mirror of
https://github.com/AdguardTeam/AdGuardHome.git
synced 2024-11-25 14:35:48 +03:00
fc9ddcf941
Merge in DNS/adguard-home from 1383-client-id to master Updates #1383. Squashed commit of the following: commit ebe2678bfa9bf651a2cb1e64499b38edcf19a7ad Author: Ildar Kamalov <ik@adguard.com> Date: Wed Jan 27 17:51:59 2021 +0300 - client: check if IP is valid commit 0c330585a170ea149ee75e43dfa65211e057299c Author: Ildar Kamalov <ik@adguard.com> Date: Wed Jan 27 17:07:50 2021 +0300 - client: find clients by client_id commit 71c9593ee35d996846f061e114b7867c3aa3c978 Merge: 9104f1613e9edd9e
Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jan 27 16:09:45 2021 +0300 Merge branch 'master' into 1383-client-id commit 9104f1615d2d462606c52017df25a422df872cea Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jan 27 13:28:50 2021 +0300 dnsforward: imp tests commit ed47f26e611ade625a2cc2c2f71a291b796bbf8f Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Jan 27 12:39:52 2021 +0300 dnsforward: fix address commit 98b222ba69a5d265f620c180c960d01c84a1fb3b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 19:50:31 2021 +0300 home: imp code commit 4f3966548a2d8437d0b68207dd108dd1a6cb7d20 Merge: 199fdc05c215b820
Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 19:45:13 2021 +0300 Merge branch 'master' into 1383-client-id commit 199fdc056f8a8be5500584f3aaee32865188aedc Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 19:20:37 2021 +0300 all: imp tests, logging, etc commit 35ff14f4d534251aecb2ea60baba225f3eed8a3e Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jan 26 18:55:19 2021 +0300 + client: remove block button from clients with client_id commit 32991a0b4c56583a02fb5e00bba95d96000bce20 Author: Ildar Kamalov <ik@adguard.com> Date: Tue Jan 26 18:54:25 2021 +0300 + client: add requests count for client_id commit 2d68df4d2eac4a296d7469923e601dad4575c1a1 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 15:49:50 2021 +0300 stats: handle client ids commit 4e14ab3590328f93a8cd6e9cbe1665baf74f220b Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 13:45:25 2021 +0300 openapi: fix example commit ca9cf3f744fe197cace2c28ddc5bc68f71dad1f3 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 13:37:10 2021 +0300 openapi: improve clients find api docs commit f79876e550c424558b704bc316a4cd04f25db011 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Tue Jan 26 13:18:52 2021 +0300 home: accept ids in clients find commit 5b72595122aa0bd64debadfd753ed8a0e0840629 Merge: 607e241fabf8f65f
Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jan 25 18:34:56 2021 +0300 Merge branch 'master' into 1383-client-id commit 607e241f1c339dd6397218f70b8301e3de6a1ee0 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jan 25 18:30:39 2021 +0300 dnsforward: fix quic commit f046352fef93e46234c2bbe8ae316d21034260e5 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Mon Jan 25 16:53:09 2021 +0300 all: remove wildcard requirement commit 3b679489bae82c54177372be453fe184d8f0bab6 Author: Andrey Meshkov <am@adguard.com> Date: Mon Jan 25 16:02:28 2021 +0300 workDir now supports symlinks commit 0647ab4f113de2223f6949df001f42ecab05c995 Author: Ildar Kamalov <ik@adguard.com> Date: Mon Jan 25 14:59:46 2021 +0300 - client: remove wildcard from domain validation commit b1aec04a4ecadc9d65648ed6d284188fecce01c3 Author: Ildar Kamalov <ik@adguard.com> Date: Mon Jan 25 14:55:39 2021 +0300 + client: add form to download mobileconfig ... and 12 more commits
1116 lines
30 KiB
Go
1116 lines
30 KiB
Go
package dnsforward
|
|
|
|
import (
|
|
"crypto/ecdsa"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"crypto/x509/pkix"
|
|
"encoding/pem"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"math/big"
|
|
"net"
|
|
"os"
|
|
"sort"
|
|
"sync"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/testutil"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/util"
|
|
|
|
"github.com/AdguardTeam/AdGuardHome/internal/dhcpd"
|
|
"github.com/AdguardTeam/AdGuardHome/internal/dnsfilter"
|
|
"github.com/AdguardTeam/dnsproxy/proxy"
|
|
"github.com/AdguardTeam/dnsproxy/upstream"
|
|
"github.com/miekg/dns"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestMain(m *testing.M) {
|
|
testutil.DiscardLogOutput(m)
|
|
}
|
|
|
|
const (
|
|
tlsServerName = "testdns.adguard.com"
|
|
testMessagesCount = 10
|
|
)
|
|
|
|
