DNS outbound: Replace "reject" with "return" (rCode is 0 by default) (#6214)

https://github.com/XTLS/Xray-core/pull/6214#issuecomment-4587988752

Example: https://github.com/XTLS/Xray-core/pull/6214#issue-4553786283

---------

Co-authored-by: Meo597 <197331664+Meo597@users.noreply.github.com>
This commit is contained in:
j2rong4cn
2026-06-01 09:25:47 +08:00
committed by GitHub
parent 455f6bc2d5
commit cb8cd048c1
7 changed files with 116 additions and 99 deletions
+2 -1
View File
@@ -3,6 +3,7 @@ package conf
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"math"
"strconv" "strconv"
"strings" "strings"
@@ -199,7 +200,7 @@ func (v *PortRange) UnmarshalJSON(data []byte) error {
if err == nil { if err == nil {
v.From = uint32(from) v.From = uint32(from)
v.To = uint32(to) v.To = uint32(to)
if v.From > v.To { if v.From > v.To || v.To > math.MaxUint16 {
return errors.New("invalid port range ", v.From, " -> ", v.To) return errors.New("invalid port range ", v.From, " -> ", v.To)
} }
return nil return nil
+22 -20
View File
@@ -12,8 +12,9 @@ import (
type DNSOutboundRuleConfig struct { type DNSOutboundRuleConfig struct {
Action string `json:"action"` Action string `json:"action"`
QType *PortList `json:"qtype"` QType *PortList `json:"qType"`
Domain *StringList `json:"domain"` Domain *StringList `json:"domain"`
RCode uint32 `json:"rCode"`
} }
func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) { func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) {
@@ -24,8 +25,8 @@ func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) {
rule.Action = dns.RuleAction_Direct rule.Action = dns.RuleAction_Direct
case "drop": case "drop":
rule.Action = dns.RuleAction_Drop rule.Action = dns.RuleAction_Drop
case "reject": case "return":
rule.Action = dns.RuleAction_Reject rule.Action = dns.RuleAction_Return
case "hijack": case "hijack":
rule.Action = dns.RuleAction_Hijack rule.Action = dns.RuleAction_Hijack
default: default:
@@ -34,14 +35,8 @@ func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) {
if c.QType != nil { if c.QType != nil {
for _, r := range c.QType.Range { for _, r := range c.QType.Range {
if r.From > r.To { for qType := r.From; qType <= r.To; qType++ {
return nil, errors.New("invalid qtype range: ", r.String()) rule.QType = append(rule.QType, int32(qType))
}
if r.To > 65535 {
return nil, errors.New("dns rule qtype out of range: ", r.String())
}
for qtype := r.From; qtype <= r.To; qtype++ {
rule.Qtype = append(rule.Qtype, int32(qtype))
} }
} }
} }
@@ -54,6 +49,11 @@ func (c *DNSOutboundRuleConfig) Build() (*dns.DNSRuleConfig, error) {
rule.Domain = rules rule.Domain = rules
} }
if c.RCode > 65535 {
return nil, errors.New("rCode out of range: ", c.RCode)
}
rule.RCode = c.RCode
return rule, nil return rule, nil
} }
@@ -133,28 +133,30 @@ func (c *DNSOutboundConfig) buildLegacyDNSPolicy() ([]*dns.DNSRuleConfig, error)
if c.BlockTypes != nil && len(*c.BlockTypes) > 0 { if c.BlockTypes != nil && len(*c.BlockTypes) > 0 {
rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Drop} rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Drop}
if mode == "reject" { if mode == "reject" {
rule.Action = dns.RuleAction_Reject rule.Action = dns.RuleAction_Return
rule.RCode = 5
} }
for _, qtype := range *c.BlockTypes { for _, qType := range *c.BlockTypes {
if qtype < 0 || qtype > 65535 { if qType < 0 || qType > 65535 {
return nil, errors.New("legacy blockTypes qtype out of range: ", qtype) return nil, errors.New("legacy blockTypes qType out of range: ", qType)
} }
rule.Qtype = append(rule.Qtype, qtype) rule.QType = append(rule.QType, qType)
} }
rules = append(rules, rule) rules = append(rules, rule)
} }
{ {
rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Hijack} rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Hijack}
rule.Qtype = append(rule.Qtype, 1) rule.QType = append(rule.QType, 1)
rule.Qtype = append(rule.Qtype, 28) rule.QType = append(rule.QType, 28)
rules = append(rules, rule) rules = append(rules, rule)
} }
{ {
rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Reject} rule := &dns.DNSRuleConfig{Action: dns.RuleAction_Return}
if mode == "reject" { if mode == "reject" {
rule.Action = dns.RuleAction_Reject rule.Action = dns.RuleAction_Return
rule.RCode = 5
} else if mode == "drop" { } else if mode == "drop" {
rule.Action = dns.RuleAction_Drop rule.Action = dns.RuleAction_Drop
} else if mode == "skip" { } else if mode == "skip" {
+24 -19
View File
@@ -35,10 +35,10 @@ func TestDnsProxyConfig(t *testing.T) {
Input: `{ Input: `{
"rules": [{ "rules": [{
"action": "direct", "action": "direct",
"qtype": "1,3,23-24" "qType": "1,3,23-24"
}, { }, {
"action": "drop", "action": "drop",
"qtype": 28, "qType": 28,
"domain": ["domain:example.com", "full:example.com"] "domain": ["domain:example.com", "full:example.com"]
}] }]
}`, }`,
@@ -48,11 +48,11 @@ func TestDnsProxyConfig(t *testing.T) {
Rule: []*dns.DNSRuleConfig{ Rule: []*dns.DNSRuleConfig{
{ {
Action: dns.RuleAction_Direct, Action: dns.RuleAction_Direct,
Qtype: []int32{1, 3, 23, 24}, QType: []int32{1, 3, 23, 24},
}, },
{ {
Action: dns.RuleAction_Drop, Action: dns.RuleAction_Drop,
Qtype: []int32{28}, QType: []int32{28},
Domain: []*geodata.DomainRule{ Domain: []*geodata.DomainRule{
{ {
Value: &geodata.DomainRule_Custom{ Value: &geodata.DomainRule_Custom{
@@ -78,7 +78,8 @@ func TestDnsProxyConfig(t *testing.T) {
{ {
Input: `{ Input: `{
"rules": [{ "rules": [{
"action": "reject", "action": "return",
"rCode": 5,
"domain": "keyword:example" "domain": "keyword:example"
}] }]
}`, }`,
@@ -87,7 +88,8 @@ func TestDnsProxyConfig(t *testing.T) {
RewriteServer: &net.Endpoint{}, RewriteServer: &net.Endpoint{},
Rule: []*dns.DNSRuleConfig{ Rule: []*dns.DNSRuleConfig{
{ {
Action: dns.RuleAction_Reject, Action: dns.RuleAction_Return,
RCode: 5,
Domain: []*geodata.DomainRule{ Domain: []*geodata.DomainRule{
{ {
Value: &geodata.DomainRule_Custom{ Value: &geodata.DomainRule_Custom{
@@ -106,7 +108,7 @@ func TestDnsProxyConfig(t *testing.T) {
Input: `{ Input: `{
