Skip to content

Commit

Permalink
all: imp code, docs
Browse files Browse the repository at this point in the history
  • Loading branch information
EugeneOne1 committed Apr 4, 2024
1 parent 6c68d46 commit 9feeba5
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 4 deletions.
22 changes: 20 additions & 2 deletions internal/dnsforward/dnsforward.go
Original file line number Diff line number Diff line change
Expand Up @@ -345,7 +345,7 @@ func (s *Server) Exchange(ip netip.Addr) (host string, ttl time.Duration, err er
s.serverLock.RLock()
defer s.serverLock.RUnlock()

// TODO(e.burkov): Migrate to netip.Addr already.
// TODO(e.burkov): Migrate to [netip.Addr] already.
arpa, err := netutil.IPToReversedAddr(ip.AsSlice())
if err != nil {
return "", 0, fmt.Errorf("reversing ip: %w", err)
Expand All @@ -366,7 +366,7 @@ func (s *Server) Exchange(ip netip.Addr) (host string, ttl time.Duration, err er
}

dctx := &proxy.DNSContext{
Proto: "udp",
Proto: proxy.ProtoUDP,
Req: req,
IsPrivateClient: true,
}
Expand Down Expand Up @@ -451,6 +451,15 @@ func (s *Server) startLocked() error {
return err
}

// ErrBadPrivateRDNSUpstreams is returned when the private rDNS upstreams are
// invalid but enabled.
//
// TODO(e.burkov): Consider allowing to use incomplete private rDNS upstreams
// configuration in proxy when the private rDNS function is enabled. In theory,
// proxy supports the case when no upstreams provided to resolve the private
// request, since it already supports this for DNS64-prefixed PTR requests.
const ErrBadPrivateRDNSUpstreams errors.Error = "bad private rDNS upstreams"

// prepareLocalResolvers initializes the local upstreams configuration using
// boot as bootstrap. It assumes that s.serverLock is locked or s not running.
func (s *Server) prepareLocalResolvers(
Expand Down Expand Up @@ -493,6 +502,15 @@ func (s *Server) prepareLocalResolvers(
}
}

// Prevalidate the config to catch the exact error before creating proxy.
// See TODO on [ErrBadPrivateRDNSUpstreams].
err = proxy.ValidatePrivateConfig(uc, s.privateNets)
if err != nil {
log.Debug("dnsforward: validating private rdns upstreams: %s", err)

return nil, ErrBadPrivateRDNSUpstreams
}

return uc, nil
}

Expand Down
2 changes: 0 additions & 2 deletions internal/dnsforward/process.go
Original file line number Diff line number Diff line change
Expand Up @@ -420,8 +420,6 @@ func (s *Server) processFilteringBeforeRequest(dctx *dnsContext) (rc resultCode)
if dctx.proxyCtx.RequestedPrivateRDNS != (netip.Prefix{}) {
// There is no need to filter request for locally served ARPA hostname
// so disable redundant filters.
//
// TODO(e.burkov): !! check the above comment.
dctx.setts.ParentalEnabled = false
dctx.setts.SafeBrowsingEnabled = false
dctx.setts.SafeSearchEnabled = false
Expand Down
9 changes: 9 additions & 0 deletions internal/home/dns.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,16 @@ func initDNSServer(
return fmt.Errorf("newServerConfig: %w", err)
}

// Try to prepare the server with disabled private RDNS resolution if it
// failed to prepare as is. See TODO on [ErrBadPrivateRDNSUpstreams].
err = Context.dnsServer.Prepare(dnsConf)
if errors.Is(err, dnsforward.ErrBadPrivateRDNSUpstreams) {
log.Info("WARNING: no local resolvers configured while private RDNS " +
"resolution enabled, trying to disable")
dnsConf.UsePrivateRDNS = false
err = Context.dnsServer.Prepare(dnsConf)
}

if err != nil {
return fmt.Errorf("dnsServer.Prepare: %w", err)
}
Expand Down

0 comments on commit 9feeba5

Please sign in to comment.