Simon Zolin
b00a789ca3
Revert "Merge: + DNS: TLS handshake: terminate handshake on bad SNI"
...
This reverts commit c8c76ae12b
.
2019-12-13 17:38:17 +03:00
Simon Zolin
c8c76ae12b
Merge: + DNS: TLS handshake: terminate handshake on bad SNI
...
Close #1014
Squashed commit of the following:
commit 759248efc0587ff2f288996c47739e602c557a76
Author: Simon Zolin <s.zolin@adguard.com>
Date: Thu Dec 12 19:26:46 2019 +0300
support empty ServerName
commit 68afecd5eca5ae66262b12dcb414b50efe88dc02
Author: Simon Zolin <s.zolin@adguard.com>
Date: Wed Dec 11 14:40:22 2019 +0300
+ DNS: TLS handshake: terminate handshake on bad SNI
2019-12-13 13:06:37 +03:00
Simon Zolin
ef57f7e192
- DNS: fix race in WriteDiskConfig()
2019-12-12 15:04:29 +03:00
Simon Zolin
000e842f7b
- DNS: fix deadlock in Server.ServeHTTP()
...
s.RLock() is called again in filterResponse() while another thread
holds s.Lock()
2019-12-12 15:00:10 +03:00
Simon Zolin
c9ccc53282
Merge: * set BlockingMode: "null_ip" by default; minor improvements
...
Squashed commit of the following:
commit 653544b98dc4d1b9a74e1509d0e6104b71bcdcb3
Author: Simon Zolin <s.zolin@adguard.com>
Date: Wed Dec 11 17:34:41 2019 +0300
* DNS reconfigure: protect against delayed socket fd close
commit 9e650f37dee7f771bf1d9d714c35f0a81788aa16
Author: Simon Zolin <s.zolin@adguard.com>
Date: Wed Dec 11 15:28:33 2019 +0300
- fix race on startup
commit 878fdb8fc4ebbc6fab683a65f5e4298e64c2073e
Author: Simon Zolin <s.zolin@adguard.com>
Date: Wed Dec 11 15:11:21 2019 +0300
* travis: don't run tests
commit 1c4ab60684ee22d55e6d2a3350c0f24d9844255c
Author: Simon Zolin <s.zolin@adguard.com>
Date: Wed Dec 11 14:56:28 2019 +0300
* travis: 'release.sh' and then run tests
commit e1f644b8d9a1f3b46990cdfb1b75fd81b3a49d33
Author: Simon Zolin <s.zolin@adguard.com>
Date: Wed Dec 11 14:52:59 2019 +0300
* set BlockingMode: "null_ip" by default
2019-12-11 17:54:34 +03:00
Simon Zolin
0a66913b4d
Merge: * use upstream servers directly for the internal DNS resolver
...
Close #1212
* Server.Start(config *ServerConfig) -> Start()
+ Server.Prepare(config *ServerConfig)
+ Server.Resolve(host string)
+ Server.Exchange()
* rDNS: use internal DNS resolver
- clients: fix race in WriteDiskConfig()
- fix race: move 'clients' object from 'configuration' to 'HomeContext'
Go race detector didn't like our 'clients' object in 'configuration'.
