diff --git a/control.go b/control.go
index 2674585c..0f8dcea5 100644
--- a/control.go
+++ b/control.go
@@ -12,6 +12,8 @@ import (
"strings"
"time"
+ "github.com/AdguardTeam/dnsproxy/upstream"
+
"github.com/AdguardTeam/AdGuardHome/dnsforward"
"github.com/miekg/dns"
@@ -204,7 +206,7 @@ func handleTestUpstreamDNS(w http.ResponseWriter, r *http.Request) {
func checkDNS(input string) error {
log.Printf("Checking if DNS %s works...", input)
- u, err := dnsforward.AddressToUpstream(input, "")
+ u, err := upstream.AddressToUpstream(input, "")
if err != nil {
return fmt.Errorf("Failed to choose upstream for %s: %s", input, err)
}
diff --git a/dns.go b/dns.go
index 42894336..16ceceff 100644
--- a/dns.go
+++ b/dns.go
@@ -7,6 +7,7 @@ import (
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
"github.com/AdguardTeam/AdGuardHome/dnsforward"
+ "github.com/AdguardTeam/dnsproxy/upstream"
"github.com/joomcode/errorx"
)
@@ -37,7 +38,7 @@ func generateServerConfig() dnsforward.ServerConfig {
}
for _, u := range config.DNS.UpstreamDNS {
- upstream, err := dnsforward.AddressToUpstream(u, config.DNS.BootstrapDNS)
+ upstream, err := upstream.AddressToUpstream(u, config.DNS.BootstrapDNS)
if err != nil {
log.Printf("Couldn't get upstream: %s", err)
// continue, just ignore the upstream
@@ -67,7 +68,8 @@ func reconfigureDNSServer() error {
return fmt.Errorf("Refusing to reconfigure forwarding DNS server: not running")
}
- err := dnsServer.Reconfigure(generateServerConfig())
+ config := generateServerConfig()
+ err := dnsServer.Reconfigure(&config)
if err != nil {
return errorx.Decorate(err, "Couldn't start forwarding DNS server")
}
diff --git a/dnsforward/bootstrap.go b/dnsforward/bootstrap.go
deleted file mode 100644
index 2d263871..00000000
--- a/dnsforward/bootstrap.go
+++ /dev/null
@@ -1,107 +0,0 @@
-package dnsforward
-
-import (
- "context"
- "crypto/tls"
- "fmt"
- "net"
- "net/url"
- "strings"
- "sync"
-
- "github.com/joomcode/errorx"
-)
-
-type bootstrapper struct {
- address string // in form of "tls://one.one.one.one:853"
- resolver *net.Resolver // resolver to use to resolve hostname, if neccessary
- resolved string // in form "IP:port"
- resolvedConfig *tls.Config
- sync.Mutex
-}
-
-func toBoot(address, bootstrapAddr string) bootstrapper {
- var resolver *net.Resolver
- if bootstrapAddr != "" {
- resolver = &net.Resolver{
- PreferGo: true,
- Dial: func(ctx context.Context, network, address string) (net.Conn, error) {
- d := net.Dialer{}
- return d.DialContext(ctx, network, bootstrapAddr)
- },
- }
- }
- return bootstrapper{
- address: address,
- resolver: resolver,
- }
-}
-
-// will get usable IP address from Address field, and caches the result
-func (n *bootstrapper) get() (string, *tls.Config, error) {
- // TODO: RLock() here but atomically upgrade to Lock() if fast path doesn't work
- n.Lock()
- if n.resolved != "" { // fast path
- retval, tlsconfig := n.resolved, n.resolvedConfig
- n.Unlock()
- return retval, tlsconfig, nil
- }
-
- //
- // slow path
- //
-
- defer n.Unlock()
-
- justHostPort := n.address
- if strings.Contains(n.address, "://") {
- url, err := url.Parse(n.address)
- if err != nil {
- return "", nil, errorx.Decorate(err, "Failed to parse %s", n.address)
- }
-
- justHostPort = url.Host
- }
-
- // convert host to IP if neccessary, we know that it's scheme://hostname:port/
-
- // get a host without port
- host, port, err := net.SplitHostPort(justHostPort)
- if err != nil {
- return "", nil, fmt.Errorf("bootstrapper requires port in address %s", n.address)
- }
-
- // if it's an IP
- ip := net.ParseIP(host)
- if ip != nil {
- n.resolved = justHostPort
- return n.resolved, nil, nil
- }
-
- //
- // if it's a hostname
- //
-
- resolver := n.resolver // no need to check for nil resolver -- documented that nil is default resolver
- addrs, err := resolver.LookupIPAddr(context.TODO(), host)
- if err != nil {
- return "", nil, errorx.Decorate(err, "Failed to lookup %s", host)
- }
- for _, addr := range addrs {
- // TODO: support ipv6, support multiple ipv4
- if addr.IP.To4() == nil {
- continue
- }
- ip = addr.IP
- break
- }
-
- if ip == nil {
- // couldn't find any suitable IP address
- return "", nil, fmt.Errorf("Couldn't find any suitable IP address for host %s", host)
- }
-
- n.resolved = net.JoinHostPort(ip.String(), port)
- n.resolvedConfig = &tls.Config{ServerName: host}
- return n.resolved, n.resolvedConfig, nil
-}
diff --git a/dnsforward/cache.go b/dnsforward/cache.go
deleted file mode 100644
index 568f284c..00000000
--- a/dnsforward/cache.go
+++ /dev/null
@@ -1,225 +0,0 @@
-package dnsforward
-
-import (
- "encoding/binary"
- "log"
- "math"
- "strings"
- "sync"
- "time"
-
- "github.com/miekg/dns"
-)
-
-type item struct {
- m *dns.Msg
- when time.Time
-}
-
-type cache struct {
- items map[string]item
-
- sync.RWMutex
-}
-
-func (c *cache) Get(request *dns.Msg) (*dns.Msg, bool) {
- if request == nil {
- return nil, false
- }
- ok, key := key(request)
- if !ok {
- log.Printf("Get(): key returned !ok")
- return nil, false
- }
-
- c.RLock()
- item, ok := c.items[key]
- c.RUnlock()
- if !ok {
- return nil, false
- }
- // get item's TTL
- ttl := findLowestTTL(item.m)
- // zero TTL? delete and don't serve it
- if ttl == 0 {
- c.Lock()
- delete(c.items, key)
- c.Unlock()
- return nil, false
- }
- // too much time has passed? delete and don't serve it
- if time.Since(item.when) >= time.Duration(ttl)*time.Second {
- c.Lock()
- delete(c.items, key)
- c.Unlock()
- return nil, false
- }
- response := item.fromItem(request)
- return response, true
-}
-
-func (c *cache) Set(m *dns.Msg) {
- if m == nil {
- return // no-op
- }
- if !isRequestCacheable(m) {
- return
- }
- if !isResponseCacheable(m) {
- return
- }
- ok, key := key(m)
- if !ok {
- return
- }
-
- i := toItem(m)
-
- c.Lock()
- if c.items == nil {
- c.items = map[string]item{}
- }
- c.items[key] = i
- c.Unlock()
-}
-
-// check only request fields
-func isRequestCacheable(m *dns.Msg) bool {
- // truncated messages aren't valid
- if m.Truncated {
- log.Printf("Refusing to cache truncated message")
- return false
- }
-
- // if has wrong number of questions, also don't cache
- if len(m.Question) != 1 {
- log.Printf("Refusing to cache message with wrong number of questions")
- return false
- }
-
- // only OK or NXdomain replies are cached
- switch m.Rcode {
- case dns.RcodeSuccess:
- case dns.RcodeNameError: // that's an NXDomain
- case dns.RcodeServerFailure:
- return false // quietly refuse, don't log
- default:
- log.Printf("%s: Refusing to cache message with rcode: %s", m.Question[0].Name, dns.RcodeToString[m.Rcode])
- return false
- }
-
- return true
-}
-
-func isResponseCacheable(m *dns.Msg) bool {
- ttl := findLowestTTL(m)
- if ttl == 0 {
- return false
- }
-
- return true
-}
-
-func findLowestTTL(m *dns.Msg) uint32 {
- var ttl uint32 = math.MaxUint32
- found := false
-
- if m.Answer != nil {
- for _, r := range m.Answer {
- if r.Header().Ttl < ttl {
- ttl = r.Header().Ttl
- found = true
- }
- }
- }
-
- if m.Ns != nil {
- for _, r := range m.Ns {
- if r.Header().Ttl < ttl {
- ttl = r.Header().Ttl
- found = true
- }
- }
- }
-
- if m.Extra != nil {
- for _, r := range m.Extra {
- if r.Header().Rrtype == dns.TypeOPT {
- continue // OPT records use TTL for other purposes
- }
- if r.Header().Ttl < ttl {
- ttl = r.Header().Ttl
- found = true
- }
- }
- }
-
- if found == false {
- return 0
- }
-
- return ttl
-}
-
-// key is binary little endian in sequence:
-// uint16(qtype) then uint16(qclass) then name
-func key(m *dns.Msg) (bool, string) {
- if len(m.Question) != 1 {
- log.Printf("got msg with len(m.Question) != 1: %d", len(m.Question))
- return false, ""
- }
-
- bb := strings.Builder{}
- b := make([]byte, 2)
- binary.LittleEndian.PutUint16(b, m.Question[0].Qtype)
- bb.Write(b)
- binary.LittleEndian.PutUint16(b, m.Question[0].Qclass)
- bb.Write(b)
- name := strings.ToLower(m.Question[0].Name)
- bb.WriteString(name)
- return true, bb.String()
-}
-
-func toItem(m *dns.Msg) item {
- return item{
- m: m,
- when: time.Now(),
- }
-}
-
-func (i *item) fromItem(request *dns.Msg) *dns.Msg {