"rules": [{ "rules": [{
"action": "drop", "action": "drop",
"qtype": 257 "qType": 257
}] }]
}`, }`,
Parser: loadJSON(creator), Parser: loadJSON(creator),
@@ -115,7 +117,7 @@ func TestDnsProxyConfig(t *testing.T) {
Rule: []*dns.DNSRuleConfig{ Rule: []*dns.DNSRuleConfig{
{ {
Action: dns.RuleAction_Drop, Action: dns.RuleAction_Drop,
Qtype: []int32{257}, QType: []int32{257},
}, },
}, },
}, },
@@ -140,10 +142,11 @@ func TestDnsProxyConfigLegacyCompatibility(t *testing.T) {
Rule: []*dns.DNSRuleConfig{ Rule: []*dns.DNSRuleConfig{
{ {
Action: dns.RuleAction_Hijack, Action: dns.RuleAction_Hijack,
Qtype: []int32{1, 28}, QType: []int32{1, 28},
}, },
{ {
Action: dns.RuleAction_Reject, Action: dns.RuleAction_Return,
RCode: 5,
}, },
}, },
}, },
@@ -157,15 +160,17 @@ func TestDnsProxyConfigLegacyCompatibility(t *testing.T) {
RewriteServer: &net.Endpoint{}, RewriteServer: &net.Endpoint{},
Rule: []*dns.DNSRuleConfig{ Rule: []*dns.DNSRuleConfig{
{ {
Action: dns.RuleAction_Reject, Action: dns.RuleAction_Return,
Qtype: []int32{1, 65}, QType: []int32{1, 65},
RCode: 5,
}, },
{ {
Action: dns.RuleAction_Hijack, Action: dns.RuleAction_Hijack,
Qtype: []int32{1, 28}, QType: []int32{1, 28},
}, },
{ {
Action: dns.RuleAction_Reject, Action: dns.RuleAction_Return,
RCode: 5,
}, },
}, },
}, },
@@ -181,11 +186,11 @@ func TestDnsProxyConfigLegacyCompatibility(t *testing.T) {
Rule: []*dns.DNSRuleConfig{ Rule: []*dns.DNSRuleConfig{
{ {
Action: dns.RuleAction_Drop, Action: dns.RuleAction_Drop,
Qtype: []int32{1}, QType: []int32{1},
}, },
{ {
Action: dns.RuleAction_Hijack, Action: dns.RuleAction_Hijack,
Qtype: []int32{1, 28}, QType: []int32{1, 28},
}, },
{ {
Action: dns.RuleAction_Drop, Action: dns.RuleAction_Drop,
@@ -204,11 +209,11 @@ func TestDnsProxyConfigLegacyCompatibility(t *testing.T) {
Rule: []*dns.DNSRuleConfig{ Rule: []*dns.DNSRuleConfig{
{ {
Action: dns.RuleAction_Drop, Action: dns.RuleAction_Drop,
Qtype: []int32{65, 28}, QType: []int32{65, 28},
}, },
{ {
Action: dns.RuleAction_Hijack, Action: dns.RuleAction_Hijack,
Qtype: []int32{1, 28}, QType: []int32{1, 28},
}, },
{ {
Action: dns.RuleAction_Direct, Action: dns.RuleAction_Direct,
@@ -228,7 +233,7 @@ func TestDnsProxyConfigRejectsMixedLegacyAndNewFields(t *testing.T) {
_, err := loadJSON(creator)(`{ _, err := loadJSON(creator)(`{
"rules": [{ "rules": [{
"action": "direct", "action": "direct",
"qtype": 65 "qType": 65
}], }],
"blockTypes": [65] "blockTypes": [65]
}`) }`)
+20 -11
View File
@@ -28,7 +28,7 @@ type RuleAction int32
const ( const (
RuleAction_Direct RuleAction = 0 RuleAction_Direct RuleAction = 0
RuleAction_Drop RuleAction = 1 RuleAction_Drop RuleAction = 1
RuleAction_Reject RuleAction = 2 RuleAction_Return RuleAction = 2
RuleAction_Hijack RuleAction = 3 RuleAction_Hijack RuleAction = 3
) )
@@ -37,13 +37,13 @@ var (
RuleAction_name = map[int32]string{ RuleAction_name = map[int32]string{
0: "Direct", 0: "Direct",
1: "Drop", 1: "Drop",
2: "Reject", 2: "Return",
3: "Hijack", 3: "Hijack",
} }
