Add require_nolog and require_dnssec filters
This commit is contained in:
parent
fd7838ee58
commit
41a9bf5bf3
|
@ -13,35 +13,38 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type Config struct {
|
type Config struct {
|
||||||
ServerNames []string `toml:"server_names"`
|
ServerNames []string `toml:"server_names"`
|
||||||
ListenAddresses []string `toml:"listen_addresses"`
|
ListenAddresses []string `toml:"listen_addresses"`
|
||||||
Daemonize bool
|
Daemonize bool
|
||||||
ForceTCP bool `toml:"force_tcp"`
|
ForceTCP bool `toml:"force_tcp"`
|
||||||
Timeout int `toml:"timeout_ms"`
|
Timeout int `toml:"timeout_ms"`
|
||||||
CertRefreshDelay int `toml:"cert_refresh_delay"`
|
CertRefreshDelay int `toml:"cert_refresh_delay"`
|
||||||
BlockIPv6 bool `toml:"block_ipv6"`
|
BlockIPv6 bool `toml:"block_ipv6"`
|
||||||
Cache bool
|
Cache bool
|
||||||
CacheSize int `toml:"cache_size"`
|
CacheSize int `toml:"cache_size"`
|
||||||
CacheNegTTL uint32 `toml:"cache_neg_ttl"`
|
CacheNegTTL uint32 `toml:"cache_neg_ttl"`
|
||||||
CacheMinTTL uint32 `toml:"cache_min_ttl"`
|
CacheMinTTL uint32 `toml:"cache_min_ttl"`
|
||||||
CacheMaxTTL uint32 `toml:"cache_max_ttl"`
|
CacheMaxTTL uint32 `toml:"cache_max_ttl"`
|
||||||
QueryLog QueryLogConfig `toml:"query_log"`
|
QueryLog QueryLogConfig `toml:"query_log"`
|
||||||
BlockName BlockNameConfig `toml:"blacklist"`
|
BlockName BlockNameConfig `toml:"blacklist"`
|
||||||
ForwardFile string `toml:"forwarding_rules"`
|
ForwardFile string `toml:"forwarding_rules"`
|
||||||
ServersConfig map[string]ServerConfig `toml:"servers"`
|
ServersConfig map[string]ServerConfig `toml:"servers"`
|
||||||
SourcesConfig map[string]SourceConfig `toml:"sources"`
|
SourcesConfig map[string]SourceConfig `toml:"sources"`
|
||||||
|
SourceRequireDNSSEC bool `toml:"require_dnssec"`
|
||||||
|
SourceRequireNoLog bool `toml:"require_nolog"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func newConfig() Config {
|
func newConfig() Config {
|
||||||
return Config{
|
return Config{
|
||||||
ListenAddresses: []string{"127.0.0.1:53"},
|
ListenAddresses: []string{"127.0.0.1:53"},
|
||||||
Timeout: 2500,
|
Timeout: 2500,
|
||||||
CertRefreshDelay: 30,
|
CertRefreshDelay: 30,
|
||||||
Cache: true,
|
Cache: true,
|
||||||
CacheSize: 256,
|
CacheSize: 256,
|
||||||
CacheNegTTL: 60,
|
CacheNegTTL: 60,
|
||||||
CacheMinTTL: 60,
|
CacheMinTTL: 60,
|
||||||
CacheMaxTTL: 8600,
|
CacheMaxTTL: 8600,
|
||||||
|
SourceRequireNoLog: true,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -50,8 +53,8 @@ type ServerConfig struct {
|
||||||
ProviderName string `toml:"provider_name"`
|
ProviderName string `toml:"provider_name"`
|
||||||
Address string
|
Address string
|
||||||
PublicKey string `toml:"public_key"`
|
PublicKey string `toml:"public_key"`
|
||||||
NoLog bool `toml:"no_log"`
|
|
||||||
DNSSEC bool `toml:"dnssec"`
|
DNSSEC bool `toml:"dnssec"`
|
||||||
|
NoLog bool `toml:"no_log"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type SourceConfig struct {
|
type SourceConfig struct {
|
||||||
|
@ -131,6 +134,15 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
||||||
proxy.blockNameLogFile = config.BlockName.LogFile
|
proxy.blockNameLogFile = config.BlockName.LogFile
|
||||||
|
|
||||||
proxy.forwardFile = config.ForwardFile
|
proxy.forwardFile = config.ForwardFile
|
||||||
|
|
||||||
|
requiredProps := ServerInformalProperties(0)
|
||||||
|
if config.SourceRequireDNSSEC {
|
||||||
|
requiredProps |= ServerInformalPropertyDNSSEC
|
||||||
|
}
|
||||||
|
if config.SourceRequireNoLog {
|
||||||
|
requiredProps |= ServerInformalPropertyNoLog
|
||||||
|
}
|
||||||
|
|
||||||
for sourceName, source := range config.SourcesConfig {
|
for sourceName, source := range config.SourcesConfig {
|
||||||
if source.URL == "" {
|
if source.URL == "" {
|
||||||
return fmt.Errorf("Missing URL for source [%s]", sourceName)
|
return fmt.Errorf("Missing URL for source [%s]", sourceName)
|
||||||
|
@ -158,7 +170,11 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
for _, registeredServer := range registeredServers {
|
for _, registeredServer := range registeredServers {
|
||||||
if len(config.ServerNames) > 0 && !includesName(config.ServerNames, registeredServer.name) {
|
if len(config.ServerNames) > 0 {
|
||||||
|
if !includesName(config.ServerNames, registeredServer.name) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
