From 7ac57605099d7c6f1605941b67a286778b250b7e Mon Sep 17 00:00:00 2001
From: Simon Zolin <s.zolin@adguard.com>
Date: Mon, 11 Nov 2019 19:34:47 +0300
Subject: [PATCH 1/2] + dns: add "aaaa_disabled" setting

---
 AGHTechDoc.md                 | 2 ++
 dnsforward/dnsforward.go      | 8 ++++++++
 dnsforward/dnsforward_http.go | 6 ++++++
 3 files changed, 16 insertions(+)

diff --git a/AGHTechDoc.md b/AGHTechDoc.md
index 4ed2c4e3..c3b4b249 100644
--- a/AGHTechDoc.md
+++ b/AGHTechDoc.md
@@ -823,6 +823,7 @@ Response:
 		"blocking_ipv4": "1.2.3.4",
 		"blocking_ipv6": "1:2:3::4",
 		"edns_cs_enabled": true | false,
+		"disable_ipv6": true | false,
 	}
 
 
@@ -839,6 +840,7 @@ Request:
 		"blocking_ipv4": "1.2.3.4",
 		"blocking_ipv6": "1:2:3::4",
 		"edns_cs_enabled": true | false,
+		"disable_ipv6": true | false,
 	}
 
 Response:
diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go
index e94b47cc..c51a25b3 100644
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -132,6 +132,9 @@ type FilteringConfig struct {
 
 	EnableEDNSClientSubnet bool `yaml:"edns_client_subnet"` // Enable EDNS Client Subnet option
 
+	// Respond with an empty answer to all AAAA requests
+	AAAADisabled bool `yaml:"aaaa_disabled"`
+
 	AllowedClients    []string `yaml:"allowed_clients"`    // IP addresses of whitelist clients
 	DisallowedClients []string `yaml:"disallowed_clients"` // IP addresses of clients that should be blocked
 	BlockedHosts      []string `yaml:"blocked_hosts"`      // hosts that should be blocked
@@ -426,6 +429,11 @@ func (s *Server) beforeRequestHandler(p *proxy.Proxy, d *proxy.DNSContext) (bool
 func (s *Server) handleDNSRequest(p *proxy.Proxy, d *proxy.DNSContext) error {
 	start := time.Now()
 
+	if s.conf.AAAADisabled && d.Req.Question[0].Qtype == dns.TypeAAAA {
+		_ = proxy.CheckDisabledAAAARequest(d, true)
+		return nil
+	}
+
 	if s.conf.OnDNSRequest != nil {
 		s.conf.OnDNSRequest(d)
 	}
diff --git a/dnsforward/dnsforward_http.go b/dnsforward/dnsforward_http.go
index 86bcdd3a..c20ac7fc 100644
--- a/dnsforward/dnsforward_http.go
+++ b/dnsforward/dnsforward_http.go
@@ -28,6 +28,7 @@ type dnsConfigJSON struct {
 	BlockingIPv4      string `json:"blocking_ipv4"`
 	BlockingIPv6      string `json:"blocking_ipv6"`
 	EDNSCSEnabled     bool   `json:"edns_cs_enabled"`
+	DisableIPv6       bool   `json:"disable_ipv6"`
 }
 
 func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
@@ -39,6 +40,7 @@ func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
 	resp.BlockingIPv6 = s.conf.BlockingIPv6
 	resp.RateLimit = s.conf.Ratelimit
 	resp.EDNSCSEnabled = s.conf.EnableEDNSClientSubnet
+	resp.DisableIPv6 = s.conf.AAAADisabled
 	s.RUnlock()
 
 	js, err := json.Marshal(resp)
@@ -117,6 +119,10 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
 		restart = true
 	}
 
+	if js.Exists("disable_ipv6") {
+		s.conf.AAAADisabled = req.DisableIPv6
+	}
+
 	s.Unlock()
 	s.conf.ConfigModified()
 

From b91753e746c421b0e2bc82e2c2dd5aeb169a5406 Mon Sep 17 00:00:00 2001
From: Ildar Kamalov <i.kamalov@adguard.com>
Date: Wed, 18 Dec 2019 13:17:24 +0300
Subject: [PATCH 2/2] + client: handle Disable IPv6 setting

---
 client/src/__locales/en.json                       |  6 ++++--
 client/src/components/Settings/Dns/Config/Form.js  | 12 ++++++++++++
 client/src/components/Settings/Dns/Config/index.js |  2 ++
 client/src/reducers/dnsConfig.js                   |  1 +
 4 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json
index 7d5b84fb..09ec7e34 100644
--- a/client/src/__locales/en.json
+++ b/client/src/__locales/en.json
@@ -431,5 +431,7 @@
     "try_again": "Try again",
     "domain_desc": "Enter the domain name or wildcard you want to be rewritten.",
     "example_rewrite_domain": "rewrite responses for this domain name only.",
-    "example_rewrite_wildcard": "rewrite responses for all <0>example.org</0> subdomains."
-}
\ No newline at end of file
+    "example_rewrite_wildcard": "rewrite responses for all <0>example.org</0> subdomains.",
+    "disable_ipv6": "Disable IPv6",
+    "disable_ipv6_desc": "If this feature is enabled, all DNS queries for IPv6 addresses (type AAAA) will be dropped."
+}
diff --git a/client/src/components/Settings/Dns/Config/Form.js b/client/src/components/Settings/Dns/Config/Form.js
index 33c25f06..271ae3c5 100644
--- a/client/src/components/Settings/Dns/Config/Form.js
+++ b/client/src/components/Settings/Dns/Config/Form.js
@@ -65,6 +65,18 @@ let Form = ({
                     />
                 </div>
             </div>
+            <div className="col-12">
+                <div className="form__group form__group--settings">
+                    <Field
+                        name="disable_ipv6"
+                        type="checkbox"
+                        component={renderSelectField}
+                        placeholder={t('disable_ipv6')}
+                        disabled={processing}
+                        subtitle={t('disable_ipv6_desc')}
+                    />
+                </div>
+            </div>
             <div className="col-12">
                 <div className="form__group form__group--settings mb-4">
                     <label className="form__label form__label--with-desc">
diff --git a/client/src/components/Settings/Dns/Config/index.js b/client/src/components/Settings/Dns/Config/index.js
index 6404a416..c9478190 100644
--- a/client/src/components/Settings/Dns/Config/index.js
+++ b/client/src/components/Settings/Dns/Config/index.js
@@ -16,6 +16,7 @@ const Config = ({ t, dnsConfig, setDnsConfig }) => {
         blocking_ipv4,
         blocking_ipv6,
         edns_cs_enabled,
+        disable_ipv6,
         processingSetConfig,
     } = dnsConfig;
 
@@ -33,6 +34,7 @@ const Config = ({ t, dnsConfig, setDnsConfig }) => {
                         blocking_ipv4,
                         blocking_ipv6,
                         edns_cs_enabled,
+                        disable_ipv6,
                     }}
                     onSubmit={handleFormSubmit}
                     processing={processingSetConfig}
diff --git a/client/src/reducers/dnsConfig.js b/client/src/reducers/dnsConfig.js
index 5c7c2b88..d124db0f 100644
--- a/client/src/reducers/dnsConfig.js
+++ b/client/src/reducers/dnsConfig.js
@@ -44,6 +44,7 @@ const dnsConfig = handleActions(
         blocking_ipv4: DEFAULT_BLOCKING_IPV4,
         blocking_ipv6: DEFAULT_BLOCKING_IPV6,
         edns_cs_enabled: false,
+        disable_ipv6: false,
     },
 );