RuleAction_value = map[string]int32{ RuleAction_value = map[string]int32{
"Direct": 0, "Direct": 0,
"Drop": 1, "Drop": 1,
"Reject": 2, "Return": 2,
"Hijack": 3, "Hijack": 3,
} }
) )
@@ -78,8 +78,9 @@ func (RuleAction) EnumDescriptor() ([]byte, []int) {
type DNSRuleConfig struct { type DNSRuleConfig struct {
state protoimpl.MessageState `protogen:"open.v1"` state protoimpl.MessageState `protogen:"open.v1"`
Action RuleAction `protobuf:"varint,1,opt,name=action,proto3,enum=xray.proxy.dns.RuleAction" json:"action,omitempty"` Action RuleAction `protobuf:"varint,1,opt,name=action,proto3,enum=xray.proxy.dns.RuleAction" json:"action,omitempty"`
Qtype []int32 `protobuf:"varint,2,rep,packed,name=qtype,proto3" json:"qtype,omitempty"` QType []int32 `protobuf:"varint,2,rep,packed,name=q_type,json=qType,proto3" json:"q_type,omitempty"`
Domain []*geodata.DomainRule `protobuf:"bytes,3,rep,name=domain,proto3" json:"domain,omitempty"` Domain []*geodata.DomainRule `protobuf:"bytes,3,rep,name=domain,proto3" json:"domain,omitempty"`
RCode uint32 `protobuf:"varint,4,opt,name=r_code,json=rCode,proto3" json:"r_code,omitempty"`
unknownFields protoimpl.UnknownFields unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache sizeCache protoimpl.SizeCache
} }
@@ -121,9 +122,9 @@ func (x *DNSRuleConfig) GetAction() RuleAction {
return RuleAction_Direct return RuleAction_Direct
} }
func (x *DNSRuleConfig) GetQtype() []int32 { func (x *DNSRuleConfig) GetQType() []int32 {
if x != nil { if x != nil {
return x.Qtype return x.QType
} }
return nil return nil
} }
@@ -135,6 +136,13 @@ func (x *DNSRuleConfig) GetDomain() []*geodata.DomainRule {
return nil return nil
} }
func (x *DNSRuleConfig) GetRCode() uint32 {
if x != nil {
return x.RCode
}
return 0
}
type Config struct { type Config struct {
state protoimpl.MessageState `protogen:"open.v1"` state protoimpl.MessageState `protogen:"open.v1"`
UserLevel uint32 `protobuf:"varint,1,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"` UserLevel uint32 `protobuf:"varint,1,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"`
@@ -199,11 +207,12 @@ var File_proxy_dns_config_proto protoreflect.FileDescriptor
const file_proxy_dns_config_proto_rawDesc = "" + const file_proxy_dns_config_proto_rawDesc = "" +
"\n" + "\n" +
"\x16proxy/dns/config.proto\x12\x0exray.proxy.dns\x1a\x1ccommon/net/destination.proto\x1a\x1bcommon/geodata/geodat.proto\"\x92\x01\n" + "\x16proxy/dns/config.proto\x12\x0exray.proxy.dns\x1a\x1ccommon/net/destination.proto\x1a\x1bcommon/geodata/geodat.proto\"\xaa\x01\n" +
"\rDNSRuleConfig\x122\n" + "\rDNSRuleConfig\x122\n" +
"\x06action\x18\x01 \x01(\x0e2\x1a.xray.proxy.dns.RuleActionR\x06action\x12\x14\n" + "\x06action\x18\x01 \x01(\x0e2\x1a.xray.proxy.dns.RuleActionR\x06action\x12\x15\n" +
"\x05qtype\x18\x02 \x03(\x05R\x05qtype\x127\n" + "\x06q_type\x18\x02 \x03(\x05R\x05qType\x127\n" +
"\x06domain\x18\x03 \x03(\v2\x1f.xray.common.geodata.DomainRuleR\x06domain\"\x9c\x01\n" + "\x06domain\x18\x03 \x03(\v2\x1f.xray.common.geodata.DomainRuleR\x06domain\x12\x15\n" +
