Commit graph

219 commits

Author SHA1 Message Date
Simon Zolin
c616259e8b * dnsfilter: use golibs/cache
+ config: add cache size settings
+ config: add cache_time setting
2019-09-02 19:12:53 +03:00
Simon Zolin
24bb708b21 + config: add certificate_path, private_key_path
* POST /control/tls/configure: support certificate_path and private_key_path
2019-08-30 19:18:14 +03:00
Andrey Meshkov
64d40bdc47 Merge: - config: global "blocked_services" settings were reset on startup
* commit 'b1ca7c90d3ef0e72d3535b7cf195adfe83d34e5a':
  - config: global "blocked_services" settings were reset on startup
2019-08-22 15:38:24 +03:00
Simon Zolin
b1ca7c90d3 - config: global "blocked_services" settings were reset on startup 2019-08-22 15:30:48 +03:00
Simon Zolin
a370cd0bf0 - dnsforward: don't use dnsfilter object after it's closed (additional check) 2019-08-22 12:01:59 +03:00
Simon Zolin
94552a30d7 - dnsforward: don't use dnsfilter object after it's closed 2019-08-20 15:07:39 +03:00
Andrey Meshkov
c82e93cfc7 -(dnsforward): fixed sigsegv when protection is disabled
Also, fixed all golint issues

 Closes: #941
2019-08-20 00:55:32 +03:00
Simon Zolin
b37208564b - fix build: we're using a new gcache module now 2019-08-16 15:43:12 +03:00
Simon Zolin
56c69cdb79 Revert "fix tests"
This reverts commit d9265aa9a8.
2019-08-16 15:11:57 +03:00
Simon Zolin
15d07a40eb * refactor 2019-08-05 14:12:22 +03:00
Simon Zolin
e81a9c7d56 + dnsfilter: use global and per-client BlockedServices array 2019-08-05 14:12:22 +03:00
Simon Zolin
1bb6638db7 + dnsforward: use Rewrites table 2019-07-29 11:48:24 +03:00
Simon Zolin
a9fbb93f0f Merge: + Add "parental_block_host" and "safebrowsing_block_host" settings
#454

* commit 'fdf7ee2c08d4177d78fcdc20571bc7d2b61320ae':
  * refactor: don't set new configuration while running DNS server
  * refactor
  * dnsforward: parental control server can be an IP address, not just host name
  + dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings
2019-07-24 19:35:46 +03:00
Simon Zolin
d9265aa9a8 fix tests 2019-07-23 20:01:50 +03:00
Simon Zolin
fdf7ee2c08 * refactor: don't set new configuration while running DNS server 2019-07-22 12:52:27 +03:00
Simon Zolin
5a3de2a276 * refactor 2019-07-22 12:33:58 +03:00
Simon Zolin
4a05ab0057 * dnsforward: parental control server can be an IP address, not just host name 2019-07-22 12:33:45 +03:00
Simon Zolin
4134a8c30e + dnsforward, config: add "parental_block_host" and "safebrowsing_block_host" settings 2019-07-22 12:16:30 +03:00
Simon Zolin
2bbd262968 * dnsforward: move initialization of periodic tasks to NewServer() 2019-07-19 12:18:16 +03:00
Simon Zolin
0a1d7fd707 - fix tests 2019-07-09 11:35:39 +03:00
Simon Zolin
134d9275bb * use urlfilter v0.4.0
Now we pass filtering rules to urlfilter as filer file names,
 rather than the list of rule strings.
(Note: user rules are still passed as the list of rule strings).

