Msg{}
|
||||||
replReq.SetQuestion(dns.Fqdn(newAddr), request.Question[0].Qtype)
|
replReq.SetQuestion(dns.Fqdn(newAddr), request.Question[0].Qtype)
|
||||||
|
|
Loading…
Reference in New Issue