From 07ebcc2bf3bf4e4d3535f0d1d5191cbc82ba876d Mon Sep 17 00:00:00 2001 From: Simon Zolin Date: Mon, 30 Dec 2019 18:41:51 +0300 Subject: [PATCH 1/3] * DNS: nxdomain: don't return IP address for a blocked domain Don't return IP address for a blocked domain when blocking mode is "nxdomain". --- AGHTechDoc.md | 10 ++++++++-- dnsforward/dnsforward.go | 10 ++++++---- dnsforward/dnsforward_http.go | 2 +- openapi/openapi.yaml | 1 + 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/AGHTechDoc.md b/AGHTechDoc.md index 3045d6f7..e8f98db4 100644 --- a/AGHTechDoc.md +++ b/AGHTechDoc.md @@ -831,7 +831,7 @@ Response: { "protection_enabled": true | false, "ratelimit": 1234, - "blocking_mode": "nxdomain" | "null_ip" | "custom_ip", + "blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip", "blocking_ipv4": "1.2.3.4", "blocking_ipv6": "1:2:3::4", "edns_cs_enabled": true | false, @@ -848,7 +848,7 @@ Request: { "protection_enabled": true | false, "ratelimit": 1234, - "blocking_mode": "nxdomain" | "null_ip" | "custom_ip", + "blocking_mode": "default" | "nxdomain" | "null_ip" | "custom_ip", "blocking_ipv4": "1.2.3.4", "blocking_ipv6": "1:2:3::4", "edns_cs_enabled": true | false, @@ -859,6 +859,12 @@ Response: 200 OK +`blocking_mode`: +* default: Respond with NXDOMAIN when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule +* NXDOMAIN: Respond with NXDOMAIN code +* Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA) +* Custom IP: Respond with a manually set IP address + `blocking_ipv4` and `blocking_ipv6` values are active when `blocking_mode` is set to `custom_ip`. diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go index 32875db1..462cf4d3 100644 --- a/dnsforward/dnsforward.go +++ b/dnsforward/dnsforward.go @@ -727,10 +727,6 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu case dnsfilter.FilteredParental: return s.genBlockedHost(m, s.conf.ParentalBlockHost, d) default: - if result.IP != nil { - return s.genResponseWithIP(m, result.IP) - } - if s.conf.BlockingMode == "null_ip" { switch m.Question[0].Qtype { case dns.TypeA: @@ -746,8 +742,14 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu case dns.TypeAAAA: return s.genAAAARecord(m, s.conf.BlockingIPAddrv6) } + + } else if s.conf.BlockingMode == "nxdomain" { + return s.genNXDomain(m) } + if result.IP != nil { + return s.genResponseWithIP(m, result.IP) + } return s.genNXDomain(m) } } diff --git a/dnsforward/dnsforward_http.go b/dnsforward/dnsforward_http.go index c20ac7fc..088add56 100644 --- a/dnsforward/dnsforward_http.go +++ b/dnsforward/dnsforward_http.go @@ -54,7 +54,7 @@ func (s *Server) handleGetConfig(w http.ResponseWriter, r *http.Request) { func checkBlockingMode(req dnsConfigJSON) bool { bm := req.BlockingMode - if !(bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") { + if !(bm == "default" || bm == "nxdomain" || bm == "null_ip" || bm == "custom_ip") { return false } diff --git a/openapi/openapi.yaml b/openapi/openapi.yaml index 2400b9b7..2d042c62 100644 --- a/openapi/openapi.yaml +++ b/openapi/openapi.yaml @@ -1075,6 +1075,7 @@ definitions: blocking_mode: type: "string" enum: + - "default" - "nxdomain" - "null_ip" - "custom_ip" From 8daca1a55a4f8ec959abb5234089cf957f20b36b Mon Sep 17 00:00:00 2001 From: Simon Zolin Date: Fri, 17 Jan 2020 15:24:33 +0300 Subject: [PATCH 2/3] * config: set "default" blocking mode by default --- home/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/config.go b/home/config.go index 3db7a963..693c4a40 100644 --- a/home/config.go +++ b/home/config.go @@ -161,7 +161,7 @@ var config = configuration{ StatsInterval: 1, FilteringConfig: dnsforward.FilteringConfig{ ProtectionEnabled: true, // whether or not