As a result, we don't store the contents of filter files in memory.
2019-07-04 14:10:01 +03:00
Andrey Meshkov
07db927246 Fix #727 - use default parental sensitivity when it's not set 2019-06-06 22:42:17 +03:00
Andrey Meshkov
a3b8d4d923 Fix #706 -- rDNS for DOH/DOT clients 2019-06-04 20:38:53 +03:00
Simon Zolin
1d09ff0562 Merge: + dnsforward: add access settings for blocking DNS requests
Close #728

* commit 'e4532a27cd2a6f92aaf724fddbffa00fcecb064c':
  - openapi: correct format
  + client: handle access settings
  * go.mod: update dnsproxy
  + control: /access/list, /access/set handlers
  + dnsforward: add access settings for blocking DNS requests
2019-06-03 15:04:52 +03:00
Simon Zolin
3baa6919dc - fix tests and linter issues 2019-05-31 12:27:13 +03:00
Simon Zolin
36ffcf7d22 + dnsforward: add access settings for blocking DNS requests
Block by client IP or target domain name.
2019-05-30 18:21:36 +03:00
Simon Zolin
a12f01793f + clients: find DNS client's hostname by IP using rDNS 2019-05-28 19:07:57 +03:00
Simon Zolin
8bf76c331d + dnsfilter: use callback function for applying per-client settings 2019-05-28 18:44:27 +03:00
Simon Zolin
ac8f703407 + dnsforward: support IPv6 (AAAA response)
If question type is AAAA:
 Before this patch we responded with NXDOMAIN.
 Now we send an empty response if host rule is IPv4;
 or we send an AAAA answer if host rule is IPv6.

+ block ipv6 if rule is "0.0.0.0 blockdomain"
2019-05-24 18:08:08 +03:00
Simon Zolin
096a959987 * dnsforward: use new dnsfilter interface 2019-05-17 18:22:57 +03:00
Simon Zolin
9644f79a03 * dnsforward: use separate ServerConfig object 2019-05-17 18:22:57 +03:00
Simon Zolin
d5f6dd1a46 - dns query log: robust file flushing mechanism
Before this patch we could exit the process without waiting for
 file writing task to complete.
As a result a file could become corrupted or a large chunk of data
 could be missing.

Now the main thread either waits until file writing task completes
 or it writes log buffer to file itself.
2019-05-15 13:12:03 +03:00
Simon Zolin
0f28a989e9 * improve logging 2019-05-15 13:12:03 +03:00
Alexander Turcic
cd2dd00da3 * dnsforward_test: add test for null filter 2019-05-14 16:53:09 +03:00
Alexander Turcic
07ffcbec3d * dnsforward, config: add unspecified IP blocking option
* dnsforward: prioritize host files over null filter