"\x06r_code\x18\x04 \x01(\rR\x05rCode\"\x9c\x01\n" +
"\x06Config\x12\x1d\n" + "\x06Config\x12\x1d\n" +
"\n" + "\n" +
"user_level\x18\x01 \x01(\rR\tuserLevel\x121\n" + "user_level\x18\x01 \x01(\rR\tuserLevel\x121\n" +
@@ -215,7 +224,7 @@ const file_proxy_dns_config_proto_rawDesc = "" +
"\x06Direct\x10\x00\x12\b\n" + "\x06Direct\x10\x00\x12\b\n" +
"\x04Drop\x10\x01\x12\n" + "\x04Drop\x10\x01\x12\n" +
"\n" + "\n" +
"\x06Reject\x10\x02\x12\n" + "\x06Return\x10\x02\x12\n" +
"\n" + "\n" +
"\x06Hijack\x10\x03BL\n" + "\x06Hijack\x10\x03BL\n" +
"\x12com.xray.proxy.dnsP\x01Z#github.com/xtls/xray-core/proxy/dns\xaa\x02\x0eXray.Proxy.Dnsb\x06proto3" "\x12com.xray.proxy.dnsP\x01Z#github.com/xtls/xray-core/proxy/dns\xaa\x02\x0eXray.Proxy.Dnsb\x06proto3"
+3 -2
View File
@@ -12,14 +12,15 @@ import "common/geodata/geodat.proto";
enum RuleAction { enum RuleAction {
Direct = 0; Direct = 0;
Drop = 1; Drop = 1;
Reject = 2; Return = 2;
Hijack = 3; Hijack = 3;
} }
message DNSRuleConfig { message DNSRuleConfig {
RuleAction action = 1; RuleAction action = 1;
repeated int32 qtype = 2; repeated int32 q_type = 2;
repeated xray.common.geodata.DomainRule domain = 3; repeated xray.common.geodata.DomainRule domain = 3;
uint32 r_code = 4;
} }
message Config { message Config {
+41 -43
View File
@@ -45,6 +45,7 @@ type DNSRule struct {
action RuleAction action RuleAction
qTypes []uint16 qTypes []uint16
domains geodata.DomainMatcher domains geodata.DomainMatcher
rCode dnsmessage.RCode
} }
func (r *DNSRule) matchQType(qType uint16) bool { func (r *DNSRule) matchQType(qType uint16) bool {
@@ -95,9 +96,10 @@ func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager polic
for _, r := range config.Rule { for _, r := range config.Rule {
rule := &DNSRule{ rule := &DNSRule{
action: r.Action, action: r.Action,
qTypes: make([]uint16, 0, len(r.Qtype)), qTypes: make([]uint16, 0, len(r.QType)),
rCode: dnsmessage.RCode(r.RCode),
} }
for _, t := range r.Qtype { for _, t := range r.QType {
rule.qTypes = append(rule.qTypes, uint16(t)) rule.qTypes = append(rule.qTypes, uint16(t))
} }
if len(r.Domain) > 0 { if len(r.Domain) > 0 {
@@ -136,17 +138,17 @@ func parseQuery(b []byte) (id uint16, qType dnsmessage.Type, domain string, ok b
return return
} }
func (h *Handler) applyRules(qType dnsmessage.Type, domain string) RuleAction { func (h *Handler) applyRules(qType dnsmessage.Type, domain string) (RuleAction, dnsmessage.RCode) {
qCode := uint16(qType) qCode := uint16(qType)
for _, r := range h.rules { for _, r := range h.rules {
if r.Apply(qCode, domain) { if r.Apply(qCode, domain) {
return r.action return r.action, r.rCode
} }
} }
if qType == dnsmessage.TypeA || qType == dnsmessage.TypeAAAA { if qType == dnsmessage.TypeA || qType == dnsmessage.TypeAAAA {
return RuleAction_Hijack return RuleAction_Hijack, dnsmessage.RCodeSuccess
} }
return RuleAction_Reject return RuleAction_Return, dnsmessage.RCodeSuccess
} }
// Process implements proxy.Outbound. // Process implements proxy.Outbound.
