+ DNS Rewrites: support wildcard domain name

This commit is contained in:
Simon Zolin 2019-12-11 19:02:46 +03:00 committed by Ildar Kamalov
parent 28096d6966
commit 8685584bf5
3 changed files with 69 additions and 2 deletions

View file

@ -916,6 +916,8 @@ Response:
... ...
] ]
`domain` can be an exact host name (`www.host.com`) or a wildcard (`*.host.com`).
### API: Add a rewrite entry ### API: Add a rewrite entry

View file

@ -334,6 +334,13 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
return Result{}, nil return Result{}, nil
} }
// Return TRUE of host name matches a wildcard pattern
func matchDomainWildcard(host, wildcard string) bool {
return len(wildcard) >= 2 &&
wildcard[0] == '*' && wildcard[1] == '.' &&
strings.HasSuffix(host, wildcard[1:])
}
// Process rewrites table // Process rewrites table
// . Find CNAME for a domain name // . Find CNAME for a domain name
// . if found, set domain name to canonical name // . if found, set domain name to canonical name
@ -347,8 +354,10 @@ func (d *Dnsfilter) processRewrites(host string, qtype uint16) Result {
for _, r := range d.Rewrites { for _, r := range d.Rewrites {
if r.Domain != host { if r.Domain != host {
if !matchDomainWildcard(host, r.Domain) {
continue continue
} }
}
ip := net.ParseIP(r.Answer) ip := net.ParseIP(r.Answer)
if ip == nil { if ip == nil {
@ -362,8 +371,10 @@ func (d *Dnsfilter) processRewrites(host string, qtype uint16) Result {
for _, r := range d.Rewrites { for _, r := range d.Rewrites {
if r.Domain != host { if r.Domain != host {
if !matchDomainWildcard(host, r.Domain) {
continue continue
} }
}
ip := net.ParseIP(r.Answer) ip := net.ParseIP(r.Answer)
if ip == nil { if ip == nil {

View file

@ -474,6 +474,60 @@ func TestClientSettings(t *testing.T) {
assert.True(t, r.IsFiltered && r.Reason == FilteredBlockedService) assert.True(t, r.IsFiltered && r.Reason == FilteredBlockedService)
} }
func TestRewrites(t *testing.T) {
d := Dnsfilter{}
// CNAME, A, AAAA
d.Rewrites = []RewriteEntry{
RewriteEntry{"somecname", "somehost.com"},
RewriteEntry{"somehost.com", "0.0.0.0"},
RewriteEntry{"host.com", "1.2.3.4"},
RewriteEntry{"host.com", "1.2.3.5"},
RewriteEntry{"host.com", "1:2:3::4"},
RewriteEntry{"www.host.com", "host.com"},
}
r := d.processRewrites("host2.com", dns.TypeA)
assert.Equal(t, NotFilteredNotFound, r.Reason)
r = d.processRewrites("www.host.com", dns.TypeA)
assert.Equal(t, ReasonRewrite, r.Reason)
assert.Equal(t, "host.com", r.CanonName)
assert.True(t, len(r.IPList) == 2)
assert.True(t, r.IPList[0].Equal(net.ParseIP("1.2.3.4")))
assert.True(t, r.IPList[1].Equal(net.ParseIP("1.2.3.5")))
r = d.processRewrites("www.host.com", dns.TypeAAAA)
assert.Equal(t, ReasonRewrite, r.Reason)
assert.True(t, len(r.IPList) == 1)
assert.True(t, r.IPList[0].Equal(net.ParseIP("1:2:3::4")))
// wildcard
d.Rewrites = []RewriteEntry{
RewriteEntry{"*.host.com", "1.2.3.5"},
RewriteEntry{"host.com", "1.2.3.4"},
}
r = d.processRewrites("host.com", dns.TypeA)
assert.Equal(t, ReasonRewrite, r.Reason)
assert.True(t, r.IPList[0].Equal(net.ParseIP("1.2.3.4")))
r = d.processRewrites("www.host.com", dns.TypeA)
assert.Equal(t, ReasonRewrite, r.Reason)
assert.True(t, r.IPList[0].Equal(net.ParseIP("1.2.3.5")))
r = d.processRewrites("www.host2.com", dns.TypeA)
assert.Equal(t, NotFilteredNotFound, r.Reason)
// wildcard + CNAME
d.Rewrites = []RewriteEntry{
RewriteEntry{"*.host.com", "host.com"},
RewriteEntry{"host.com", "1.2.3.4"},
}
r = d.processRewrites("www.host.com", dns.TypeA)
assert.Equal(t, ReasonRewrite, r.Reason)
assert.Equal(t, "host.com", r.CanonName)
assert.True(t, r.IPList[0].Equal(net.ParseIP("1.2.3.4")))
}
// BENCHMARKS // BENCHMARKS
func BenchmarkSafeBrowsing(b *testing.B) { func BenchmarkSafeBrowsing(b *testing.B) {