- response := &dns.Msg{}
- response.SetReply(request)
-
- response.Authoritative = false
- response.AuthenticatedData = i.m.AuthenticatedData
- response.RecursionAvailable = i.m.RecursionAvailable
- response.Rcode = i.m.Rcode
-
- ttl := findLowestTTL(i.m)
- timeleft := math.Round(float64(ttl) - time.Since(i.when).Seconds())
- var newttl uint32
- if timeleft > 0 {
- newttl = uint32(timeleft)
- }
- for _, r := range i.m.Answer {
- answer := dns.Copy(r)
- answer.Header().Ttl = newttl
- response.Answer = append(response.Answer, answer)
- }
- for _, r := range i.m.Ns {
- ns := dns.Copy(r)
- ns.Header().Ttl = newttl
- response.Ns = append(response.Ns, ns)
- }
- for _, r := range i.m.Extra {
- // don't return OPT records as these are hop-by-hop
- if r.Header().Rrtype == dns.TypeOPT {
- continue
- }
- extra := dns.Copy(r)
- extra.Header().Ttl = newttl
- response.Extra = append(response.Extra, extra)
- }
- return response
-}
diff --git a/dnsforward/cache_test.go b/dnsforward/cache_test.go
deleted file mode 100644
index c9f4577e..00000000
--- a/dnsforward/cache_test.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package dnsforward
-
-import (
- "strings"
- "testing"
-
- "github.com/go-test/deep"
- "github.com/miekg/dns"
-)
-
-func RR(rr string) dns.RR {
- r, err := dns.NewRR(rr)
- if err != nil {
- panic(err)
- }
- return r
-}
-
-// deepEqual is same as deep.Equal, except:
-// * ignores Id when comparing
-// * question names are not case sensetive
-func deepEqualMsg(left *dns.Msg, right *dns.Msg) []string {
- temp := *left
- temp.Id = right.Id
- for i := range left.Question {
- left.Question[i].Name = strings.ToLower(left.Question[i].Name)
- }
- for i := range right.Question {
- right.Question[i].Name = strings.ToLower(right.Question[i].Name)
- }
- return deep.Equal(&temp, right)
-}
-
-func TestCacheSanity(t *testing.T) {
- cache := cache{}
- request := dns.Msg{}
- request.SetQuestion("google.com.", dns.TypeA)
- _, ok := cache.Get(&request)
- if ok {
- t.Fatal("empty cache replied with positive response")
- }
-}
-
-type tests struct {
- cache []testEntry
- cases []testCase
-}
-
-type testEntry struct {
- q string
- t uint16
- a []dns.RR
-}
-
-type testCase struct {
- q string
- t uint16
- a []dns.RR
- ok bool
-}
-
-func TestCache(t *testing.T) {
- tests := tests{
- cache: []testEntry{
- {q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}},
- },
- cases: []testCase{
- {q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
- {q: "google.com.", t: dns.TypeMX, ok: false},
- },
- }
- runTests(t, tests)
-}
-
-func TestCacheMixedCase(t *testing.T) {
- tests := tests{
- cache: []testEntry{
- {q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}},
- },
- cases: []testCase{
- {q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
- {q: "google.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
- {q: "GOOGLE.COM.", t: dns.TypeA, a: []dns.RR{RR("google.com. 3600 IN A 8.8.8.8")}, ok: true},
- {q: "gOOgle.com.", t: dns.TypeMX, ok: false},
- {q: "google.com.", t: dns.TypeMX, ok: false},
- {q: "GOOGLE.COM.", t: dns.TypeMX, ok: false},
- },
- }
- runTests(t, tests)
-}
-
-func TestZeroTTL(t *testing.T) {
- tests := tests{
- cache: []testEntry{
- {q: "gOOgle.com.", t: dns.TypeA, a: []dns.RR{RR("google.com. 0 IN A 8.8.8.8")}},
- },
- cases: []testCase{
- {q: "google.com.", t: dns.TypeA, ok: false},
- {q: "google.com.", t: dns.TypeA, ok: false},
- {q: "google.com.", t: dns.TypeA, ok: false},
- {q: "google.com.", t: dns.TypeMX, ok: false},
- {q: "google.com.", t: dns.TypeMX, ok: false},
- {q: "google.com.", t: dns.TypeMX, ok: false},
- },
- }
- runTests(t, tests)
-}
-
-func runTests(t *testing.T, tests tests) {
- t.Helper()
- cache := cache{}
- for _, tc := range tests.cache {
- reply := dns.Msg{}
- reply.SetQuestion(tc.q, tc.t)
- reply.Response = true
- reply.Answer = tc.a
- cache.Set(&reply)
- }
- for _, tc := range tests.cases {
- request := dns.Msg{}
- request.SetQuestion(tc.q, tc.t)
- val, ok := cache.Get(&request)
- if diff := deep.Equal(ok, tc.ok); diff != nil {
- t.Error(diff)
- }
- if tc.a != nil {
- if ok == false {
- continue
- }
- reply := dns.Msg{}
- reply.SetQuestion(tc.q, tc.t)
- reply.Response = true
- reply.Answer = tc.a
- cache.Set(&reply)
- if diff := deepEqualMsg(val, &reply); diff != nil {
- t.Error(diff)
- } else {
- if diff := deep.Equal(val, reply); diff == nil {
- t.Error("different message ID were not caught")
- }
- }
- }
- }
-}
diff --git a/dnsforward/dnsforward.go b/dnsforward/dnsforward.go
index 5c21ae99..df4f4d68 100644
--- a/dnsforward/dnsforward.go
+++ b/dnsforward/dnsforward.go
@@ -2,17 +2,24 @@ package dnsforward
import (
"fmt"
- "log"
"net"
- "reflect"
"strings"
"sync"
"time"
+ "github.com/AdguardTeam/dnsproxy/upstream"
+
+ "github.com/AdguardTeam/dnsproxy/proxy"
+
"github.com/AdguardTeam/AdGuardHome/dnsfilter"
"github.com/joomcode/errorx"
"github.com/miekg/dns"
- gocache "github.com/patrickmn/go-cache"
+ log "github.com/sirupsen/logrus"
+)
+
+const (
+ safeBrowsingBlockHost = "standard-block.dns.adguard.com"
+ parentalBlockHost = "family-block.dns.adguard.com"
)
// Server is the main way to start a DNS server.
@@ -26,66 +33,18 @@ import (
//
// The zero Server is empty and ready for use.
type Server struct {
- udpListen *net.UDPConn
+ dnsProxy *proxy.Proxy // DNS proxy instance
- dnsFilter *dnsfilter.Dnsfilter
-
- cache cache
-
- ratelimitBuckets *gocache.Cache // where the ratelimiters are stored, per IP
+ dnsFilter *dnsfilter.Dnsfilter // DNS filter instance
sync.RWMutex
ServerConfig
}
-const (
- safeBrowsingBlockHost = "standard-block.dns.adguard.com"
- parentalBlockHost = "family-block.dns.adguard.com"
-)
-
-// uncomment this block to have tracing of locks
-/*
-func (s *Server) Lock() {
- pc := make([]uintptr, 10) // at least 1 entry needed
- runtime.Callers(2, pc)
- f := runtime.FuncForPC(pc[0])
- file, line := f.FileLine(pc[0])
- fmt.Fprintf(os.Stderr, "%s:%d %s() -> Lock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
- s.RWMutex.Lock()
- fmt.Fprintf(os.Stderr, "%s:%d %s() -> Lock() -> done\n", path.Base(file), line, path.Base(f.Name()))
-}
-func (s *Server) RLock() {
- pc := make([]uintptr, 10) // at least 1 entry needed
- runtime.Callers(2, pc)
- f := runtime.FuncForPC(pc[0])
- file, line := f.FileLine(pc[0])
- fmt.Fprintf(os.Stderr, "%s:%d %s() -> RLock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
- s.RWMutex.RLock()
- fmt.Fprintf(os.Stderr, "%s:%d %s() -> RLock() -> done\n", path.Base(file), line, path.Base(f.Name()))
-}
-func (s *Server) Unlock() {
- pc := make([]uintptr, 10) // at least 1 entry needed
- runtime.Callers(2, pc)
- f := runtime.FuncForPC(pc[0])
- file, line := f.FileLine(pc[0])
- fmt.Fprintf(os.Stderr, "%s:%d %s() -> Unlock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
- s.RWMutex.Unlock()
- fmt.Fprintf(os.Stderr, "%s:%d %s() -> Unlock() -> done\n", path.Base(file), line, path.Base(f.Name()))
-}
-func (s *Server) RUnlock() {
- pc := make([]uintptr, 10) // at least 1 entry needed
- runtime.Callers(2, pc)
- f := runtime.FuncForPC(pc[0])
- file, line := f.FileLine(pc[0])
- fmt.Fprintf(os.Stderr, "%s:%d %s() -> RUnlock() -> in progress\n", path.Base(file), line, path.Base(f.Name()))
- s.RWMutex.RUnlock()
- fmt.Fprintf(os.Stderr, "%s:%d %s() -> RUnlock() -> done\n", path.Base(file), line, path.Base(f.Name()))
-}
-*/
-
+// FilteringConfig represents the DNS filtering configuration of AdGuard Home
type FilteringConfig struct {
- ProtectionEnabled bool `yaml:"protection_enabled"`
- FilteringEnabled bool `yaml:"filtering_enabled"`
+ ProtectionEnabled bool `yaml:"protection_enabled"` // whether or not use any of dnsfilter features
+ FilteringEnabled bool `yaml:"filtering_enabled"` // whether or not use filter lists
BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"` // if 0, then default is used (3600)
QueryLogEnabled bool `yaml:"querylog_enabled"`
Ratelimit int `yaml:"ratelimit"`
@@ -96,11 +55,12 @@ type FilteringConfig struct {
dnsfilter.Config `yaml:",inline"`
}
+// ServerConfig represents server configuration.