* dnsforward, config: adjust setting variable to blocking_mode

* dnsforward: use net.IPv4zero for null IP
2019-05-14 16:53:06 +03:00
Aleksey Dmitrevskiy
c82887d3aa * app, dnsforward: add MinVersion for TLS configs 2019-04-17 12:02:56 +03:00
Aleksey Dmitrevskiy
9ea5c1abe1 + control, dns, client: add ability to set DNS upstream per domain 2019-03-20 14:24:33 +03:00
Aleksey Dmitrevskiy
bc4c2e2ff7 Merge branch 'master' into fix/596 2019-03-06 18:25:42 +03:00
Aleksey Dmitrevskiy
53d680a5df Fix #597 - [bugfix] querylog_top: Empty domain gets to the Top Queried domains 2019-02-28 16:19:23 +03:00
Aleksey Dmitrevskiy
acb4a98466 [change] dnsforward: Add comments for public fields 2019-02-28 13:40:40 +03:00
Aleksey Dmitrevskiy
3929f0da44 [change] control: Handle upstream config with JSON 2019-02-28 13:01:41 +03:00
Aleksey Dmitrevskiy
81e88472cb Merge branch 'fix/542' into fix/596 2019-02-28 11:16:03 +03:00
Aleksey Dmitrevskiy
967a1e6b87 Merge branch 'master' into fix/596 2019-02-27 18:56:36 +03:00
Aleksey Dmitrevskiy
ffa4429818 Merge branch 'master' into fix/542 2019-02-27 18:47:01 +03:00
Simon Zolin
5cb6d97cd7 * use new logger - AdguardTeam/golibs/log 2019-02-27 15:02:11 +03:00
Aleksey Dmitrevskiy
dc05556c5a Fix #542 - Add Bootstrap DNS resolver settings 2019-02-27 11:15:18 +03:00
Aleksey Dmitrevskiy
5bc6d00aa0 Fix #596 - Intelligent Optimal DNS Resolution 2019-02-26 18:19:05 +03:00
Andrey Meshkov
c71d6ed433 Fix race in safesearch tests 2019-02-25 18:56:51 +03:00
Aleksey Dmitrevskiy
86279f19b0 Add TODO 2019-02-25 17:15:50 +03:00
Aleksey Dmitrevskiy
3d901a82ad Fix merge issues 2019-02-25 17:07:26 +03:00
Aleksey Dmitrevskiy
d351ed82c1 Merge branch 'master' into fix/576 2019-02-25 17:07:02 +03:00
Aleksey Dmitrevskiy
8e13f22aa5 Add stats assertions 2019-02-25 17:01:57 +03:00
Aleksey Dmitrevskiy
d0f4f22e0d Add safesearch test for dnsforward 2019-02-25 14:58:54 +03:00
Andrey Meshkov
1da954fa97 Fix tests 2019-02-22 18:41:59 +03:00
Andrey Meshkov
ad4b58472f Update dnsproxy to 0.11.0 2019-02-22 18:16:47 +03:00
Andrey Meshkov
e8898811fe Added DOH url 2019-02-22 15:52:12 +03:00
Andrey Meshkov
71df659dc9 Added DNS-over-TLS unit-test and a test looking for race-conditions 2019-02-22 15:23:39 +03:00
Andrey Meshkov
37431735fd Added new config fields to readme 2019-02-21 17:48:18 +03:00
Eugene Bujak
229ef78085 Activate DNS-over-TLS server when certificates, keys and ports are configured. 2019-02-15 16:28:28 +03:00
Andrey Meshkov
a40ddb094b Fix review comments 2019-02-11 14:22:36 +03:00
Andrey Meshkov
9ff420bb52 Do not store last_updated in the config file anymore 2019-02-10 21:44:16 +03:00
Andrey Meshkov
9a03190a62 Fix #579
1. Added --workdir command-line argument that lets configure the working dir.
2. Made "dnsforward" use this workdir parameter when saving/reading querylog.
3. Reworked "dnsforward" -- moved http handlers out of there to control.go
2019-02-10 20:47:43 +03:00
Eugene Bujak
68c8a4d484 Demote some log.printf into log.tracef 2019-02-07 18:24:43 +03:00
Andrey Meshkov
ec6b1f7c42 Added golangci-lint configuration and prepared for the integrattion 2019-01-25 20:13:57 +03:00
Andrey Meshkov
a0157e39c6 Use EnableAll in gometalinter config 2019-01-25 20:13:57 +03:00
Andrey Meshkov
d078851246 gometalinter 2019-01-25 20:13:57 +03:00
Andrey Meshkov
c4ba284964 fix tests 2019-01-05 22:24:07 +03:00
Andrey Meshkov