+ add AGH startup test
. Create a configuration file
. Start AGH instance
. Check Web server
. Check DNS server
. Wait until the filters are downloaded
. Stop and cleanup
* move module objects from config.* to Context.*
* don't call log.SetLevel() if not necessary
This helps to avoid Go race detector's warning
* ci.sh: 'make' and then run tests
Squashed commit of the following:
commit 86500c7f749307f37af4cc8c2a1066f679d0cfad
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 18:08:53 2019 +0300
minor
commit 6e6abb9dca3cd250c458bec23aa30d2250a9eb40
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 18:08:31 2019 +0300
* ci.sh: 'make' and then run tests
commit 114192eefea6800e565ba9ab238202c006516c27
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 17:50:04 2019 +0300
fix
commit d426deea7f02cdfd4c7217a38c59e51251956a0f
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 17:46:33 2019 +0300
tests
commit 7b350edf03027895b4e43dee908d0155a9b0ac9b
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 15:56:12 2019 +0300
fix test
commit 2f5f116873bbbfdd4bb7f82a596f9e1f5c2bcfd8
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 15:48:56 2019 +0300
fix tests
commit 3fbdc77f9c34726e2295185279444983652d559e
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 15:45:00 2019 +0300
linter
commit 9da0b6965a2b6863bcd552fa83a4de2866600bb8
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 15:33:23 2019 +0300
* config.dnsctx.whois -> Context.whois
commit c71ebdbdf6efd88c877b2f243c69d3bc00a997d7
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 15:31:08 2019 +0300
* don't call log.SetLevel() if not necessary
This helps to avoid Go race detector's warning
commit 0f250220133cefdcb0843a50000cb932802b8324
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 15:28:19 2019 +0300
* rdns: refactor
commit c460d8c9414940dac852e390b6c1b4d4fb38dff9
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 14:08:08 2019 +0300
Revert: * stats: serialize access to 'limit'
Use 'conf *Config' and update it atomically, as in querylog module.
(Note: Race detector still doesn't like it)
commit 488bcb884971276de0d5629384b29e22c59ee7e6
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 13:50:23 2019 +0300
* config.dnsFilter -> Context.dnsFilter
commit 86c0a6827a450414b50acec7ebfc5220d13b81e4
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 13:45:05 2019 +0300
* config.dnsServer -> Context.dnsServer
commit ee35ef095ccaabc89e3de0ef52c9b5ed56b36873
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 13:42:10 2019 +0300
* config.dhcpServer -> Context.dhcpServer
commit 1537001cd211099d5fad01696c0b806ae5d257b1
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 13:39:45 2019 +0300
* config.queryLog -> Context.queryLog
commit e5955fe4ff1ef6f41763461b37b502ea25a3d04c
Author: Simon Zolin <s.zolin@adguard.com>
Date: Tue Dec 10 13:03:18 2019 +0300
* config.httpsServer -> Context.httpsServer
commit 6153c10a9ac173e159d1f05e0db1512579b9203c
Author: Simon Zolin <s.zolin@adguard.com>
Date: Mon Dec 9 20:12:24 2019 +0300
* config.httpServer -> Context.httpServer
commit abd021fb94039015cd45c97614e8b78d4694f956
Author: Simon Zolin <s.zolin@adguard.com>
Date: Mon Dec 9 20:08:05 2019 +0300
* stats: serialize access to 'limit'
commit 38c2decfd87c712100edcabe62a6d4518719cb53
Author: Simon Zolin <s.zolin@adguard.com>
Date: Mon Dec 9 19:57:04 2019 +0300
* config.stats -> Context.stats
commit 6caf8965ad44db9dce9a7a5103aa8fa305ad9a06
Author: Simon Zolin <s.zolin@adguard.com>
Date: Mon Dec 9 19:45:23 2019 +0300
fix Restart()
... and 6 more commits
2019-12-11 12:38:58 +03:00
Simon Zolin
19a94bf789
+ dns: add "edns_client_subnet" setting
2019-12-10 16:01:17 +03:00
Simon Zolin
87bb773d3e
* DNS: remove /enable_protection and /disable_protection
2019-12-10 16:01:17 +03:00
Simon Zolin
1b3122dd35
* /control/set_upstreams_config: allow empty upstream list
2019-12-10 16:01:17 +03:00
Simon Zolin
4f4da3397c
+ dns: support blocking_mode=custom_ip
2019-12-10 16:01:16 +03:00
Simon Zolin
26ccee47b5
+ DNS: Get/Set DNS general settings
...