func TestServer(t *testing.T) {
|
|
s := createTestServer(t)
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
|
|
// message over UDP
|
|
req := createGoogleATestMessage()
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
client := dns.Client{Net: "udp"}
|
|
reply, _, err := client.Exchange(req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
|
}
|
|
assertGoogleAResponse(t, reply)
|
|
|
|
// message over TCP
|
|
req = createGoogleATestMessage()
|
|
addr = s.dnsProxy.Addr("tcp")
|
|
client = dns.Client{Net: "tcp"}
|
|
reply, _, err = client.Exchange(req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
|
}
|
|
assertGoogleAResponse(t, reply)
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestServerWithProtectionDisabled(t *testing.T) {
|
|
s := createTestServer(t)
|
|
s.conf.ProtectionEnabled = false
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
|
|
// message over UDP
|
|
req := createGoogleATestMessage()
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
client := dns.Client{Net: "udp"}
|
|
reply, _, err := client.Exchange(req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
|
}
|
|
assertGoogleAResponse(t, reply)
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestDotServer(t *testing.T) {
|
|
// Prepare the proxy server
|
|
_, certPem, keyPem := createServerTLSConfig(t)
|
|
s := createTestServer(t)
|
|
|
|
s.conf.TLSConfig = TLSConfig{
|
|
TLSListenAddr: &net.TCPAddr{Port: 0},
|
|
CertificateChainData: certPem,
|
|
PrivateKeyData: keyPem,
|
|
}
|
|
|
|
_ = s.Prepare(nil)
|
|
// Starting the server
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
|
|
// Add our self-signed generated config to roots
|
|
roots := x509.NewCertPool()
|
|
roots.AppendCertsFromPEM(certPem)
|
|
tlsConfig := &tls.Config{
|
|
ServerName: tlsServerName,
|
|
RootCAs: roots,
|
|
MinVersion: tls.VersionTLS12,
|
|
}
|
|
|
|
// Create a DNS-over-TLS client connection
|
|
addr := s.dnsProxy.Addr(proxy.ProtoTLS)
|
|
conn, err := dns.DialWithTLS("tcp-tls", addr.String(), tlsConfig)
|
|
if err != nil {
|
|
t.Fatalf("cannot connect to the proxy: %s", err)
|
|
}
|
|
|
|
sendTestMessages(t, conn)
|
|
|
|
// Stop the proxy
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestDoqServer(t *testing.T) {
|
|
// Prepare the proxy server
|
|
_, certPem, keyPem := createServerTLSConfig(t)
|
|
s := createTestServer(t)
|
|
|
|
s.conf.TLSConfig = TLSConfig{
|
|
QUICListenAddr: &net.UDPAddr{Port: 0},
|
|
CertificateChainData: certPem,
|
|
PrivateKeyData: keyPem,
|
|
}
|
|
|
|
_ = s.Prepare(nil)
|
|
// Starting the server
|
|
err := s.Start()
|
|
assert.Nil(t, err)
|
|
|
|
// Create a DNS-over-QUIC upstream
|
|
addr := s.dnsProxy.Addr(proxy.ProtoQUIC)
|
|
opts := upstream.Options{InsecureSkipVerify: true}
|
|
u, err := upstream.AddressToUpstream(fmt.Sprintf("quic://%s", addr), opts)
|
|
assert.Nil(t, err)
|
|
|
|
// Send the test message
|
|
req := createGoogleATestMessage()
|
|
res, err := u.Exchange(req)
|
|
assert.Nil(t, err)
|
|
assertGoogleAResponse(t, res)
|
|
|
|
// Stop the proxy
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestServerRace(t *testing.T) {
|
|
s := createTestServer(t)
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
|
|
// message over UDP
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
conn, err := dns.Dial("udp", addr.String())
|
|
if err != nil {
|
|
t.Fatalf("cannot connect to the proxy: %s", err)
|
|
}
|
|
|
|
sendTestMessagesAsync(t, conn)
|
|
|
|
// Stop the proxy
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestSafeSearch(t *testing.T) {
|
|
s := createTestServer(t)
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
|
|
// Test safe search for yandex. We already know safe search ip
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
client := dns.Client{Net: "udp"}
|
|
yandexDomains := []string{"yandex.com.", "yandex.by.", "yandex.kz.", "yandex.ru.", "yandex.com."}
|
|
for _, host := range yandexDomains {
|
|
exchangeAndAssertResponse(t, &client, addr, host, "213.180.193.56")
|
|
}
|
|
|
|
// Let's lookup for google safesearch ip
|
|
ips, err := net.LookupIP("forcesafesearch.google.com")
|
|
if err != nil {
|
|
t.Fatalf("Failed to lookup for forcesafesearch.google.com: %s", err)
|
|
}
|
|
|
|
ip := ips[0]
|
|
for _, i := range ips {
|
|
if i.To4() != nil {
|
|
ip = i
|
|
break
|
|
}
|
|
}
|
|
|
|
// Test safe search for google.
