Commit Graph

230 Commits

Author SHA1 Message Date
Simon Zolin
a5c2cdaf38 + dnsforward: add dnssec_enabled option 2020-03-18 18:05:02 +03:00
Simon Zolin
dd7d9dc334 * move getDNSAddresses() and "/dns-query" handler to DNS module 2020-03-17 17:12:02 +03:00
Simon Zolin
1000aef1d2 + DNS, Web: Entware: use special directory with the system root certificates
+ use custom RootsCA for HTTPS client, for server cert verify
2020-03-16 15:15:38 +03:00
Simon Zolin
579177fc70 Merge: * DNS: use "unrestricted" Quad9 servers; - dnsfilter: fix hanging on error
Close #1451

Squashed commit of the following:

commit 91e5c98d7543b7c8872cc494818d66bb823ec7c0
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Mar 5 13:09:01 2020 +0300

    fix

commit 4f80865e55f27206fa9cef1d72fb3652498da582
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Mar 5 13:08:31 2020 +0300

    * fix race-detector issue

commit 5513c6c12c112c8f9325dbc8a8d09e58fe7611e0
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Mar 5 13:01:46 2020 +0300

    - dnsfilter: fix hanging on error

commit c7b81286833a523349efb8ca972eba3540518944
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Mar 5 12:42:19 2020 +0300

    * DNS: use "unrestricted" Quad9 servers
2020-03-05 13:12:21 +03:00
Simon Zolin
140d5553e7 * DNS rewrites: don't pass request to an upstream server if matched by Rewrite rule
For example, if there's an A rewrite rule, but no AAAA rule,
 the response to AAAA request must be empty.
2020-03-02 15:24:40 +03:00
Andrey Meshkov
d839136fee Merge: fix #822 - Whitelist filter rules
Squashed commit of the following:

commit 350c6d5fadd77145b801df8887284bf4d64fbd19
Author: Ildar Kamalov <i.kamalov@adguard.com>
Date:   Wed Feb 26 15:43:29 2020 +0300

    * client: update translations

commit a884dffcd59f2259e2eee2c1e5a3270819bf8962
Author: Ildar Kamalov <i.kamalov@adguard.com>
Date:   Mon Feb 17 17:32:10 2020 +0300

    + client: handle whitelist filters

commit a586ec5bc614ffb0e01584a1fbdc7292b4865e68
Author: ArtemBaskal <a.baskal@adguard.com>
Date:   Wed Jan 29 18:16:59 2020 +0300

    + client: add whitelist

commit a52c3de62cf2fa34be6394771fb8bb56b4ee81e3
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Feb 20 17:50:44 2020 +0300

    * change /filtering/refresh

commit 7f8f2ecccb9f7fa65318c1717dc6a7bd61afccf4
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Feb 20 16:17:07 2020 +0300

    * fix race-detector issue

commit ac4b64c4a52c5b364a4b154bf18dea0fdf45647f
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Jan 20 20:08:21 2020 +0300

    + whitelist filters
2020-02-26 19:58:25 +03:00
Andrey Meshkov
6c18b71010 *(dnsforward): fix safe search returning nxdomain
 Closes: https://github.com/AdguardTeam/AdGuardHome/issues/1387
2020-02-05 14:30:43 +03:00
Simon Zolin
dcc575402b Merge: * clients: update runtime clients of type DHCP by event from DHCP module
Close #1378

Squashed commit of the following:

commit e45e2d0e2768fe0677eee43538d381b3eaba39ca
Merge: bea8f79d 5e9c21b0
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Jan 29 20:08:20 2020 +0300

    Merge remote-tracking branch 'origin/master' into 1378-dhcp-clients

commit bea8f79dd6f8f3eae87649d853917b503df29616
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Jan 29 20:08:06 2020 +0300

    minor

commit 6f1da9c6ea9db5bf80acf234ffe322a4cd2d8d92
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Jan 29 19:31:08 2020 +0300

    fix

commit a88b46c1ded2b460ef7f0bfbcf1b80a066edf1c1
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Jan 29 12:53:22 2020 +0300

    minor

commit d2897fe0a9b726fcd97a04906e3be3d21f6b42d7
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Jan 28 19:55:10 2020 +0300