@@ -213,7 +215,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
} }
if session.TimeoutOnlyFromContext(ctx) { if session.TimeoutOnlyFromContext(ctx) {
ctx, _ = context.WithCancel(context.Background()) ctx = context.Background()
} }
ctx, cancel := context.WithCancel(ctx) ctx, cancel := context.WithCancel(ctx)
@@ -250,21 +252,22 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
continue continue
} }
switch h.applyRules(qType, domain) { action, rCode := h.applyRules(qType, domain)
switch action {
case RuleAction_Drop: case RuleAction_Drop:
b.Release() b.Release()
errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain) errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain)
case RuleAction_Reject: case RuleAction_Return:
b.Release() b.Release()
errors.LogInfo(ctx, "rejected type ", qType, " query for domain ", domain) errors.LogInfo(ctx, "rejected type ", qType, " query for domain ", domain)
if err := h.rejectNonIPQuery(id, qType, domain, writer); err != nil { if err := h.rejectNonIPQuery(id, qType, domain, writer, rCode); err != nil {
return err return err
} }
case RuleAction_Hijack: case RuleAction_Hijack:
b.Release() b.Release()
if qType != dnsmessage.TypeA && qType != dnsmessage.TypeAAAA { if qType != dnsmessage.TypeA && qType != dnsmessage.TypeAAAA {
errors.LogError(ctx, "can only hijack A/AAAA records") errors.LogError(ctx, "can only hijack A/AAAA records")
if err := h.rejectNonIPQuery(id, qType, domain, writer); err != nil { if err := h.rejectNonIPQuery(id, qType, domain, writer, rCode); err != nil {
return err return err
} }
} else { } else {
@@ -309,48 +312,35 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter, timer *signal.ActivityTimer) { func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter, timer *signal.ActivityTimer) {
var ips []net.IP var ips []net.IP
var ttl uint32
var err error var err error
var ttl4 uint32
var ttl6 uint32
switch qType { switch qType {
case dnsmessage.TypeA: case dnsmessage.TypeA:
ips, ttl4, err = h.client.LookupIP(domain, dns.IPOption{ ips, ttl, err = h.client.LookupIP(domain, dns.IPOption{
IPv4Enable: true, IPv4Enable: true,
IPv6Enable: false, IPv6Enable: false,
FakeEnable: true, FakeEnable: true,
}) })
case dnsmessage.TypeAAAA: case dnsmessage.TypeAAAA:
ips, ttl6, err = h.client.LookupIP(domain, dns.IPOption{ ips, ttl, err = h.client.LookupIP(domain, dns.IPOption{
IPv4Enable: false, IPv4Enable: false,
IPv6Enable: true, IPv6Enable: true,
FakeEnable: true, FakeEnable: true,
}) })
} }
rcode := dns.RCodeFromError(err) rCode := dns.RCodeFromError(err)
if rcode == 0 && len(ips) == 0 && !go_errors.Is(err, dns.ErrEmptyResponse) { if rCode == 0 && len(ips) == 0 && !go_errors.Is(err, dns.ErrEmptyResponse) {
errors.LogInfoInner(context.Background(), err, "ip query") errors.LogInfoInner(context.Background(), err, "ip query")
return return
} }
switch qType {
case dnsmessage.TypeA:
for i, ip := range ips {
ips[i] = ip.To4()
}
case dnsmessage.TypeAAAA:
for i, ip := range ips {
ips[i] = ip.To16()
}
}
b := buf.New() b := buf.New()
rawBytes := b.Extend(buf.Size) rawBytes := b.Extend(buf.Size)
builder := dnsmessage.NewBuilder(rawBytes[:0], dnsmessage.Header{ builder := dnsmessage.NewBuilder(rawBytes[:0], dnsmessage.Header{
ID: id, ID: id,
RCode: dnsmessage.RCode(rcode), RCode: dnsmessage.RCode(rCode),