// The zero ServerConfig is empty and ready for use.
type ServerConfig struct {
- UDPListenAddr *net.UDPAddr // if nil, then default is is used (port 53 on *)
- Upstreams []Upstream
- Filters []dnsfilter.Filter
+ UDPListenAddr *net.UDPAddr // UDP listen address
+ Upstreams []upstream.Upstream // Configured upstreams
+ Filters []dnsfilter.Filter // A list of filters to use
FilteringConfig
}
@@ -109,94 +69,40 @@ type ServerConfig struct {
var defaultValues = ServerConfig{
UDPListenAddr: &net.UDPAddr{Port: 53},
FilteringConfig: FilteringConfig{BlockedResponseTTL: 3600},
- Upstreams: []Upstream{
- //// dns over HTTPS
- // &dnsOverHTTPS{boot: toBoot("https://1.1.1.1/dns-query", "")},
- // &dnsOverHTTPS{boot: toBoot("https://dns.google.com/experimental", "")},
- // &dnsOverHTTPS{boot: toBoot("https://doh.cleanbrowsing.org/doh/security-filter/", "")},
- // &dnsOverHTTPS{boot: toBoot("https://dns10.quad9.net/dns-query", "")},
- // &dnsOverHTTPS{boot: toBoot("https://doh.powerdns.org", "")},
- // &dnsOverHTTPS{boot: toBoot("https://doh.securedns.eu/dns-query", "")},
-
- //// dns over TLS
- // &dnsOverTLS{boot: toBoot("tls://8.8.8.8:853", "")},
- // &dnsOverTLS{boot: toBoot("tls://8.8.4.4:853", "")},
- // &dnsOverTLS{boot: toBoot("tls://1.1.1.1:853", "")},
- // &dnsOverTLS{boot: toBoot("tls://1.0.0.1:853", "")},
-
- //// plainDNS
- &plainDNS{boot: toBoot("8.8.8.8:53", "")},
- &plainDNS{boot: toBoot("8.8.4.4:53", "")},
- &plainDNS{boot: toBoot("1.1.1.1:53", "")},
- &plainDNS{boot: toBoot("1.0.0.1:53", "")},
- },
}
-//
-// packet loop
-//
-func (s *Server) packetLoop() {
- log.Printf("Entering packet handle loop")
- b := make([]byte, dns.MaxMsgSize)
- for {
- s.RLock()
- conn := s.udpListen
- s.RUnlock()
- if conn == nil {
- log.Printf("udp socket has disappeared, exiting loop")
- break
- }
- n, addr, err := conn.ReadFrom(b)
- // documentation says to handle the packet even if err occurs, so do that first
- if n > 0 {
- // make a copy of all bytes because ReadFrom() will overwrite contents of b on next call
- // we need the contents to survive the call because we're handling them in goroutine
- p := make([]byte, n)
- copy(p, b)
- go s.handlePacket(p, addr, conn) // ignore errors
- }
- if err != nil {
- if isConnClosed(err) {
- log.Printf("ReadFrom() returned because we're reading from a closed connection, exiting loop")
- // don't try to nullify s.udpListen here, because s.udpListen could be already re-bound to listen
- break
- }
- log.Printf("Got error when reading from udp listen: %s", err)
+func init() {
+ defaultDNS := []string{"8.8.8.8:53", "8.8.4.4:53"}
+
+ defaultUpstreams := make([]upstream.Upstream, 0)
+ for _, addr := range defaultDNS {
+ u, err := upstream.AddressToUpstream(addr, "")
+ if err == nil {
+ defaultUpstreams = append(defaultUpstreams, u)
}
}
+ defaultValues.Upstreams = defaultUpstreams
}
-//
-// Control functions
-//
-
+// Start starts the DNS server
func (s *Server) Start(config *ServerConfig) error {
s.Lock()
defer s.Unlock()
+ return s.startInternal(config)
+}
+
+// startInternal starts without locking
+func (s *Server) startInternal(config *ServerConfig) error {
if config != nil {
s.ServerConfig = *config
}
- // TODO: handle being called Start() second time after Stop()
- if s.udpListen == nil {
- log.Printf("Creating UDP socket")
- var err error
- addr := s.UDPListenAddr
- if addr == nil {
- addr = defaultValues.UDPListenAddr
- }
- s.udpListen, err = net.ListenUDP("udp", addr)
- if err != nil {
- s.udpListen = nil
- return errorx.Decorate(err, "Couldn't listen to UDP socket")
- }
- log.Println(s.udpListen.LocalAddr(), s.UDPListenAddr)
- }
if s.dnsFilter == nil {
log.Printf("Creating dnsfilter")
s.dnsFilter = dnsfilter.New(&s.Config)
// add rules only if they are enabled
if s.FilteringEnabled {
+ // TODO: Handle error
s.dnsFilter.AddRules(s.Filters)
}
}
@@ -214,22 +120,55 @@ func (s *Server) Start(config *ServerConfig) error {
go statsRotator()
})
- go s.packetLoop()
+ // TODO: Add TCPListenAddr
+ proxyConfig := proxy.Config{
+ UDPListenAddr: s.UDPListenAddr,
+ Ratelimit: s.Ratelimit,
+ RatelimitWhitelist: s.RatelimitWhitelist,
+ RefuseAny: s.RefuseAny,
+ CacheEnabled: true,
+ Upstreams: s.Upstreams,
+ Handler: s,
+ }
- return nil
+ if proxyConfig.UDPListenAddr == nil {
+ proxyConfig.UDPListenAddr = defaultValues.UDPListenAddr
+ }
+
+ if len(proxyConfig.Upstreams) == 0 {
+ proxyConfig.Upstreams = defaultValues.Upstreams
+ }
+
+ // TODO: Don't let call Start the second time
+ // Initialize the DNS proxy
+ s.dnsProxy = &proxy.Proxy{Config: proxyConfig}
+
+ err = s.dnsProxy.Start()
+ return err
}
+// Stop stops the DNS server
func (s *Server) Stop() error {
s.Lock()
defer s.Unlock()
- if s.udpListen != nil {
- err := s.udpListen.Close()
- s.udpListen = nil
+ return s.stopInternal()
+}
+
+// stopInternal stops without locking
+func (s *Server) stopInternal() error {
+ if s.dnsProxy != nil {
+ err := s.dnsProxy.Stop()
+ s.dnsProxy = nil
if err != nil {
- return errorx.Decorate(err, "Couldn't close UDP listening socket")
+ return errorx.Decorate(err, "could not stop the DNS server properly")
}
}
+ if s.dnsFilter != nil {
+ s.dnsFilter.Destroy()
+ s.dnsFilter = nil
+ }
+
// flush remainder to file
logBufferLock.Lock()
flushBuffer := logBuffer
@@ -244,283 +183,55 @@ func (s *Server) Stop() error {
return nil
}
+// IsRunning returns true if the DNS server is running
func (s *Server) IsRunning() bool {
s.RLock()
isRunning := true
- if s.udpListen == nil {
+ if s.dnsProxy == nil {
isRunning = false
}
s.RUnlock()
return isRunning
}
-//
-// Server reconfigure
-//
-
-func (s *Server) reconfigureListenAddr(new ServerConfig) error {
- oldAddr := s.UDPListenAddr
- if oldAddr == nil {
- oldAddr = defaultValues.UDPListenAddr
- }
- newAddr := new.UDPListenAddr
- if newAddr == nil {
- newAddr = defaultValues.UDPListenAddr
- }
- if newAddr.Port == 0 {
- return errorx.IllegalArgument.New("new port cannot be 0")
- }
- if reflect.DeepEqual(oldAddr, newAddr) {
- // do nothing, the addresses are exactly the same
- log.Printf("Not going to rebind because addresses are same: %v -> %v", oldAddr, newAddr)
- return nil
- }
-
- // rebind, using a strategy:
- // * if ports are different, bind new first, then close old
- // * if ports are same, close old first, then bind new
- var newListen *net.UDPConn
- var err error
- if oldAddr.Port != newAddr.Port {
- log.Printf("Rebinding -- ports are different so bind first then close")
- newListen, err = net.ListenUDP("udp", newAddr)
- if err != nil {
- return errorx.Decorate(err, "Couldn't bind to %v", newAddr)
- }
- s.Lock()
- if s.udpListen != nil {
- err = s.udpListen.Close()
- s.udpListen = nil
- }
- s.Unlock()
- if err != nil {
- return errorx.Decorate(err, "Couldn't close UDP listening socket")
- }
- } else {
- log.Printf("Rebinding -- ports are same so close first then bind")
- s.Lock()
- if s.udpListen != nil {
- err = s.udpListen.Close()
- s.udpListen = nil
- }
- s.Unlock()
- if err != nil {
- return errorx.Decorate(err, "Couldn't close UDP listening socket")
- }
- newListen, err = net.ListenUDP("udp", newAddr)
- if err != nil {
- return errorx.Decorate(err, "Couldn't bind to %v", newAddr)
- }
- }
+// Reconfigure applies the new configuration to the DNS server
+func (s *Server) Reconfigure(config *ServerConfig) error {
s.Lock()
- s.udpListen = newListen
- s.UDPListenAddr = new.UDPListenAddr
- s.Unlock()
- log.Println(s.udpListen.LocalAddr(), s.UDPListenAddr)
+ defer s.Unlock()
- go s.packetLoop() // the old one has quit, use new one
+ log.Print("Start reconfiguring the server")
+ err := s.stopInternal()
+ if err != nil {
+ return errorx.Decorate(err, "could not reconfigure the server")
+ }
+ err = s.startInternal(config)
+ if err != nil {
+ return errorx.Decorate(err, "could not reconfigure the server")
+ }
return nil
}
-func (s *Server) reconfigureBlockedResponseTTL(new ServerConfig) {
- newVal := new.BlockedResponseTTL
- if newVal == 0 {
- newVal = defaultValues.BlockedResponseTTL
- }
- oldVal := s.BlockedResponseTTL
- if oldVal == 0 {
- oldVal = defaultValues.BlockedResponseTTL
- }
- if newVal != oldVal {
- s.BlockedResponseTTL = new.BlockedResponseTTL
- }
-}
-
-func (s *Server) reconfigureUpstreams(new ServerConfig) {
- newVal := new.Upstreams
- if len(newVal) == 0 {
- newVal = defaultValues.Upstreams
- }
- oldVal := s.Upstreams
- if len(oldVal) == 0 {
- oldVal = defaultValues.Upstreams
- }
- if reflect.DeepEqual(newVal, oldVal) {
- // they're exactly the same, do nothing
- return
- }
- s.Upstreams = new.Upstreams
-}
-
-func (s *Server) reconfigureFiltering(new ServerConfig) {
- newFilters := new.Filters
- if len(newFilters) == 0 {
- newFilters = defaultValues.Filters
- }
- oldFilters := s.Filters
- if len(oldFilters) == 0 {
- oldFilters = defaultValues.Filters
- }
-
- needUpdate := false
- if !reflect.DeepEqual(newFilters, oldFilters) {
- needUpdate = true
- }
-
- if !reflect.DeepEqual(new.FilteringConfig, s.FilteringConfig) {
- needUpdate = true
- }
-
- if !needUpdate {
- // nothing to do, everything is same
- return
- }
-
- // TODO: instead of creating new dnsfilter, change existing one's settings and filters
- dnsFilter := dnsfilter.New(&new.Config) // sets safebrowsing, safesearch and parental
-
- // add rules only if they are enabled
- if new.FilteringEnabled {
- dnsFilter.AddRules(newFilters)
- }
-
- s.Lock()
- oldDNSFilter := s.dnsFilter
- s.dnsFilter = dnsFilter
- s.FilteringConfig = new.FilteringConfig
- s.Unlock()
-
- oldDNSFilter.Destroy()
-}
-
-func (s *Server) Reconfigure(new ServerConfig) error {
- s.reconfigureBlockedResponseTTL(new)
- s.reconfigureUpstreams(new)
- s.reconfigureFiltering(new)
-
- err := s.reconfigureListenAddr(new)
- if err != nil {
- return errorx.Decorate(err, "Couldn't reconfigure to new listening address %+v", new.UDPListenAddr)
- }
- return nil
-}
-
-//
-// packet handling functions
-//
-
-// handlePacketInternal processes the incoming packet bytes and returns with an optional response packet.
