miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Accept relay names in routes, improve documentation

This commit is contained in:
Frank Denis 2019-10-20 14:19:21 +02:00
parent 535bce308c
commit 320197a00e
4 changed files with 60 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
dnscrypt-proxy/config.go
View File

@ -485,9 +485,22 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
os.Exit(0) os.Exit(0)
} }
if proxy.routes != nil && len(*proxy.routes) > 0 { if proxy.routes != nil && len(*proxy.routes) > 0 {
hasSpecificRoutes := false
for _, server := range proxy.registeredServers { for _, server := range proxy.registeredServers {
if via, ok := (*proxy.routes)[server.name]; ok { if via, ok := (*proxy.routes)[server.name]; ok {
dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via) if server.stamp.Proto != stamps.StampProtoTypeDNSCrypt {
dlog.Errorf("DNS anonymization is only supported with the DNSCrypt protocol - Connections to [%v] cannot be anonymized", server.name)
} else {
dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via)
}
hasSpecificRoutes = true
}
}
if via, ok := (*proxy.routes)["*"]; ok {
if hasSpecificRoutes {
dlog.Noticef("Anonymized DNS: routing everything else via %v", via)
} else {
dlog.Noticef("Anonymized DNS: routing everything via %v", via)
} }
} }
} }
@ -617,12 +630,14 @@ func (config *Config) loadSource(proxy *Proxy, requiredProps stamps.ServerInform
dlog.Warnf("Error in source [%s]: [%s] -- Continuing with reduced server count [%d]", cfgSourceName, err, len(registeredServers)) dlog.Warnf("Error in source [%s]: [%s] -- Continuing with reduced server count [%d]", cfgSourceName, err, len(registeredServers))
} }
for _, registeredServer := range registeredServers { for _, registeredServer := range registeredServers {
if len(config.ServerNames) > 0 { if registeredServer.stamp.Proto != stamps.StampProtoTypeDNSCryptRelay {
if !includesName(config.ServerNames, registeredServer.name) { if len(config.ServerNames) > 0 {
if !includesName(config.ServerNames, registeredServer.name) {
continue
}
} else if registeredServer.stamp.Props&requiredProps != requiredProps {
continue continue
} }
} else if registeredServer.stamp.Props&requiredProps != requiredProps {
continue
} }
if includesName(config.DisabledServerNames, registeredServer.name) { if includesName(config.DisabledServerNames, registeredServer.name) {
continue continue
@ -639,12 +654,17 @@ func (config *Config) loadSource(proxy *Proxy, requiredProps stamps.ServerInform
continue continue
} }
} }
if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) || if registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCryptRelay {
(config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) { dlog.Debugf("Adding [%s] to the set of available relays", registeredServer.name)
continue proxy.registeredRelays = append(proxy.registeredRelays, registeredServer)
} else {
if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) ||
(config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) {
continue
}
dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)
proxy.registeredServers = append(proxy.registeredServers, registeredServer)
} }
dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)
proxy.registeredServers = append(proxy.registeredServers, registeredServer)
} }
return nil return nil
} }

24
dnscrypt-proxy/example-dnscrypt-proxy.toml
View File

@ -561,14 +561,28 @@ cache_neg_max_ttl = 600
[anonymized_dns] [anonymized_dns]
## Define one or more routes, i.e. indirect ways to reach servers. ## Routes are indirect ways to reach DNSCrypt servers.
## A set of possible relay servers is assigned to each DNS resolver. ##
## A route maps a server name ("server_name") to one or more relays that will be
## used to connect to that server.
##
## A relay can be specified as a DNS Stamp (either a relay stamp, or a ## A relay can be specified as a DNS Stamp (either a relay stamp, or a
## DNSCrypt stamp), an IP:port, a hostname:port, or a server name, if ## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
## the server is in the servers_list. ##
## The following example routes "comodo-02" via `anon-kama` or `anon-ibksturm`,
## and "quad9-dnscrypt-ip4-nofilter-pri" via the relay whose relay DNS stamp
## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
## These are just example routes. Review the list of available relays from the
## "relays.md` file, and, for each server you want to use, define the relays you
## want connections to go through.
##
## Carefully choose relays and servers so that the are run by different entities.
##
## "server_name" can also be set to "*" to define a default route, but this is not
## recommended. if you do so, keep "server_names" short and distinct from relays.
# routes = [ # routes = [
# { server_name='comodo-02', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }, # { server_name='comodo-02', via=['anon-kama', 'anon-ibksturm'] },
# { server_name='quad9-dnscrypt-ip4-nofilter-pri', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] } # { server_name='quad9-dnscrypt-ip4-nofilter-pri', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
# ] # ]

1
dnscrypt-proxy/proxy.go
View File

@ -33,6 +33,7 @@ type Proxy struct {
listenAddresses []string listenAddresses []string
daemonize bool daemonize bool
registeredServers []RegisteredServer registeredServers []RegisteredServer
registeredRelays []RegisteredServer
pluginBlockIPv6 bool pluginBlockIPv6 bool
cache bool cache bool
cacheSize int cacheSize int

11
dnscrypt-proxy/serversInfo.go
View File

@ -231,6 +231,9 @@ func route(proxy *Proxy, name string) (*net.UDPAddr, *net.TCPAddr, error) {
return nil, nil, nil return nil, nil, nil
} }
relayNames, ok := (*routes)[name] relayNames, ok := (*routes)[name]
if !ok {
relayNames, ok = (*routes)["*"]
}
if !ok { if !ok {
return nil, nil, nil return nil, nil, nil
} }
@ -250,9 +253,16 @@ func route(proxy *Proxy, name string) (*net.UDPAddr, *net.TCPAddr, error) {
Proto: stamps.StampProtoTypeDNSCryptRelay, Proto: stamps.StampProtoTypeDNSCryptRelay,
} }
} else { } else {
for _, registeredServer := range proxy.registeredRelays {
if registeredServer.name == relayName {
relayCandidateStamp = &registeredServer.stamp
break
}
}
for _, registeredServer := range proxy.registeredServers { for _, registeredServer := range proxy.registeredServers {
if registeredServer.name == relayName { if registeredServer.name == relayName {
relayCandidateStamp = &registeredServer.stamp relayCandidateStamp = &registeredServer.stamp
break
} }
} }
} }
@ -285,7 +295,6 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
} }
relayUDPAddr, relayTCPAddr, err := route(proxy, name) relayUDPAddr, relayTCPAddr, err := route(proxy, name)
if err != nil { if err != nil {
dlog.Error(err)
return ServerInfo{}, err return ServerInfo{}, err
} }
certInfo, rtt, err := FetchCurrentDNSCryptCert(proxy, &name, proxy.mainProto, stamp.ServerPk, stamp.ServerAddrStr, stamp.ProviderName, isNew, relayUDPAddr, relayTCPAddr) certInfo, rtt, err := FetchCurrentDNSCryptCert(proxy, &name, proxy.mainProto, stamp.ServerPk, stamp.ServerAddrStr, stamp.ProviderName, isNew, relayUDPAddr, relayTCPAddr)