Accept relay names in routes, improve documentation

2019-10-20 14:19:21 +02:00 · 2019-10-20 14:19:21 +02:00 · 320197a00e
parent 535bce308c
commit 320197a00e
4 changed files with 60 additions and 16 deletions
--- a/dnscrypt-proxy/config.go
+++ b/dnscrypt-proxy/config.go
@ -485,9 +485,22 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
 		os.Exit(0)
 	}
 	if proxy.routes != nil && len(*proxy.routes) > 0 {
+		hasSpecificRoutes := false
 		for _, server := range proxy.registeredServers {
 			if via, ok := (*proxy.routes)[server.name]; ok {
-				dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via)
+				if server.stamp.Proto != stamps.StampProtoTypeDNSCrypt {
+					dlog.Errorf("DNS anonymization is only supported with the DNSCrypt protocol - Connections to [%v] cannot be anonymized", server.name)
+				} else {
+					dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via)
+				}
+				hasSpecificRoutes = true
+			}
+		}
+		if via, ok := (*proxy.routes)["*"]; ok {
+			if hasSpecificRoutes {
+				dlog.Noticef("Anonymized DNS: routing everything else via %v", via)
+			} else {
+				dlog.Noticef("Anonymized DNS: routing everything via %v", via)
 			}
 		}
 	}
@ -617,12 +630,14 @@ func (config *Config) loadSource(proxy *Proxy, requiredProps stamps.ServerInform
 		dlog.Warnf("Error in source [%s]: [%s] -- Continuing with reduced server count [%d]", cfgSourceName, err, len(registeredServers))
 	}
 	for _, registeredServer := range registeredServers {
-		if len(config.ServerNames) > 0 {
-			if !includesName(config.ServerNames, registeredServer.name) {
+		if registeredServer.stamp.Proto != stamps.StampProtoTypeDNSCryptRelay {
+			if len(config.ServerNames) > 0 {
+				if !includesName(config.ServerNames, registeredServer.name) {
+					continue
+				}
+			} else if registeredServer.stamp.Props&requiredProps != requiredProps {
 				continue
 			}
-		} else if registeredServer.stamp.Props&requiredProps != requiredProps {
-			continue
 		}
 		if includesName(config.DisabledServerNames, registeredServer.name) {
 			continue
@ -639,12 +654,17 @@ func (config *Config) loadSource(proxy *Proxy, requiredProps stamps.ServerInform
 				continue
 			}
 		}
-		if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) ||
-			(config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) {
-			continue
+		if registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCryptRelay {
+			dlog.Debugf("Adding [%s] to the set of available relays", registeredServer.name)
+			proxy.registeredRelays = append(proxy.registeredRelays, registeredServer)
+		} else {
+			if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) ||
+				(config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) {
+				continue
+			}
+			dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)
+			proxy.registeredServers = append(proxy.registeredServers, registeredServer)
 		}
-		dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)
-		proxy.registeredServers = append(proxy.registeredServers, registeredServer)
 	}
 	return nil
 }
--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@ -561,14 +561,28 @@ cache_neg_max_ttl = 600

 [anonymized_dns]

-## Define one or more routes, i.e. indirect ways to reach servers.
-## A set of possible relay servers is assigned to each DNS resolver.
+## Routes are indirect ways to reach DNSCrypt servers.
+##
+## A route maps a server name ("server_name") to one or more relays that will be
+## used to connect to that server.
+##
 ## A relay can be specified as a DNS Stamp (either a relay stamp, or a
-## DNSCrypt stamp), an IP:port, a hostname:port, or a server name, if
-## the server is in the servers_list.
+## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
+##
+## The following example routes "comodo-02" via `anon-kama` or `anon-ibksturm`,
+## and "quad9-dnscrypt-ip4-nofilter-pri" via the relay whose relay DNS stamp
+## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
+## These are just example routes. Review the list of available relays from the
+## "relays.md` file, and, for each server you want to use, define the relays you
+## want connections to go through.
+##
+## Carefully choose relays and servers so that the are run by different entities.
+##
+## "server_name" can also be set to "*" to define a default route, but this is not
+## recommended. if you do so, keep "server_names" short and distinct from relays.

 # routes = [
-#    { server_name='comodo-02', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] },
+#    { server_name='comodo-02', via=['anon-kama', 'anon-ibksturm'] },
 #    { server_name='quad9-dnscrypt-ip4-nofilter-pri', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
 # ]

--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@ -33,6 +33,7 @@ type Proxy struct {
 	listenAddresses              []string
 	daemonize                    bool
 	registeredServers            []RegisteredServer
+	registeredRelays             []RegisteredServer
 	pluginBlockIPv6              bool
 	cache                        bool
 	cacheSize                    int
--- a/dnscrypt-proxy/serversInfo.go
+++ b/dnscrypt-proxy/serversInfo.go
@ -231,6 +231,9 @@ func route(proxy *Proxy, name string) (*net.UDPAddr, *net.TCPAddr, error) {
 		return nil, nil, nil
 	}
 	relayNames, ok := (*routes)[name]
+	if !ok {
+		relayNames, ok = (*routes)["*"]
+	}
 	if !ok {
 		return nil, nil, nil
 	}
@ -250,9 +253,16 @@ func route(proxy *Proxy, name string) (*net.UDPAddr, *net.TCPAddr, error) {
 			Proto:         stamps.StampProtoTypeDNSCryptRelay,
 		}
 	} else {
+		for _, registeredServer := range proxy.registeredRelays {
+			if registeredServer.name == relayName {
+				relayCandidateStamp = &registeredServer.stamp
+				break
+			}
+		}
 		for _, registeredServer := range proxy.registeredServers {
 			if registeredServer.name == relayName {
 				relayCandidateStamp = &registeredServer.stamp
+				break
 			}
 		}
 	}
@ -285,7 +295,6 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
 	}
 	relayUDPAddr, relayTCPAddr, err := route(proxy, name)
 	if err != nil {
-		dlog.Error(err)
 		return ServerInfo{}, err
 	}
 	certInfo, rtt, err := FetchCurrentDNSCryptCert(proxy, &name, proxy.mainProto, stamp.ServerPk, stamp.ServerAddrStr, stamp.ProviderName, isNew, relayUDPAddr, relayTCPAddr)