* DNS: use REFUSED DNS error code as the default blocking method

2024-11-22 21:15:35 +03:00 · 2020-08-18 14:26:01 +03:00 · 2020-08-18 14:26:01 +03:00 · 8f017d2c0e
commit 8f017d2c0e
parent 07db05dd80
3 changed files with 16 additions and 10 deletions
--- a/dnsforward/dnsforward_test.go
+++ b/dnsforward/dnsforward_test.go
@ -227,7 +227,7 @@ func TestBlockedRequest(t *testing.T) {
 	addr := s.dnsProxy.Addr(proxy.ProtoUDP)
 	//
-	// NXDomain blocking
+	// Default blocking - REFUSED
 	//
 	req := dns.Msg{}
 	req.Id = dns.Id()
@ -240,9 +240,7 @@ func TestBlockedRequest(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Couldn't talk to server %s: %s", addr, err)
 	}
-	if reply.Rcode != dns.RcodeNameError {
+	assert.Equal(t, dns.RcodeRefused, reply.Rcode)
 		t.Fatalf("Wrong response: %s", reply.String())
 	}
 	err = s.Stop()
 	if err != nil {
@ -404,7 +402,7 @@ func TestBlockCNAME(t *testing.T) {
 	req := createTestMessage("badhost.")
 	reply, err := dns.Exchange(req, addr.String())
 	assert.Nil(t, err, nil)
-	assert.Equal(t, dns.RcodeNameError, reply.Rcode)
+	assert.Equal(t, dns.RcodeRefused, reply.Rcode)
 	// 'whitelist.example.org' has a canonical name 'null.example.org' which is blocked by filters
 	//   but 'whitelist.example.org' is in a whitelist:
@ -419,7 +417,7 @@ func TestBlockCNAME(t *testing.T) {
 	req = createTestMessage("example.org.")
 	reply, err = dns.Exchange(req, addr.String())
 	assert.Nil(t, err)
-	assert.Equal(t, dns.RcodeNameError, reply.Rcode)
+	assert.Equal(t, dns.RcodeRefused, reply.Rcode)
 	_ = s.Stop()
 }
--- a/dnsforward/handle_dns.go
+++ b/dnsforward/handle_dns.go
@ -88,7 +88,7 @@ func processInitial(ctx *dnsContext) int {
 	// disable Mozilla DoH
 	if (d.Req.Question[0].Qtype == dns.TypeA || d.Req.Question[0].Qtype == dns.TypeAAAA) &&
 		d.Req.Question[0].Name == "use-application-dns.net." {
-		d.Res = s.genNXDomain(d.Req)
+		d.Res = s.makeResponseREFUSED(d.Req)
 		return resultFinish
 	}
--- a/dnsforward/msg.go
+++ b/dnsforward/msg.go
@ -24,7 +24,7 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
 	m := d.Req
 	if m.Question[0].Qtype != dns.TypeA && m.Question[0].Qtype != dns.TypeAAAA {
-		return s.genNXDomain(m)
+		return s.makeResponseREFUSED(m)
 	}
 	switch result.Reason {
@ -68,11 +68,11 @@ func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Resu
 		// Default blocking mode
 		// If there's an IP specified in the rule, return it
-		// If there is no IP, return NXDOMAIN
+		// If there is no IP, return REFUSED
 		if result.IP != nil {
 			return s.genResponseWithIP(m, result.IP)
 		}
-		return s.genNXDomain(m)
+		return s.makeResponseREFUSED(m)
 	}
 }
@ -182,6 +182,14 @@ func (s *Server) genCNAMEAnswer(req *dns.Msg, cname string) *dns.CNAME {
 	return answer
 }
 // Create REFUSED DNS response
 func (s *Server) makeResponseREFUSED(request *dns.Msg) *dns.Msg {
 	resp := dns.Msg{}
 	resp.SetRcode(request, dns.RcodeRefused)
 	resp.RecursionAvailable = true
 	return &resp
 }
 func (s *Server) genNXDomain(request *dns.Msg) *dns.Msg {
 	resp := dns.Msg{}
 	resp.SetRcode(request, dns.RcodeNameError)