mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-26 15:05:50 +03:00
* DNS: use REFUSED DNS error code as the default blocking method
This commit is contained in:
parent
07db05dd80
commit
8f017d2c0e
3 changed files with 16 additions and 10 deletions
|
@ -227,7 +227,7 @@ func TestBlockedRequest(t *testing.T) {
|
||||||
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
||||||
|
|
||||||
//
|
//
|
||||||
// NXDomain blocking
|
// Default blocking - REFUSED
|
||||||
//
|
//
|
||||||
req := dns.Msg{}
|
req := dns.Msg{}
|
||||||
req.Id = dns.Id()
|
req.Id = dns.Id()
|
||||||
|
@ -240,9 +240,7 @@ func TestBlockedRequest(t *testing.T) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
||||||
}
|
}
|
||||||
if reply.Rcode != dns.RcodeNameError {
|
assert.Equal(t, dns.RcodeRefused, reply.Rcode)
|
||||||
t.Fatalf("Wrong response: %s", reply.String())
|
|
||||||
}
|
|
||||||
|
|
||||||
err = s.Stop()
|
err = s.Stop()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -404,7 +402,7 @@ func TestBlockCNAME(t *testing.T) {
|
||||||
req := createTestMessage("badhost.")
|
req := createTestMessage("badhost.")
|
||||||
reply, err := dns.Exchange(req, addr.String())
|
reply, err := dns.Exchange(req, addr.String())
|
||||||
assert.Nil(t, err, nil)
|
assert.Nil(t, err, nil)
|
||||||
assert.Equal(t, dns.RcodeNameError, reply.Rcode)
|
assert.Equal(t, dns.RcodeRefused, reply.Rcode)
|
||||||
|
|
||||||
// 'whitelist.example.org' has a canonical name 'null.example.org' which is blocked by filters
|
// 'whitelist.example.org' has a canonical name 'null.example.org' which is blocked by filters
|
||||||
// but 'whitelist.example.org' is in a whitelist:
|
// but 'whitelist.example.org' is in a whitelist:
|
||||||
|
@ -419,7 +417,7 @@ func TestBlockCNAME(t *testing.T) {
|
||||||
req = createTestMessage("example.org.")
|
req = createTestMessage("example.org.")
|
||||||
reply, err = dns.Exchange(req, addr.String())
|
reply, err = dns.Exchange(req, addr.String())
|
||||||
assert.Nil(t, err)
|
assert.Nil(t, err)
|
||||||
assert.Equal(t, dns.RcodeNameError, reply.Rcode)
|
assert.Equal(t, dns.RcodeRefused, reply.Rcode)
|
||||||
|
|
||||||
_ = s.Stop()
|
_ = s.Stop()
|
||||||
}
|
}
|
||||||
|
|
|
@ -88,7 +88,7 @@ func processInitial(ctx *dnsContext) int {
|
||||||
// disable Mozilla DoH
|
// disable Mozilla DoH
|
||||||
if (d.Req.Question[0].Qtype == dns.TypeA || d.Req.Question[0].Qtype == dns.TypeAAAA) &&
|
if (d.Req.Question[0].Qtype == dns.TypeA || d.Req.Question[0].Qtype == dns.TypeAAAA) &&
|
||||||
d.Req.Question[0].Name == "use-application-dns.net." {
|
d.Req.Question[0].Name == "use-application-dns.net." {
|
||||||
d.Res = s.genNXDomain(d.Req)
|
d.Res = s.makeResponseREFUSED(d.Req)
|
||||||
return resultFinish
|
return resultFinish
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
||||||
m := d.Req
|
m := d.Req
|
||||||
|
|
||||||
if m.Question[0].Qtype != dns.TypeA && m.Question[0].Qtype != dns.TypeAAAA {
|
if m.Question[0].Qtype != dns.TypeA && m.Question[0].Qtype != dns.TypeAAAA {
|
||||||
return s.genNXDomain(m)
|
return s.makeResponseREFUSED(m)
|
||||||
}
|
}
|
||||||
|
|
||||||
switch result.Reason {
|
switch result.Reason {
|
||||||
|
@ -68,11 +68,11 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
|
||||||
|
|
||||||
// Default blocking mode
|
// Default blocking mode
|
||||||
// If there's an IP specified in the rule, return it
|
// If there's an IP specified in the rule, return it
|
||||||
// If there is no IP, return NXDOMAIN
|
// If there is no IP, return REFUSED
|
||||||
if result.IP != nil {
|
if result.IP != nil {
|
||||||
return s.genResponseWithIP(m, result.IP)
|
return s.genResponseWithIP(m, result.IP)
|
||||||
}
|
}
|
||||||
return s.genNXDomain(m)
|
return s.makeResponseREFUSED(m)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -182,6 +182,14 @@ func (s *Server) genCNAMEAnswer(req *dns.Msg, cname string) *dns.CNAME {
|
||||||
return answer
|
return answer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Create REFUSED DNS response
|
||||||
|
func (s *Server) makeResponseREFUSED(request *dns.Msg) *dns.Msg {
|
||||||
|
resp := dns.Msg{}
|
||||||
|
resp.SetRcode(request, dns.RcodeRefused)
|
||||||
|
resp.RecursionAvailable = true
|
||||||
|
return &resp
|
||||||
|
}
|
||||||
|
|
||||||
func (s *Server) genNXDomain(request *dns.Msg) *dns.Msg {
|
func (s *Server) genNXDomain(request *dns.Msg) *dns.Msg {
|
||||||
resp := dns.Msg{}
|
resp := dns.Msg{}
|
||||||
resp.SetRcode(request, dns.RcodeNameError)
|
resp.SetRcode(request, dns.RcodeNameError)
|
||||||
|
|
Loading…
Reference in a new issue