Proper dns configuration!

This commit is contained in:
Slatian 2023-08-06 00:04:42 +02:00
parent 5c7d880733
commit a334eb428a
3 changed files with 70 additions and 66 deletions

View File

@ -62,12 +62,41 @@ burst = 15
#Note: The ratelimit is implemented using the governor crate #Note: The ratelimit is implemented using the governor crate
[dns.resolver.digitalcourage] [dns.resolver.digitalcourage]
display_name = "Digitalcourage 3" display_name = "Digitalcourage"
info_url = "https://digitalcourage.de/support/zensurfreier-dns-server" info_url = "https://digitalcourage.de/support/zensurfreier-dns-server"
aliases = ["dc","dc3","digitalcourage3"] aliases = ["dc","dc3","digitalcourage3"]
weight = 900 weight = 990
servers = ["5.9.164.112:853","[2a01:4f8:251:554::2]:853"] servers = ["5.9.164.112:853","[2a01:4f8:251:554::2]:853"]
protocol = "tls" protocol = "tls"
tls_dns_name = "dns3.digitalcourage.de" tls_dns_name = "dns3.digitalcourage.de"
[dns.resolver.quad9]
display_name = "Quad9"
info_url = "https://www.quad9.net/service/service-addresses-and-features/"
aliases = ["q9","9999"]
weight = 980
servers = ["9.9.9.9:853","149.112.112.112:853","[2620:fe::fe]:853","[2620:fe::9]:853"]
protocol = "tls"
tls_dns_name = "dns.quad9.net"
[dns.resolver.quad9_ecs]
display_name = "Quad9 with ecs"
info_url = "https://www.quad9.net/service/service-addresses-and-features/"
aliases = ["q9ecs","9999ecs","ecs"]
weight = 980
servers = ["9.9.9.11:853","149.112.112.11:853","[2620:fe::fe:11]:853","[2620:fe::11]:853"]
protocol = "tls"
tls_dns_name = "dns11.quad9.net"
[dns.resolver.quad9_unvalidated]
display_name = "Quad9 Unvalidated"
info_url = "https://www.quad9.net/service/service-addresses-and-features/"
aliases = ["q9u","9999u"]
weight = 980
servers = ["9.9.9.10:853","149.112.112.10:853","[2620:fe::fe:10]:853","[2620:fe::10]:853"]
protocol = "tls"
tls_dns_name = "dns10.quad9.net"

View File

@ -6,13 +6,18 @@ use std::collections::HashMap;
use std::net::SocketAddr; use std::net::SocketAddr;
#[derive(Deserialize, Clone)] #[derive(Deserialize, Clone)]
#[serde(default)]
pub struct DnsConfig { pub struct DnsConfig {
pub allow_forward_lookup: bool, pub allow_forward_lookup: bool,
pub allow_reverse_lookup: bool, pub allow_reverse_lookup: bool,
pub hidden_suffixes: Vec<String>, pub hidden_suffixes: Vec<String>,
#[serde(default="default_dns_resolver_name")] pub search: Vec<String>,
pub default_resolver: String,
pub resolver: HashMap<String,DnsResolverConfig>, pub resolver: HashMap<String,DnsResolverConfig>,
pub enable_system_resolver: bool,
pub system_resolver_name: String,
pub system_resolver_weight: i32,
pub system_resolver_id: String,
} }
#[derive(Deserialize, Serialize, Clone)] #[derive(Deserialize, Serialize, Clone)]
@ -25,10 +30,6 @@ pub enum DnsProtocol {
Quic, Quic,
} }
pub fn default_dns_resolver_name() -> String {
"default".to_string()
}
#[derive(Deserialize, Serialize, Clone)] #[derive(Deserialize, Serialize, Clone)]
pub struct DnsResolverConfig { pub struct DnsResolverConfig {
pub display_name: String, pub display_name: String,
@ -63,8 +64,13 @@ impl Default for DnsConfig {
allow_forward_lookup: true, allow_forward_lookup: true,
allow_reverse_lookup: false, allow_reverse_lookup: false,
hidden_suffixes: Vec::new(), hidden_suffixes: Vec::new(),
default_resolver: "default".to_string(),
resolver: Default::default(), resolver: Default::default(),
search: Vec::new(),
enable_system_resolver: true,
system_resolver_name: "System".to_string(),
system_resolver_weight: 1000,
system_resolver_id: "system".to_string(),
} }
} }
} }

