mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-22 13:05:36 +03:00
* DNS: use REFUSED DNS error code as the default blocking method
This commit is contained in:
Simon Zolin
parent
07db05dd80
commit
8f017d2c0e
3 changed files with 16 additions and 10 deletions
|
|
@ -227,7 +227,7 @@ func TestBlockedRequest(t *testing.T) {
|
|||
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
||||
|
||||
//
|
||||
// NXDomain blocking
|
||||
// Default blocking - REFUSED
|
||||
//
|
||||
req := dns.Msg{}
|
||||
req.Id = dns.Id()
|
||||
|
|
@ -240,9 +240,7 @@ func TestBlockedRequest(t *testing.T) {
|
|||
if err != nil {
|
||||
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
||||
}
|
||||
if reply.Rcode != dns.RcodeNameError {
|
||||
t.Fatalf("Wrong response: %s", reply.String())
|
||||
}
|
||||
assert.Equal(t, dns.RcodeRefused, reply.Rcode)
|
||||
|
||||
err = s.Stop()
|
||||
if err != nil {
|
||||
|
|
@ -404,7 +402,7 @@ func TestBlockCNAME(t *testing.T) {
|
|||
req := createTestMessage("badhost.")
|
||||
reply, err := dns.Exchange(req, addr.String())
|
||||
assert.Nil(t, err, nil)
|
||||
assert.Equal(t, dns.RcodeNameError, reply.Rcode)
|
||||
assert.Equal(t, dns.RcodeRefused, reply.Rcode)
|
||||
|
||||
// 'whitelist.example.org' has a canonical name 'null.example.org' which is blocked by filters
|
||||
// but 'whitelist.example.org' is in a whitelist:
|
||||
|
|
@ -419,7 +417,7 @@ func TestBlockCNAME(t *testing.T) {
|
|||
req = createTestMessage("example.org.")
|
||||
reply, err = dns.Exchange(req, addr.String())
|
||||
assert.Nil(t, err)
|
||||
assert.Equal(t, dns.RcodeNameError, reply.Rcode)
|
||||
assert.Equal(t, dns.RcodeRefused, reply.Rcode)
|
||||
|
||||
_ = s.Stop()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ func processInitial(ctx *dnsContext) int {
|
|||
// disable Mozilla DoH
|
||||
if (d.Req.Question[0].Qtype == dns.TypeA || d.Req.Question[0].Qtype == dns.TypeAAAA) &&
|
||||
d.Req.Question[0].Name == "use-application-dns.net." {
|
||||
d.Res = s.genNXDomain(d.Req)
|
||||
d.Res = s.makeResponseREFUSED(d.Req)
|
||||
return resultFinish
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
|||
m := d.Req
|
||||
|
||||
if m.Question[0].Qtype != dns.TypeA && m.Question[0].Qtype != dns.TypeAAAA {
|
||||
return s.genNXDomain(m)
|
||||
return s.makeResponseREFUSED(m)
|
||||
}
|
||||
|
||||
switch result.Reason {
|
||||
|
|
@ -68,11 +68,11 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
|||
|
||||
// Default blocking mode
|
||||
// If there's an IP specified in the rule, return it
|
||||
// If there is no IP, return NXDOMAIN
|
||||
// If there is no IP, return REFUSED
|
||||
if result.IP != nil {
|
||||
return s.genResponseWithIP(m, result.IP)
|
||||
}
|
||||
return s.genNXDomain(m)
|
||||
return s.makeResponseREFUSED(m)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -182,6 +182,14 @@ func (s *Server) genCNAMEAnswer(req *dns.Msg, cname string) *dns.CNAME {
|
|||
return answer
|
||||
}
|
||||
|
||||
// Create REFUSED DNS response
|
||||
func (s *Server) makeResponseREFUSED(request *dns.Msg) *dns.Msg {
|
||||
resp := dns.Msg{}
|
||||
resp.SetRcode(request, dns.RcodeRefused)
|
||||
resp.RecursionAvailable = true
|
||||
return &resp
|
||||
}
|
||||
|
||||
func (s *Server) genNXDomain(request *dns.Msg) *dns.Msg {
|
||||
resp := dns.Msg{}
|
||||
resp.SetRcode(request, dns.RcodeNameError)
|
||||
|
|
|
|||
Loading…
Reference in a new issue