*(dnsforward): fix safe search returning nxdomain

 Closes: https://github.com/AdguardTeam/AdGuardHome/issues/1387
This commit is contained in:
Andrey Meshkov 2020-02-05 14:30:43 +03:00
parent a5c2ad1b2f
commit 6c18b71010
3 changed files with 25 additions and 9 deletions

View file

@ -225,7 +225,7 @@ func (d *Dnsfilter) filtersInitializer() {
// Close - close the object // Close - close the object
func (d *Dnsfilter) Close() { func (d *Dnsfilter) Close() {
if d.rulesStorage != nil { if d.rulesStorage != nil {
d.rulesStorage.Close() _ = d.rulesStorage.Close()
} }
} }

View file

@ -127,8 +127,8 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
res := Result{IsFiltered: true, Reason: FilteredSafeSearch} res := Result{IsFiltered: true, Reason: FilteredSafeSearch}
if ip := net.ParseIP(safeHost); ip != nil { if ip := net.ParseIP(safeHost); ip != nil {
res.IP = ip res.IP = ip
len := d.setCacheResult(gctx.safeSearchCache, host, res) valLen := d.setCacheResult(gctx.safeSearchCache, host, res)
log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, len) log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, valLen)
return res, nil return res, nil
} }
@ -151,8 +151,8 @@ func (d *Dnsfilter) checkSafeSearch(host string) (Result, error) {
} }
// Cache result // Cache result
len := d.setCacheResult(gctx.safeSearchCache, host, res) valLen := d.setCacheResult(gctx.safeSearchCache, host, res)
log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, len) log.Debug("SafeSearch: stored in cache: %s (%d bytes)", host, valLen)
return res, nil return res, nil
} }
@ -243,8 +243,8 @@ func (d *Dnsfilter) checkSafeBrowsing(host string) (Result, error) {
result.Rule = "adguard-malware-shavar" result.Rule = "adguard-malware-shavar"
} }
len := d.setCacheResult(gctx.safebrowsingCache, host, result) valLen := d.setCacheResult(gctx.safebrowsingCache, host, result)
log.Debug("SafeBrowsing: stored in cache: %s (%d bytes)", host, len) log.Debug("SafeBrowsing: stored in cache: %s (%d bytes)", host, valLen)
return result, nil return result, nil
} }
@ -283,8 +283,8 @@ func (d *Dnsfilter) checkParental(host string) (Result, error) {
result.Rule = "parental CATEGORY_BLACKLISTED" result.Rule = "parental CATEGORY_BLACKLISTED"
} }
len := d.setCacheResult(gctx.parentalCache, host, result) valLen := d.setCacheResult(gctx.parentalCache, host, result)
log.Debug("Parental: stored in cache: %s (%d bytes)", host, len) log.Debug("Parental: stored in cache: %s (%d bytes)", host, valLen)
return result, err return result, err
} }

View file

@ -883,7 +883,16 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
case dnsfilter.FilteredParental: case dnsfilter.FilteredParental:
return s.genBlockedHost(m, s.conf.ParentalBlockHost, d) return s.genBlockedHost(m, s.conf.ParentalBlockHost, d)
default: default:
// If the query was filtered by "Safe search", dnsfilter also must return
// the IP address that must be used in response.
// In this case regardless of the filtering method, we should return it
if result.Reason == dnsfilter.FilteredSafeSearch && result.IP != nil {
return s.genResponseWithIP(m, result.IP)
}
if s.conf.BlockingMode == "null_ip" { if s.conf.BlockingMode == "null_ip" {
// it means that we should return 0.0.0.0 or :: for any blocked request
switch m.Question[0].Qtype { switch m.Question[0].Qtype {
case dns.TypeA: case dns.TypeA:
return s.genARecord(m, []byte{0, 0, 0, 0}) return s.genARecord(m, []byte{0, 0, 0, 0})
@ -892,6 +901,8 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
} }
} else if s.conf.BlockingMode == "custom_ip" { } else if s.conf.BlockingMode == "custom_ip" {
// means that we should return custom IP for any blocked request
switch m.Question[0].Qtype { switch m.Question[0].Qtype {
case dns.TypeA: case dns.TypeA:
return s.genARecord(m, s.conf.BlockingIPAddrv4) return s.genARecord(m, s.conf.BlockingIPAddrv4)
@ -900,9 +911,14 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
} }
} else if s.conf.BlockingMode == "nxdomain" { } else if s.conf.BlockingMode == "nxdomain" {
// means that we should return NXDOMAIN for any blocked request
return s.genNXDomain(m) return s.genNXDomain(m)
} }
// Default blocking mode
// If there's an IP specified in the rule, return it
// If there is no IP, return NXDOMAIN
if result.IP != nil { if result.IP != nil {
return s.genResponseWithIP(m, result.IP) return s.genResponseWithIP(m, result.IP)
} }