-//
-// If an empty dns.Msg is returned, do not try to send anything back to client, otherwise send contents of dns.Msg.
-//
-// If an error is returned, log it, don't try to generate data based on that error.
-func (s *Server) handlePacketInternal(msg *dns.Msg, addr net.Addr, conn *net.UDPConn) (*dns.Msg, *dnsfilter.Result, Upstream, error) {
- // log.Printf("Got packet %d bytes from %s: %v", len(p), addr, p)
- //
- // DNS packet byte format is valid
- //
- // any errors below here require a response to client
- // log.Printf("Unpacked: %v", msg.String())
- if len(msg.Question) != 1 {
- log.Printf("Got invalid number of questions: %v", len(msg.Question))
- return s.genServerFailure(msg), nil, nil, nil
- }
-
- if msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
- return s.genNotImpl(msg), nil, nil, nil
- }
-
- // we need upstream to resolve A records
- upstream := s.chooseUpstream()
-
- host := strings.TrimSuffix(msg.Question[0].Name, ".")
- // use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
- var res dnsfilter.Result
- var err error
- if s.ProtectionEnabled {
- res, err = s.dnsFilter.CheckHost(host)
- if err != nil {
- log.Printf("dnsfilter failed to check host '%s': %s", host, err)
- return s.genServerFailure(msg), &res, nil, err
- } else if res.IsFiltered {
- log.Printf("Host %s is filtered, reason - '%s', matched rule: '%s'", host, res.Reason, res.Rule)
- switch res.Reason {
- case dnsfilter.FilteredSafeBrowsing:
- return s.genArecord(msg, safeBrowsingBlockHost, upstream), &res, nil, nil
- case dnsfilter.FilteredParental:
- return s.genArecord(msg, parentalBlockHost, upstream), &res, nil, nil
- }
- return s.genNXDomain(msg), &res, nil, nil
- }
- }
-
- {
- val, ok := s.cache.Get(msg)
- if ok && val != nil {
- return val, &res, nil, nil
- }
- }
-
- // TODO: replace with single-socket implementation
- reply, err := upstream.Exchange(msg)
- if err != nil {
- log.Printf("talking to upstream failed for host '%s': %s", host, err)
- return s.genServerFailure(msg), &res, upstream, err
- }
- if reply == nil {
- log.Printf("SHOULD NOT HAPPEN upstream returned empty message for host '%s'. Request is %v", host, msg.String())
- return s.genServerFailure(msg), &res, upstream, nil
- }
-
- s.cache.Set(reply)
-
- return reply, &res, upstream, nil
-}
-
-func (s *Server) handlePacket(p []byte, addr net.Addr, conn *net.UDPConn) {
+// ServeDNS filters the incoming DNS requests and writes them to the query log
+func (s *Server) ServeDNS(d *proxy.DNSContext, next proxy.Handler) error {
start := time.Now()
- ip, _, err := net.SplitHostPort(addr.String())
+
+ // use dnsfilter before cache -- changed settings or filters would require cache invalidation otherwise
+ res, err := s.filterDNSRequest(d)
if err != nil {
- log.Printf("Failed to split %v into host/port: %s", addr, err)
- // not a fatal error, move on
+ return err
}
- // ratelimit based on IP only, protects CPU cycles and outbound connections
- if s.isRatelimited(ip) {
- // log.Printf("Ratelimiting %s based on IP only", ip)
- return // do nothing, don't reply, we got ratelimited
- }
-
- msg := &dns.Msg{}
- err = msg.Unpack(p)
- if err != nil {
- log.Printf("got invalid DNS packet: %s", err)
- return // do nothing
- }
-
- reply, result, upstream, err := s.handlePacketInternal(msg, addr, conn)
-
- if reply != nil {
- // ratelimit based on reply size now
- replysize := reply.Len()
- if s.isRatelimitedForReply(ip, replysize) {
- log.Printf("Ratelimiting %s based on IP and size %d", ip, replysize)
- return // do nothing, don't reply, we got ratelimited
- }
-
- // we're good to respond
- rerr := s.respond(reply, addr, conn)
- if rerr != nil {
- log.Printf("Couldn't respond to UDP packet: %s", err)
+ if d.Res == nil {
+ // request was not filtered so let it be processed further
+ err = next.ServeDNS(d, nil)
+ if err != nil {
+ return err
}
}
- //
- // query logging and stats counters
- //
-
shouldLog := true
+ msg := d.Req
// don't log ANY request if refuseAny is enabled
if len(msg.Question) >= 1 && msg.Question[0].Qtype == dns.TypeANY && s.RefuseAny {
@@ -530,35 +241,64 @@ func (s *Server) handlePacket(p []byte, addr net.Addr, conn *net.UDPConn) {
if s.QueryLogEnabled && shouldLog {
elapsed := time.Since(start)
upstreamAddr := ""
- if upstream != nil {
- upstreamAddr = upstream.Address()
+ if d.Upstream != nil {
+ upstreamAddr = d.Upstream.Address()
}
- logRequest(msg, reply, result, elapsed, ip, upstreamAddr)
+ logRequest(msg, d.Res, res, elapsed, d.Addr.String(), upstreamAddr)
}
+
+ return nil
}
-//
-// packet sending functions
-//
+// filterDNSRequest applies the dnsFilter and sets d.Res if the request was filtered
+func (s *Server) filterDNSRequest(d *proxy.DNSContext) (*dnsfilter.Result, error) {
+ msg := d.Req
+ host := strings.TrimSuffix(msg.Question[0].Name, ".")
-func (s *Server) respond(resp *dns.Msg, addr net.Addr, conn *net.UDPConn) error {
- // log.Printf("Replying to %s with %s", addr, resp)
- resp.Compress = true
- bytes, err := resp.Pack()
+ s.RLock()
+ protectionEnabled := s.ProtectionEnabled
+ dnsFilter := s.dnsFilter
+ s.RUnlock()
+
+ if !protectionEnabled {
+ return nil, nil
+ }
+
+ var res dnsfilter.Result
+ var err error
+
+ res, err = dnsFilter.CheckHost(host)
if err != nil {
- return errorx.Decorate(err, "Couldn't convert message into wire format")
+ // Return immediately if there's an error
+ return nil, errorx.Decorate(err, "dnsfilter failed to check host '%s'", host)
+ } else if res.IsFiltered {
+ log.Debugf("Host %s is filtered, reason - '%s', matched rule: '%s'", host, res.Reason, res.Rule)
+ d.Res = s.genDNSFilterMessage(d, &res)
}
- n, err := conn.WriteTo(bytes, addr)
- if n == 0 && isConnClosed(err) {
- return err
+
+ return &res, err
+}
+
+// genDNSFilterMessage generates a DNS message corresponding to the filtering result
+func (s *Server) genDNSFilterMessage(d *proxy.DNSContext, result *dnsfilter.Result) *dns.Msg {
+ m := d.Req
+
+ if m.Question[0].Qtype != dns.TypeA {
+ return s.genNXDomain(m)
}
- if n != len(bytes) {
- return fmt.Errorf("WriteTo() returned with %d != %d", n, len(bytes))
+
+ switch result.Reason {
+ case dnsfilter.FilteredSafeBrowsing:
+ return s.genBlockedHost(m, safeBrowsingBlockHost, d.Upstream)
+ case dnsfilter.FilteredParental:
+ return s.genBlockedHost(m, parentalBlockHost, d.Upstream)
+ default:
+ if result.Ip != nil {
+ return s.genARecord(m, result.Ip)
+ }
+
+ return s.genNXDomain(m)
}
- if err != nil {
- return errorx.Decorate(err, "WriteTo() returned error")
- }
- return nil
}
func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
@@ -568,29 +308,19 @@ func (s *Server) genServerFailure(request *dns.Msg) *dns.Msg {
return &resp
}
-func (s *Server) genNotImpl(request *dns.Msg) *dns.Msg {
+func (s *Server) genARecord(request *dns.Msg, ip net.IP) *dns.Msg {
resp := dns.Msg{}
- resp.SetRcode(request, dns.RcodeNotImplemented)
- resp.RecursionAvailable = true
- resp.SetEdns0(1452, false) // NOTIMPL without EDNS is treated as 'we don't support EDNS', so explicitly set it
+ resp.SetReply(request)
+ answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, ip.String()))
+ if err != nil {
+ log.Warnf("Couldn't generate A record for up replacement host '%s': %s", ip.String(), err)
+ return s.genServerFailure(request)
+ }
+ resp.Answer = append(resp.Answer, answer)
return &resp
}
-func (s *Server) genArecord(request *dns.Msg, newAddr string, upstream Upstream) *dns.Msg {
- addr := net.ParseIP(newAddr)
- if addr != nil {
- // this is an IP address, return it
- resp := dns.Msg{}
- resp.SetReply(request)
- answer, err := dns.NewRR(fmt.Sprintf("%s %d A %s", request.Question[0].Name, s.BlockedResponseTTL, newAddr))
- if err != nil {
- log.Printf("Couldn't generate A record for up replacement host '%s': %s", newAddr, err)
- return s.genServerFailure(request)
- }
- resp.Answer = append(resp.Answer, answer)
- return &resp
- }
-
+func (s *Server) genBlockedHost(request *dns.Msg, newAddr string, upstream upstream.Upstream) *dns.Msg {
// look up the hostname, TODO: cache
replReq := dns.Msg{}
replReq.SetQuestion(dns.Fqdn(newAddr), request.Question[0].Qtype)
diff --git a/dnsforward/dnsforward_test.go b/dnsforward/dnsforward_test.go
index 26dabb4b..d14c8812 100644
--- a/dnsforward/dnsforward_test.go
+++ b/dnsforward/dnsforward_test.go
@@ -3,23 +3,27 @@ package dnsforward
import (
"net"
"testing"
+ "time"
+
+ "github.com/AdguardTeam/AdGuardHome/dnsfilter"
"github.com/miekg/dns"
)
+const (
+ listenPort = 48122
+)
+
func TestServer(t *testing.T) {
s := Server{}
- s.UDPListenAddr = &net.UDPAddr{Port: 0}
+ s.UDPListenAddr = &net.UDPAddr{Port: listenPort}
err := s.Start(nil)
if err != nil {
t.Fatalf("Failed to start server: %s", err)
}
- if s.udpListen == nil {
- t.Fatal("Started server has nil udpListen")
- }
// server is running, send a message
- addr := s.udpListen.LocalAddr()
+ addr := s.UDPListenAddr
req := dns.Msg{}
req.Id = dns.Id()
req.RecursionDesired = true
@@ -44,6 +48,172 @@ func TestServer(t *testing.T) {
err = s.Stop()
if err != nil {
- t.Fatalf("DNS server %s failed to stop: %s", addr, err)
+ t.Fatalf("DNS server failed to stop: %s", err)
}
}
+
+func TestInvalidRequest(t *testing.T) {
+ s := Server{}
+ s.UDPListenAddr = &net.UDPAddr{Port: listenPort}
+ err := s.Start(nil)
+ if err != nil {
+ t.Fatalf("Failed to start server: %s", err)
+ }
+
+ // server is running, send a message
+ addr := s.UDPListenAddr
+ req := dns.Msg{}
+ req.Id = dns.Id()
+ req.RecursionDesired = true
+
+ // send a DNS request without question
+ client := dns.Client{Net: "udp", Timeout: 500 * time.Millisecond}
+ _, _, err = client.Exchange(&req, addr.String())
+ if err != nil {
+ t.Fatalf("got a response to an invalid query")
+ }
+
+ err = s.Stop()
+ if err != nil {
+ t.Fatalf("DNS server failed to stop: %s", err)
+ }
+}
+
+func TestBlockedRequest(t *testing.T) {
+ s, addr := createTestServer()
+
+ err := s.Start(nil)
+ if err != nil {
+ t.Fatalf("Failed to start server: %s", err)
+ }
+
+ //
+ // NXDomain blocking
+ //
+ req := dns.Msg{}
+ req.Id = dns.Id()
+ req.RecursionDesired = true
+ req.Question = []dns.Question{
+ {Name: "nxdomain.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
+ }
+
+ reply, err := dns.Exchange(&req, addr.String())
+ if err != nil {
+ t.Fatalf("Couldn't talk to server %s: %s", addr, err)
+ }
+ if reply.Rcode != dns.RcodeNameError {
+ t.Fatalf("Wrong response: %s", reply.String())
+ }
+
+ err = s.Stop()
+ if err != nil {
+ t.Fatalf("DNS server failed to stop: %s", err)
+ }
+}
+
+func TestBlockedByHosts(t *testing.T) {
+ s, addr := createTestServer()
+
+ err := s.Start(nil)
+ if err != nil {
+ t.Fatalf("Failed to start server: %s", err)
+ }
+
+ //
+ // Hosts blocking
+ //
+ req := dns.Msg{}
+ req.Id = dns.Id()
+ req.RecursionDesired = true
+ req.Question = []dns.Question{
+ {Name: "host.example.org.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
+ }
+
+ reply, err := dns.Exchange(&req, addr.String())
+ if err != nil {
+ t.Fatalf("Couldn't talk to server %s: %s", addr, err)
+ }
+ if len(reply.Answer) != 1 {
+ t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
+ }
+ if a, ok := reply.Answer[0].(*dns.A); ok {
+ if !net.IPv4(127, 0, 0, 1).Equal(a.A) {
+ t.Fatalf("DNS server %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
+ }
+ } else {
+ t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
+ }
+
+ err = s.Stop()
+ if err != nil {
+ t.Fatalf("DNS server failed to stop: %s", err)
+ }
+}
+
+func TestBlockedBySafeBrowsing(t *testing.T) {
+ s, addr := createTestServer()
+
+ err := s.Start(nil)
+ if err != nil {
+ t.Fatalf("Failed to start server: %s", err)
+ }
+
+ //
+ // Safebrowsing blocking
+ //
+ req := dns.Msg{}
+ req.Id = dns.Id()
+ req.RecursionDesired = true
+ req.Question = []dns.Question{
+ {Name: "wmconvirus.narod.ru.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
+ }
+ reply, err := dns.Exchange(&req, addr.String())
+ if err != nil {
+ t.Fatalf("Couldn't talk to server %s: %s", addr, err)
+ }
+ if len(reply.Answer) != 1 {
+ t.Fatalf("DNS server %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
+ }
+ if a, ok := reply.Answer[0].(*dns.A); ok {
+ addrs, lookupErr := net.LookupHost(safeBrowsingBlockHost)
+ if lookupErr != nil {
+ t.Fatalf("cannot resolve %s due to %s", safeBrowsingBlockHost, lookupErr)
+ }
+
+ found := false
+ for _, blockAddr := range addrs {
+ if blockAddr == a.A.String() {
+ found = true
+ }
+ }
+
+ if !found {
+ t.Fatalf("DNS server %s returned wrong answer: %v", addr, a.A)
+ }
+ } else {
+ t.Fatalf("DNS server %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
+ }
+
+ err = s.Stop()
+ if err != nil {
+ t.Fatalf("DNS server failed to stop: %s", err)
+ }
+}
+
+func createTestServer() (*Server, net.Addr) {
+ s := Server{}
+ addr := &net.UDPAddr{Port: listenPort}
+ s.UDPListenAddr = addr
+ s.FilteringConfig.FilteringEnabled = true
+ s.FilteringConfig.ProtectionEnabled = true
+ s.FilteringConfig.SafeBrowsingEnabled = true
+ s.Filters = make([]dnsfilter.Filter, 0)
+
+ rules := []string{
+ "||nxdomain.example.org^",
+ "127.0.0.1 host.example.org",
+ }
+ filter := dnsfilter.Filter{ID: 1, Rules: rules}
+ s.Filters = append(s.Filters, filter)
+ return &s, addr
+}
diff --git a/dnsforward/helpers.go b/dnsforward/helpers.go
deleted file mode 100644
index 52b65c87..00000000
--- a/dnsforward/helpers.go
+++ /dev/null
@@ -1,50 +0,0 @@
-package dnsforward
-
-import (
- "fmt"
- "net"
- "os"
- "path"
- "runtime"
- "strings"
-)
-
-func isConnClosed(err error) bool {
- if err == nil {
- return false
- }
- nerr, ok := err.(*net.OpError)
- if !ok {
- return false
- }
-
- if strings.Contains(nerr.Err.Error(), "use of closed network connection") {
- return true
- }
-
- return false
-}
-
-// ---------------------
-// debug logging helpers
-// ---------------------
-func _Func() string {
- pc := make([]uintptr, 10) // at least 1 entry needed
- runtime.Callers(2, pc)
- f := runtime.FuncForPC(pc[0])
- return path.Base(f.Name())
-}
-
-func trace(format string, args ...interface{}) {
- pc := make([]uintptr, 10) // at least 1 entry needed
- runtime.Callers(2, pc)
- f := runtime.FuncForPC(pc[0])
- var buf strings.Builder
- buf.WriteString(fmt.Sprintf("%s(): ", path.Base(f.Name())))
- text := fmt.Sprintf(format, args...)
