diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index aa680256..3f22c11d 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -52,7 +52,7 @@ type Config struct { CacheNegMaxTTL uint32 `toml:"cache_neg_max_ttl"` CacheMinTTL uint32 `toml:"cache_min_ttl"` CacheMaxTTL uint32 `toml:"cache_max_ttl"` - NegTTL uint32 `toml:"neg_ttl"` + RejectTTL uint32 `toml:"reject_ttl"` CloakTTL uint32 `toml:"cloak_ttl"` QueryLog QueryLogConfig `toml:"query_log"` NxLog NxLogConfig `toml:"nx_log"` @@ -105,7 +105,7 @@ func newConfig() Config { CacheNegMaxTTL: 600, CacheMinTTL: 60, CacheMaxTTL: 86400, - NegTTL: 600, + RejectTTL: 600, CloakTTL: 600, SourceRequireNoLog: true, SourceRequireNoFilter: true, @@ -369,7 +369,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error { proxy.cacheMinTTL = config.CacheMinTTL proxy.cacheMaxTTL = config.CacheMaxTTL - proxy.negTTL = config.NegTTL + proxy.rejectTTL = config.RejectTTL proxy.cloakTTL = config.CloakTTL proxy.queryMeta = config.QueryMeta diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml index 3d6a1190..41bf1081 100644 --- a/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -266,6 +266,12 @@ log_files_max_backups = 1 block_ipv6 = false +## TTL for synthetic responses sent when a request has been blocked (due to +## IPv6 or blacklists). + +reject_ttl = 600 + + ################################################################################## # Route queries for specific domains to a dedicated set of servers # @@ -331,9 +337,7 @@ cache_neg_min_ttl = 60 cache_neg_max_ttl = 600 -## TTL when dnscryp-proxy does reject entry -# neg_ttl = 600 ############################### # Query logging # diff --git a/dnscrypt-proxy/plugins.go b/dnscrypt-proxy/plugins.go index 17db157e..45e1f344 100644 --- a/dnscrypt-proxy/plugins.go +++ b/dnscrypt-proxy/plugins.go @@ -76,7 +76,7 @@ type PluginsState struct { cacheNegMaxTTL uint32 cacheMinTTL uint32 cacheMaxTTL uint32 - negTTL uint32 + rejectTTL uint32 questionMsg *dns.Msg requestStart time.Time requestEnd time.Time @@ -222,7 +222,7 @@ func NewPluginsState(proxy *Proxy, clientProto string, clientAddr *net.Addr, sta cacheNegMaxTTL: proxy.cacheNegMaxTTL, cacheMinTTL: proxy.cacheMinTTL, cacheMaxTTL: proxy.cacheMaxTTL, - negTTL: proxy.negTTL, + rejectTTL: proxy.rejectTTL, questionMsg: nil, requestStart: start, maxUnencryptedUDPSafePayloadSize: MaxDNSUDPSafePacketSize, @@ -251,7 +251,7 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba return packet, err } if pluginsState.action == PluginsActionReject { - synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.negTTL) + synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.rejectTTL) if err != nil { return nil, err } @@ -298,7 +298,7 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl return packet, err } if pluginsState.action == PluginsActionReject { - synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.negTTL) + synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.rejectTTL) if err != nil { return nil, err } diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go index ddb5f605..3013bb09 100644 --- a/dnscrypt-proxy/proxy.go +++ b/dnscrypt-proxy/proxy.go @@ -41,7 +41,7 @@ type Proxy struct { cacheNegMaxTTL uint32 cacheMinTTL uint32 cacheMaxTTL uint32 - negTTL uint32 + rejectTTL uint32 cloakTTL uint32 queryLogFile string queryLogFormat string