} else if registeredServer.stamp.props&requiredProps != requiredProps {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
dlog.Infof("Adding [%s] to the set of wanted resolvers", registeredServer.name)
|
dlog.Infof("Adding [%s] to the set of wanted resolvers", registeredServer.name)
|
||||||
|
@ -180,7 +196,14 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
||||||
if len(serverConfig.Stamp) > 0 {
|
if len(serverConfig.Stamp) > 0 {
|
||||||
dlog.Fatal("Stamps are not implemented yet")
|
dlog.Fatal("Stamps are not implemented yet")
|
||||||
} else {
|
} else {
|
||||||
stamp, err = NewServerStampFromLegacy(serverConfig.Address, serverConfig.PublicKey, serverConfig.ProviderName)
|
props := ServerInformalProperties(0)
|
||||||
|
if serverConfig.DNSSEC {
|
||||||
|
props |= ServerInformalPropertyDNSSEC
|
||||||
|
}
|
||||||
|
if serverConfig.NoLog {
|
||||||
|
props |= ServerInformalPropertyNoLog
|
||||||
|
}
|
||||||
|
stamp, err = NewServerStampFromLegacy(serverConfig.Address, serverConfig.PublicKey, serverConfig.ProviderName, props)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,15 @@
|
||||||
listen_addresses = ["127.0.0.1:53", "[::1]:53"]
|
listen_addresses = ["127.0.0.1:53", "[::1]:53"]
|
||||||
|
|
||||||
|
|
||||||
|
## Require servers defined by remote sources to satisfy specific properties
|
||||||
|
|
||||||
|
# Server must support DNS security extensions
|
||||||
|
require_dnssec = false
|
||||||
|
|
||||||
|
# Server must not log user queries
|
||||||
|
require_nolog = true
|
||||||
|
|
||||||
|
|
||||||
## Whether to the server as a background process (linux only)
|
## Whether to the server as a background process (linux only)
|
||||||
## Do not set to true if you are using systemd
|
## Do not set to true if you are using systemd
|
||||||
|
|
||||||
|
|
|
@ -19,10 +19,18 @@ const (
|
||||||
DefaultPort = 443
|
DefaultPort = 443
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type ServerInformalProperties uint64
|
||||||
|
|
||||||
|
const (
|
||||||
|
ServerInformalPropertyDNSSEC = ServerInformalProperties(1) << 0
|
||||||
|
ServerInformalPropertyNoLog = ServerInformalProperties(1) << 1
|
||||||
|
)
|
||||||
|
|
||||||
type ServerStamp struct {
|
type ServerStamp struct {
|
||||||
serverAddrStr string
|
serverAddrStr string
|
||||||
serverPkStr string
|
serverPkStr string
|
||||||
providerName string
|
providerName string
|
||||||
|
props ServerInformalProperties
|
||||||
}
|
}
|
||||||
|
|
||||||
type RegisteredServer struct {
|
type RegisteredServer struct {
|
||||||
|
@ -30,7 +38,7 @@ type RegisteredServer struct {
|
||||||
stamp ServerStamp
|
stamp ServerStamp
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewServerStampFromLegacy(serverAddrStr string, serverPkStr string, providerName string) (ServerStamp, error) {
|
func NewServerStampFromLegacy(serverAddrStr string, serverPkStr string, providerName string, props ServerInformalProperties) (ServerStamp, error) {
|
||||||
if net.ParseIP(serverAddrStr) != nil {
|
if net.ParseIP(serverAddrStr) != nil {
|
||||||
serverAddrStr = fmt.Sprintf("%s:%d", serverAddrStr, DefaultPort)
|
serverAddrStr = fmt.Sprintf("%s:%d", serverAddrStr, DefaultPort)
|
||||||
}
|
}
|
||||||
|
@ -38,6 +46,7 @@ func NewServerStampFromLegacy(serverAddrStr string, serverPkStr string, provider
|
||||||
serverAddrStr: serverAddrStr,
|
serverAddrStr: serverAddrStr,
|
||||||
serverPkStr: serverPkStr,
|
serverPkStr: serverPkStr,
|
||||||
providerName: providerName,
|
providerName: providerName,
|
||||||
|
props: props,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -145,7 +145,14 @@ func (source *Source) Parse() ([]RegisteredServer, error) {
|
||||||
serverAddrStr := record[10]
|
serverAddrStr := record[10]
|
||||||
providerName := record[11]
|
providerName := record[11]
|
||||||
serverPkStr := record[12]
|
serverPkStr := record[12]
|
||||||
stamp, err := NewServerStampFromLegacy(serverAddrStr, serverPkStr, providerName)
|
props := ServerInformalProperties(0)
|
||||||
|
if strings.EqualFold(record[7], "yes") {
|
||||||
|
props |= ServerInformalPropertyDNSSEC
|
||||||
|
}
|
||||||
|
if strings.EqualFold(record[8], "yes") {
|
||||||
|
props |= ServerInformalPropertyNoLog
|
||||||
|
}
|
||||||
|
stamp, err := NewServerStampFromLegacy(serverAddrStr, serverPkStr, providerName, props)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return registeredServers, err
|
return registeredServers, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue