a
/
badguardhome
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge: * DNS: nxdomain: don't return IP address for a blocked domain 

Close #1284

* commit 'b01af453cc27cdb89ac0482ec68108ec8a2835a5':
  + client: handle default blocking mode
  * config: set "default" blocking mode by default
  * DNS: nxdomain: don't return IP address for a blocked domain
This commit is contained in:
Simon Zolin 2020-01-20 19:17:44 +03:00
parent 3166607540 b01af453cc
commit e7e946faa6
9 changed files with 29 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
AGHTechDoc.md
View File

@ -831,7 +831,7 @@ Response:
{ {
"protection_enabled": true | false, "protection_enabled": true | false,
"ratelimit": 1234, "ratelimit": 1234,
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip", "blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
"blocking_ipv4": "1.2.3.4", "blocking_ipv4": "1.2.3.4",
"blocking_ipv6": "1:2:3::4", "blocking_ipv6": "1:2:3::4",
"edns_cs_enabled": true | false, "edns_cs_enabled": true | false,
@ -848,7 +848,7 @@ Request:
{ {
"protection_enabled": true | false, "protection_enabled": true | false,
"ratelimit": 1234, "ratelimit": 1234,
"blocking_mode": "nxdomain" | "null_ip" | "custom_ip", "blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip",
"blocking_ipv4": "1.2.3.4", "blocking_ipv4": "1.2.3.4",
"blocking_ipv6": "1:2:3::4", "blocking_ipv6": "1:2:3::4",
"edns_cs_enabled": true | false, "edns_cs_enabled": true | false,
@ -859,6 +859,12 @@ Response:
200 OK 200 OK
`blocking_mode`:
* default: Respond with NXDOMAIN when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule
* NXDOMAIN: Respond with NXDOMAIN code
* Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA)
* Custom IP: Respond with a manually set IP address
`blocking_ipv4` and `blocking_ipv6` values are active when `blocking_mode` is set to `custom_ip`. `blocking_ipv4` and `blocking_ipv6` values are active when `blocking_mode` is set to `custom_ip`.

6
client/src/__locales/en.json
View File

@ -191,6 +191,7 @@
"query_log_retention_confirm": "Are you sure you want to change query log retention? If you decrease the interval value, some data will be lost", "query_log_retention_confirm": "Are you sure you want to change query log retention? If you decrease the interval value, some data will be lost",
"dns_config": "DNS server configuration", "dns_config": "DNS server configuration",
"blocking_mode": "Blocking mode", "blocking_mode": "Blocking mode",
"default": "Default",
"nxdomain": "NXDOMAIN", "nxdomain": "NXDOMAIN",
"null_ip": "Null IP", "null_ip": "Null IP",
"custom_ip": "Custom IP", "custom_ip": "Custom IP",
@ -203,7 +204,10 @@
"rate_limit_desc": "The number of requests per second that a single client is allowed to make (0: unlimited)", "rate_limit_desc": "The number of requests per second that a single client is allowed to make (0: unlimited)",
"blocking_ipv4_desc": "IP address to be returned for a blocked A request", "blocking_ipv4_desc": "IP address to be returned for a blocked A request",
"blocking_ipv6_desc": "IP address to be returned for a blocked AAAA request", "blocking_ipv6_desc": "IP address to be returned for a blocked AAAA request",
"blocking_mode_desc": "<0>NXDOMAIN Respond with NXDOMAIN code;</0> <0>Null IP Respond with zero IP address (0.0.0.0 for A; :: for AAAA);</0> <0>Custom IP - Respond with a manually set IP address.</0>", "blocking_mode_default": "Default: Respond with NXDOMAIN when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule",
"blocking_mode_nxdomain": "NXDOMAIN: Respond with NXDOMAIN code",
"blocking_mode_null_ip": "Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA)",
"blocking_mode_custom_ip": "Custom IP: Respond with a manually set IP address",
"upstream_dns_client_desc": "If you keep this field empty, AdGuard Home will use the servers configured in the <0>DNS settings</0>.", "upstream_dns_client_desc": "If you keep this field empty, AdGuard Home will use the servers configured in the <0>DNS settings</0>.",
"source_label": "Source", "source_label": "Source",
"found_in_known_domain_db": "Found in the known domains database.", "found_in_known_domain_db": "Found in the known domains database.",