- buf.WriteString(text)
- if len(text) == 0 || text[len(text)-1] != '\n' {
- buf.WriteRune('\n')
- }
- fmt.Fprint(os.Stderr, buf.String())
-}
diff --git a/dnsforward/querylog.go b/dnsforward/querylog.go
index d449990d..82c06f6a 100644
--- a/dnsforward/querylog.go
+++ b/dnsforward/querylog.go
@@ -53,6 +53,7 @@ func logRequest(question *dns.Msg, answer *dns.Msg, result *dnsfilter.Result, el
return
}
}
+
if answer != nil {
a, err = answer.Pack()
if err != nil {
diff --git a/dnsforward/querylog_file.go b/dnsforward/querylog_file.go
index 9ea8ef95..19097baa 100644
--- a/dnsforward/querylog_file.go
+++ b/dnsforward/querylog_file.go
@@ -191,15 +191,12 @@ func genericLoader(onEntry func(entry *logEntry) error, needMore func() bool, ti
var d *json.Decoder
if enableGzip {
- trace("Creating gzip reader")
zr, err := gzip.NewReader(f)
if err != nil {
log.Printf("Failed to create gzip reader: %s", err)
continue
}
defer zr.Close()
-
- trace("Creating json decoder")
d = json.NewDecoder(zr)
} else {
d = json.NewDecoder(f)
diff --git a/dnsforward/ratelimit.go b/dnsforward/ratelimit.go
deleted file mode 100644
index 9ea8d216..00000000
--- a/dnsforward/ratelimit.go
+++ /dev/null
@@ -1,80 +0,0 @@
-package dnsforward
-
-import (
- "log"
- "sort"
- "time"
-
- "github.com/beefsack/go-rate"
- gocache "github.com/patrickmn/go-cache"
-)
-
-func (s *Server) limiterForIP(ip string) interface{} {
- if s.ratelimitBuckets == nil {
- s.ratelimitBuckets = gocache.New(time.Hour, time.Hour)
- }
-
- // check if ratelimiter for that IP already exists, if not, create
- value, found := s.ratelimitBuckets.Get(ip)
- if !found {
- value = rate.New(s.Ratelimit, time.Second)
- s.ratelimitBuckets.Set(ip, value, time.Hour)
- }
-
- return value
-}
-
-func (s *Server) isRatelimited(ip string) bool {
- if s.Ratelimit == 0 { // 0 -- disabled
- return false
- }
- if len(s.RatelimitWhitelist) > 0 {
- i := sort.SearchStrings(s.RatelimitWhitelist, ip)
-
- if i < len(s.RatelimitWhitelist) && s.RatelimitWhitelist[i] == ip {
- // found, don't ratelimit
- return false
- }
- }
-
- value := s.limiterForIP(ip)
- rl, ok := value.(*rate.RateLimiter)
- if !ok {
- log.Println("SHOULD NOT HAPPEN: non-bool entry found in safebrowsing lookup cache")
- return false
- }
-
- allow, _ := rl.Try()
- return !allow
-}
-
-func (s *Server) isRatelimitedForReply(ip string, size int) bool {
- if s.Ratelimit == 0 { // 0 -- disabled
- return false
- }
- if len(s.RatelimitWhitelist) > 0 {
- i := sort.SearchStrings(s.RatelimitWhitelist, ip)
-
- if i < len(s.RatelimitWhitelist) && s.RatelimitWhitelist[i] == ip {
- // found, don't ratelimit
- return false
- }
- }
-
- value := s.limiterForIP(ip)
- rl, ok := value.(*rate.RateLimiter)
- if !ok {
- log.Println("SHOULD NOT HAPPEN: non-bool entry found in safebrowsing lookup cache")
- return false
- }
-
- // For large UDP responses we try more times, effectively limiting per bandwidth
- // The exact number of times depends on the response size
- for i := 0; i < size/1000; i++ {
- allow, _ := rl.Try()
- if !allow { // not allowed -> ratelimited
- return true
- }
- }
- return false
-}
diff --git a/dnsforward/ratelimit_test.go b/dnsforward/ratelimit_test.go
deleted file mode 100644
index ed6f5ce9..00000000
--- a/dnsforward/ratelimit_test.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package dnsforward
-
-import (
- "testing"
-)
-
-func TestRatelimiting(t *testing.T) {
- // rate limit is 1 per sec
- p := Server{}
- p.Ratelimit = 1
-
- limited := p.isRatelimited("127.0.0.1")
-
- if limited {
- t.Fatal("First request must have been allowed")
- }
-
- limited = p.isRatelimited("127.0.0.1")
-
- if !limited {
- t.Fatal("Second request must have been ratelimited")
- }
-}
-
-func TestWhitelist(t *testing.T) {
- // rate limit is 1 per sec with whitelist
- p := Server{}
- p.Ratelimit = 1
- p.RatelimitWhitelist = []string{"127.0.0.1", "127.0.0.2", "127.0.0.125"}
-
- limited := p.isRatelimited("127.0.0.1")
-
- if limited {
- t.Fatal("First request must have been allowed")
- }
-
- limited = p.isRatelimited("127.0.0.1")
-
- if limited {
- t.Fatal("Second request must have been allowed due to whitelist")
- }
-}
diff --git a/dnsforward/standalone/.gitignore b/dnsforward/standalone/.gitignore
deleted file mode 100644
index 5f81988c..00000000
--- a/dnsforward/standalone/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/standalone
\ No newline at end of file
diff --git a/dnsforward/standalone/standalone.go b/dnsforward/standalone/standalone.go
deleted file mode 100644
index ae3e6d13..00000000
--- a/dnsforward/standalone/standalone.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package main
-
-import (
- "log"
- "net"
- "net/http"
- _ "net/http/pprof"
- "os"
- "os/signal"
- "runtime"
- "syscall"
- "time"
-
- "github.com/AdguardTeam/AdGuardHome/dnsforward"
-)
-
-//
-// main function
-//
-func main() {
- go func() {
- log.Println(http.ListenAndServe("localhost:6060", nil))
- }()
- go func() {
- for range time.Tick(time.Second) {
- log.Printf("goroutines = %d", runtime.NumGoroutine())
- }
- }()
- s := dnsforward.Server{}
- err := s.Start(nil)
- if err != nil {
- panic(err)
- }
- time.Sleep(time.Second)
- err = s.Stop()
- if err != nil {
- panic(err)
- }
- err = s.Start(&dnsforward.ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53535}})
- if err != nil {
- panic(err)
- }
- err = s.Reconfigure(dnsforward.ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53, IP: net.ParseIP("0.0.0.0")}})
- if err != nil {
- panic(err)
- }
- log.Printf("Now serving DNS")
- signal_channel := make(chan os.Signal)
- signal.Notify(signal_channel, syscall.SIGINT, syscall.SIGTERM)
- <-signal_channel
-}
diff --git a/dnsforward/upstream.go b/dnsforward/upstream.go
deleted file mode 100644
index 3746ff8a..00000000
--- a/dnsforward/upstream.go
+++ /dev/null
@@ -1,313 +0,0 @@
-package dnsforward
-
-import (
- "bytes"
- "fmt"
- "io/ioutil"
- "log"
- "math/rand"
- "net"
- "net/http"
- "net/url"
- "strings"
- "sync"
- "time"
-
- "github.com/jedisct1/go-dnsstamps"
-
- "github.com/ameshkov/dnscrypt"
- "github.com/joomcode/errorx"
- "github.com/miekg/dns"
-)
-
-const defaultTimeout = time.Second * 10
-
-type Upstream interface {
- Exchange(m *dns.Msg) (*dns.Msg, error)
- Address() string
-}
-
-//
-// plain DNS
-//
-type plainDNS struct {
- boot bootstrapper
- preferTCP bool
-}
-
-var defaultUDPClient = dns.Client{
- Timeout: defaultTimeout,
- UDPSize: dns.MaxMsgSize,
-}
-
-var defaultTCPClient = dns.Client{
- Net: "tcp",
- UDPSize: dns.MaxMsgSize,
- Timeout: defaultTimeout,
-}
-
-// Address returns the original address that we've put in initially, not resolved one
-func (p *plainDNS) Address() string { return p.boot.address }
-
-func (p *plainDNS) Exchange(m *dns.Msg) (*dns.Msg, error) {
- addr, _, err := p.boot.get()
- if err != nil {
- return nil, err
- }
- if p.preferTCP {
- reply, _, err := defaultTCPClient.Exchange(m, addr)
- return reply, err
- }
-
- reply, _, err := defaultUDPClient.Exchange(m, addr)
- if err != nil && reply != nil && reply.Truncated {
