Documentation ¶
Overview ¶
Package proxy implements a DNS proxy that supports all known DNS encryption protocols
Index ¶
- Constants
- func CheckDisabledAAAARequest(ctx *DNSContext, ipv6Disabled bool) bool
- func GenEmptyMessage(request *dns.Msg, rCode int, retry uint32) *dns.Msg
- type AddressToUpstreamFunction
- type BeforeRequestHandler
- type Config
- type DNSContext
- type FastestAddr
- type Proxy
- func (p *Proxy) Addr(proto string) net.Addr
- func (p *Proxy) Init()
- func (p *Proxy) LookupIPAddr(host string) ([]net.IPAddr, error)
- func (p *Proxy) Resolve(d *DNSContext) error
- func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request)
- func (p *Proxy) SetNAT64Prefix(prefix []byte)
- func (p *Proxy) Start() error
- func (p *Proxy) Stop() error
- type RequestHandler
- type ResponseHandler
- type UpstreamConfig
Constants ¶
const ( // ProtoUDP is plain DNS-over-UDP ProtoUDP = "udp" // ProtoTCP is plain DNS-over-TCP ProtoTCP = "tcp" // ProtoTLS is DNS-over-TLS ProtoTLS = "tls" // ProtoHTTPS is DNS-over-HTTPS ProtoHTTPS = "https" // UnqualifiedNames is reserved name for "unqualified names only", ie names without dots UnqualifiedNames = "unqualified_names" )
Variables ¶
This section is empty.
Functions ¶
func CheckDisabledAAAARequest ¶ added in v0.20.1
func CheckDisabledAAAARequest(ctx *DNSContext, ipv6Disabled bool) bool
CheckDisabledAAAARequest checks if AAAA requests should be disabled or not and sets NoError empty response to given DNSContext if needed
Types ¶
type AddressToUpstreamFunction ¶ added in v0.15.1
type AddressToUpstreamFunction func(address string, opts upstream.Options) (upstream.Upstream, error)
AddressToUpstreamFunction is a type for a callback function which creates an upstream object
type BeforeRequestHandler ¶ added in v0.14.0
type BeforeRequestHandler func(p *Proxy, d *DNSContext) (bool, error)
BeforeRequestHandler is an optional custom handler called before DNS requests If it returns false, the request won't be processed at all
type Config ¶
type Config struct { UDPListenAddr *net.UDPAddr // if nil, then it does not listen for UDP TCPListenAddr *net.TCPAddr // if nil, then it does not listen for TCP HTTPSListenAddr *net.TCPAddr // if nil, then it does not listen for HTTPS (DoH) TLSListenAddr *net.TCPAddr // if nil, then it does not listen for TLS (DoT) TLSConfig *tls.Config // necessary for listening for TLS Ratelimit int // max number of requests per second from a given IP (0 to disable) RatelimitWhitelist []string // a list of whitelisted client IP addresses RefuseAny bool // if true, refuse ANY requests AllServers bool // if true, parallel queries to all configured upstream servers are enabled // Enable EDNS Client Subnet option // DNS requests to the upstream server will contain an OPT record with Client Subnet option. // If the original request already has this option set, we pass it through as is. // Otherwise, we set it ourselves using the client IP with subnet /24 (for IPv4) and /112 (for IPv6). // // If the upstream server supports ECS, it sets subnet number in the response. // This subnet number along with the client IP and other data is used as a cache key. // Next time, if a client from the same subnet requests this host name, // we get the response from cache. // If another client from a different subnet requests this host name, // we pass his request to the upstream server. // // If the upstream server doesn't support ECS (there's no subnet number in response), // this response will be cached for all clients. // // If client IP is private (i.e. not public), we don't add EDNS record into a request. // And so there will be no EDNS record in response either. // We store these responses in general cache (without subnet) // so they will never be used for clients with public IP addresses. EnableEDNSClientSubnet bool EDNSAddr net.IP // ECS IP used in request CacheEnabled bool // cache status CacheSizeBytes int // Cache size (in bytes). Default: 64k CacheMinTTL uint32 // Minimum TTL for DNS entries (in seconds). CacheMaxTTL uint32 // Maximum TTL for DNS entries (in seconds). Upstreams []upstream.Upstream // list of upstreams Fallbacks []upstream.Upstream // list of fallback resolvers (which will be used if regular upstream failed to answer) BeforeRequestHandler BeforeRequestHandler // callback that is called before each request RequestHandler RequestHandler // callback that can handle incoming DNS requests ResponseHandler ResponseHandler // response callback DomainsReservedUpstreams map[string][]upstream.Upstream // map of domains and lists of corresponding upstreams FindFastestAddr bool // use Fastest Address algorithm MaxGoroutines int // maximum number of goroutines processing the DNS requests (important for mobile) }