6
client/src/components/Settings/Dns/Config/Form.js
View File

@ -83,7 +83,11 @@ let Form = ({
<Trans>blocking_mode</Trans> <Trans>blocking_mode</Trans>
</label> </label>
<div className="form__desc form__desc--top"> <div className="form__desc form__desc--top">
<Trans components={[<div key="0">text</div>]}>blocking_mode_desc</Trans> {Object.values(BLOCKING_MODES).map(mode => (
<li key={mode}>
<Trans >{`blocking_mode_${mode}`}</Trans>
</li>
))}
</div> </div>
<div className="custom-controls-stacked"> <div className="custom-controls-stacked">
{getFields(processing, t)} {getFields(processing, t)}

1
client/src/helpers/constants.js
View File

@ -359,6 +359,7 @@ export const QUERY_LOG_INTERVALS_DAYS = [1, 7, 30, 90];
export const FILTERS_INTERVALS_HOURS = [0, 1, 12, 24, 72, 168]; export const FILTERS_INTERVALS_HOURS = [0, 1, 12, 24, 72, 168];
export const BLOCKING_MODES = { export const BLOCKING_MODES = {
default: 'default',
nxdomain: 'nxdomain', nxdomain: 'nxdomain',
null_ip: 'null_ip', null_ip: 'null_ip',
custom_ip: 'custom_ip', custom_ip: 'custom_ip',

2
client/src/reducers/dnsConfig.js
View File

@ -39,7 +39,7 @@ const dnsConfig = handleActions(
{ {
processingGetConfig: false, processingGetConfig: false,
processingSetConfig: false, processingSetConfig: false,
blocking_mode: BLOCKING_MODES.nxdomain, blocking_mode: BLOCKING_MODES.default,
ratelimit: 20, ratelimit: 20,
blocking_ipv4: DEFAULT_BLOCKING_IPV4, blocking_ipv4: DEFAULT_BLOCKING_IPV4,
blocking_ipv6: DEFAULT_BLOCKING_IPV6, blocking_ipv6: DEFAULT_BLOCKING_IPV6,

10
dnsforward/dnsforward.go
View File

@ -727,10 +727,6 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
case dnsfilter.FilteredParental: case dnsfilter.FilteredParental:
return s.genBlockedHost(m, s.conf.ParentalBlockHost, d) return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
default: default:
if result.IP != nil {
return s.genResponseWithIP(m, result.IP)
}
if s.conf.BlockingMode == "null_ip" { if s.conf.BlockingMode == "null_ip" {
switch m.Question[0].Qtype { switch m.Question[0].Qtype {
case dns.TypeA: case dns.TypeA:
@ -746,8 +742,14 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
case dns.TypeAAAA: case dns.TypeAAAA:
return s.genAAAARecord(m, s.conf.BlockingIPAddrv6) return s.genAAAARecord(m, s.conf.BlockingIPAddrv6)
} }
} else if s.conf.BlockingMode == "nxdomain" {
return s.genNXDomain(m)
} }
if result.IP != nil {
return s.genResponseWithIP(m, result.IP)
}
return s.genNXDomain(m) return s.genNXDomain(m)
} }
} }

2
dnsforward/dnsforward_http.go
View File

@ -54,7 +54,7 @@ func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) {
func checkBlockingMode(req dnsConfigJSON) bool { func checkBlockingMode(req dnsConfigJSON) bool {
bm := req.BlockingMode bm := req.BlockingMode
if !(bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") { if !(bm == "default" || bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") {
return false return false
} }

2
home/config.go
View File

@ -161,7 +161,7 @@ var config = configuration{
StatsInterval: 1, StatsInterval: 1,
FilteringConfig: dnsforward.FilteringConfig{ FilteringConfig: dnsforward.FilteringConfig{
ProtectionEnabled: true, // whether or not use any of dnsfilter features ProtectionEnabled: true, // whether or not use any of dnsfilter features
BlockingMode: "null_ip", // mode how to answer filtered requests BlockingMode: "default", // mode how to answer filtered requests
BlockedResponseTTL: 10, // in seconds BlockedResponseTTL: 10, // in seconds
Ratelimit: 20, Ratelimit: 20,
RefuseAny: true, RefuseAny: true,

1
openapi/openapi.yaml
View File

@ -1075,6 +1075,7 @@ definitions:
blocking_mode: blocking_mode:
type: "string" type: "string"
enum: enum:
- "default"
- "nxdomain" - "nxdomain"
- "null_ip" - "null_ip"
- "custom_ip" - "custom_ip"