Add an option to ignore servers incompatible with anonymization
This commit is contained in:
parent
7621737dde
commit
5049516f53
|
@ -193,7 +193,8 @@ type AnonymizedDNSRouteConfig struct {
|
|||
}
|
||||
|
||||
type AnonymizedDNSConfig struct {
|
||||
Routes []AnonymizedDNSRouteConfig `toml:"routes"`
|
||||
Routes []AnonymizedDNSRouteConfig `toml:"routes"`
|
||||
SkipIncompatible bool `toml:"skip_incompatible"`
|
||||
}
|
||||
|
||||
type BrokenImplementationsConfig struct {
|
||||
|
@ -498,6 +499,8 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
|
|||
}
|
||||
proxy.routes = &routes
|
||||
}
|
||||
proxy.skipAnonIncompatbibleResolvers = config.AnonymizedDNS.SkipIncompatible
|
||||
|
||||
configClientCreds := config.TLSClientAuth.Creds
|
||||
creds := make(map[string]DOHClientCreds)
|
||||
for _, configClientCred := range configClientCreds {
|
||||
|
|
|
@ -643,6 +643,7 @@ larger_responses_dropped = ['quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4
|
|||
|
||||
|
||||
|
||||
|
||||
################################
|
||||
# TLS Client Authentication #
|
||||
################################
|
||||
|
@ -692,6 +693,13 @@ larger_responses_dropped = ['quad9-dnscrypt-ip4-filter-alt', 'quad9-dnscrypt-ip4
|
|||
# ]
|
||||
|
||||
|
||||
# skip resolvers incompatible with anonymization instead of using them directly
|
||||
|
||||
skip_incompatible = false
|
||||
|
||||
|
||||
|
||||
|
||||
## Optional, local, static list of additional servers
|
||||
## Mostly useful for testing your own servers.
|
||||
|
||||
|
|
|
@ -79,6 +79,7 @@ type Proxy struct {
|
|||
serversDroppingLargerResponses []string
|
||||
showCerts bool
|
||||
dohCreds *map[string]DOHClientCreds
|
||||
skipAnonIncompatbibleResolvers bool
|
||||
}
|
||||
|
||||
func (proxy *Proxy) addDNSListener(listenAddrStr string) {
|
||||
|
|
|
@ -346,6 +346,9 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
|
|||
if knownBugs.fragmentsBlocked && (relayUDPAddr != nil || relayTCPAddr != nil) {
|
||||
dlog.Warnf("[%v] is incompatible with anonymization", name)
|
||||
relayTCPAddr, relayUDPAddr = nil, nil
|
||||
if proxy.skipAnonIncompatbibleResolvers {
|
||||
return ServerInfo{}, errors.New("Resolver is incompatible with anonymization")
|
||||
}
|
||||
}
|
||||
if err != nil {
|
||||
return ServerInfo{}, err
|
||||
|
|
Loading…
Reference in New Issue