From b4f41116093d3c07695898f4d298205d51908243 Mon Sep 17 00:00:00 2001 From: Andrey Meshkov Date: Mon, 23 Dec 2019 15:59:49 +0300 Subject: [PATCH] -(dnsfilter): match DNS response against filtering rules only Supposedly, this will fix #1290 --- dnsfilter/dnsfilter.go | 12 +++++++++++- dnsforward/dnsforward.go | 6 +++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go index ae91164f..7f7034a8 100644 --- a/dnsfilter/dnsfilter.go +++ b/dnsfilter/dnsfilter.go @@ -263,7 +263,17 @@ func (r Reason) Matched() bool { return r != NotFilteredNotFound } -// CheckHost tries to match host against rules, then safebrowsing and parental if they are enabled +// CheckHostRules tries to match the host against filtering rules only +func (d *Dnsfilter) CheckHostRules(host string, qtype uint16, setts *RequestFilteringSettings) (Result, error) { + if !setts.FilteringEnabled { + return Result{}, nil + } + + return d.matchHost(host, qtype) +} + +// CheckHost tries to match the host against filtering rules, +// then safebrowsing and parental if they are enabled func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFilteringSettings) (Result, error) { // sometimes DNS clients will try to resolve ".", which is a request to get root servers if host == "" { diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go index 0b4e5081..0af717be 100644 --- a/dnsforward/dnsforward.go +++ b/dnsforward/dnsforward.go @@ -492,7 +492,7 @@ func (s *Server) handleDNSRequest(p *proxy.Proxy, d *proxy.DNSContext) error { } else if res.Reason != dnsfilter.NotFilteredWhiteList { origResp2 := d.Res - res, err = s.filterResponse(d) + res, err = s.filterDNSResponse(d) if err != nil { return err } @@ -652,7 +652,7 @@ func (s *Server) filterDNSRequest(d *proxy.DNSContext) (*dnsfilter.Result, error // If response contains CNAME, A or AAAA records, we apply filtering to each canonical host name or IP address. // If this is a match, we set a new response in d.Res and return. -func (s *Server) filterResponse(d *proxy.DNSContext) (*dnsfilter.Result, error) { +func (s *Server) filterDNSResponse(d *proxy.DNSContext) (*dnsfilter.Result, error) { for _, a := range d.Res.Answer { host := "" @@ -681,7 +681,7 @@ func (s *Server) filterResponse(d *proxy.DNSContext) (*dnsfilter.Result, error) continue } setts := s.getClientRequestFilteringSettings(d) - res, err := s.dnsFilter.CheckHost(host, d.Req.Question[0].Qtype, setts) + res, err := s.dnsFilter.CheckHostRules(host, d.Req.Question[0].Qtype, setts) s.RUnlock() if err != nil {