Affected by 
Documentation
¶
Overview ¶
Package dnsforward contains a DNS forwarding server.
Index ¶
- Constants
- func IPFromAddr(addr net.Addr) (ip net.IP)
- func IPStringFromAddr(addr net.Addr) (ipStr string)
- func ValidateClientID(clientID string) (err error)
- func ValidateUpstreams(upstreams []string) (err error)
- type DNSCreateParams
- type DNSCryptConfig
- type FilteringConfig
- type RDNSExchanger
- type Server
- func (s *Server) Close()
- func (s *Server) Exchange(ip net.IP) (host string, err error)
- func (s *Server) IsBlockedIP(ip net.IP) (bool, string)
- func (s *Server) IsRunning() bool
- func (s *Server) Prepare(config *ServerConfig) error
- func (s *Server) RDNSSettings() (localPTRResolvers []string, resolveClients bool)
- func (s *Server) Reconfigure(config *ServerConfig) error
- func (s *Server) Resolve(host string) ([]net.IPAddr, error)
- func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)
- func (s *Server) Start() error
- func (s *Server) Stop() error
- func (s *Server) WriteDiskConfig(c *FilteringConfig)
- type ServerConfig
- type TLSConfig
Constants ¶
View Source
const DefaultTimeout = 10 * time.Second
DefaultTimeout is the default upstream timeout
Variables ¶
This section is empty.
Functions ¶
func IPFromAddr ¶ added in v0.105.0
IPFromAddr gets IP address from addr.
func IPStringFromAddr ¶ added in v0.105.0
IPStringFromAddr extracts IP address from net.Addr. Note: we can't use net.SplitHostPort(a.String()) because of IPv6 zone: https://github.com/AdguardTeam/AdGuardHome/internal/issues/1261
func ValidateClientID ¶ added in v0.105.0
ValidateClientID returns an error if clientID is not a valid client ID.
func ValidateUpstreams ¶
ValidateUpstreams validates each upstream and returns an error if any upstream is invalid or if there are no default upstreams specified.
TODO(e.burkov): Move into aghnet or even into dnsproxy.
Types ¶
type DNSCreateParams ¶
type DNSCreateParams struct {
DNSFilter *dnsfilter.DNSFilter
Stats stats.Stats
QueryLog querylog.QueryLog
DHCPServer dhcpd.ServerInterface
SubnetDetector *aghnet.SubnetDetector
AutohostTLD string
}
DNSCreateParams are parameters to create a new server.
type DNSCryptConfig ¶ added in v0.105.0
type DNSCryptConfig struct {
UDPListenAddrs []*net.UDPAddr
TCPListenAddrs []*net.TCPAddr
ProviderName string
ResolverCert *dnscrypt.Cert
Enabled bool
}
DNSCryptConfig is the DNSCrypt server configuration struct.
type FilteringConfig ¶
type FilteringConfig struct {
// FilterHandler is an optional additional filtering callback.
FilterHandler func(clientAddr net.IP, clientID string, settings *dnsfilter.FilteringSettings) `yaml:"-"`
// GetCustomUpstreamByClient - a callback function that returns upstreams configuration
// based on the client IP address. Returns nil if there are no custom upstreams for the client
//
// TODO(e.burkov): Replace argument type with net.IP.
GetCustomUpstreamByClient func(clientAddr string) *proxy.UpstreamConfig `yaml:"-"`
ProtectionEnabled bool `yaml:"protection_enabled"` // whether or not use any of dnsfilter features
BlockingMode string `yaml:"blocking_mode"` // mode how to answer filtered requests
BlockingIPv4 net.IP `yaml:"blocking_ipv4"` // IP address to be returned for a blocked A request
BlockingIPv6 net.IP `yaml:"blocking_ipv6"` // IP address to be returned for a blocked AAAA request
BlockedResponseTTL uint32 `yaml:"blocked_response_ttl"` // if 0, then default is used (3600)
// IP (or domain name) which is used to respond to DNS requests blocked by parental control or safe-browsing
ParentalBlockHost string `yaml:"parental_block_host"`
SafeBrowsingBlockHost string `yaml:"safebrowsing_block_host"`
Ratelimit uint32 `yaml:"ratelimit"` // max number of requests per second from a given IP (0 to disable)
RatelimitWhitelist []string `yaml:"ratelimit_whitelist"` // a list of whitelisted client IP addresses
RefuseAny bool `yaml:"refuse_any"` // if true, refuse ANY requests
UpstreamDNS []string `yaml:"upstream_dns"`
UpstreamDNSFileName string `yaml:"upstream_dns_file"`
BootstrapDNS []string `yaml:"bootstrap_dns"` // a list of bootstrap DNS for DoH and DoT (plain DNS only)
AllServers bool `yaml:"all_servers"` // if true, parallel queries to all configured upstream servers are enabled
FastestAddr bool `yaml:"fastest_addr"` // use Fastest Address algorithm
AllowedClients []string `yaml:"allowed_clients"` // IP addresses of whitelist clients
DisallowedClients []string `yaml:"disallowed_clients"` // IP addresses of clients that should be blocked
BlockedHosts []string `yaml:"blocked_hosts"` // hosts that should be blocked
CacheSize uint32 `yaml:"cache_size"` // DNS cache size (in bytes)
CacheMinTTL uint32 `yaml:"cache_ttl_min"` // override TTL value (minimum) received from upstream server
CacheMaxTTL uint32 `yaml:"cache_ttl_max"` // override TTL value (maximum) received from upstream server
BogusNXDomain []string `yaml:"bogus_nxdomain"` // transform responses with these IP addresses to NXDOMAIN
AAAADisabled bool `yaml:"aaaa_disabled"` // Respond with an empty answer to all AAAA requests
EnableDNSSEC bool `yaml:"enable_dnssec"` // Set DNSSEC flag in outcoming DNS request
EnableEDNSClientSubnet bool `yaml:"edns_client_subnet"` // Enable EDNS Client Subnet option
MaxGoroutines uint32 `yaml:"max_goroutines"` // Max. number of parallel goroutines for processing incoming requests
// IPSET configuration - add IP addresses of the specified domain names to an ipset list
// Syntax:
// "DOMAIN[,DOMAIN].../IPSET_NAME"
IPSETList []string `yaml:"ipset"`
}
FilteringConfig represents the DNS filtering configuration of AdGuard Home The zero FilteringConfig is empty and ready for use.