    * clients: update runtime clients of type DHCP by event from DHCP module

commit 3aa352ed2372141617d77363b2f2aeaf3a7e47a0
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Jan 28 19:52:08 2020 +0300

    * minor

commit f5c2291e39df4d13b9baf9aa773284890494bb0a
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Jan 28 19:08:23 2020 +0300

    * clients: remove old entries of source type /etc/hosts or ARP
2020-01-30 10:25:02 +03:00
Simon Zolin
bfd1f3b650 + DNS: TLS handshake: terminate handshake on bad SNI 2020-01-28 13:25:43 +03:00
Simon Zolin
3f7e2f7241 Merge: * dns: refactor
Squashed commit of the following:

commit e9469266cafa3df537b5a4d5e28ca51db8289a34
Merge: 17cf6d60 e7e946fa
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Jan 21 13:04:30 2020 +0300

    Merge remote-tracking branch 'origin/master' into refactor

commit 17cf6d60d11602df3837316119ba8828f41a95df
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Jan 20 15:25:43 2020 +0300

    minor

commit 7b79462ebbeb743a10417bd28ceb70262ff9fa5c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Jan 17 17:50:09 2020 +0300

    minor

commit d8b175c7eda36005c0277e7876f0f0a55a661b05
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Jan 17 15:30:37 2020 +0300

    minor

commit 93370aa32aa560d42fc67c95fd13f027ddc01b94
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Fri Jan 17 14:28:14 2020 +0300

    * dns: refactor

    . introduce a local context object
    . move filtering, upstream logic, stats, querylog code to separate functions
2020-01-21 13:49:34 +03:00
Simon Zolin
07ebcc2bf3 * DNS: nxdomain: don't return IP address for a blocked domain
Don't return IP address for a blocked domain
 when blocking mode is "nxdomain".
2020-01-20 19:14:14 +03:00
Simon Zolin
6563886b49 Merge: - install: recover from error on DNS server start
Close #1293

Squashed commit of the following:

commit 0981754c5c2c67f2567ee4af0d9ab24377c53413
Merge: ef81f2c8 a6d75118
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Jan 16 14:19:20 2020 +0300

    Merge remote-tracking branch 'origin/master' into 1293-install

commit ef81f2c886f3bfcff4e4352d7ecea6642be7d8e1
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 30 18:32:11 2019 +0300

    linter

commit 9e205be53d9de25bd2ad63398644e14b09f95238
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 30 17:22:17 2019 +0300

    - install: recover from error on DNS server start

    Close all modules properly
    Don't register HTTP handlers twice
2020-01-16 14:25:40 +03:00
Simon Zolin
7ac5760509 + dns: add "aaaa_disabled" setting 2020-01-14 14:50:20 +03:00
Simon Zolin
3b9d758510 * refactor 2020-01-10 19:08:07 +03:00
Simon Zolin
0ef8e5cdae * dnsforward: get per-client settings only once
+ dnsforward: add 'ProtectionEnabled = false' test
2020-01-10 19:08:05 +03:00
Simon Zolin
8d2a9ce923 * dnsfilter: change DNS answer for host rules
When matched by a host rule, return only the IP address specified in rule.
Respond with an empty IP list to another request type.

:: host -- return nothing to A, return :: to AAAA request
0.0.0.0 host -- return 0.0.0.0 to A, return nothing to AAAA request
2020-01-09 19:31:14 +03:00
Andrey Meshkov
cdd55139fa *(dnsforward): cache upstream instances
 Closes: https://github.com/AdguardTeam/AdGuardHome/issues/1296
2019-12-23 19:31:27 +03:00
Andrey Meshkov
b4f4111609 -(dnsfilter): match DNS response against filtering rules only
Supposedly, this will fix #1290
2019-12-23 15:59:49 +03:00
Andrey Meshkov
5077f1a2b3 -(dnsforward): fix client settings for CNAME matching
 Closes: https://github.com/AdguardTeam/AdGuardHome/issues/1274
2019-12-23 13:36:59 +03:00
Simon Zolin
d65cdd4544 - DNS: configuration settings were not applied until full restart 2019-12-19 14:49:15 +03:00
Simon Zolin
4540a4e94a - DNS: set RecursionAvailable flag in response message 2019-12-19 11:52:21 +03:00
Simon Zolin
8521635f63 - DNS: fix slow response to /status and /access/list requests 2019-12-17 13:09:03 +03:00
Simon Zolin
04de9d0f7b Merge: - DNS: "custom_ip" blocking mode didn't work after app restart
Close #1262