- log.Printf("Truncated message was received, retrying over TCP, question: %s", m.Question[0].String())
- reply, _, err = defaultTCPClient.Exchange(m, addr)
- }
-
- return reply, err
-}
-
-//
-// DNS-over-TLS
-//
-type dnsOverTLS struct {
- boot bootstrapper
- pool *TLSPool
-
- sync.RWMutex // protects pool
-}
-
-func (p *dnsOverTLS) Address() string { return p.boot.address }
-
-func (p *dnsOverTLS) Exchange(m *dns.Msg) (*dns.Msg, error) {
- var pool *TLSPool
- p.RLock()
- pool = p.pool
- p.RUnlock()
- if pool == nil {
- p.Lock()
- // lazy initialize it
- p.pool = &TLSPool{boot: &p.boot}
- p.Unlock()
- }
-
- p.RLock()
- poolConn, err := p.pool.Get()
- p.RUnlock()
- if err != nil {
- return nil, errorx.Decorate(err, "Failed to get a connection from TLSPool to %s", p.Address())
- }
- c := dns.Conn{Conn: poolConn}
- err = c.WriteMsg(m)
- if err != nil {
- poolConn.Close()
- return nil, errorx.Decorate(err, "Failed to send a request to %s", p.Address())
- }
-
- reply, err := c.ReadMsg()
- if err != nil {
- poolConn.Close()
- return nil, errorx.Decorate(err, "Failed to read a request from %s", p.Address())
- }
- p.RLock()
- p.pool.Put(poolConn)
- p.RUnlock()
- return reply, nil
-}
-
-//
-// DNS-over-https
-//
-type dnsOverHTTPS struct {
- boot bootstrapper
-}
-
-func (p *dnsOverHTTPS) Address() string { return p.boot.address }
-
-func (p *dnsOverHTTPS) Exchange(m *dns.Msg) (*dns.Msg, error) {
- addr, tlsConfig, err := p.boot.get()
- if err != nil {
- return nil, errorx.Decorate(err, "Couldn't bootstrap %s", p.boot.address)
- }
-
- buf, err := m.Pack()
- if err != nil {
- return nil, errorx.Decorate(err, "Couldn't pack request msg")
- }
- bb := bytes.NewBuffer(buf)
-
- // set up a custom request with custom URL
- url, err := url.Parse(p.boot.address)
- if err != nil {
- return nil, errorx.Decorate(err, "Couldn't parse URL %s", p.boot.address)
- }
- req := http.Request{
- Method: "POST",
- URL: url,
- Body: ioutil.NopCloser(bb),
- Header: make(http.Header),
- Host: url.Host,
- }
- url.Host = addr
- req.Header.Set("Content-Type", "application/dns-message")
- client := http.Client{
- Transport: &http.Transport{TLSClientConfig: tlsConfig},
- }
- resp, err := client.Do(&req)
- if resp != nil && resp.Body != nil {
- defer resp.Body.Close()
- }
- if err != nil {
- return nil, errorx.Decorate(err, "Couldn't do a POST request to '%s'", addr)
- }
-
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, errorx.Decorate(err, "Couldn't read body contents for '%s'", addr)
- }
- if resp.StatusCode != http.StatusOK {
- return nil, fmt.Errorf("Got an unexpected HTTP status code %d from '%s'", resp.StatusCode, addr)
- }
- if len(body) == 0 {
- return nil, fmt.Errorf("Got an unexpected empty body from '%s'", addr)
- }
- response := dns.Msg{}
- err = response.Unpack(body)
- if err != nil {
- return nil, errorx.Decorate(err, "Couldn't unpack DNS response from '%s': body is %s", addr, string(body))
- }
- return &response, nil
-}
-
-//
-// DNSCrypt
-//
-type dnsCrypt struct {
- boot bootstrapper
- client *dnscrypt.Client // DNSCrypt client properties
- serverInfo *dnscrypt.ServerInfo // DNSCrypt server info
-
- sync.RWMutex // protects DNSCrypt client
-}
-
-func (p *dnsCrypt) Address() string { return p.boot.address }
-
-func (p *dnsCrypt) Exchange(m *dns.Msg) (*dns.Msg, error) {
-
- var client *dnscrypt.Client
- var serverInfo *dnscrypt.ServerInfo
-
- p.RLock()
- client = p.client
- serverInfo = p.serverInfo
- p.RUnlock()
-
- now := uint32(time.Now().Unix())
- if client == nil || serverInfo == nil || (serverInfo != nil && serverInfo.ServerCert.NotAfter < now) {
- p.Lock()
-
- // Using "udp" for DNSCrypt upstreams by default
- client = &dnscrypt.Client{Timeout: defaultTimeout, AdjustPayloadSize: true}
- si, _, err := client.Dial(p.boot.address)
-
- if err != nil {
- p.Unlock()
- return nil, errorx.Decorate(err, "Failed to fetch certificate info from %s", p.Address())
- }
-
- p.client = client
- p.serverInfo = si
- serverInfo = si
- p.Unlock()
- }
-
- reply, _, err := client.Exchange(m, serverInfo)
-
- if err, ok := err.(net.Error); ok && err.Timeout() {
- // If request times out, it is possible that the server configuration has been changed.
- // It is safe to assume that the key was rotated (for instance, as it is described here: https://dnscrypt.pl/2017/02/26/how-key-rotation-is-automated/).
- // We should re-fetch the server certificate info so that the new requests were not failing.
- p.Lock()
- p.client = nil
- p.serverInfo = nil
- p.Unlock()
- }
-
- return reply, err
-}
-
-func (s *Server) chooseUpstream() Upstream {
- upstreams := s.Upstreams
- if upstreams == nil {
- upstreams = defaultValues.Upstreams
- }
- if len(upstreams) == 0 {
- panic("SHOULD NOT HAPPEN: no default upstreams specified")
- }
- if len(upstreams) == 1 {
- return upstreams[0]
- }
- n := rand.Intn(len(upstreams))
- upstream := upstreams[n]
- return upstream
-}
-
-func AddressToUpstream(address string, bootstrap string) (Upstream, error) {
- if strings.Contains(address, "://") {
- url, err := url.Parse(address)
- if err != nil {
- return nil, errorx.Decorate(err, "Failed to parse %s", address)
- }
- switch url.Scheme {
- case "sdns":
- stamp, err := dnsstamps.NewServerStampFromString(address)
- if err != nil {
- return nil, errorx.Decorate(err, "Failed to parse %s", address)
- }
-
- switch stamp.Proto {
- case dnsstamps.StampProtoTypeDNSCrypt:
- return &dnsCrypt{boot: toBoot(url.String(), bootstrap)}, nil
- case dnsstamps.StampProtoTypeDoH:
- return AddressToUpstream(fmt.Sprintf("https://%s%s", stamp.ProviderName, stamp.Path), bootstrap)
- }
-
- return nil, fmt.Errorf("Unsupported protocol %v in %s", stamp.Proto, address)
- case "dns":
- if url.Port() == "" {
- url.Host += ":53"
- }
- return &plainDNS{boot: toBoot(url.Host, bootstrap)}, nil
- case "tcp":
- if url.Port() == "" {
- url.Host += ":53"
- }
- return &plainDNS{boot: toBoot(url.Host, bootstrap), preferTCP: true}, nil
- case "tls":
- if url.Port() == "" {
- url.Host += ":853"
- }
- return &dnsOverTLS{boot: toBoot(url.String(), bootstrap)}, nil
- case "https":
- if url.Port() == "" {
- url.Host += ":443"
- }
- return &dnsOverHTTPS{boot: toBoot(url.String(), bootstrap)}, nil
- default:
- // assume it's plain DNS
- if url.Port() == "" {
- url.Host += ":53"
- }
- return &plainDNS{boot: toBoot(url.String(), bootstrap)}, nil
- }
- }
-
- // we don't have scheme in the url, so it's just a plain DNS host:port
- _, _, err := net.SplitHostPort(address)
- if err != nil {
- // doesn't have port, default to 53
- address = net.JoinHostPort(address, "53")
- }
- return &plainDNS{boot: toBoot(address, bootstrap)}, nil
-}
diff --git a/dnsforward/upstream_pool.go b/dnsforward/upstream_pool.go
deleted file mode 100644
index ca597808..00000000
--- a/dnsforward/upstream_pool.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package dnsforward
-
-import (
- "crypto/tls"
- "net"
- "sync"
-
- "github.com/joomcode/errorx"
-)
-
-// Upstream TLS pool.
