mirror of
https://github.com/DNSCrypt/dnscrypt-proxy.git
synced 2024-12-10 22:25:49 +01:00
Require ODoH relays to be present
ODoH target stamps don't include certificate hashes; they are not meant to be used directly.
This commit is contained in:
parent
33ed882efe
commit
ec581597a2
@ -142,17 +142,6 @@ t || dig -p${DNS_PORT} A MICROSOFT.COM @127.0.0.1 | grep -Fq "NOERROR" || fail
|
||||
kill $(cat /tmp/dnscrypt-proxy.pidfile)
|
||||
sleep 5
|
||||
|
||||
section
|
||||
../dnscrypt-proxy/dnscrypt-proxy -loglevel 4 -config test-odoh-direct.toml -pidfile /tmp/odoh-direct.pidfile &
|
||||
sleep 5
|
||||
|
||||
section
|
||||
t || dig -p${DNS_PORT} A microsoft.com @127.0.0.1 | grep -Fq "NOERROR" || fail
|
||||
t || dig -p${DNS_PORT} A cloudflare.com @127.0.0.1 | grep -Fq "NOERROR" || fail
|
||||
|
||||
kill $(cat /tmp/odoh-direct.pidfile)
|
||||
sleep 5
|
||||
|
||||
section
|
||||
../dnscrypt-proxy/dnscrypt-proxy -loglevel 3 -config test-odoh-proxied.toml -pidfile /tmp/odoh-proxied.pidfile &
|
||||
sleep 5
|
||||
|
@ -1,9 +0,0 @@
|
||||
server_names = ['odohtarget']
|
||||
listen_addresses = ['127.0.0.1:5300']
|
||||
|
||||
[query_log]
|
||||
file = 'query.log'
|
||||
|
||||
[static]
|
||||
[static.'odohtarget']
|
||||
stamp = 'sdns://BQcAAAAAAAAAF29kb2guY2xvdWRmbGFyZS1kbnMuY29tCi9kbnMtcXVlcnk'
|
@ -690,26 +690,32 @@ func fetchTargetConfigsFromWellKnown(proxy *Proxy, url *url.URL) ([]ODoHTargetCo
|
||||
func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, isNew bool) (ServerInfo, error) {
|
||||
configURL := &url.URL{Scheme: "https", Host: stamp.ProviderName, Path: "/.well-known/odohconfigs"}
|
||||
odohTargetConfigs, err := fetchTargetConfigsFromWellKnown(proxy, configURL)
|
||||
if err != nil || len(odohTargetConfigs) == 0 {
|
||||
return ServerInfo{}, fmt.Errorf("[%s] does not have an ODoH configuration", name)
|
||||
if err != nil {
|
||||
dlog.Debug(configURL)
|
||||
return ServerInfo{}, fmt.Errorf("[%s] didn't return an ODoH configuration - [%v]", name, err)
|
||||
} else if len(odohTargetConfigs) == 0 {
|
||||
dlog.Debug(configURL)
|
||||
return ServerInfo{}, fmt.Errorf("[%s] has an empty ODoH configuration", name)
|
||||
}
|
||||
|
||||
relay, err := route(proxy, name)
|
||||
if err != nil {
|
||||
return ServerInfo{}, err
|
||||
}
|
||||
if relay == nil || relay.ODoH == nil {
|
||||
relay = nil
|
||||
}
|
||||
|
||||
if relay == nil {
|
||||
dlog.Warnf("No ODoH relay defined for [%v]", name)
|
||||
if relay.ODoH == nil {
|
||||
dlog.Criticalf("No relay defined for [%v] - Configuring a relay is required for ODoH servers (see the `[anonymized_dns]` section)", name)
|
||||
} else {
|
||||
dlog.Criticalf("Wrong relay type defined for [%v] - ODoH servers require an ODoH relay", name)
|
||||
}
|
||||
return ServerInfo{}, errors.New("No ODoH relay")
|
||||
}
|
||||
|
||||
dlog.Debugf("Pausing after ODoH configuration retrieval")
|
||||
delay := time.Duration(rand.Intn(5*1000)) * time.Millisecond
|
||||
clocksmith.Sleep(time.Duration(delay))
|
||||
dlog.Debugf("Pausing done")
|
||||
}
|
||||
|
||||
targetURL := &url.URL{
|
||||
Scheme: "https",
|
||||
@ -722,10 +728,7 @@ func _fetchODoHTargetInfo(proxy *Proxy, name string, stamp stamps.ServerStamp, i
|
||||
odohTargetConfigs[i], odohTargetConfigs[j] = odohTargetConfigs[j], odohTargetConfigs[i]
|
||||
})
|
||||
for _, odohTargetConfig := range odohTargetConfigs {
|
||||
url := targetURL
|
||||
if relay != nil {
|
||||
url = relay.ODoH.URL
|
||||
}
|
||||
url := relay.ODoH.URL
|
||||
|
||||
query := dohTestPacket(0xcafe)
|
||||
odohQuery, err := odohTargetConfig.encryptQuery(query)
|
||||
|
Loading…
Reference in New Issue
Block a user