|
|
googleDomains := []string{"www.google.com.", "www.google.com.af.", "www.google.be.", "www.google.by."}
|
|
for _, host := range googleDomains {
|
|
exchangeAndAssertResponse(t, &client, addr, host, ip.String())
|
|
}
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("Can not stopd server cause: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestInvalidRequest(t *testing.T) {
|
|
s := createTestServer(t)
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
|
|
// server is running, send a message
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.RecursionDesired = true
|
|
|
|
// send a DNS request without question
|
|
client := dns.Client{Net: "udp", Timeout: 500 * time.Millisecond}
|
|
_, _, err = client.Exchange(&req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("got a response to an invalid query")
|
|
}
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestBlockedRequest(t *testing.T) {
|
|
s := createTestServer(t)
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
//
|
|
// Default blocking - NULL IP
|
|
//
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.RecursionDesired = true
|
|
req.Question = []dns.Question{
|
|
{Name: "nxdomain.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
|
}
|
|
|
|
reply, err := dns.Exchange(&req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
|
}
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
assert.True(t, reply.Answer[0].(*dns.A).A.Equal(net.IP{0, 0, 0, 0}))
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestServerCustomClientUpstream(t *testing.T) {
|
|
s := createTestServer(t)
|
|
s.conf.GetCustomUpstreamByClient = func(_ string) *proxy.UpstreamConfig {
|
|
uc := &proxy.UpstreamConfig{}
|
|
u := &testUpstream{}
|
|
u.ipv4 = map[string][]net.IP{}
|
|
u.ipv4["host."] = []net.IP{{192, 168, 0, 1}}
|
|
uc.Upstreams = append(uc.Upstreams, u)
|
|
return uc
|
|
}
|
|
|
|
assert.Nil(t, s.Start())
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
// Send test request
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.RecursionDesired = true
|
|
req.Question = []dns.Question{
|
|
{Name: "host.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
|
}
|
|
|
|
reply, err := dns.Exchange(&req, addr.String())
|
|
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
assert.NotNil(t, reply.Answer)
|
|
assert.True(t, net.IP{192, 168, 0, 1}.Equal(reply.Answer[0].(*dns.A).A))
|
|
assert.Nil(t, s.Stop())
|
|
}
|
|
|
|
// testUpstream is a mock of real upstream.
|
|
// specify fields with necessary values to simulate real upstream behaviour
|
|
type testUpstream struct {
|
|
cn map[string]string // Map of [name]canonical_name
|
|
ipv4 map[string][]net.IP // Map of [name]IPv4
|
|
ipv6 map[string][]net.IP // Map of [name]IPv6
|
|
}
|
|
|
|
func (u *testUpstream) Exchange(m *dns.Msg) (*dns.Msg, error) {
|
|
resp := dns.Msg{}
|
|
resp.SetReply(m)
|
|
hasARecord := false
|
|
hasAAAARecord := false
|
|
|
|
reqType := m.Question[0].Qtype
|
|
name := m.Question[0].Name
|
|
|
|
// Let's check if we have any CNAME for given name
|
|
if cname, ok := u.cn[name]; ok {
|
|
cn := dns.CNAME{}
|
|
cn.Hdr.Name = name
|
|
cn.Hdr.Rrtype = dns.TypeCNAME
|
|
cn.Target = cname
|
|
resp.Answer = append(resp.Answer, &cn)
|
|
}
|
|
|
|
// Let's check if we can add some A records to the answer
|
|
if ipv4addr, ok := u.ipv4[name]; ok && reqType == dns.TypeA {
|
|
hasARecord = true
|
|
for _, ipv4 := range ipv4addr {
|
|
respA := dns.A{}
|
|
respA.Hdr.Rrtype = dns.TypeA
|
|
respA.Hdr.Name = name
|
|
respA.A = ipv4
|
|
resp.Answer = append(resp.Answer, &respA)
|
|
}
|
|
}
|
|
|
|
// Let's check if we can add some AAAA records to the answer
|
|
if u.ipv6 != nil {
|
|
if ipv6addr, ok := u.ipv6[name]; ok && reqType == dns.TypeAAAA {
|
|
hasAAAARecord = true
|
|
for _, ipv6 := range ipv6addr {
|
|
respAAAA := dns.A{}
|
|
respAAAA.Hdr.Rrtype = dns.TypeAAAA
|
|
respAAAA.Hdr.Name = name
|
|
respAAAA.A = ipv6
|
|
resp.Answer = append(resp.Answer, &respAAAA)
|
|
}
|
|
}
|
|
}
|
|
|
|
if len(resp.Answer) == 0 {
|
|
if hasARecord || hasAAAARecord {
|
|
// Set No Error RCode if there are some records for given Qname but we didn't apply them
|
|
resp.SetRcode(m, dns.RcodeSuccess)
|
|
} else {
|
|
// Set NXDomain RCode otherwise
|
|
resp.SetRcode(m, dns.RcodeNameError)
|
|
}
|
|
}
|
|
|
|
return &resp, nil
|
|
}
|
|
|
|
func (u *testUpstream) Address() string {
|
|
return "test"
|
|
}
|
|
|
|
func (s *Server) startWithUpstream(u upstream.Upstream) error {
|
|
s.Lock()
|
|
defer s.Unlock()
|
|
err := s.Prepare(nil)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
s.dnsProxy.UpstreamConfig = &proxy.UpstreamConfig{
|
|
Upstreams: []upstream.Upstream{u},
|
|
}
|
|
return s.dnsProxy.Start()
|
|
}
|
|
|
|
// testCNAMEs is a simple map of names and CNAMEs necessary for the testUpstream work
|
|
var testCNAMEs = map[string]string{
|
|
"badhost.": "null.example.org.",
|
|
"whitelist.example.org.": "null.example.org.",
|
|
}
|
|
|
|
// testIPv4 is a simple map of names and IPv4s necessary for the testUpstream work
|
|
var testIPv4 = map[string][]net.IP{
|
|
"null.example.org.": {{1, 2, 3, 4}},
|
|
"example.org.": {{127, 0, 0, 255}},
|
|
}
|
|
|
|
func TestBlockCNAMEProtectionEnabled(t *testing.T) {
|
|
s := createTestServer(t)
|
|
testUpstm := &testUpstream{testCNAMEs, testIPv4, nil}
|
|
s.conf.ProtectionEnabled = false
|
|
err := s.startWithUpstream(testUpstm)
|
|
assert.Nil(t, err)
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
// 'badhost' has a canonical name 'null.example.org' which is blocked by filters:
|
|
// but protection is disabled - response is NOT blocked
|
|
req := createTestMessage("badhost.")