f3a97ed7ab Added TCPListenAddr 2019-01-05 22:15:20 +03:00
Eugene Bujak
cbe83e2053 Merge pull request #126 in DNS/adguard-dns from feature/423 to master
* commit 'b0c4d88d5454f8dd5a92a73615cce3a31450f56b': (45 commits)
  Indicate that DHCP is experimental
  Update dnsproxy and dnscrypt, and run go mod tidy.
  Fix race conditions found by -race
  move log wrapper library outside into hmage/golibs/log
  Added check for active DHCP before enable
  Use new log wrapper and add more functions to it.
  Implement a log wrapper
  /dhcp/status -- give out hostname for UI
  dhcpd -- Remember hostname, for UI.
  Update comment why filter_conn.go is needed.
  Fixup of previous commit.
  /dhcp/find_active_dhcp -- use interface name from request body
  Don't try to start DHCP server if it's not enabled.
  Get rid of logrus, it's TTY output is not friendly or human parseable if we will want users to send us logs.
  Flag parser -- support options without values, move code for help and verbose into table.
  verbose output parameter
  Pretty-format leases so it shows human readable MAC address.
  Start DHCP on launch if it's enabled in config.
  Update makefile to detect changes in dhcpd/*.go
  DHCPD — don't forget to make Lease fields public.
  ...
2018-12-29 20:07:14 +03:00
Eugene Bujak
4d3f1b83a6 Fix race conditions found by -race 2018-12-29 19:13:00 +03:00
Eugene Bujak
368e2d1ebd move log wrapper library outside into hmage/golibs/log 2018-12-29 19:12:45 +03:00
Eugene Bujak
243603e04c Fix panic when DNS query doesn't have questions.
Closes #491.
2018-12-29 17:47:50 +03:00
Eugene Bujak
d8802a9709 Use new log wrapper and add more functions to it. 2018-12-29 17:37:18 +03:00
Eugene Bujak
55a7ff7447 Get rid of logrus, it's TTY output is not friendly or human parseable if we will want users to send us logs. 2018-12-29 14:55:35 +03:00
Andrey Meshkov
cc96593ebf upd to 0.9.3, removed jedist1/xsecretbox from dependencies 2018-12-25 01:59:38 +03:00
Andrey Meshkov
3ade62301b upgraded dnsproxy to 0.9.2 2018-12-25 00:08:51 +03:00
Andrey Meshkov
62606db1af fix client IP address 2018-12-24 23:06:36 +03:00
Andrey Meshkov
374a0dc2e5 Fixing review comments 2018-12-24 18:47:33 +03:00
Andrey Meshkov
2bc1d737cc fix imports 2018-12-24 16:58:48 +03:00
Andrey Meshkov
0a977fee87 changed to logrus 2018-12-24 15:27:14 +03:00
Andrey Meshkov
e711f6e5fe Start using dnsproxy 2018-12-24 15:19:52 +03:00
Andrey Meshkov
3d17907966 upgrade dnscrypt client to v1.0.0 2018-12-18 13:24:15 +03:00
Andrey Meshkov
45626b139d Handle cert expiration or rotation 2018-12-18 01:45:19 +03:00
Andrey Meshkov
b30b6b1d66 Fix #284
Added DNSCrypt upstreams support
Added DNS Stamps support
2018-12-18 01:20:38 +03:00
Eugene Bujak
1c89e1df32 Resolve into a stub page when blocked by parental or safebrowsing.
Closes #475.
2018-12-11 15:09:07 +03:00
Eugene Bujak
5c4ec62d96 Check if protection is enabled before running the host through dnsfilter.
Closes #476.
2018-12-11 14:20:14 +03:00
Eugene Bujak
8411de8887 Don't log ANY requests if refuseAny is enabled.
Closes #472.
2018-12-07 14:12:26 +03:00
Eugene Bujak
253d8a4016 Pointer for dnsfilter.Result in querylog didn't make things simpler, revert that change and all related changes. 2018-12-06 17:27:38 +03:00
Eugene Bujak
2ba5cb48b2 Fixup of previous commit -- remove unused import. 2018-12-06 17:19:57 +03:00
Eugene Bujak
e056fb2eb9 Remove unused code. 2018-12-06 17:19:04 +03:00