GET /control/dns_info
POST /control/dns_config
2019-12-10 16:01:16 +03:00
Simon Zolin
7313c3bc53
+ use per-client DNS servers
2019-12-05 13:16:41 +03:00
Simon Zolin
e7727e9f63
+ dnsforward: match CNAME with filtering rules
...
+ GET /control/querylog: add "cname_match" field
* querylog: Add() now receives an object with parameters
2019-12-03 17:01:26 +03:00
Simon Zolin
d6d0d53761
* DNS: use Quad9 as default server
2019-12-02 15:40:54 +03:00
Simon Zolin
f579c23bc9
* minor fixes
2019-12-02 15:25:11 +03:00
Simon Zolin
9b8cccdfcf
* dnsforward: refactor code for default DNS servers logic
2019-12-02 14:58:17 +03:00
Simon Zolin
8bf75b54a4
* update tests
2019-12-02 14:58:17 +03:00
Simon Zolin
19a1c03d3b
* dnsforward: move access settings and web handlers
2019-12-02 14:58:17 +03:00
Simon Zolin
7bb32eae3d
+ dnsforward: refactor
...
+ dnsforward: own HTTP handlers
* dnsforward: no DNS reload on ProtectionEnabled setting change
* dnsforward: move QueryLog* settings out
* dnsforward: move dnsfilter settings out
* clients,i18n: no DNS reload on settings change
2019-12-02 14:58:17 +03:00
Simon Zolin
0cd6781a9a
* QueryLog.Add() now receives net.IP, not net.Addr
2019-11-19 15:09:53 +03:00
Simon Zolin
090f549833
- dns rewrites: CNAME record didn't work
2019-11-07 15:27:39 +03:00
Simon Zolin
3b443bc9c8
* dns: enable DNS message compression
2019-10-23 20:02:42 +03:00
Simon Zolin
b7b32e2f01
- windows: dns: fix reconfigure procedure
2019-10-21 15:58:14 +03:00
Simon Zolin
a59e346d4a
* dnsfilter: major refactoring
...
* dnsfilter is controlled by package home, not dnsforward
* move HTTP handlers to dnsfilter/
* apply filtering settings without DNS server restart
* use only 1 goroutine for filters update
* apply new filters quickly (after they are ready to be used)
2019-10-09 20:05:21 +03:00
Simon Zolin
90db91b0fd
* querylog: refactor: move HTTP handlers to querylog/
2019-10-09 19:38:58 +03:00
Simon Zolin
bbb5413331
* stats: refactor: move HTTP handlers to stats/
...
DNS module passes additional parameters to Stats module.
This allows Stats to handle HTTP requests by itself - completely removing
all stats-related code from outside.
2019-09-26 16:52:28 +03:00
Simon Zolin
75b864f25e
* dnsforward: create dnsfilter asynchronously
2019-09-23 20:00:11 +03:00
Simon Zolin
d7f256ba7f
- fix crash after stats module is closed
...
Close DNS forward module BEFORE stats.
2019-09-19 12:47:55 +03:00
Simon Zolin
f4c29715b5
- rewrites: AAAA rewrites didn't work
2019-09-16 16:28:00 +03:00
Simon Zolin
30ca77303b
Merge: Add Filters Update Interval setting; refactor
...
Close #641
* commit 'd0fc1dc54dfbc017f28c6c0afa4623c6259af557':
+ client: handle filters configuration
* openapi: update /filtering
filtering: refactor; change API; add "filters_update_interval" setting
2019-09-12 19:06:39 +03:00
Simon Zolin
df5b41458f
Merge: + dnsforward: disable Mozilla DoH - block use-application-dns.net
...
#988
* commit '47e29f96dfb9f254babcf4763912dc5e9a07ee2a':
+ dnsforward: disable Mozilla DoH - block use-application-dns.net
2019-09-12 19:05:29 +03:00
Simon Zolin
47e29f96df
+ dnsforward: disable Mozilla DoH - block use-application-dns.net
2019-09-12 18:56:11 +03:00
Simon Zolin
adb422fedf
filtering: refactor; change API; add "filters_update_interval" setting
...