|
|
reply, err := dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
}
|
|
|
|
func TestBlockCNAME(t *testing.T) {
|
|
s := createTestServer(t)
|
|
testUpstm := &testUpstream{testCNAMEs, testIPv4, nil}
|
|
err := s.startWithUpstream(testUpstm)
|
|
assert.Nil(t, err)
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
// 'badhost' has a canonical name 'null.example.org' which is blocked by filters:
|
|
// response is blocked
|
|
req := createTestMessage("badhost.")
|
|
reply, err := dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
assert.True(t, reply.Answer[0].(*dns.A).A.Equal(net.IP{0, 0, 0, 0}))
|
|
|
|
// 'whitelist.example.org' has a canonical name 'null.example.org' which is blocked by filters
|
|
// but 'whitelist.example.org' is in a whitelist:
|
|
// response isn't blocked
|
|
req = createTestMessage("whitelist.example.org.")
|
|
reply, err = dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
|
|
// 'example.org' has a canonical name 'cname1' with IP 127.0.0.255 which is blocked by filters:
|
|
// response is blocked
|
|
req = createTestMessage("example.org.")
|
|
reply, err = dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
assert.True(t, reply.Answer[0].(*dns.A).A.Equal(net.IP{0, 0, 0, 0}))
|
|
|
|
_ = s.Stop()
|
|
}
|
|
|
|
func TestClientRulesForCNAMEMatching(t *testing.T) {
|
|
s := createTestServer(t)
|
|
testUpstm := &testUpstream{testCNAMEs, testIPv4, nil}
|
|
s.conf.FilterHandler = func(_ net.IP, _ string, settings *dnsfilter.RequestFilteringSettings) {
|
|
settings.FilteringEnabled = false
|
|
}
|
|
err := s.startWithUpstream(testUpstm)
|
|
assert.Nil(t, err)
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
// 'badhost' has a canonical name 'null.example.org' which is blocked by filters:
|
|
// response is blocked
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.Question = []dns.Question{
|
|
{Name: "badhost.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
|
}
|
|
// However, in our case it should not be blocked
|
|
// as filtering is disabled on the client level
|
|
reply, err := dns.Exchange(&req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, dns.RcodeSuccess, reply.Rcode)
|
|
}
|
|
|
|
func TestNullBlockedRequest(t *testing.T) {
|
|
s := createTestServer(t)
|
|
s.conf.FilteringConfig.BlockingMode = "null_ip"
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
//
|
|
// Null filter blocking
|
|
//
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.RecursionDesired = true
|
|
req.Question = []dns.Question{
|
|
{Name: "null.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
|
}
|
|
|
|
reply, err := dns.Exchange(&req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
|
}
|
|
if len(reply.Answer) != 1 {
|
|
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
|
}
|
|
if a, ok := reply.Answer[0].(*dns.A); ok {
|
|
if !net.IPv4zero.Equal(a.A) {
|
|
t.Fatalf("DNS server %s returned wrong answer instead of 0.0.0.0: %v", addr, a.A)
|
|
}
|
|
} else {
|
|
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
|
}
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestBlockedCustomIP(t *testing.T) {
|
|
rules := "||nxdomain.example.org^\n||null.example.org^\n127.0.0.1 host.example.org\n@@||whitelist.example.org^\n||127.0.0.255\n"
|
|
filters := []dnsfilter.Filter{{
|
|
ID: 0, Data: []byte(rules),
|
|
}}
|
|
c := dnsfilter.Config{}
|
|
|
|
f := dnsfilter.New(&c, filters)
|
|
s := NewServer(DNSCreateParams{DNSFilter: f})
|
|
conf := ServerConfig{}
|
|
conf.UDPListenAddr = &net.UDPAddr{Port: 0}
|
|
conf.TCPListenAddr = &net.TCPAddr{Port: 0}
|
|
conf.ProtectionEnabled = true
|
|
conf.BlockingMode = "custom_ip"
|
|
conf.BlockingIPv4 = nil
|
|
conf.UpstreamDNS = []string{"8.8.8.8:53", "8.8.4.4:53"}
|
|
err := s.Prepare(&conf)
|
|
assert.NotNil(t, err) // invalid BlockingIPv4
|
|
|
|
conf.BlockingIPv4 = net.IP{0, 0, 0, 1}
|
|
conf.BlockingIPv6 = net.ParseIP("::1")
|
|
err = s.Prepare(&conf)
|
|
assert.Nil(t, err)
|
|
err = s.Start()
|
|
assert.Nil(t, err)
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
req := createTestMessageWithType("null.example.org.", dns.TypeA)
|
|
reply, err := dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Len(t, reply.Answer, 1)
|
|
a, ok := reply.Answer[0].(*dns.A)
|
|
assert.True(t, ok)
|
|
