From a0482fc201a735d6868b301d5b55f47c9f6dbfaf Mon Sep 17 00:00:00 2001 From: Andrey Meshkov Date: Mon, 26 Nov 2018 13:38:17 +0300 Subject: [PATCH 1/5] Fix #426 Added refuseany (enabled by default) Added ratelimit and refuseany to the config file (for manual editing only) --- config.go | 7 ++++++- coredns.go | 2 ++ coredns_plugin/refuseany/refuseany.go | 2 -- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/config.go b/config.go index 2db48d38..829cec37 100644 --- a/config.go +++ b/config.go @@ -68,6 +68,8 @@ type coreDNSConfig struct { ParentalSensitivity int `yaml:"parental_sensitivity"` BlockedResponseTTL int `yaml:"blocked_response_ttl"` QueryLogEnabled bool `yaml:"querylog_enabled"` + Ratelimit int `yaml:"-"` + RefuseAny bool `yaml:"-"` Pprof string `yaml:"-"` Cache string `yaml:"-"` Prometheus string `yaml:"-"` @@ -102,6 +104,8 @@ var config = configuration{ SafeBrowsingEnabled: false, BlockedResponseTTL: 10, // in seconds QueryLogEnabled: true, + Ratelimit: 20, + RefuseAny: true, BootstrapDNS: "8.8.8.8:53", UpstreamDNS: defaultDNS, Cache: "cache", @@ -253,7 +257,8 @@ const coreDNSConfigTemplate = `.:{{.Port}} { {{end}} }{{end}} {{.Pprof}} - ratelimit + {{if .RefuseAny}}refuseany{{end}} + {{if gt .Ratelimit 0}}ratelimit {{.Ratelimit}}{{end}} hosts { fallthrough } diff --git a/coredns.go b/coredns.go index 45854056..376e6210 100644 --- a/coredns.go +++ b/coredns.go @@ -9,6 +9,7 @@ import ( _ "github.com/AdguardTeam/AdGuardHome/coredns_plugin" _ "github.com/AdguardTeam/AdGuardHome/coredns_plugin/ratelimit" + _ "github.com/AdguardTeam/AdGuardHome/coredns_plugin/refuseany" _ "github.com/AdguardTeam/AdGuardHome/upstream" "github.com/coredns/coredns/core/dnsserver" "github.com/coredns/coredns/coremain" @@ -65,6 +66,7 @@ var directives = []string{ "prometheus", "errors", "log", + "refuseany", "ratelimit", "dnsfilter", "dnstap", diff --git a/coredns_plugin/refuseany/refuseany.go b/coredns_plugin/refuseany/refuseany.go index 02721cc1..92d5d508 100644 --- a/coredns_plugin/refuseany/refuseany.go +++ b/coredns_plugin/refuseany/refuseany.go @@ -27,8 +27,6 @@ func (p *plug) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) ( q := r.Question[0] if q.Qtype == dns.TypeANY { - log.Printf("Got request with type ANY, will respond with NOTIMP\n") - state := request.Request{W: w, Req: r, Context: ctx} rcode := dns.RcodeNotImplemented From c500345d16586e5a7c917611d52261beac2ac501 Mon Sep 17 00:00:00 2001 From: Andrey Meshkov Date: Mon, 26 Nov 2018 14:09:43 +0300 Subject: [PATCH 2/5] Fix #460 --- dnsfilter/dnsfilter_test.go | 9 +++++++++ dnsfilter/rule_to_regexp.go | 5 +++++ 2 files changed, 14 insertions(+) diff --git a/dnsfilter/dnsfilter_test.go b/dnsfilter/dnsfilter_test.go index f186ecce..39b33a44 100644 --- a/dnsfilter/dnsfilter_test.go +++ b/dnsfilter/dnsfilter_test.go @@ -474,6 +474,15 @@ func TestDnsFilterWhitelist(t *testing.T) { d.checkMatch(t, "example.org") d.checkMatchEmpty(t, "test.example.org") d.checkMatchEmpty(t, "test.test.example.org") + + d.checkAddRule(t, "||googleadapis.l.google.com^|") + d.checkMatch(t, "googleadapis.l.google.com") + d.checkMatch(t, "test.googleadapis.l.google.com") + + d.checkAddRule(t, "@@||googleadapis.l.google.com|") + d.checkMatchEmpty(t, "googleadapis.l.google.com") + d.checkMatchEmpty(t, "test.googleadapis.l.google.com") + } func TestDnsFilterImportant(t *testing.T) { diff --git a/dnsfilter/rule_to_regexp.go b/dnsfilter/rule_to_regexp.go index 79c0320d..41d55e30 100644 --- a/dnsfilter/rule_to_regexp.go +++ b/dnsfilter/rule_to_regexp.go @@ -72,6 +72,11 @@ func getSuffix(rule string) (bool, string) { // last char was checked, eat it rule = rule[:len(rule)-1] + // it might also end with ^| + if rule[len(rule)-1] == '^' { + rule = rule[:len(rule)-1] + } + // check