type RDNSExchanger ¶ added in v0.106.0
type RDNSExchanger interface {
// Exchange tries to resolve the ip in a suitable way, e.g. either as
// local or as external.
Exchange(ip net.IP) (host string, err error)
}
RDNSExchanger is a resolver for clients' addresses.
type Server ¶
Server is the main way to start a DNS server.
Example:
s := dnsforward.Server{}
err := s.Start(nil) // will start a DNS server listening on default port 53, in a goroutine
err := s.Reconfigure(ServerConfig{UDPListenAddr: &net.UDPAddr{Port: 53535}}) // will reconfigure running DNS server to listen on UDP port 53535
err := s.Stop() // will stop listening on port 53535 and cancel all goroutines
err := s.Start(nil) // will start listening again, on port 53535, in a goroutine
The zero Server is empty and ready for use.
func NewCustomServer ¶ added in v0.105.0
NewCustomServer creates a new instance of *Server with custom internal proxy.
func NewServer ¶
func NewServer(p DNSCreateParams) (s *Server, err error)
NewServer creates a new instance of the dnsforward.Server Note: this function must be called only once
func (*Server) IsBlockedIP ¶
IsBlockedIP - return TRUE if this client should be blocked
func (*Server) RDNSSettings ¶ added in v0.106.0
RDNSSettings returns the copy of actual RDNS configuration.
func (*Server) Reconfigure ¶
func (s *Server) Reconfigure(config *ServerConfig) error
Reconfigure applies the new configuration to the DNS server
func (*Server) Resolve ¶
Resolve - get IP addresses by host name from an upstream server. No request/response filtering is performed. Query log and Stats are not updated. This method may be called before Start().
func (*Server) ServeHTTP ¶
func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP is a HTTP handler method we use to provide DNS-over-HTTPS
func (*Server) WriteDiskConfig ¶
func (s *Server) WriteDiskConfig(c *FilteringConfig)
WriteDiskConfig - write configuration
type ServerConfig ¶
type ServerConfig struct {
UDPListenAddrs []*net.UDPAddr // UDP listen address
TCPListenAddrs []*net.TCPAddr // TCP listen address
UpstreamConfig *proxy.UpstreamConfig // Upstream DNS servers config
OnDNSRequest func(d *proxy.DNSContext)
FilteringConfig
TLSConfig
DNSCryptConfig
TLSAllowUnencryptedDOH bool
TLSv12Roots *x509.CertPool // list of root CAs for TLSv1.2
TLSCiphers []uint16 // list of TLS ciphers to use
// Called when the configuration is changed by HTTP request
ConfigModified func()
// Register an HTTP handler
HTTPRegister func(string, string, func(http.ResponseWriter, *http.Request))
// ResolveClients signals if the RDNS should resolve clients' addresses.
ResolveClients bool
// LocalPTRResolvers is a slice of addresses to be used as upstreams for
// resolving PTR queries for local addresses.
LocalPTRResolvers []string
}
ServerConfig represents server configuration. The zero ServerConfig is empty and ready for use.
type TLSConfig ¶
type TLSConfig struct {
TLSListenAddrs []*net.TCPAddr `yaml:"-" json:"-"`
QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"`
// Reject connection if the client uses server name (in SNI) that doesn't match the certificate
StrictSNICheck bool `yaml:"strict_sni_check" json:"-"`
// PEM-encoded certificates chain
CertificateChain string `yaml:"certificate_chain" json:"certificate_chain"`
// PEM-encoded private key
PrivateKey string `yaml:"private_key" json:"private_key"`
CertificatePath string `yaml:"certificate_path" json:"certificate_path"`
PrivateKeyPath string `yaml:"private_key_path" json:"private_key_path"`
CertificateChainData []byte `yaml:"-" json:"-"`
PrivateKeyData []byte `yaml:"-" json:"-"`
// ServerName is the hostname of the server. Currently, it is only
// being used for client ID checking.
ServerName string `yaml:"-" json:"-"`
// contains filtered or unexported fields
}
TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
Source Files
Click to show internal directories.
Click to hide internal directories.