assert.True(t, net.IP{0, 0, 0, 1}.Equal(a.A))
|
|
|
|
req = createTestMessageWithType("null.example.org.", dns.TypeAAAA)
|
|
reply, err = dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Len(t, reply.Answer, 1)
|
|
a6, ok := reply.Answer[0].(*dns.AAAA)
|
|
assert.True(t, ok)
|
|
assert.Equal(t, "::1", a6.AAAA.String())
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestBlockedByHosts(t *testing.T) {
|
|
s := createTestServer(t)
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
//
|
|
// Hosts blocking
|
|
//
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.RecursionDesired = true
|
|
req.Question = []dns.Question{
|
|
{Name: "host.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
|
}
|
|
|
|
reply, err := dns.Exchange(&req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
|
}
|
|
if len(reply.Answer) != 1 {
|
|
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
|
}
|
|
if a, ok := reply.Answer[0].(*dns.A); ok {
|
|
if !net.IPv4(127, 0, 0, 1).Equal(a.A) {
|
|
t.Fatalf("DNS server %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
|
|
}
|
|
} else {
|
|
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
|
}
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestBlockedBySafeBrowsing(t *testing.T) {
|
|
s := createTestServer(t)
|
|
err := s.Start()
|
|
if err != nil {
|
|
t.Fatalf("Failed to start server: %s", err)
|
|
}
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
//
|
|
// Safebrowsing blocking
|
|
//
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.RecursionDesired = true
|
|
req.Question = []dns.Question{
|
|
{Name: "wmconvirus.narod.ru.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
|
}
|
|
reply, err := dns.Exchange(&req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
|
}
|
|
if len(reply.Answer) != 1 {
|
|
t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
|
|
}
|
|
if a, ok := reply.Answer[0].(*dns.A); ok {
|
|
addrs, lookupErr := net.LookupHost(safeBrowsingBlockHost)
|
|
if lookupErr != nil {
|
|
t.Fatalf("cannot resolve %s due to %s", safeBrowsingBlockHost, lookupErr)
|
|
}
|
|
|
|
found := false
|
|
for _, blockAddr := range addrs {
|
|
if blockAddr == a.A.String() {
|
|
found = true
|
|
}
|
|
}
|
|
|
|
if !found {
|
|
t.Fatalf("DNS server %s returned wrong answer: %v", addr, a.A)
|
|
}
|
|
} else {
|
|
t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
|
|
}
|
|
|
|
err = s.Stop()
|
|
if err != nil {
|
|
t.Fatalf("DNS server failed to stop: %s", err)
|
|
}
|
|
}
|
|
|
|
func TestRewrite(t *testing.T) {
|
|
c := dnsfilter.Config{}
|
|
c.Rewrites = []dnsfilter.RewriteEntry{
|
|
{
|
|
Domain: "test.com",
|
|
Answer: "1.2.3.4",
|
|
Type: dns.TypeA,
|
|
},
|
|
{
|
|
Domain: "alias.test.com",
|
|
Answer: "test.com",
|
|
Type: dns.TypeCNAME,
|
|
},
|
|
{
|
|
Domain: "my.alias.example.org",
|
|
Answer: "example.org",
|
|
Type: dns.TypeCNAME,
|
|
},
|
|
}
|
|
|
|
f := dnsfilter.New(&c, nil)
|
|
s := NewServer(DNSCreateParams{DNSFilter: f})
|
|
conf := ServerConfig{}
|
|
conf.UDPListenAddr = &net.UDPAddr{Port: 0}
|
|
conf.TCPListenAddr = &net.TCPAddr{Port: 0}
|
|
conf.ProtectionEnabled = true
|
|
conf.UpstreamDNS = []string{"8.8.8.8:53"}
|
|
|
|
err := s.Prepare(&conf)
|
|
assert.Nil(t, err)
|
|
err = s.Start()
|
|
assert.Nil(t, err)
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
|
|
req := createTestMessageWithType("test.com.", dns.TypeA)
|
|
reply, err := dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Len(t, reply.Answer, 1)
|
|
a, ok := reply.Answer[0].(*dns.A)
|
|
assert.True(t, ok)
|
|
assert.True(t, net.IP{1, 2, 3, 4}.Equal(a.A))
|
|
|
|
req = createTestMessageWithType("test.com.", dns.TypeAAAA)
|
|
reply, err = dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Empty(t, reply.Answer)
|
|
|
|
req = createTestMessageWithType("alias.test.com.", dns.TypeA)
|
|
reply, err = dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Len(t, reply.Answer, 2)
|
|
assert.Equal(t, "test.com.", reply.Answer[0].(*dns.CNAME).Target)
|
|
assert.True(t, net.IP{1, 2, 3, 4}.Equal(reply.Answer[1].(*dns.A).A))
|
|
|
|
req = createTestMessageWithType("my.alias.example.org.", dns.TypeA)
|
|
reply, err = dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Equal(t, "my.alias.example.org.", reply.Question[0].Name) // the original question is restored