that it doesn't have any special characters inside for _, r := range rule { switch r { From 939c902fb0078262a9dd81b430f952ed3faa920d Mon Sep 17 00:00:00 2001 From: Andrey Meshkov Date: Mon, 26 Nov 2018 15:00:17 +0300 Subject: [PATCH 3/5] Added upstream examples --- client/package-lock.json | 6 +++--- client/src/__locales/en.json | 6 +++++- client/src/components/Settings/Upstream.js | 18 ++++++++++++++++++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/client/package-lock.json b/client/package-lock.json index e7080ade..fc6ea4f1 100644 --- a/client/package-lock.json +++ b/client/package-lock.json @@ -6588,7 +6588,7 @@ }, "html-webpack-plugin": { "version": "3.2.0", - "resolved": "http://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-3.2.0.tgz", + "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-3.2.0.tgz", "integrity": "sha1-sBq71yOsqqeze2r0SS69oD2d03s=", "dev": true, "requires": { @@ -6638,7 +6638,7 @@ }, "readable-stream": { "version": "1.0.34", - "resolved": "http://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz", "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=", "dev": true, "requires": { @@ -15003,7 +15003,7 @@ }, "through": { "version": "2.3.8", - "resolved": "http://registry.npmjs.org/through/-/through-2.3.8.tgz", + "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz", "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=", "dev": true }, diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json index 7b6fba15..9d6e5ce7 100644 --- a/client/src/__locales/en.json +++ b/client/src/__locales/en.json @@ -49,7 +49,7 @@ "no_settings": "No settings", "general_settings": "General settings", "upstream_dns": "Upstream DNS servers", - "upstream_dns_hint": "If you keep this field empty, AdGuard Home will use Cloudflare DNS<\/a> as an upstream. Use tls:\/\/ prefix for DNS over TLS servers.", + "upstream_dns_hint": "If you keep this field empty, AdGuard Home will use Cloudflare DNS<\/a> as an upstream.", "test_upstream_btn": "Test upstreams", "apply_btn": "Apply", "disabled_filtering_toast": "Disabled filtering", @@ -86,6 +86,10 @@ "example_comment": "! Here goes a comment", "example_comment_meaning": "just a comment", "example_comment_hash": "# Also a comment", + "example_upstream_regular": "regular DNS (over UDP)", + "example_upstream_dot": "encrypted DNS-over-TLS", + "example_upstream_doh": "encrypted DNS-over-HTTPS", + "example_upstream_tcp": "regular DNS (over TCP)", "all_filters_up_to_date_toast": "All filters are already up-to-date", "updated_upstream_dns_toast": "Updated the upstream DNS servers", "dns_test_ok_toast": "Specified DNS servers are working correctly", diff --git a/client/src/components/Settings/Upstream.js b/client/src/components/Settings/Upstream.js index b12b119f..0085298f 100644 --- a/client/src/components/Settings/Upstream.js +++ b/client/src/components/Settings/Upstream.js @@ -57,6 +57,24 @@ class Upstream extends Component { +
+
+ examples_title: +
    +
  1. + 1.1.1.1 - { t('example_upstream_regular') } +
    2. +
  2. + tls://1dot1dot1dot1.cloudflare-dns.com - { t('example_upstream_dot') } +
    3. +
  3. + https://cloudflare-dns.com/dns-query - { t('example_upstream_doh') } +
    4. +
  4. + tcp://1.1.1.1 - { t('example_upstream_tcp') } +
    5. +
+