Squashed commit of the following:

commit bacd683ef5b52e275323a3c07b370ca08702403e
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 16 17:00:49 2019 +0300

    fix

commit 3d4f9626460de3e13a621f2b8e535e9e0939e2bb
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 16 16:54:23 2019 +0300

    fix

commit bf924bf90e9b705883bec88f8d7af11c39c1f322
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 16 16:45:41 2019 +0300

    add test

commit 43338ea3645a025d69dd838bc732344255960bed
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 16 16:07:51 2019 +0300

    - DNS: "custom_ip" blocking mode didn't work after app restart

commit 220f32e713a95d2c67355c61e419dd09df9d42b2
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 16 15:46:01 2019 +0300

    - first run: fix panic on stop in case initialization didn't complete

    e.g. when Stats module can't be initialized because of incompatible file system
2019-12-16 17:04:30 +03:00
Simon Zolin
6a2430b799 Merge: - clients: IPv6 address matching didn't work
Close #1261

Squashed commit of the following:

commit acc39ea6c0d88cb9d2b07837e89db2c170263891
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 16 12:29:33 2019 +0300

    minor

commit 0d2ef3d53185d5ca17797e2ac20f0efc1498a53c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 16 12:13:17 2019 +0300

    add link to GH

commit 0da754b1751057968780b457a2f490f4148275a8
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 16 11:53:42 2019 +0300

    - clients: IPv6 address matching didn't work
2019-12-16 12:36:52 +03:00
Simon Zolin
b00a789ca3 Revert "Merge: + DNS: TLS handshake: terminate handshake on bad SNI"
This reverts commit c8c76ae12b.
2019-12-13 17:38:17 +03:00
Simon Zolin
c8c76ae12b Merge: + DNS: TLS handshake: terminate handshake on bad SNI
Close #1014

Squashed commit of the following:

commit 759248efc0587ff2f288996c47739e602c557a76
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Thu Dec 12 19:26:46 2019 +0300

    support empty ServerName

commit 68afecd5eca5ae66262b12dcb414b50efe88dc02
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 14:40:22 2019 +0300

    + DNS: TLS handshake: terminate handshake on bad SNI
2019-12-13 13:06:37 +03:00
Simon Zolin
ef57f7e192 - DNS: fix race in WriteDiskConfig() 2019-12-12 15:04:29 +03:00
Simon Zolin
000e842f7b - DNS: fix deadlock in Server.ServeHTTP()
s.RLock() is called again in filterResponse() while another thread
 holds s.Lock()
2019-12-12 15:00:10 +03:00
Simon Zolin
c9ccc53282 Merge: * set BlockingMode: "null_ip" by default; minor improvements
Squashed commit of the following:

commit 653544b98dc4d1b9a74e1509d0e6104b71bcdcb3
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 17:34:41 2019 +0300

    * DNS reconfigure: protect against delayed socket fd close

commit 9e650f37dee7f771bf1d9d714c35f0a81788aa16
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 15:28:33 2019 +0300

    - fix race on startup

commit 878fdb8fc4ebbc6fab683a65f5e4298e64c2073e
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 15:11:21 2019 +0300

    * travis: don't run tests

commit 1c4ab60684ee22d55e6d2a3350c0f24d9844255c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 14:56:28 2019 +0300

    * travis: 'release.sh' and then run tests

commit e1f644b8d9a1f3b46990cdfb1b75fd81b3a49d33
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Wed Dec 11 14:52:59 2019 +0300

    * set BlockingMode: "null_ip" by default
2019-12-11 17:54:34 +03:00
Simon Zolin
0a66913b4d Merge: * use upstream servers directly for the internal DNS resolver
Close #1212

