fold 'refused_code_in_responses' and 'respond_with_ip' options into a new option 'blocked_query_response'

dnscrypt-proxy/config.go

@@ -81,7 +81,7 @@ type Config struct {
 	OfflineMode              bool                       `toml:"offline_mode"`
 	HTTPProxyURL             string                     `toml:"http_proxy"`
 	RefusedCodeInResponses   bool                       `toml:"refused_code_in_responses"`
-	RespondWithIP            string                     `toml:"respond_with_ip"`
+	BlockedQueryResponse     string                     `toml:"blocked_query_response"`
 }
 
 func newConfig() Config {
@@ -118,6 +118,7 @@ func newConfig() Config {
 		OfflineMode:              false,
 		RefusedCodeInResponses:   false,
 		LBEstimator:              true,
+		BlockedQueryResponse:     "hinfo",
 	}
 }
 
@@ -291,8 +292,15 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
 
 	proxy.xTransport.rebuildTransport()
 
-	proxy.refusedCodeInResponses = config.RefusedCodeInResponses
-	proxy.respondWithIP = config.RespondWithIP
+	if md.IsDefined("refused_code_in_responses") {
+		dlog.Notice("config option `refused_code_in_responses` is deprecated, use `blocked_query_response`")
+		if config.RefusedCodeInResponses {
+			config.BlockedQueryResponse = "refused"
+		} else {
+			config.BlockedQueryResponse = "hinfo"
+		}
+	}
+	proxy.blockedQueryResponse = config.BlockedQueryResponse
 	proxy.timeout = time.Duration(config.Timeout) * time.Millisecond
 	proxy.maxClients = config.MaxClients
 	proxy.mainProto = "udp"

dnscrypt-proxy/example-dnscrypt-proxy.toml

@@ -111,17 +111,12 @@ timeout = 2500
 keepalive = 30
 
 
-## Use the REFUSED return code for blocked responses
-## Setting this to `false` means that some responses will be lies.
-## Unfortunately, `false` appears to be required for Android 8+
+## Response for blocked queries.  Options are `refused`, `hinfo` (default) or
+## an IP address (e.g. local pixelserv-tls server).  Using the `hinfo` option
+## means that some responses will be lies. Unfortunately, the `hinfo` option
+## appears to be required for Android 8+
 
-refused_code_in_responses = false
-
-## If refused_code_in_responses is `false`, use this optional setting
-## to redirect blocked respones to an IP address (e.g. pixelserv-tls)
-## instead of returning an HINFO record
-
-# respond_with_ip = '192.168.1.4'
+# blocked_query_response = 'refused'
 
 
 ## Load-balancing strategy: 'p2' (default), 'ph', 'first' or 'random'

dnscrypt-proxy/plugins.go

@@ -136,8 +136,21 @@ func InitPluginsGlobals(pluginsGlobals *PluginsGlobals, proxy *Proxy) error {
 	(*pluginsGlobals).queryPlugins = queryPlugins
 	(*pluginsGlobals).responsePlugins = responsePlugins
 	(*pluginsGlobals).loggingPlugins = loggingPlugins
-	(*pluginsGlobals).refusedCodeInResponses = proxy.refusedCodeInResponses
-	(*pluginsGlobals).respondWithIP = net.ParseIP(proxy.respondWithIP)
+
+	// blockedQueryResponse can be 'refused', 'hinfo' or an IP address
+	(*pluginsGlobals).respondWithIP = net.ParseIP(proxy.blockedQueryResponse)
+	if (*pluginsGlobals).respondWithIP == nil {
+		switch proxy.blockedQueryResponse {
+		case "refused":
+			(*pluginsGlobals).refusedCodeInResponses = true
+		case "hinfo":
+			(*pluginsGlobals).refusedCodeInResponses = false
+		default:
+			dlog.Noticef("Invalid blocked_query_response option [%s], defaulting to `hinfo`", proxy.blockedQueryResponse)
+			(*pluginsGlobals).refusedCodeInResponses = false
+		}
+	}
+
 	return nil
 }
 

dnscrypt-proxy/proxy.go

@@ -63,8 +63,7 @@ type Proxy struct {
 	logMaxSize                   int
 	logMaxAge                    int
 	logMaxBackups                int
-	refusedCodeInResponses       bool
-	respondWithIP                string
+	blockedQueryResponse         string
 	showCerts                    bool
 }