+ config: "filters_update_interval"
* add /control/filtering_info
* remove /control/filtering/enable
* remove /control/filtering/disable
* add /control/filtering_config
* remove /control/filtering/status
* add /control/filtering/set_url
* remove /control/filtering/enable_url
* remove /control/filtering/disable_url
2019-09-12 18:38:13 +03:00
Simon Zolin
8104c902ee
* querylog: move code to a separate package
...
+ config: "querylog_interval" setting
/control/querylog_config, /control/querylog_info
+ POST /control/querylog_clear
2019-09-12 18:35:13 +03:00
Simon Zolin
04e2566e9e
* stats: use uint32 or uint64 integer values, not int
2019-09-12 17:53:27 +03:00
Simon Zolin
4a58266ba3
+ statistics: store in separate file
...
+ GET /control/stats handler
2019-09-04 10:12:02 +03:00
Simon Zolin
60eb55bdce
* stats: remove old code
2019-09-04 10:12:01 +03:00
Simon Zolin
c616259e8b
* dnsfilter: use golibs/cache
...
+ config: add cache size settings
+ config: add cache_time setting
2019-09-02 19:12:53 +03:00
Simon Zolin
24bb708b21
+ config: add certificate_path, private_key_path
...
* POST /control/tls/configure: support certificate_path and private_key_path
2019-08-30 19:18:14 +03:00
Andrey Meshkov
64d40bdc47
Merge: - config: global "blocked_services" settings were reset on startup
...
* commit 'b1ca7c90d3ef0e72d3535b7cf195adfe83d34e5a':
- config: global "blocked_services" settings were reset on startup
2019-08-22 15:38:24 +03:00
Simon Zolin
b1ca7c90d3
- config: global "blocked_services" settings were reset on startup
2019-08-22 15:30:48 +03:00
Simon Zolin
a370cd0bf0
- dnsforward: don't use dnsfilter object after it's closed (additional check)
2019-08-22 12:01:59 +03:00
Simon Zolin
94552a30d7
- dnsforward: don't use dnsfilter object after it's closed
2019-08-20 15:07:39 +03:00
Andrey Meshkov
c82e93cfc7
-(dnsforward): fixed sigsegv when protection is disabled
...
Also, fixed all golint issues
✅ Closes : #941
2019-08-20 00:55:32 +03:00
Simon Zolin
b37208564b
- fix build: we're using a new gcache module now
2019-08-16 15:43:12 +03:00
Simon Zolin
56c69cdb79
Revert "fix tests"
...
This reverts commit d9265aa9a8
.
2019-08-16 15:11:57 +03:00
Simon Zolin
15d07a40eb
* refactor
2019-08-05 14:12:22 +03:00
Simon Zolin
e81a9c7d56
+ dnsfilter: use global and per-client BlockedServices array
2019-08-05 14:12:22 +03:00
Simon Zolin
1bb6638db7
+ dnsforward: use Rewrites table
2019-07-29 11:48:24 +03:00
Simon Zolin
a9fbb93f0f
Merge: + Add "parental_block_host" and "safebrowsing_block_host" settings
...