use any of dnsfilter features - BlockingMode: "null_ip", // mode how to answer filtered requests + BlockingMode: "default", // mode how to answer filtered requests BlockedResponseTTL: 10, // in seconds Ratelimit: 20, RefuseAny: true, From b01af453cc27cdb89ac0482ec68108ec8a2835a5 Mon Sep 17 00:00:00 2001 From: Ildar Kamalov Date: Fri, 17 Jan 2020 15:03:47 +0300 Subject: [PATCH 3/3] + client: handle default blocking mode --- client/src/__locales/en.json | 6 +++++- client/src/components/Settings/Dns/Config/Form.js | 6 +++++- client/src/helpers/constants.js | 1 + client/src/reducers/dnsConfig.js | 2 +- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/client/src/__locales/en.json b/client/src/__locales/en.json index 18e2d059..9de02278 100644 --- a/client/src/__locales/en.json +++ b/client/src/__locales/en.json @@ -191,6 +191,7 @@ "query_log_retention_confirm": "Are you sure you want to change query log retention? If you decrease the interval value, some data will be lost", "dns_config": "DNS server configuration", "blocking_mode": "Blocking mode", + "default": "Default", "nxdomain": "NXDOMAIN", "null_ip": "Null IP", "custom_ip": "Custom IP", @@ -203,7 +204,10 @@ "rate_limit_desc": "The number of requests per second that a single client is allowed to make (0: unlimited)", "blocking_ipv4_desc": "IP address to be returned for a blocked A request", "blocking_ipv6_desc": "IP address to be returned for a blocked AAAA request", - "blocking_mode_desc": "<0>NXDOMAIN – Respond with NXDOMAIN code; <0>Null IP – Respond with zero IP address (0.0.0.0 for A; :: for AAAA); <0>Custom IP - Respond with a manually set IP address.", + "blocking_mode_default": "Default: Respond with NXDOMAIN when blocked by Adblock-style rule; respond with the IP address specified in the rule when blocked by /etc/hosts-style rule", + "blocking_mode_nxdomain": "NXDOMAIN: Respond with NXDOMAIN code", + "blocking_mode_null_ip": "Null IP: Respond with zero IP address (0.0.0.0 for A; :: for AAAA)", + "blocking_mode_custom_ip": "Custom IP: Respond with a manually set IP address", "upstream_dns_client_desc": "If you keep this field empty, AdGuard Home will use the servers configured in the <0>DNS settings.", "source_label": "Source", "found_in_known_domain_db": "Found in the known domains database.", diff --git a/client/src/components/Settings/Dns/Config/Form.js b/client/src/components/Settings/Dns/Config/Form.js index 271ae3c5..580f09d4 100644 --- a/client/src/components/Settings/Dns/Config/Form.js +++ b/client/src/components/Settings/Dns/Config/Form.js @@ -83,7 +83,11 @@ let Form = ({ blocking_mode
- text
]}>blocking_mode_desc + {Object.values(BLOCKING_MODES).map(mode => ( +
  • + {`blocking_mode_${mode}`} +
    • + ))}
    {getFields(processing, t)} diff --git a/client/src/helpers/constants.js b/client/src/helpers/constants.js index 38b19e21..f186bfaa 100644 --- a/client/src/helpers/constants.js +++ b/client/src/helpers/constants.js @@ -359,6 +359,7 @@ export const QUERY_LOG_INTERVALS_DAYS = [1, 7, 30, 90]; export const FILTERS_INTERVALS_HOURS = [0, 1, 12, 24, 72, 168]; export const BLOCKING_MODES = { + default: 'default', nxdomain: 'nxdomain', null_ip: 'null_ip', custom_ip: 'custom_ip', diff --git a/client/src/reducers/dnsConfig.js b/client/src/reducers/dnsConfig.js index d124db0f..87f59d36 100644 --- a/client/src/reducers/dnsConfig.js +++ b/client/src/reducers/dnsConfig.js @@ -39,7 +39,7 @@ const dnsConfig = handleActions( { processingGetConfig: false, processingSetConfig: false, - blocking_mode: BLOCKING_MODES.nxdomain, + blocking_mode: BLOCKING_MODES.default, ratelimit: 20, blocking_ipv4: DEFAULT_BLOCKING_IPV4, blocking_ipv6: DEFAULT_BLOCKING_IPV6,