* Server.Start(config *ServerConfig) -> Start()
+ Server.Prepare(config *ServerConfig)
+ Server.Resolve(host string)
+ Server.Exchange()
* rDNS: use internal DNS resolver
- clients: fix race in WriteDiskConfig()
- fix race: move 'clients' object from 'configuration' to 'HomeContext'
    Go race detector didn't like our 'clients' object in 'configuration'.
+ add AGH startup test
    . Create a configuration file
    . Start AGH instance
    . Check Web server
    . Check DNS server
    . Wait until the filters are downloaded
    . Stop and cleanup
* move module objects from config.* to Context.*
* don't call log.SetLevel() if not necessary
    This helps to avoid Go race detector's warning
* ci.sh: 'make' and then run tests

Squashed commit of the following:

commit 86500c7f749307f37af4cc8c2a1066f679d0cfad
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 18:08:53 2019 +0300

    minor

commit 6e6abb9dca3cd250c458bec23aa30d2250a9eb40
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 18:08:31 2019 +0300

    * ci.sh: 'make' and then run tests

commit 114192eefea6800e565ba9ab238202c006516c27
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 17:50:04 2019 +0300

    fix

commit d426deea7f02cdfd4c7217a38c59e51251956a0f
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 17:46:33 2019 +0300

    tests

commit 7b350edf03027895b4e43dee908d0155a9b0ac9b
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:56:12 2019 +0300

    fix test

commit 2f5f116873bbbfdd4bb7f82a596f9e1f5c2bcfd8
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:48:56 2019 +0300

    fix tests

commit 3fbdc77f9c34726e2295185279444983652d559e
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:45:00 2019 +0300

    linter

commit 9da0b6965a2b6863bcd552fa83a4de2866600bb8
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:33:23 2019 +0300

    * config.dnsctx.whois -> Context.whois

commit c71ebdbdf6efd88c877b2f243c69d3bc00a997d7
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:31:08 2019 +0300

    * don't call log.SetLevel() if not necessary

    This helps to avoid Go race detector's warning

commit 0f250220133cefdcb0843a50000cb932802b8324
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 15:28:19 2019 +0300

    * rdns: refactor

commit c460d8c9414940dac852e390b6c1b4d4fb38dff9
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 14:08:08 2019 +0300

    Revert: * stats: serialize access to 'limit'

    Use 'conf *Config' and update it atomically, as in querylog module.
    (Note: Race detector still doesn't like it)

commit 488bcb884971276de0d5629384b29e22c59ee7e6
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:50:23 2019 +0300

    * config.dnsFilter -> Context.dnsFilter

commit 86c0a6827a450414b50acec7ebfc5220d13b81e4
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:45:05 2019 +0300

    * config.dnsServer -> Context.dnsServer

commit ee35ef095ccaabc89e3de0ef52c9b5ed56b36873
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:42:10 2019 +0300

    * config.dhcpServer -> Context.dhcpServer

commit 1537001cd211099d5fad01696c0b806ae5d257b1
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:39:45 2019 +0300

    * config.queryLog -> Context.queryLog

commit e5955fe4ff1ef6f41763461b37b502ea25a3d04c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Tue Dec 10 13:03:18 2019 +0300

    * config.httpsServer -> Context.httpsServer

commit 6153c10a9ac173e159d1f05e0db1512579b9203c
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 9 20:12:24 2019 +0300

    * config.httpServer -> Context.httpServer

commit abd021fb94039015cd45c97614e8b78d4694f956
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 9 20:08:05 2019 +0300

    * stats: serialize access to 'limit'

commit 38c2decfd87c712100edcabe62a6d4518719cb53
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 9 19:57:04 2019 +0300

    * config.stats -> Context.stats

commit 6caf8965ad44db9dce9a7a5103aa8fa305ad9a06
Author: Simon Zolin <s.zolin@adguard.com>
Date:   Mon Dec 9 19:45:23 2019 +0300

    fix Restart()