#454
* commit 'fdf7ee2c08d4177d78fcdc20571bc7d2b61320ae':
* refactor: don't set new configuration while running DNS server
* refactor
* dnsforward: parental control server can be an IP address, not just host name
+ dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings
2019-07-24 19:35:46 +03:00
Simon Zolin
d9265aa9a8
fix tests
2019-07-23 20:01:50 +03:00
Simon Zolin
fdf7ee2c08
* refactor: don't set new configuration while running DNS server
2019-07-22 12:52:27 +03:00
Simon Zolin
5a3de2a276
* refactor
2019-07-22 12:33:58 +03:00
Simon Zolin
4a05ab0057
* dnsforward: parental control server can be an IP address, not just host name
2019-07-22 12:33:45 +03:00
Simon Zolin
4134a8c30e
+ dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings
2019-07-22 12:16:30 +03:00
Simon Zolin
2bbd262968
* dnsforward: move initialization of periodic tasks to NewServer()
2019-07-19 12:18:16 +03:00
Simon Zolin
0a1d7fd707
- fix tests
2019-07-09 11:35:39 +03:00
Simon Zolin
134d9275bb
* use urlfilter v0.4.0
...
Now we pass filtering rules to urlfilter as filer file names,
rather than the list of rule strings.
(Note: user rules are still passed as the list of rule strings).
As a result, we don't store the contents of filter files in memory.
2019-07-04 14:10:01 +03:00
Andrey Meshkov
07db927246
Fix #727 - use default parental sensitivity when it's not set
2019-06-06 22:42:17 +03:00
Andrey Meshkov
a3b8d4d923
Fix #706 -- rDNS for DOH/DOT clients
2019-06-04 20:38:53 +03:00
Simon Zolin
1d09ff0562
Merge: + dnsforward: add access settings for blocking DNS requests
...
Close #728
* commit 'e4532a27cd2a6f92aaf724fddbffa00fcecb064c':
- openapi: correct format
+ client: handle access settings
* go.mod: update dnsproxy
+ control: /access/list, /access/set handlers
+ dnsforward: add access settings for blocking DNS requests
2019-06-03 15:04:52 +03:00
Simon Zolin
3baa6919dc
- fix tests and linter issues
2019-05-31 12:27:13 +03:00
Simon Zolin
36ffcf7d22
+ dnsforward: add access settings for blocking DNS requests
...
Block by client IP or target domain name.
2019-05-30 18:21:36 +03:00
Simon Zolin
a12f01793f
+ clients: find DNS client's hostname by IP using rDNS
2019-05-28 19:07:57 +03:00
Simon Zolin
8bf76c331d
+ dnsfilter: use callback function for applying per-client settings
2019-05-28 18:44:27 +03:00
Simon Zolin
ac8f703407
+ dnsforward: support IPv6 (AAAA response)
...
If question type is AAAA:
Before this patch we responded with NXDOMAIN.
Now we send an empty response if host rule is IPv4;
or we send an AAAA answer if host rule is IPv6.
+ block ipv6 if rule is "0.0.0.0 blockdomain"
2019-05-24 18:08:08 +03:00
Simon Zolin
096a959987
* dnsforward: use new dnsfilter interface
2019-05-17 18:22:57 +03:00
Simon Zolin
9644f79a03
* dnsforward: use separate ServerConfig object
2019-05-17 18:22:57 +03:00
Simon Zolin
d5f6dd1a46
- dns query log: robust file flushing mechanism
...
Before this patch we could exit the process without waiting for
file writing task to complete.
As a result a file could become corrupted or a large chunk of data
could be missing.
Now the main thread either waits until file writing task completes
or it writes log buffer to file itself.
2019-05-15 13:12:03 +03:00
Simon Zolin
0f28a989e9
* improve logging
2019-05-15 13:12:03 +03:00
Alexander Turcic
cd2dd00da3
* dnsforward_test: add test for null filter
2019-05-14 16:53:09 +03:00
Alexander Turcic
07ffcbec3d
* dnsforward, config: add unspecified IP blocking option
...