-//
-// Example:
-// pool := TLSPool{Address: "tls://1.1.1.1:853"}
-// netConn, err := pool.Get()
-// if err != nil {panic(err)}
-// c := dns.Conn{Conn: netConn}
-// q := dns.Msg{}
-// q.SetQuestion("google.com.", dns.TypeA)
-// log.Println(q)
-// err = c.WriteMsg(&q)
-// if err != nil {panic(err)}
-// r, err := c.ReadMsg()
-// if err != nil {panic(err)}
-// log.Println(r)
-// pool.Put(c.Conn)
-type TLSPool struct {
- boot *bootstrapper
-
- // connections
- conns []net.Conn
- connsMutex sync.Mutex // protects conns
-}
-
-func (n *TLSPool) Get() (net.Conn, error) {
- address, tlsConfig, err := n.boot.get()
- if err != nil {
- return nil, err
- }
-
- // get the connection from the slice inside the lock
- var c net.Conn
- n.connsMutex.Lock()
- num := len(n.conns)
- if num > 0 {
- last := num - 1
- c = n.conns[last]
- n.conns = n.conns[:last]
- }
- n.connsMutex.Unlock()
-
- // if we got connection from the slice, return it
- if c != nil {
- // log.Printf("Returning existing connection to %s", host)
- return c, nil
- }
-
- // we'll need a new connection, dial now
- // log.Printf("Dialing to %s", address)
- conn, err := tls.Dial("tcp", address, tlsConfig)
- if err != nil {
- return nil, errorx.Decorate(err, "Failed to connect to %s", address)
- }
- return conn, nil
-}
-
-func (n *TLSPool) Put(c net.Conn) {
- if c == nil {
- return
- }
- n.connsMutex.Lock()
- n.conns = append(n.conns, c)
- n.connsMutex.Unlock()
-}
diff --git a/dnsforward/upstream_test.go b/dnsforward/upstream_test.go
deleted file mode 100644
index 3db97fbe..00000000
--- a/dnsforward/upstream_test.go
+++ /dev/null
@@ -1,123 +0,0 @@
-package dnsforward
-
-import (
- "net"
- "testing"
-
- "github.com/miekg/dns"
-)
-
-func TestUpstreams(t *testing.T) {
-
- upstreams := []struct {
- address string
- bootstrap string
- }{
- {
- address: "8.8.8.8:53",
- bootstrap: "8.8.8.8:53",
- },
- {
- address: "1.1.1.1",
- bootstrap: "",
- },
- {
- address: "tcp://1.1.1.1:53",
- bootstrap: "",
- },
- {
- address: "176.103.130.130:5353",
- bootstrap: "",
- },
- {
- address: "tls://1.1.1.1",
- bootstrap: "",
- },
- {
- address: "tls://9.9.9.9:853",
- bootstrap: "",
- },
- {
- address: "tls://security-filter-dns.cleanbrowsing.org",
- bootstrap: "8.8.8.8:53",
- },
- {
- address: "tls://adult-filter-dns.cleanbrowsing.org:853",
- bootstrap: "8.8.8.8:53",
- },
- {
- address: "https://cloudflare-dns.com/dns-query",
- bootstrap: "8.8.8.8:53",
- },
- {
- address: "https://dns.google.com/experimental",
- bootstrap: "8.8.8.8:53",
- },
- {
- address: "https://doh.cleanbrowsing.org/doh/security-filter/",
- bootstrap: "",
- },
- {
- // AdGuard DNS (DNSCrypt)
- address: "sdns://AQIAAAAAAAAAFDE3Ni4xMDMuMTMwLjEzMDo1NDQzINErR_JS3PLCu_iZEIbq95zkSV2LFsigxDIuUso_OQhzIjIuZG5zY3J5cHQuZGVmYXVsdC5uczEuYWRndWFyZC5jb20",
- bootstrap: "",
- },
- {
- // Cisco OpenDNS (DNSCrypt)
- address: "sdns://AQAAAAAAAAAADjIwOC42Ny4yMjAuMjIwILc1EUAgbyJdPivYItf9aR6hwzzI1maNDL4Ev6vKQ_t5GzIuZG5zY3J5cHQtY2VydC5vcGVuZG5zLmNvbQ",
- bootstrap: "8.8.8.8:53",
- },
- {
- // Cloudflare DNS (DoH)
- address: "sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk",
- bootstrap: "8.8.8.8:53",
- },
- {
- // doh-cleanbrowsing-security (https://doh.cleanbrowsing.org/doh/security-filter/)
- address: "sdns://AgMAAAAAAAAAAAAVZG9oLmNsZWFuYnJvd3Npbmcub3JnFS9kb2gvc2VjdXJpdHktZmlsdGVyLw",
- bootstrap: "8.8.8.8:53",
- },
- {
- // Google (DNS-over-HTTPS)
- address: "sdns://AgUAAAAAAAAAACAe9iTP_15r07rd8_3b_epWVGfjdymdx-5mdRZvMAzBuQ5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs",
- bootstrap: "8.8.8.8:53",
- },
- }
- for _, test := range upstreams {
-
- t.Run(test.address, func(t *testing.T) {
- u, err := AddressToUpstream(test.address, test.bootstrap)
- if err != nil {
- t.Fatalf("Failed to generate upstream from address %s: %s", test.address, err)
- }
-
- checkUpstream(t, u, test.address)
- })
- }
-}
-
-func checkUpstream(t *testing.T, u Upstream, addr string) {
- t.Helper()
-
- req := dns.Msg{}
- req.Id = dns.Id()
- req.RecursionDesired = true
- req.Question = []dns.Question{
- {Name: "google-public-dns-a.google.com.", Qtype: dns.TypeA, Qclass: dns.ClassINET},
- }
-
- reply, err := u.Exchange(&req)
- if err != nil {
- t.Fatalf("Couldn't talk to upstream %s: %s", addr, err)
- }
- if len(reply.Answer) != 1 {
- t.Fatalf("DNS upstream %s returned reply with wrong number of answers - %d", addr, len(reply.Answer))
- }
- if a, ok := reply.Answer[0].(*dns.A); ok {
- if !net.IPv4(8, 8, 8, 8).Equal(a.A) {
- t.Fatalf("DNS upstream %s returned wrong answer instead of 8.8.8.8: %v", addr, a.A)
- }
- } else {
- t.Fatalf("DNS upstream %s returned wrong answer type instead of A: %v", addr, reply.Answer[0])
- }
-}
diff --git a/go.mod b/go.mod
index 4d648f47..7567227d 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,7 @@
module github.com/AdguardTeam/AdGuardHome
require (
+ github.com/AdguardTeam/dnsproxy v0.9.0
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f // indirect
github.com/ameshkov/dnscrypt v1.0.0
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6
@@ -14,6 +15,7 @@ require (
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/shirou/gopsutil v2.18.10+incompatible
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 // indirect
+ github.com/sirupsen/logrus v1.2.0
go.uber.org/goleak v0.10.0
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9
golang.org/x/net v0.0.0-20181217023233-e147a9138326
diff --git a/go.sum b/go.sum
index 11fbdf77..9608edc6 100644
--- a/go.sum
+++ b/go.sum
@@ -1,11 +1,11 @@
+github.com/AdguardTeam/dnsproxy v0.9.0 h1:doHDmVE9bV1fhiBV8rX76WWaSAB9w1H3u8WIiez5OFs=
+github.com/AdguardTeam/dnsproxy v0.9.0/go.mod h1:CKZVVknYdoHVirXqqbALEkC+DBY65yCQrzSKYS78GoE=
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f h1:5ZfJxyXo8KyX8DgGXC5B7ILL8y51fci/qYz2B4j8iLY=
github.com/StackExchange/wmi v0.0.0-20180725035823-b12b22c5341f/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=
github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA=
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635 h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=
github.com/aead/poly1305 v0.0.0-20180717145839-3fee0db0b635/go.mod h1:lmLxL+FV291OopO93Bwf9fQLQeLyt33VJRUg5VJ30us=
-github.com/ameshkov/dnscrypt v0.0.0-20181217090431-1215bb8b150f h1:vOaSvI9B3wqzV1g8raDeVzRJnq5RHQxsz0MVXudxdNU=
-github.com/ameshkov/dnscrypt v0.0.0-20181217090431-1215bb8b150f/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
github.com/ameshkov/dnscrypt v1.0.0 h1:Y7YexPCxtVCTDXlXu9n17+1H5YS25vftx8vV8Dhuu+E=
github.com/ameshkov/dnscrypt v1.0.0/go.mod h1:EC7Z1GguyEEwhuLXrcgkRTE3GdyPDSWq2OXefhydGWo=
github.com/beefsack/go-rate v0.0.0-20180408011153-efa7637bb9b6 h1:KXlsf+qt/X5ttPGEjR0tPH1xaWWoKBEg9Q1THAj2h3I=
@@ -29,10 +29,15 @@ github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86 h1:Olj4M6T1o
github.com/jedisct1/go-dnsstamps v0.0.0-20180418170050-1e4999280f86/go.mod h1:j/ONpSHHmPgDwmFKXg9vhQvIjADe/ft1X4a3TVOmp9g=
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a h1:2nyBWKszM41RO/gt5ElUXigAFiRgJ9KifHDlWOlw0lc=
github.com/jedisct1/xsecretbox v0.0.0-20180508184500-7a679c0bcd9a/go.mod h1:YlN58h704uRFD0BwsEGTq+7Wx+WG2i7P49bc+HwHyAY=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jmcvetta/randutil v0.0.0-20150817122601-2bb1b664bcff h1:6NvhExg4omUC9NfA+l4Oq3ibNNeJUdiAF3iBVB0PlDk=
+github.com/jmcvetta/randutil v0.0.0-20150817122601-2bb1b664bcff/go.mod h1:ddfPX8Z28YMjiqoaJhNBzWHapTHXejnB5cDCUWDwriw=
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
github.com/joomcode/errorx v0.1.0 h1:QmJMiI1DE1UFje2aI1ZWO/VMT5a32qBoXUclGOt8vsc=
github.com/joomcode/errorx v0.1.0/go.mod h1:kgco15ekB6cs+4Xjzo7SPeXzx38PbJzBwbnu9qfVNHQ=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4 h1:Mlji5gkcpzkqTROyE4ZxZ8hN7osunMb2RuGVrbvMvCc=
github.com/markbates/oncer v0.0.0-20181014194634-05fccaae8fc4/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
github.com/miekg/dns v1.1.1 h1:DVkblRdiScEnEr0LR9nTnEQqHYycjkXW9bOjd+2EL2o=
@@ -47,14 +52,18 @@ github.com/shirou/gopsutil v2.18.10+incompatible h1:cy84jW6EVRPa5g9HAHrlbxMSIjBh
github.com/shirou/gopsutil v2.18.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4 h1:udFKJ0aHUL60LboW/A+DfgoHVedieIzIXE8uylPue0U=
github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc=
+github.com/sirupsen/logrus v1.2.0 h1:juTguoYk5qI21pwyTXY3B3Y5cOTH3ZUyZCg1v/mihuo=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/spf13/cobra v0.0.3 h1:ZlrZ4XsMRm04Fr5pSFxBgfND2EBVa1nLpiy1stUsX/8=
github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
go.uber.org/goleak v0.10.0 h1:G3eWbSNIskeRqtsN/1uI5B+eP73y3JUuBsv9AZjehb4=
go.uber.org/goleak v0.10.0/go.mod h1:VCZuO8V8mFPlL0F5J5GK1rtHV3DrFcQ1R8ryq7FK0aI=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9 h1:mKdxBk7AujPs8kU4m80U72y/zjbZ3UcXC7dClwKbUI0=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/net v0.0.0-20181102091132-c10e9556a7bc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -66,6 +75,7 @@ golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6Zh
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f h1:Bl/8QSvNqXvPGPGXa2z5xUTmV7VDcZyvRZ+QQXkXTZQ=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06 h1:0oC8rFnE+74kEmuHZ46F6KHsMr5Gx2gUQPuNz28iQZM=
golang.org/x/sys v0.0.0-20181213200352-4d1cda033e06/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181217223516-dcdaa6325bcb h1:zzdd4xkMwu/GRxhSUJaCPh4/jil9kAbsU7AUmXboO+A=