... and 6 more commits
2019-12-11 12:38:58 +03:00
Simon Zolin
19a94bf789 + dns: add "edns_client_subnet" setting 2019-12-10 16:01:17 +03:00
Simon Zolin
87bb773d3e * DNS: remove /enable_protection and /disable_protection 2019-12-10 16:01:17 +03:00
Simon Zolin
1b3122dd35 * /control/set_upstreams_config: allow empty upstream list 2019-12-10 16:01:17 +03:00
Simon Zolin
4f4da3397c + dns: support blocking_mode=custom_ip 2019-12-10 16:01:16 +03:00
Simon Zolin
26ccee47b5 + DNS: Get/Set DNS general settings
GET /control/dns_info
POST /control/dns_config
2019-12-10 16:01:16 +03:00
Simon Zolin
7313c3bc53 + use per-client DNS servers 2019-12-05 13:16:41 +03:00
Simon Zolin
e7727e9f63 + dnsforward: match CNAME with filtering rules
+ GET /control/querylog: add "cname_match" field

* querylog: Add() now receives an object with parameters
2019-12-03 17:01:26 +03:00
Simon Zolin
d6d0d53761 * DNS: use Quad9 as default server 2019-12-02 15:40:54 +03:00
Simon Zolin
f579c23bc9 * minor fixes 2019-12-02 15:25:11 +03:00
Simon Zolin
9b8cccdfcf * dnsforward: refactor code for default DNS servers logic 2019-12-02 14:58:17 +03:00
Simon Zolin
8bf75b54a4 * update tests 2019-12-02 14:58:17 +03:00
Simon Zolin
19a1c03d3b * dnsforward: move access settings and web handlers 2019-12-02 14:58:17 +03:00
Simon Zolin
7bb32eae3d + dnsforward: refactor
+ dnsforward: own HTTP handlers
* dnsforward: no DNS reload on ProtectionEnabled setting change
* dnsforward: move QueryLog* settings out
* dnsforward: move dnsfilter settings out
* clients,i18n: no DNS reload on settings change
2019-12-02 14:58:17 +03:00
Simon Zolin
0cd6781a9a * QueryLog.Add() now receives net.IP, not net.Addr 2019-11-19 15:09:53 +03:00
Simon Zolin
090f549833 - dns rewrites: CNAME record didn't work 2019-11-07 15:27:39 +03:00
Simon Zolin
3b443bc9c8 * dns: enable DNS message compression 2019-10-23 20:02:42 +03:00
Simon Zolin
b7b32e2f01 - windows: dns: fix reconfigure procedure 2019-10-21 15:58:14 +03:00
Simon Zolin
a59e346d4a * dnsfilter: major refactoring
* dnsfilter is controlled by package home, not dnsforward
* move HTTP handlers to dnsfilter/
* apply filtering settings without DNS server restart
* use only 1 goroutine for filters update
* apply new filters quickly (after they are ready to be used)
2019-10-09 20:05:21 +03:00
Simon Zolin
90db91b0fd * querylog: refactor: move HTTP handlers to querylog/ 2019-10-09 19:38:58 +03:00
Simon Zolin
bbb5413331 * stats: refactor: move HTTP handlers to stats/
DNS module passes additional parameters to Stats module.
This allows Stats to handle HTTP requests by itself - completely removing
 all stats-related code from outside.
2019-09-26 16:52:28 +03:00
Simon Zolin
75b864f25e * dnsforward: create dnsfilter asynchronously 2019-09-23 20:00:11 +03:00
Simon Zolin
d7f256ba7f - fix crash after stats module is closed
Close DNS forward module BEFORE stats.
2019-09-19 12:47:55 +03:00
Simon Zolin
f4c29715b5 - rewrites: AAAA rewrites didn't work 2019-09-16 16:28:00 +03:00
Simon Zolin
30ca77303b Merge: Add Filters Update Interval setting; refactor
Close #641

* commit 'd0fc1dc54dfbc017f28c6c0afa4623c6259af557':
  + client: handle filters configuration
  * openapi: update /filtering
  filtering: refactor;  change API;  add "filters_update_interval" setting
2019-09-12 19:06:39 +03:00
Simon Zolin
df5b41458f Merge: + dnsforward: disable Mozilla DoH - block use-application-dns.net
#988