|
|
assert.Len(t, reply.Answer, 2)
|
|
assert.Equal(t, "example.org.", reply.Answer[0].(*dns.CNAME).Target)
|
|
assert.Equal(t, dns.TypeA, reply.Answer[1].Header().Rrtype)
|
|
|
|
_ = s.Stop()
|
|
}
|
|
|
|
func createTestServer(t *testing.T) *Server {
|
|
rules := `||nxdomain.example.org
|
|
||null.example.org^
|
|
127.0.0.1 host.example.org
|
|
@@||whitelist.example.org^
|
|
||127.0.0.255`
|
|
filters := []dnsfilter.Filter{{
|
|
ID: 0, Data: []byte(rules),
|
|
}}
|
|
c := dnsfilter.Config{}
|
|
c.SafeBrowsingEnabled = true
|
|
c.SafeBrowsingCacheSize = 1000
|
|
c.SafeSearchEnabled = true
|
|
c.SafeSearchCacheSize = 1000
|
|
c.ParentalCacheSize = 1000
|
|
c.CacheTime = 30
|
|
|
|
f := dnsfilter.New(&c, filters)
|
|
|
|
s := NewServer(DNSCreateParams{DNSFilter: f})
|
|
s.conf.UDPListenAddr = &net.UDPAddr{Port: 0}
|
|
s.conf.TCPListenAddr = &net.TCPAddr{Port: 0}
|
|
s.conf.UpstreamDNS = []string{"8.8.8.8:53", "8.8.4.4:53"}
|
|
s.conf.FilteringConfig.ProtectionEnabled = true
|
|
s.conf.ConfigModified = func() {}
|
|
|
|
err := s.Prepare(nil)
|
|
assert.Nil(t, err)
|
|
return s
|
|
}
|
|
|
|
func createServerTLSConfig(t *testing.T) (*tls.Config, []byte, []byte) {
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
if err != nil {
|
|
t.Fatalf("cannot generate RSA key: %s", err)
|
|
}
|
|
|
|
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
|
|
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
|
|
if err != nil {
|
|
t.Fatalf("failed to generate serial number: %s", err)
|
|
}
|
|
|
|
notBefore := time.Now()
|
|
notAfter := notBefore.Add(5 * 365 * time.Hour * 24)
|
|
|
|
template := x509.Certificate{
|
|
SerialNumber: serialNumber,
|
|
Subject: pkix.Name{
|
|
Organization: []string{"AdGuard Tests"},
|
|
},
|
|
NotBefore: notBefore,
|
|
NotAfter: notAfter,
|
|
|
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
|
|
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
|
|
BasicConstraintsValid: true,
|
|
IsCA: true,
|
|
}
|
|
template.DNSNames = append(template.DNSNames, tlsServerName)
|
|
|
|
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(privateKey), privateKey)
|
|
if err != nil {
|
|
t.Fatalf("failed to create certificate: %s", err)
|
|
}
|
|
|
|
certPem := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
|
|
keyPem := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})
|
|
|
|
cert, err := tls.X509KeyPair(certPem, keyPem)
|
|
if err != nil {
|
|
t.Fatalf("failed to create certificate: %s", err)
|
|
}
|
|
|
|
return &tls.Config{Certificates: []tls.Certificate{cert}, ServerName: tlsServerName, MinVersion: tls.VersionTLS12}, certPem, keyPem
|
|
}
|
|
|
|
func sendTestMessageAsync(t *testing.T, conn *dns.Conn, g *sync.WaitGroup) {
|
|
defer func() {
|
|
g.Done()
|
|
}()
|
|
|
|
req := createGoogleATestMessage()
|
|
err := conn.WriteMsg(req)
|
|
if err != nil {
|
|
panic(fmt.Sprintf("cannot write message: %s", err))
|
|
}
|
|
|
|
res, err := conn.ReadMsg()
|
|
if err != nil {
|
|
panic(fmt.Sprintf("cannot read response to message: %s", err))
|
|
}
|
|
assertGoogleAResponse(t, res)
|
|
}
|
|
|
|
// sendTestMessagesAsync sends messages in parallel
|
|
// so that we could find race issues
|
|
func sendTestMessagesAsync(t *testing.T, conn *dns.Conn) {
|
|
g := &sync.WaitGroup{}
|
|
g.Add(testMessagesCount)
|
|
|
|
for i := 0; i < testMessagesCount; i++ {
|
|
go sendTestMessageAsync(t, conn, g)
|
|
}
|
|
|
|
g.Wait()
|
|
}
|
|
|
|
func sendTestMessages(t *testing.T, conn *dns.Conn) {
|
|
for i := 0; i < 10; i++ {
|
|
req := createGoogleATestMessage()
|
|
err := conn.WriteMsg(req)
|
|
if err != nil {
|
|
t.Fatalf("cannot write message #%d: %s", i, err)
|
|
}
|
|
|
|
res, err := conn.ReadMsg()
|
|
if err != nil {
|
|
t.Fatalf("cannot read response to message #%d: %s", i, err)
|
|
}
|
|
assertGoogleAResponse(t, res)
|
|
}
|
|
}
|
|
|
|
func exchangeAndAssertResponse(t *testing.T, client *dns.Client, addr net.Addr, host, ip string) {
|
|
t.Helper()
|
|
|
|
req := createTestMessage(host)
|
|
reply, _, err := client.Exchange(req, addr.String())
|
|
if err != nil {
|
|
t.Fatalf("Couldn't talk to server %s: %s", addr, err)
|
|
}
|
|
assertResponse(t, reply, ip)
|
|
}
|
|
|
|
func createGoogleATestMessage() *dns.Msg {
|
|
return createTestMessage("google-public-dns-a.google.com.")