Eugene Bujak
15f3c82238 dnsforward -- fix panic on ANY request 2018-12-06 16:55:05 +03:00
Eugene Bujak
0f5dd661f5 Add support for bootstrapping upstream DNS servers by hostname. 2018-12-06 00:22:20 +03:00
Eugene Bujak
ff1c19cac5 dnsforward -- support tcp:// schema 2018-12-05 21:33:32 +03:00
Eugene Bujak
2a1059107a dnsforward -- add upstream tests. 2018-12-05 21:33:07 +03:00
Eugene Bujak
bb6c596b22 dnsforward -- add a simple test that launches a server and queries well-known value through it 2018-12-05 20:13:35 +03:00
Eugene Bujak
478ce03386 dnsforward -- implement ratelimit and refuseany 2018-12-05 18:49:19 +03:00
Eugene Bujak
b0149972cc dnsforward -- give only ip address to querylog, without port 2018-12-05 16:57:21 +03:00
Eugene Bujak
9b43e07d7f dnsforward -- flush querylog to file on server stop 2018-12-05 16:57:21 +03:00
Eugene Bujak
052f975762 dnsforward -- Move querylog from coredns plugin, a more complex migration with proper API took too long so a simple move was used instead to save time. 2018-12-05 16:57:21 +03:00
Eugene Bujak
e5d2f883ac dnsforward -- Make Upstream interface give access to Address field. 2018-12-05 16:57:21 +03:00
Eugene Bujak
8396dc2fdb Update docs for formatting in godoc. 2018-12-05 16:57:21 +03:00
Eugene Bujak
09fb539875 Simplify two lines into one line. 2018-12-05 16:57:21 +03:00
Eugene Bujak
be4b65fdca dnsforward -- use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise 2018-12-05 16:57:21 +03:00
Eugene Bujak
0502ef6cc7 dnsforward -- initialize all dnsfilter settings at start and reconfigure 2018-12-05 16:57:21 +03:00
Eugene Bujak
7d2e39ed52 dnsfilter -- Add a convinience function to add all rules from all filters. 2018-12-05 16:57:21 +03:00
Eugene Bujak
e26837d9e8 dnsfilter -- Add parameter to New() to supply optional initial config. 2018-12-05 16:57:21 +03:00
Eugene Bujak
057db71f3b Get rid of duplicate variable definitions 2018-12-05 16:57:21 +03:00
Eugene Bujak
87c54ebd4c Move Filter definition from dnsforward to dnsfilter, it belongs there. 2018-12-05 16:57:21 +03:00
Eugene Bujak
a6e0a17454 dnsforward -- trim dot in the end of hostname, dnsfilter does not expect it there 2018-12-05 16:56:11 +03:00
Eugene Bujak
9d87ae95e6 dnsforward -- if given addresses without ports, assign default ports 2018-12-05 16:56:11 +03:00
Eugene Bujak
8316d39b42 Move filtering setting fields from main app to dnsforward. 2018-12-05 16:56:11 +03:00
Eugene Bujak
7120f551c8 dnsforward -- rename BlockedTTL to BlockedResponseTTL to be in line with app's config variable. 2018-12-05 16:56:11 +03:00
Eugene Bujak
e4a3564706 Fix a logical race that wasn't detectable by -race -- we were closing a connection that was already reestablished. 2018-12-05 16:56:11 +03:00
Eugene Bujak
4eb122e973 Avoid duplication of fields in filter struct. 2018-12-05 16:56:11 +03:00
Eugene Bujak
a904f85e61 dnsforward library -- default to plain DNS for high-performance testing. 2018-12-05 16:54:56 +03:00
Eugene Bujak
584f441141 dnsforward library -- introduce IsRunning() 2018-12-05 16:54:56 +03:00
Eugene Bujak
7944f23d95 dnsforward library -- consistently nullify and close listening socket when we're done with it. 2018-12-05 16:54:56 +03:00
Eugene Bujak
639b34c7d1 dnsforward library -- Fix race conditions found by -race 2018-12-05 16:54:56 +03:00
Eugene Bujak
5a548be16c Add dns forwarding server library 2018-12-05 16:54:56 +03:00