* commit '47e29f96dfb9f254babcf4763912dc5e9a07ee2a':
  + dnsforward: disable Mozilla DoH - block use-application-dns.net
2019-09-12 19:05:29 +03:00
Simon Zolin
47e29f96df + dnsforward: disable Mozilla DoH - block use-application-dns.net 2019-09-12 18:56:11 +03:00
Simon Zolin
adb422fedf filtering: refactor; change API; add "filters_update_interval" setting
+ config: "filters_update_interval"
* add /control/filtering_info
* remove /control/filtering/enable
* remove /control/filtering/disable

* add /control/filtering_config
* remove /control/filtering/status

* add /control/filtering/set_url
* remove /control/filtering/enable_url
* remove /control/filtering/disable_url
2019-09-12 18:38:13 +03:00
Simon Zolin
8104c902ee * querylog: move code to a separate package
+ config: "querylog_interval" setting
/control/querylog_config, /control/querylog_info
+ POST /control/querylog_clear
2019-09-12 18:35:13 +03:00
Simon Zolin
04e2566e9e * stats: use uint32 or uint64 integer values, not int 2019-09-12 17:53:27 +03:00
Simon Zolin
4a58266ba3 + statistics: store in separate file
+ GET /control/stats handler
2019-09-04 10:12:02 +03:00
Simon Zolin
60eb55bdce * stats: remove old code 2019-09-04 10:12:01 +03:00
Simon Zolin
c616259e8b * dnsfilter: use golibs/cache
+ config: add cache size settings
+ config: add cache_time setting
2019-09-02 19:12:53 +03:00
Simon Zolin
24bb708b21 + config: add certificate_path, private_key_path
* POST /control/tls/configure: support certificate_path and private_key_path
2019-08-30 19:18:14 +03:00
Andrey Meshkov
64d40bdc47 Merge: - config: global "blocked_services" settings were reset on startup
* commit 'b1ca7c90d3ef0e72d3535b7cf195adfe83d34e5a':
  - config: global "blocked_services" settings were reset on startup
2019-08-22 15:38:24 +03:00
Simon Zolin
b1ca7c90d3 - config: global "blocked_services" settings were reset on startup 2019-08-22 15:30:48 +03:00
Simon Zolin
a370cd0bf0 - dnsforward: don't use dnsfilter object after it's closed (additional check) 2019-08-22 12:01:59 +03:00
Simon Zolin
94552a30d7 - dnsforward: don't use dnsfilter object after it's closed 2019-08-20 15:07:39 +03:00
Andrey Meshkov
c82e93cfc7 -(dnsforward): fixed sigsegv when protection is disabled
Also, fixed all golint issues

 Closes: #941
2019-08-20 00:55:32 +03:00
Simon Zolin
b37208564b - fix build: we're using a new gcache module now 2019-08-16 15:43:12 +03:00
Simon Zolin
56c69cdb79 Revert "fix tests"
This reverts commit d9265aa9a8.
2019-08-16 15:11:57 +03:00
Simon Zolin
15d07a40eb * refactor 2019-08-05 14:12:22 +03:00
Simon Zolin
e81a9c7d56 + dnsfilter: use global and per-client BlockedServices array 2019-08-05 14:12:22 +03:00
Simon Zolin
1bb6638db7 + dnsforward: use Rewrites table 2019-07-29 11:48:24 +03:00
Simon Zolin
a9fbb93f0f Merge: + Add "parental_block_host" and "safebrowsing_block_host" settings
#454

* commit 'fdf7ee2c08d4177d78fcdc20571bc7d2b61320ae':
  * refactor: don't set new configuration while running DNS server
  * refactor
  * dnsforward: parental control server can be an IP address, not just host name
  + dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings
2019-07-24 19:35:46 +03:00
Simon Zolin
d9265aa9a8 fix tests 2019-07-23 20:01:50 +03:00
Simon Zolin
fdf7ee2c08 * refactor: don't set new configuration while running DNS server 2019-07-22 12:52:27 +03:00
Simon Zolin
5a3de2a276 * refactor 2019-07-22 12:33:58 +03:00
Simon Zolin
4a05ab0057 * dnsforward: parental control server can be an IP address, not just host name 2019-07-22 12:33:45 +03:00
Simon Zolin
4134a8c30e + dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings 2019-07-22 12:16:30 +03:00
Simon Zolin
2bbd262968 * dnsforward: move initialization of periodic tasks to NewServer() 2019-07-19 12:18:16 +03:00
Simon Zolin
0a1d7fd707 - fix tests 2019-07-09 11:35:39 +03:00
Simon Zolin
134d9275bb * use urlfilter v0.4.0
Now we pass filtering rules to urlfilter as filer file names,
 rather than the list of rule strings.
(Note: user rules are still passed as the list of rule strings).