|
|
}
|
|
|
|
func createTestMessage(host string) *dns.Msg {
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.RecursionDesired = true
|
|
req.Question = []dns.Question{
|
|
{Name: host, Qtype: dns.TypeA, Qclass: dns.ClassINET},
|
|
}
|
|
return &req
|
|
}
|
|
|
|
func createTestMessageWithType(host string, qtype uint16) *dns.Msg {
|
|
req := dns.Msg{}
|
|
req.Id = dns.Id()
|
|
req.RecursionDesired = true
|
|
req.Question = []dns.Question{
|
|
{Name: host, Qtype: qtype, Qclass: dns.ClassINET},
|
|
}
|
|
return &req
|
|
}
|
|
|
|
func assertGoogleAResponse(t *testing.T, reply *dns.Msg) {
|
|
assertResponse(t, reply, "8.8.8.8")
|
|
}
|
|
|
|
func assertResponse(t *testing.T, reply *dns.Msg, ip string) {
|
|
t.Helper()
|
|
|
|
if len(reply.Answer) != 1 {
|
|
t.Fatalf("DNS server returned reply with wrong number of answers - %d", len(reply.Answer))
|
|
}
|
|
if a, ok := reply.Answer[0].(*dns.A); ok {
|
|
if !net.ParseIP(ip).Equal(a.A) {
|
|
t.Fatalf("DNS server returned wrong answer instead of %s: %v", ip, a.A)
|
|
}
|
|
} else {
|
|
t.Fatalf("DNS server returned wrong answer type instead of A: %v", reply.Answer[0])
|
|
}
|
|
}
|
|
|
|
func publicKey(priv interface{}) interface{} {
|
|
switch k := priv.(type) {
|
|
case *rsa.PrivateKey:
|
|
return &k.PublicKey
|
|
case *ecdsa.PrivateKey:
|
|
return &k.PublicKey
|
|
default:
|
|
return nil
|
|
}
|
|
}
|
|
|
|
func TestValidateUpstream(t *testing.T) {
|
|
invalidUpstreams := []string{
|
|
"1.2.3.4.5",
|
|
"123.3.7m",
|
|
"htttps://google.com/dns-query",
|
|
"[/host.com]tls://dns.adguard.com",
|
|
"[host.ru]#",
|
|
}
|
|
|
|
validDefaultUpstreams := []string{
|
|
"1.1.1.1",
|
|
"tls://1.1.1.1",
|
|
"https://dns.adguard.com/dns-query",
|
|
"sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
|
}
|
|
|
|
validUpstreams := []string{
|
|
"[/host.com/]1.1.1.1",
|
|
"[//]tls://1.1.1.1",
|
|
"[/www.host.com/]#",
|
|
"[/host.com/google.com/]8.8.8.8",
|
|
"[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
|
}
|
|
for _, u := range invalidUpstreams {
|
|
_, err := validateUpstream(u)
|
|
if err == nil {
|
|
t.Fatalf("upstream %s is invalid but it pass through validation", u)
|
|
}
|
|
}
|
|
|
|
for _, u := range validDefaultUpstreams {
|
|
defaultUpstream, err := validateUpstream(u)
|
|
if err != nil {
|
|
t.Fatalf("upstream %s is valid but it doen't pass through validation cause: %s", u, err)
|
|
}
|
|
if !defaultUpstream {
|
|
t.Fatalf("upstream %s is default one!", u)
|
|
}
|
|
}
|
|
|
|
for _, u := range validUpstreams {
|
|
defaultUpstream, err := validateUpstream(u)
|
|
if err != nil {
|
|
t.Fatalf("upstream %s is valid but it doen't pass through validation cause: %s", u, err)
|
|
}
|
|
if defaultUpstream {
|
|
t.Fatalf("upstream %s is default one!", u)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestValidateUpstreamsSet(t *testing.T) {
|
|
// Empty upstreams array
|
|
var upstreamsSet []string
|
|
err := ValidateUpstreams(upstreamsSet)
|
|
assert.Nil(t, err, "empty upstreams array should be valid")
|
|
|
|
// Comment in upstreams array
|
|
upstreamsSet = []string{"# comment"}
|
|
err = ValidateUpstreams(upstreamsSet)
|
|
assert.Nil(t, err, "comments should not be validated")
|
|
|
|
// Set of valid upstreams. There is no default upstream specified
|
|
upstreamsSet = []string{
|
|
"[/host.com/]1.1.1.1",
|
|
"[//]tls://1.1.1.1",
|
|
"[/www.host.com/]#",
|
|
"[/host.com/google.com/]8.8.8.8",
|
|
"[/host/]sdns://AQMAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
|
|
}
|
|
err = ValidateUpstreams(upstreamsSet)
|
|
assert.NotNil(t, err, "there is no default upstream")
|
|
|
|
// Let's add default upstream
|
|
upstreamsSet = append(upstreamsSet, "8.8.8.8")
|
|
err = ValidateUpstreams(upstreamsSet)
|
|