From 69cc597b87a23443d57cf35551f03a3846b64797 Mon Sep 17 00:00:00 2001 From: Andrey Meshkov Date: Mon, 26 Nov 2018 15:12:04 +0300 Subject: [PATCH 4/5] Fix #453: Added upstream examples --- client/src/__locales/en.json | 2 +- client/src/__locales/ru.json | 2 +- client/src/components/Settings/Upstream.js | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json index 9d6e5ce7..127a8f67 100644 --- a/client/src/__locales/en.json +++ b/client/src/__locales/en.json @@ -49,7 +49,7 @@ "no_settings": "No settings", "general_settings": "General settings", "upstream_dns": "Upstream DNS servers", - "upstream_dns_hint": "If you keep this field empty, AdGuard Home will use Cloudflare DNS<\/a> as an upstream.", + "upstream_dns_hint": "If you keep this field empty, AdGuard Home will use Cloudflare DNS<\/a> as an upstream. Use tls:\/\/ prefix for DNS over TLS servers.", "test_upstream_btn": "Test upstreams", "apply_btn": "Apply", "disabled_filtering_toast": "Disabled filtering", diff --git a/client/src/__locales/ru.json b/client/src/__locales/ru.json index e0f19e08..d1ad4656 100644 --- a/client/src/__locales/ru.json +++ b/client/src/__locales/ru.json @@ -33,7 +33,7 @@ "number_of_dns_query_blocked_24_hours": "\u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e DNS-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u043c\u0438 \u0438 \u0431\u043b\u043e\u043a-\u0441\u043f\u0438\u0441\u043a\u0430\u043c\u0438", "number_of_dns_query_blocked_24_hours_by_sec": "\u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e DNS-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432, \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u043c\u043e\u0434\u0443\u043b\u0435\u043c \u0410\u043d\u0442\u0438\u0444\u0438\u0448\u0438\u043d\u0433\u0430 AdGuard", "number_of_dns_query_blocked_24_hours_adult": "\u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \"\u0441\u0430\u0439\u0442\u043e\u0432 \u0434\u043b\u044f \u0432\u0437\u0440\u043e\u0441\u043b\u044b\u0445\"", - "enforced_save_search": "\u0423\u0441\u0438\u043b\u0435\u043d\u043d\u044b\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u043f\u043e\u0438\u0441\u043a", + "enforced_save_search": "\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u043f\u043e\u0438\u0441\u043a", "number_of_dns_query_to_safe_search": "\u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 DNS \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0431\u044b\u043b \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439 \u043f\u043e\u0438\u0441\u043a", "average_processing_time": "\u0421\u0440\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u0430", "average_processing_time_hint": "\u0421\u0440\u0435\u0434\u043d\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 DNS \u0432 \u043c\u0438\u043b\u043b\u0438\u0441\u0435\u043a\u0443\u043d\u0434\u0430\u0445", diff --git a/client/src/components/Settings/Upstream.js b/client/src/components/Settings/Upstream.js index 0085298f..c0d0abf3 100644 --- a/client/src/components/Settings/Upstream.js +++ b/client/src/components/Settings/Upstream.js @@ -65,10 +65,10 @@ class Upstream extends Component { 1.1.1.1 - { t('example_upstream_regular') }
  • - tls://1dot1dot1dot1.cloudflare-dns.com - { t('example_upstream_dot') } + tls://1dot1dot1dot1.cloudflare-dns.com -
  • - https://cloudflare-dns.com/dns-query - { t('example_upstream_doh') } + https://cloudflare-dns.com/dns-query -
  • tcp://1.1.1.1 - { t('example_upstream_tcp') } From d2a0d0333241d8f31718e4e8765f57d9ec68f7df Mon Sep 17 00:00:00 2001 From: Eugene Bujak Date: Mon, 26 Nov 2018 15:18:56 +0300 Subject: [PATCH 5/5] Allow specifying absolute paths in -c command line option. Closes #424. --- app.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app.go b/app.go index 647ffa63..add8a262 100644 --- a/app.go +++ b/app.go @@ -213,7 +213,10 @@ func promptAndGetPassword(prompt string) (string, error) { } func askUsernamePasswordIfPossible() error { - configfile := filepath.Join(config.ourBinaryDir, config.ourConfigFilename) + configfile := config.ourConfigFilename + if !filepath.IsAbs(configfile) { + configfile = filepath.Join(config.ourBinaryDir, config.ourConfigFilename) + } _, err := os.Stat(configfile) if !os.IsNotExist(err) { // do nothing, file exists