Require ODoH relays to be present

ODoH target stamps don't include certificate hashes; they are not
meant to be used directly.

.ci/ci-test.sh

@@ -142,17 +142,6 @@ t || dig -p${DNS_PORT} A MICROSOFT.COM @127.0.0.1 | grep -Fq "NOERROR" || fail
 kill $(cat /tmp/dnscrypt-proxy.pidfile)
 sleep 5
 
-section
-../dnscrypt-proxy/dnscrypt-proxy -loglevel 4 -config test-odoh-direct.toml -pidfile /tmp/odoh-direct.pidfile &
-sleep 5
-
-section
-t || dig -p${DNS_PORT} A microsoft.com @127.0.0.1 | grep -Fq "NOERROR" || fail
-t || dig -p${DNS_PORT} A cloudflare.com @127.0.0.1 | grep -Fq "NOERROR" || fail
-
-kill $(cat /tmp/odoh-direct.pidfile)
-sleep 5
-
 section
 ../dnscrypt-proxy/dnscrypt-proxy -loglevel 3 -config test-odoh-proxied.toml -pidfile /tmp/odoh-proxied.pidfile &
 sleep 5

.ci/test-odoh-direct.toml

@@ -1,9 +0,0 @@
-server_names = ['odohtarget']
-listen_addresses = ['127.0.0.1:5300']
-
-[query_log]
-file = 'query.log'
-
-[static]
-  [static.'odohtarget']
-  stamp = 'sdns://BQcAAAAAAAAAF29kb2guY2xvdWRmbGFyZS1kbnMuY29tCi9kbnMtcXVlcnk'

dnscrypt-proxy/serversInfo.go

@@ -690,27 +690,33 @@ func fetchTargetConfigsFromWellKnown(proxy *Proxy, url *url.URL) ([]ODoHTargetCo
 func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isNew bool) (ServerInfo, error) {
 	configURL := &url.URL{Scheme: "https", Host: stamp.ProviderName, Path: "/.well-known/odohconfigs"}
 	odohTargetConfigs, err := fetchTargetConfigsFromWellKnown(proxy, configURL)
-	if err != nil || len(odohTargetConfigs) == 0 {
+	if err != nil {
-		return ServerInfo{}, fmt.Errorf("[%s] does not have an ODoH configuration", name)
+		dlog.Debug(configURL)
+		return ServerInfo{}, fmt.Errorf("[%s] didn't return an ODoH configuration - [%v]", name, err)
+	} else if len(odohTargetConfigs) == 0 {
+		dlog.Debug(configURL)
+		return ServerInfo{}, fmt.Errorf("[%s] has an empty ODoH configuration", name)
 	}
 
 	relay, err := route(proxy, name)
 	if err != nil {
 		return ServerInfo{}, err
 	}
-	if relay == nil || relay.ODoH == nil {
-		relay = nil
-	}
 
 	if relay == nil {
-		dlog.Warnf("No ODoH relay defined for [%v]", name)
+		if relay.ODoH == nil {
-	} else {
+			dlog.Criticalf("No relay defined for [%v] - Configuring a relay is required for ODoH servers (see the `[anonymized_dns]` section)", name)
-		dlog.Debugf("Pausing after ODoH configuration retrieval")
+		} else {
-		delay := time.Duration(rand.Intn(5*1000)) * time.Millisecond
+			dlog.Criticalf("Wrong relay type defined for [%v] - ODoH servers require an ODoH relay", name)
-		clocksmith.Sleep(time.Duration(delay))
+		}
-		dlog.Debugf("Pausing done")
+		return ServerInfo{}, errors.New("No ODoH relay")
 	}
 
+	dlog.Debugf("Pausing after ODoH configuration retrieval")
+	delay := time.Duration(rand.Intn(5*1000)) * time.Millisecond
+	clocksmith.Sleep(time.Duration(delay))
+	dlog.Debugf("Pausing done")
+
 	targetURL := &url.URL{
 		Scheme: "https",
 		Host:   stamp.ProviderName,
@@ -722,10 +728,7 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
 		odohTargetConfigs[i], odohTargetConfigs[j] = odohTargetConfigs[j], odohTargetConfigs[i]
 	})
 	for _, odohTargetConfig := range odohTargetConfigs {
-		url := targetURL
+		url := relay.ODoH.URL
-		if relay != nil {
-			url = relay.ODoH.URL
-		}
 
 		query := dohTestPacket(0xcafe)
 		odohQuery, err := odohTargetConfig.encryptQuery(query)