View File

@ -103,6 +103,7 @@ struct ServiceSharedState {
#[derive(Clone)] #[derive(Clone)]
struct DerivedConfiguration { struct DerivedConfiguration {
dns_resolver_selectables: Vec<Selectable>, dns_resolver_selectables: Vec<Selectable>,
default_resolver: String,
} }
#[derive(Parser)] #[derive(Parser)]
@ -228,14 +229,15 @@ async fn main() {
location_db.reload_database().ok(); location_db.reload_database().ok();
// Initalize DNS resolver with os defaults // Initalize DNS resolver with os defaults
println!("Initalizing dns resolver ..."); println!("Initalizing dns resolvers ...");
let mut dns_resolver_selectables = Vec::<Selectable>::new(); let mut dns_resolver_selectables = Vec::<Selectable>::new();
let mut dns_resolver_map: HashMap<String,TokioAsyncResolver> = HashMap::new();
if config.dns.enable_system_resolver {
println!("Initalizing System resolver ..."); println!("Initalizing System resolver ...");
let res = TokioAsyncResolver::tokio_from_system_conf(); let res = TokioAsyncResolver::tokio_from_system_conf();
//let res = TokioAsyncResolver::tokio(ResolverConfig::default(), ResolverOpts::default()); let resolver = match res {
let dns_resolver = match res {
Ok(resolver) => resolver, Ok(resolver) => resolver,
Err(e) => { Err(e) => {
println!("Error while setting up dns resolver: {e}"); println!("Error while setting up dns resolver: {e}");
@ -243,45 +245,13 @@ async fn main() {
} }
}; };
dns_resolver_map.insert(config.dns.system_resolver_id.clone(), resolver);
dns_resolver_selectables.push(Selectable { dns_resolver_selectables.push(Selectable {
id: "default".to_string(), id: config.dns.system_resolver_id.clone(),
name: "System".to_string(), name: config.dns.system_resolver_name.clone(),
weight: 1000, weight: config.dns.system_resolver_weight,
}); });
}
//FIXME: Not release ready,must be configurable and have better error handling.
println!("Initalizing Quad9 resolver ...");
let quad9_resolver = TokioAsyncResolver::tokio(
trust_dns_resolver::config::ResolverConfig::quad9_tls(),
Default::default()
).unwrap();
dns_resolver_selectables.push(Selectable {
id: "quad9".to_string(),
name: "Quad9".to_string(),
weight: 500
});
println!("Initalizing Google resolver ...");
let google_resolver = TokioAsyncResolver::tokio(
trust_dns_resolver::config::ResolverConfig::google(),
Default::default()
).unwrap();
dns_resolver_selectables.push(Selectable {
id: "google".to_string(),
name: "Google".to_string(),
weight: 10,
});
println!("Initalizing Cloudflare resolver ...");
let cloudflare_resolver = TokioAsyncResolver::tokio(
trust_dns_resolver::config::ResolverConfig::cloudflare_tls(),
Default::default()
).unwrap();
dns_resolver_selectables.push(Selectable {
id: "cloudflare".to_string(),
name: "Cloudflare".to_string(),
weight: 20,
});
let mut dns_resolver_map: HashMap<String,TokioAsyncResolver> = HashMap::new();
for (key, resolver_config) in &config.dns.resolver { for (key, resolver_config) in &config.dns.resolver {
println!("Initalizing {} resolver ...", key); println!("Initalizing {} resolver ...", key);
@ -297,11 +267,6 @@ async fn main() {
}); });
} }
dns_resolver_map.insert("default".to_string(), dns_resolver);
dns_resolver_map.insert("quad9".to_string(), quad9_resolver);
dns_resolver_map.insert("google".to_string(), google_resolver);
dns_resolver_map.insert("cloudflare".to_string(), cloudflare_resolver);
let listen_on = config.server.listen_on; let listen_on = config.server.listen_on;
let ip_header = config.server.ip_header.clone(); let ip_header = config.server.ip_header.clone();
@ -317,8 +282,12 @@ async fn main() {
}); });
dns_resolver_selectables.sort_by(|a,b| b.weight.cmp(&a.weight)); dns_resolver_selectables.sort_by(|a,b| b.weight.cmp(&a.weight));
let default_resolver = dns_resolver_selectables.get(0)
.map(|s| s.id.clone() )
.unwrap_or("none".to_string());
let derived_config = DerivedConfiguration { let derived_config = DerivedConfiguration {
dns_resolver_selectables: dns_resolver_selectables, dns_resolver_selectables: dns_resolver_selectables,
default_resolver: default_resolver,
}; };
let signal_usr1_handlers_state = shared_state.clone(); let signal_usr1_handlers_state = shared_state.clone();
@ -386,7 +355,7 @@ async fn settings_query_middleware<B>(
next: Next<B> next: Next<B>
) -> Response { ) -> Response {
let mut format = query.format; let mut format = query.format;
let mut dns_resolver_id = config.dns.default_resolver; let mut dns_resolver_id = derived_config.default_resolver;
if let Some(resolver_id) = query.dns { if let Some(resolver_id) = query.dns {
dns_resolver_id = resolver_id; dns_resolver_id = resolver_id;