dnscrypt-proxy/dnscrypt-proxy/plugin_block_ipv6.go

package main

import (
	"strings"

	"github.com/miekg/dns"
)

type PluginBlockIPv6 struct{}

func (plugin *PluginBlockIPv6) Name() string {
	return "block_ipv6"
}

func (plugin *PluginBlockIPv6) Description() string {
	return "Immediately return a synthetic response to AAAA queries."
}

func (plugin *PluginBlockIPv6) Init(proxy *Proxy) error {
	return nil
}

func (plugin *PluginBlockIPv6) Drop() error {
	return nil
}

func (plugin *PluginBlockIPv6) Reload() error {
	return nil
}

func (plugin *PluginBlockIPv6) Eval(pluginsState *PluginsState, msg *dns.Msg) error {
	question := msg.Question[0]
	if question.Qclass != dns.ClassINET || question.Qtype != dns.TypeAAAA {
		return nil
	}
	synth := EmptyResponseFromMessage(msg)
	hinfo := new(dns.HINFO)
	hinfo.Hdr = dns.RR_Header{
		Name: question.Name, Rrtype: dns.TypeHINFO,
		Class: dns.ClassINET, Ttl: 86400,
	}
	hinfo.Cpu = "AAAA queries have been locally blocked by dnscrypt-proxy"
	hinfo.Os = "Set block_ipv6 to false to disable that feature"
	synth.Answer = []dns.RR{hinfo}
	qName := question.Name
	i := strings.Index(qName, ".")
	parentZone := "."
	if !(i < 0 || i+1 >= len(qName)) {
		parentZone = qName[i+1:]
	}
	soa := new(dns.SOA)
	soa.Mbox = "h.invalid."
	soa.Ns = "a.root-servers.net."
	soa.Serial = 1
	soa.Refresh = 10000
	soa.Minttl = 2400
	soa.Expire = 604800
	soa.Retry = 300
	soa.Hdr = dns.RR_Header{
		Name: parentZone, Rrtype: dns.TypeSOA,
		Class: dns.ClassINET, Ttl: 60,
	}
	synth.Ns = []dns.RR{soa}
	pluginsState.synthResponse = synth
	pluginsState.action = PluginsActionSynth
	pluginsState.returnCode = PluginsReturnCodeSynth
	return nil
}
Split plugins into individual files 2018-01-16 18:21:17 +01:00			`package main`

IPv6 blocking: add a synthetic SOA record 2018-05-10 10:39:21 +02:00			`import (`
			`"strings"`

			`"github.com/miekg/dns"`
			`)`
Split plugins into individual files 2018-01-16 18:21:17 +01:00
			`type PluginBlockIPv6 struct{}`

			`func (plugin *PluginBlockIPv6) Name() string {`
			`return "block_ipv6"`
			`}`

			`func (plugin *PluginBlockIPv6) Description() string {`
			`return "Immediately return a synthetic response to AAAA queries."`
			`}`

			`func (plugin PluginBlockIPv6) Init(proxy Proxy) error {`
			`return nil`
			`}`

			`func (plugin *PluginBlockIPv6) Drop() error {`
			`return nil`
			`}`

			`func (plugin *PluginBlockIPv6) Reload() error {`
			`return nil`
			`}`

			`func (plugin PluginBlockIPv6) Eval(pluginsState PluginsState, msg *dns.Msg) error {`
Store the normalized qName in the plugin state We now enforce the fact that a query always include a question. It holds true for all practical use cases of dnscrypt-proxy. This avoids quite a lot of redundant code in plugins, and is faster. 2019-12-17 09:38:53 +01:00			`question := msg.Question[0]`
Split plugins into individual files 2018-01-16 18:21:17 +01:00			`if question.Qclass != dns.ClassINET \|\| question.Qtype != dns.TypeAAAA {`
			`return nil`
			`}`
remove err return values that are never set 2019-11-01 16:37:33 +01:00			`synth := EmptyResponseFromMessage(msg)`
Slightly change the way we block ipv6 2018-01-20 22:30:36 +01:00			`hinfo := new(dns.HINFO)`
Format with gofumpt 2023-02-11 14:27:12 +01:00			`hinfo.Hdr = dns.RR_Header{`
			`Name: question.Name, Rrtype: dns.TypeHINFO,`
			`Class: dns.ClassINET, Ttl: 86400,`
			`}`
Slightly change the way we block ipv6 2018-01-20 22:30:36 +01:00			`hinfo.Cpu = "AAAA queries have been locally blocked by dnscrypt-proxy"`
this -> that 2021-06-08 01:14:11 +02:00			`hinfo.Os = "Set block_ipv6 to false to disable that feature"`
Slightly change the way we block ipv6 2018-01-20 22:30:36 +01:00			`synth.Answer = []dns.RR{hinfo}`
IPv6 blocking: add a synthetic SOA record 2018-05-10 10:39:21 +02:00			`qName := question.Name`
			`i := strings.Index(qName, ".")`
			`parentZone := "."`
			`if !(i < 0 \|\| i+1 >= len(qName)) {`
			`parentZone = qName[i+1:]`
			`}`
			`soa := new(dns.SOA)`
Synthetic SOAs can have constant serial/mail 2018-05-10 10:54:15 +02:00			`soa.Mbox = "h.invalid."`
Use a root server as the NS in synthetic SOA responses 2018-05-10 10:45:56 +02:00			`soa.Ns = "a.root-servers.net."`
Synthetic SOAs can have constant serial/mail 2018-05-10 10:54:15 +02:00			`soa.Serial = 1`
IPv6 blocking: add a synthetic SOA record 2018-05-10 10:39:21 +02:00			`soa.Refresh = 10000`
			`soa.Minttl = 2400`
			`soa.Expire = 604800`
			`soa.Retry = 300`
Format with gofumpt 2023-02-11 14:27:12 +01:00			`soa.Hdr = dns.RR_Header{`
			`Name: parentZone, Rrtype: dns.TypeSOA,`
			`Class: dns.ClassINET, Ttl: 60,`
			`}`
IPv6 blocking: add a synthetic SOA record 2018-05-10 10:39:21 +02:00			`synth.Ns = []dns.RR{soa}`
Revert "AAAA filter: Reject instead of sending an empty response" This reverts commit aceb8b30f71fd414c61e4301f784b38b369ab1a6. 2018-01-20 22:06:40 +01:00			`pluginsState.synthResponse = synth`
			`pluginsState.action = PluginsActionSynth`
Improved return codes 2018-06-04 23:18:28 +02:00			`pluginsState.returnCode = PluginsReturnCodeSynth`
Split plugins into individual files 2018-01-16 18:21:17 +01:00			`return nil`
			`}`