Config contains all the fields necessary for proxy configuration
type DNSContext ¶
type DNSContext struct { Proto string // "udp", "tcp", "tls", "https" Req *dns.Msg // DNS request Res *dns.Msg // DNS response from an upstream Conn net.Conn // underlying client connection. Can be null in the case of DOH. Addr net.Addr // client address. HTTPRequest *http.Request // HTTP request (for DOH only) HTTPResponseWriter http.ResponseWriter // HTTP response writer (for DOH only) StartTime time.Time // processing start time Upstream upstream.Upstream // upstream that resolved DNS request // Upstream servers to use for this request // If set, Resolve() uses it instead of default servers Upstreams []upstream.Upstream // contains filtered or unexported fields }
DNSContext represents a DNS request message context
type FastestAddr ¶ added in v0.24.0
type FastestAddr struct {
// contains filtered or unexported fields
}
FastestAddr - object data
type Proxy ¶
type Proxy struct { Config // proxy configuration sync.RWMutex // protects parallel access to proxy structures // contains filtered or unexported fields }
Proxy combines the proxy server state and configuration
func (*Proxy) Addr ¶ added in v0.9.1
Addr returns the listen address for the specified proto or null if the proxy does not listen to it proto must be "tcp", "tls", "https" or "udp"
func (*Proxy) Init ¶ added in v0.23.0
func (p *Proxy) Init()
Init - initializes the proxy structures but does not start it
func (*Proxy) LookupIPAddr ¶ added in v0.23.0
LookupIPAddr resolves the specified host IP addresses It sends two DNS queries (A and AAAA) in parallel and returns both results
func (*Proxy) Resolve ¶ added in v0.9.1
func (p *Proxy) Resolve(d *DNSContext) error
Resolve is the default resolving method used by the DNS proxy to query upstreams
func (*Proxy) ServeHTTP ¶ added in v0.9.11
func (p *Proxy) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP is the http.RequestHandler implementation that handles DOH queries Here is what it returns: http.StatusBadRequest - if there is no DNS request data http.StatusUnsupportedMediaType - if request content type is not application/dns-message http.StatusMethodNotAllowed - if request method is not GET or POST
func (*Proxy) SetNAT64Prefix ¶ added in v0.13.0
SetNAT64Prefix sets NAT64 prefix
type RequestHandler ¶ added in v0.14.0
type RequestHandler func(p *Proxy, d *DNSContext) error
RequestHandler is an optional custom handler for DNS requests It is called instead of the default method (Proxy.Resolve()) See handler_test.go for examples
type ResponseHandler ¶ added in v0.13.0
type ResponseHandler func(d *DNSContext, err error)
ResponseHandler is a callback method that is called when DNS query has been processed d -- current DNS query context (contains response if it was successful) err -- error (if any)
type UpstreamConfig ¶ added in v0.12.0
type UpstreamConfig struct { Upstreams []upstream.Upstream // list of default upstreams DomainReservedUpstreams map[string][]upstream.Upstream // map of reserved domains and lists of corresponding upstreams }
UpstreamConfig is a wrapper for list of default upstreams and map of reserved domains and corresponding upstreams
func ParseUpstreamsConfig ¶ added in v0.12.0
func ParseUpstreamsConfig(upstreamConfig, bootstrapDNS []string, timeout time.Duration) (UpstreamConfig, error)
ParseUpstreamsConfig returns UpstreamConfig and error if upstreams configuration is invalid default upstream syntax: <upstreamString> reserved upstream syntax: [/domain1/../domainN/]<upstreamString> More specific domains take priority over less specific domains, To exclude more specific domains from reserved upstreams querying you should use the following syntax: [/domain1/../domainN/]# So the following config: ["[/host.com/]1.2.3.4", "[/www.host.com/]2.3.4.5", "[/maps.host.com/]#", "3.4.5.6"] will send queries for *.host.com to 1.2.3.4, except for *.www.host.com, which will go to 2.3.4.5 and *.maps.host.com, which will go to default server 3.4.5.6 with all other domains
func ParseUpstreamsConfigEx ¶ added in v0.15.1
func ParseUpstreamsConfigEx(upstreamConfig, bootstrapDNS []string, timeout time.Duration, addressToUpstreamFunction AddressToUpstreamFunction) (UpstreamConfig, error)
ParseUpstreamsConfigEx is an extended version of ParseUpstreamsConfig() which has a custom callback function which creates an upstream object