assert.Nilf(t, err, "upstreams set is valid, but doesn't pass through validation cause: %s", err)
|
|
|
|
// Let's add invalid upstream
|
|
upstreamsSet = append(upstreamsSet, "dhcp://fake.dns")
|
|
err = ValidateUpstreams(upstreamsSet)
|
|
assert.NotNil(t, err, "there is an invalid upstream in set, but it pass through validation")
|
|
}
|
|
|
|
func TestIPStringFromAddr(t *testing.T) {
|
|
addr := net.UDPAddr{}
|
|
addr.IP = net.ParseIP("1:2:3::4")
|
|
addr.Port = 12345
|
|
addr.Zone = "eth0"
|
|
assert.Equal(t, IPStringFromAddr(&addr), net.ParseIP("1:2:3::4").String())
|
|
|
|
assert.Empty(t, IPStringFromAddr(nil))
|
|
}
|
|
|
|
func TestMatchDNSName(t *testing.T) {
|
|
dnsNames := []string{"host1", "*.host2", "1.2.3.4"}
|
|
sort.Strings(dnsNames)
|
|
assert.True(t, matchDNSName(dnsNames, "host1"))
|
|
assert.True(t, matchDNSName(dnsNames, "a.host2"))
|
|
assert.True(t, matchDNSName(dnsNames, "b.a.host2"))
|
|
assert.True(t, matchDNSName(dnsNames, "1.2.3.4"))
|
|
assert.False(t, matchDNSName(dnsNames, "host2"))
|
|
assert.False(t, matchDNSName(dnsNames, ""))
|
|
assert.False(t, matchDNSName(dnsNames, "*.host2"))
|
|
}
|
|
|
|
type testDHCP struct{}
|
|
|
|
func (d *testDHCP) Leases(flags int) []dhcpd.Lease {
|
|
l := dhcpd.Lease{}
|
|
l.IP = net.IP{127, 0, 0, 1}
|
|
l.HWAddr, _ = net.ParseMAC("aa:aa:aa:aa:aa:aa")
|
|
l.Hostname = "localhost"
|
|
return []dhcpd.Lease{l}
|
|
}
|
|
func (d *testDHCP) SetOnLeaseChanged(onLeaseChanged dhcpd.OnLeaseChangedT) {}
|
|
|
|
func TestPTRResponseFromDHCPLeases(t *testing.T) {
|
|
dhcp := &testDHCP{}
|
|
|
|
c := dnsfilter.Config{}
|
|
f := dnsfilter.New(&c, nil)
|
|
s := NewServer(DNSCreateParams{DNSFilter: f, DHCPServer: dhcp})
|
|
s.conf.UDPListenAddr = &net.UDPAddr{Port: 0}
|
|
s.conf.TCPListenAddr = &net.TCPAddr{Port: 0}
|
|
s.conf.UpstreamDNS = []string{"127.0.0.1:53"}
|
|
s.conf.FilteringConfig.ProtectionEnabled = true
|
|
err := s.Prepare(nil)
|
|
assert.Nil(t, err)
|
|
assert.Nil(t, s.Start())
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
req := createTestMessage("1.0.0.127.in-addr.arpa.")
|
|
req.Question[0].Qtype = dns.TypePTR
|
|
|
|
resp, err := dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Len(t, resp.Answer, 1)
|
|
assert.Equal(t, dns.TypePTR, resp.Answer[0].Header().Rrtype)
|
|
assert.Equal(t, "1.0.0.127.in-addr.arpa.", resp.Answer[0].Header().Name)
|
|
ptr := resp.Answer[0].(*dns.PTR)
|
|
assert.Equal(t, "localhost.", ptr.Ptr)
|
|
|
|
s.Close()
|
|
}
|
|
|
|
func TestPTRResponseFromHosts(t *testing.T) {
|
|
c := dnsfilter.Config{
|
|
AutoHosts: &util.AutoHosts{},
|
|
}
|
|
|
|
// Prepare test hosts file
|
|
hf, _ := ioutil.TempFile("", "")
|
|
defer func() { _ = os.Remove(hf.Name()) }()
|
|
defer hf.Close()
|
|
|
|
_, _ = hf.WriteString(" 127.0.0.1 host # comment \n")
|
|
_, _ = hf.WriteString(" ::1 localhost#comment \n")
|
|
|
|
// Init auto hosts
|
|
c.AutoHosts.Init(hf.Name())
|
|
defer c.AutoHosts.Close()
|
|
|
|
f := dnsfilter.New(&c, nil)
|
|
s := NewServer(DNSCreateParams{DNSFilter: f})
|
|
s.conf.UDPListenAddr = &net.UDPAddr{Port: 0}
|
|
s.conf.TCPListenAddr = &net.TCPAddr{Port: 0}
|
|
s.conf.UpstreamDNS = []string{"127.0.0.1:53"}
|
|
s.conf.FilteringConfig.ProtectionEnabled = true
|
|
err := s.Prepare(nil)
|
|
assert.Nil(t, err)
|
|
assert.Nil(t, s.Start())
|
|
|
|
addr := s.dnsProxy.Addr(proxy.ProtoUDP)
|
|
req := createTestMessage("1.0.0.127.in-addr.arpa.")
|
|
req.Question[0].Qtype = dns.TypePTR
|
|
|
|
resp, err := dns.Exchange(req, addr.String())
|
|
assert.Nil(t, err)
|
|
assert.Len(t, resp.Answer, 1)
|
|
assert.Equal(t, dns.TypePTR, resp.Answer[0].Header().Rrtype)
|
|
assert.Equal(t, "1.0.0.127.in-addr.arpa.", resp.Answer[0].Header().Name)
|
|
ptr := resp.Answer[0].(*dns.PTR)
|
|
assert.Equal(t, "host.", ptr.Ptr)
|
|
|
|
s.Close()
|
|
}
|