mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-29 18:38:56 +03:00
*(dnsforward): fix safe search returning nxdomain
✅ Closes: https://github.com/AdguardTeam/AdGuardHome/issues/1387
This commit is contained in:
parent
a5c2ad1b2f
commit
6c18b71010
3 changed files with 25 additions and 9 deletions
|
@ -225,7 +225,7 @@ func (d *Dnsfilter) filtersInitializer() {
|
||||||
// Close - close the object
|
// Close - close the object
|
||||||
func (d *Dnsfilter) Close() {
|
func (d *Dnsfilter) Close() {
|
||||||
if d.rulesStorage != nil {
|
if d.rulesStorage != nil {
|
||||||
d.rulesStorage.Close()
|
_ = d.rulesStorage.Close()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -127,8 +127,8 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
|
||||||
res := Result{IsFiltered: true, Reason: FilteredSafeSearch}
|
res := Result{IsFiltered: true, Reason: FilteredSafeSearch}
|
||||||
if ip := net.ParseIP(safeHost); ip != nil {
|
if ip := net.ParseIP(safeHost); ip != nil {
|
||||||
res.IP = ip
|
res.IP = ip
|
||||||
len := d.setCacheResult(gctx.safeSearchCache, host, res)
|
valLen := d.setCacheResult(gctx.safeSearchCache, host, res)
|
||||||
log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, len)
|
log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, valLen)
|
||||||
return res, nil
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -151,8 +151,8 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Cache result
|
// Cache result
|
||||||
len := d.setCacheResult(gctx.safeSearchCache, host, res)
|
valLen := d.setCacheResult(gctx.safeSearchCache, host, res)
|
||||||
log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, len)
|
log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, valLen)
|
||||||
return res, nil
|
return res, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -243,8 +243,8 @@ func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
|
||||||
result.Rule = "adguard-malware-shavar"
|
result.Rule = "adguard-malware-shavar"
|
||||||
}
|
}
|
||||||
|
|
||||||
len := d.setCacheResult(gctx.safebrowsingCache, host, result)
|
valLen := d.setCacheResult(gctx.safebrowsingCache, host, result)
|
||||||
log.Debug("SafeBrowsing: stored in cache: %s (%d bytes)", host, len)
|
log.Debug("SafeBrowsing: stored in cache: %s (%d bytes)", host, valLen)
|
||||||
return result, nil
|
return result, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -283,8 +283,8 @@ func (d *Dnsfilter) checkParental(host string) (Result, error) {
|
||||||
result.Rule = "parental CATEGORY_BLACKLISTED"
|
result.Rule = "parental CATEGORY_BLACKLISTED"
|
||||||
}
|
}
|
||||||
|
|
||||||
len := d.setCacheResult(gctx.parentalCache, host, result)
|
valLen := d.setCacheResult(gctx.parentalCache, host, result)
|
||||||
log.Debug("Parental: stored in cache: %s (%d bytes)", host, len)
|
log.Debug("Parental: stored in cache: %s (%d bytes)", host, valLen)
|
||||||
return result, err
|
return result, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -883,7 +883,16 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
||||||
case dnsfilter.FilteredParental:
|
case dnsfilter.FilteredParental:
|
||||||
return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
|
return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
|
||||||
default:
|
default:
|
||||||
|
// If the query was filtered by "Safe search", dnsfilter also must return
|
||||||
|
// the IP address that must be used in response.
|
||||||
|
// In this case regardless of the filtering method, we should return it
|
||||||
|
if result.Reason == dnsfilter.FilteredSafeSearch && result.IP != nil {
|
||||||
|
return s.genResponseWithIP(m, result.IP)
|
||||||
|
}
|
||||||
|
|
||||||
if s.conf.BlockingMode == "null_ip" {
|
if s.conf.BlockingMode == "null_ip" {
|
||||||
|
// it means that we should return 0.0.0.0 or :: for any blocked request
|
||||||
|
|
||||||
switch m.Question[0].Qtype {
|
switch m.Question[0].Qtype {
|
||||||
case dns.TypeA:
|
case dns.TypeA:
|
||||||
return s.genARecord(m, []byte{0, 0, 0, 0})
|
return s.genARecord(m, []byte{0, 0, 0, 0})
|
||||||
|
@ -892,6 +901,8 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if s.conf.BlockingMode == "custom_ip" {
|
} else if s.conf.BlockingMode == "custom_ip" {
|
||||||
|
// means that we should return custom IP for any blocked request
|
||||||
|
|
||||||
switch m.Question[0].Qtype {
|
switch m.Question[0].Qtype {
|
||||||
case dns.TypeA:
|
case dns.TypeA:
|
||||||
return s.genARecord(m, s.conf.BlockingIPAddrv4)
|
return s.genARecord(m, s.conf.BlockingIPAddrv4)
|
||||||
|
@ -900,9 +911,14 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if s.conf.BlockingMode == "nxdomain" {
|
} else if s.conf.BlockingMode == "nxdomain" {
|
||||||
|
// means that we should return NXDOMAIN for any blocked request
|
||||||
|
|
||||||
return s.genNXDomain(m)
|
return s.genNXDomain(m)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Default blocking mode
|
||||||
|
// If there's an IP specified in the rule, return it
|
||||||
|
// If there is no IP, return NXDOMAIN
|
||||||
if result.IP != nil {
|
if result.IP != nil {
|
||||||
return s.genResponseWithIP(m, result.IP)
|
return s.genResponseWithIP(m, result.IP)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue