Disable local DNS query completely

coyove · Nov 4, 2018 · fa7eda0 · fa7eda0
1 parent 9c7fb57
commit fa7eda0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/pkg/aclrouter/lookup.go b/pkg/aclrouter/lookup.go
@@ -47,6 +47,7 @@ type ACL struct {
 
 	PrivateIPv4Table []ipRange
 	RemoteDNS        bool
+	IgnoreLocalDNS   bool
 	Legacy           bool
 	OmitRules        []string
 }
@@ -93,6 +94,7 @@ func LoadACL(path string) (*ACL, error) {
 	acl.Gray.Always = cf.HasSection("proxy_all")
 	acl.White.Always = cf.HasSection("bypass_all")
 	acl.RemoteDNS = !cf.HasSection("local_dns")
+	acl.IgnoreLocalDNS = cf.HasSection("ignore_local_dns")
 
 	if acl.Gray.Always && acl.White.Always {
 		return acl.postInit(), errors.New("proxy_all and bypass_all collide")
@@ -225,6 +227,10 @@ func (acl *ACL) Check(host string, trustIP bool) (rule byte, strIP string, err e
 		return RuleIPv6, host, nil
 	}
 
+	if acl.IgnoreLocalDNS {
+		return RuleUnknown, host, nil
+	}
+
 	// Resolve at local in case host points to a private ip
 	ip, err = net.ResolveIPAddr("ip4", host)
 	if err != nil {

diff --git a/test.acl b/test.acl
@@ -17,12 +17,13 @@
 # [outbound_block_list] 禁止访问列表 在26行
 # [bypass_list] 直连列表 在6471多行
 # [proxy_list] 代理列表 在998多行
-# [remote_dns] 远程 DNS 解析 -不加使用本地 DNS
+# [remote_dns] 远程 DNS 解析 - 不信任本地 DNS
+# [ignore_local_dns] 完全禁用本地 DNS 解析
 #
 #**********************************************************************
 
 [proxy_all]
-# 默认直连
+# 默认代理
 
 #**********************************************************************
 [outbound_block_list]
@@ -6839,4 +6840,4 @@
 198.18.0.0/15
 198.51.100.0/24
 203.0.113.0/24
-224.0.0.0/3
+224.0.0.0/3