RecursionAvailable: true, RecursionAvailable: true,
RecursionDesired: true, RecursionDesired: true,
Response: true, Response: true,
@@ -365,17 +355,25 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string,
})) }))
common.Must(builder.StartAnswers()) common.Must(builder.StartAnswers())
rHeader4 := dnsmessage.ResourceHeader{Name: dnsmessage.MustNewName(domain), Class: dnsmessage.ClassINET, TTL: ttl4} rHeader := dnsmessage.ResourceHeader{Name: dnsmessage.MustNewName(domain), Class: dnsmessage.ClassINET, TTL: ttl}
rHeader6 := dnsmessage.ResourceHeader{Name: dnsmessage.MustNewName(domain), Class: dnsmessage.ClassINET, TTL: ttl6} switch qType {
for _, ip := range ips { case dnsmessage.TypeA:
if len(ip) == net.IPv4len { for _, ip := range ips {
var r dnsmessage.AResource ip = ip.To4()
copy(r.A[:], ip) if len(ip) == net.IPv4len {
common.Must(builder.AResource(rHeader4, r)) var r dnsmessage.AResource
} else { copy(r.A[:], ip)
var r dnsmessage.AAAAResource common.Must(builder.AResource(rHeader, r))
copy(r.AAAA[:], ip) }
common.Must(builder.AAAAResource(rHeader6, r)) }
case dnsmessage.TypeAAAA:
for _, ip := range ips {
ip = ip.To16()
if len(ip) == net.IPv6len {
var r dnsmessage.AAAAResource
copy(r.AAAA[:], ip)
common.Must(builder.AAAAResource(rHeader, r))
}
} }
} }
msgBytes, err := builder.Finish() msgBytes, err := builder.Finish()
@@ -392,7 +390,7 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string,
} }
} }
func (h *Handler) rejectNonIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter) error { func (h *Handler) rejectNonIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter, rCode dnsmessage.RCode) error {
domainT := strings.TrimSuffix(domain, ".") domainT := strings.TrimSuffix(domain, ".")
if domainT == "" { if domainT == "" {
return errors.New("empty domain name") return errors.New("empty domain name")
@@ -401,7 +399,7 @@ func (h *Handler) rejectNonIPQuery(id uint16, qType dnsmessage.Type, domain stri
rawBytes := b.Extend(buf.Size) rawBytes := b.Extend(buf.Size)
builder := dnsmessage.NewBuilder(rawBytes[:0], dnsmessage.Header{ builder := dnsmessage.NewBuilder(rawBytes[:0], dnsmessage.Header{
ID: id, ID: id,
RCode: dnsmessage.RCodeRefused, RCode: rCode,
RecursionAvailable: true, RecursionAvailable: true,
RecursionDesired: true, RecursionDesired: true,
Response: true, Response: true,
+4 -3
View File
@@ -424,7 +424,7 @@ func TestDNSRules(t *testing.T) {
ProxySettings: serial.ToTypedMessage(&dns_proxy.Config{ ProxySettings: serial.ToTypedMessage(&dns_proxy.Config{
Rule: []*dns_proxy.DNSRuleConfig{ Rule: []*dns_proxy.DNSRuleConfig{
{ {
Qtype: []int32{int32(dns.TypeA)}, QType: []int32{int32(dns.TypeA)},
Domain: []*geodata.DomainRule{ Domain: []*geodata.DomainRule{
{ {
Value: &geodata.DomainRule_Custom{ Value: &geodata.DomainRule_Custom{
@@ -438,7 +438,7 @@ func TestDNSRules(t *testing.T) {
Action: dns_proxy.RuleAction_Direct, Action: dns_proxy.RuleAction_Direct,
}, },
{ {
Qtype: []int32{int32(dns.TypeA)}, QType: []int32{int32(dns.TypeA)},
Domain: []*geodata.DomainRule{ Domain: []*geodata.DomainRule{
{ {
Value: &geodata.DomainRule_Custom{ Value: &geodata.DomainRule_Custom{
@@ -449,7 +449,8 @@ func TestDNSRules(t *testing.T) {
}, },
}, },
}, },
Action: dns_proxy.RuleAction_Reject, Action: dns_proxy.RuleAction_Return,
RCode: 5,
}, },
}, },
}), }),