* dnsforward: prioritize host files over null filter
* dnsforward, config: adjust setting variable to blocking_mode
* dnsforward: use net.IPv4zero for null IP
2019-05-14 16:53:06 +03:00
Aleksey Dmitrevskiy
c82887d3aa
* app, dnsforward: add MinVersion for TLS configs
2019-04-17 12:02:56 +03:00
Aleksey Dmitrevskiy
9ea5c1abe1
+ control, dns, client: add ability to set DNS upstream per domain
2019-03-20 14:24:33 +03:00
Aleksey Dmitrevskiy
bc4c2e2ff7
Merge branch 'master' into fix/596
2019-03-06 18:25:42 +03:00
Aleksey Dmitrevskiy
53d680a5df
Fix #597 - [bugfix] querylog_top: Empty domain gets to the Top Queried domains
2019-02-28 16:19:23 +03:00
Aleksey Dmitrevskiy
acb4a98466
[change] dnsforward: Add comments for public fields
2019-02-28 13:40:40 +03:00
Aleksey Dmitrevskiy
3929f0da44
[change] control: Handle upstream config with JSON
2019-02-28 13:01:41 +03:00
Aleksey Dmitrevskiy
81e88472cb
Merge branch 'fix/542' into fix/596
2019-02-28 11:16:03 +03:00
Aleksey Dmitrevskiy
967a1e6b87
Merge branch 'master' into fix/596
2019-02-27 18:56:36 +03:00
Aleksey Dmitrevskiy
ffa4429818
Merge branch 'master' into fix/542
2019-02-27 18:47:01 +03:00
Simon Zolin
5cb6d97cd7
* use new logger - AdguardTeam/golibs/log
2019-02-27 15:02:11 +03:00
Aleksey Dmitrevskiy
dc05556c5a
Fix #542 - Add Bootstrap DNS resolver settings
2019-02-27 11:15:18 +03:00
Aleksey Dmitrevskiy
5bc6d00aa0
Fix #596 - Intelligent Optimal DNS Resolution
2019-02-26 18:19:05 +03:00
Andrey Meshkov
c71d6ed433
Fix race in safesearch tests
2019-02-25 18:56:51 +03:00
Aleksey Dmitrevskiy
86279f19b0
Add TODO
2019-02-25 17:15:50 +03:00
Aleksey Dmitrevskiy
3d901a82ad
Fix merge issues
2019-02-25 17:07:26 +03:00
Aleksey Dmitrevskiy
d351ed82c1
Merge branch 'master' into fix/576
2019-02-25 17:07:02 +03:00
Aleksey Dmitrevskiy
8e13f22aa5
Add stats assertions
2019-02-25 17:01:57 +03:00
Aleksey Dmitrevskiy
d0f4f22e0d
Add safesearch test for dnsforward
2019-02-25 14:58:54 +03:00
Andrey Meshkov
1da954fa97
Fix tests
2019-02-22 18:41:59 +03:00
Andrey Meshkov
ad4b58472f
Update dnsproxy to 0.11.0
2019-02-22 18:16:47 +03:00
Andrey Meshkov
e8898811fe
Added DOH url
2019-02-22 15:52:12 +03:00
Andrey Meshkov
71df659dc9
Added DNS-over-TLS unit-test and a test looking for race-conditions
2019-02-22 15:23:39 +03:00
Andrey Meshkov
37431735fd
Added new config fields to readme
2019-02-21 17:48:18 +03:00
Eugene Bujak
229ef78085
Activate DNS-over-TLS server when certificates, keys and ports are configured.
2019-02-15 16:28:28 +03:00
Andrey Meshkov
a40ddb094b
Fix review comments
2019-02-11 14:22:36 +03:00
Andrey Meshkov
9ff420bb52
Do not store last_updated in the config file anymore
2019-02-10 21:44:16 +03:00
Andrey Meshkov
9a03190a62
Fix #579
...
1. Added --workdir command-line argument that lets configure the working dir.
2. Made "dnsforward" use this workdir parameter when saving/reading querylog.
3. Reworked "dnsforward" -- moved http handlers out of there to control.go
2019-02-10 20:47:43 +03:00
Eugene Bujak
68c8a4d484
Demote some log.printf into log.tracef
2019-02-07 18:24:43 +03:00