As a result, we don't store the contents of filter files in memory.
2019-07-04 14:10:01 +03:00
Andrey Meshkov
07db927246 Fix #727 - use default parental sensitivity when it's not set 2019-06-06 22:42:17 +03:00
Andrey Meshkov
a3b8d4d923 Fix #706 -- rDNS for DOH/DOT clients 2019-06-04 20:38:53 +03:00
Simon Zolin
1d09ff0562 Merge: + dnsforward: add access settings for blocking DNS requests
Close #728

* commit 'e4532a27cd2a6f92aaf724fddbffa00fcecb064c':
  - openapi: correct format
  + client: handle access settings
  * go.mod: update dnsproxy
  + control: /access/list, /access/set handlers
  + dnsforward: add access settings for blocking DNS requests
2019-06-03 15:04:52 +03:00
Simon Zolin
3baa6919dc - fix tests and linter issues 2019-05-31 12:27:13 +03:00
Simon Zolin
36ffcf7d22 + dnsforward: add access settings for blocking DNS requests
Block by client IP or target domain name.
2019-05-30 18:21:36 +03:00
Simon Zolin
a12f01793f + clients: find DNS client's hostname by IP using rDNS 2019-05-28 19:07:57 +03:00
Simon Zolin
8bf76c331d + dnsfilter: use callback function for applying per-client settings 2019-05-28 18:44:27 +03:00
Simon Zolin
ac8f703407 + dnsforward: support IPv6 (AAAA response)
If question type is AAAA:
 Before this patch we responded with NXDOMAIN.
 Now we send an empty response if host rule is IPv4;
 or we send an AAAA answer if host rule is IPv6.

+ block ipv6 if rule is "0.0.0.0 blockdomain"
2019-05-24 18:08:08 +03:00
Simon Zolin
096a959987 * dnsforward: use new dnsfilter interface 2019-05-17 18:22:57 +03:00
Simon Zolin
9644f79a03 * dnsforward: use separate ServerConfig object 2019-05-17 18:22:57 +03:00
Simon Zolin
d5f6dd1a46 - dns query log: robust file flushing mechanism
Before this patch we could exit the process without waiting for
 file writing task to complete.
As a result a file could become corrupted or a large chunk of data
 could be missing.

Now the main thread either waits until file writing task completes
 or it writes log buffer to file itself.
2019-05-15 13:12:03 +03:00
Simon Zolin
0f28a989e9 * improve logging 2019-05-15 13:12:03 +03:00
Alexander Turcic
cd2dd00da3 * dnsforward_test: add test for null filter 2019-05-14 16:53:09 +03:00
Alexander Turcic
07ffcbec3d * dnsforward, config: add unspecified IP blocking option
* dnsforward: prioritize host files over null filter

* dnsforward, config: adjust setting variable to blocking_mode

* dnsforward: use net.IPv4zero for null IP
2019-05-14 16:53:06 +03:00
Aleksey Dmitrevskiy
c82887d3aa * app, dnsforward: add MinVersion for TLS configs 2019-04-17 12:02:56 +03:00
Aleksey Dmitrevskiy
9ea5c1abe1 + control, dns, client: add ability to set DNS upstream per domain 2019-03-20 14:24:33 +03:00
Aleksey Dmitrevskiy
bc4c2e2ff7 Merge branch 'master' into fix/596 2019-03-06 18:25:42 +03:00
Aleksey Dmitrevskiy
53d680a5df Fix #597 - [bugfix] querylog_top: Empty domain gets to the Top Queried domains 2019-02-28 16:19:23 +03:00