Proper dns configuration!

2024-11-10 00:27:21 +01:00 · 2023-08-06 00:04:42 +02:00 · 2023-08-06 00:04:42 +02:00 · a334eb428a
commit a334eb428a
parent 5c7d880733
3 changed files with 70 additions and 66 deletions
--- a/echoip_test.toml
+++ b/echoip_test.toml
@ -62,12 +62,41 @@ burst = 15
 #Note: The ratelimit is implemented using the governor crate

 [dns.resolver.digitalcourage]
-display_name = "Digitalcourage 3"
+display_name = "Digitalcourage"
 info_url = "https://digitalcourage.de/support/zensurfreier-dns-server"
 aliases = ["dc","dc3","digitalcourage3"]
-weight = 900
+weight = 990

 servers = ["5.9.164.112:853","[2a01:4f8:251:554::2]:853"]
 protocol = "tls"
 tls_dns_name = "dns3.digitalcourage.de"

+[dns.resolver.quad9]
+display_name = "Quad9"
+info_url = "https://www.quad9.net/service/service-addresses-and-features/"
+aliases = ["q9","9999"]
+weight = 980
+
+servers = ["9.9.9.9:853","149.112.112.112:853","[2620:fe::fe]:853","[2620:fe::9]:853"]
+protocol = "tls"
+tls_dns_name = "dns.quad9.net"
+
+[dns.resolver.quad9_ecs]
+display_name = "Quad9 with ecs"
+info_url = "https://www.quad9.net/service/service-addresses-and-features/"
+aliases = ["q9ecs","9999ecs","ecs"]
+weight = 980
+
+servers = ["9.9.9.11:853","149.112.112.11:853","[2620:fe::fe:11]:853","[2620:fe::11]:853"]
+protocol = "tls"
+tls_dns_name = "dns11.quad9.net"
+
+[dns.resolver.quad9_unvalidated]
+display_name = "Quad9 Unvalidated"
+info_url = "https://www.quad9.net/service/service-addresses-and-features/"
+aliases = ["q9u","9999u"]
+weight = 980
+
+servers = ["9.9.9.10:853","149.112.112.10:853","[2620:fe::fe:10]:853","[2620:fe::10]:853"]
+protocol = "tls"
+tls_dns_name = "dns10.quad9.net"
--- a/src/config/dns.rs
+++ b/src/config/dns.rs
@ -6,13 +6,18 @@ use std::collections::HashMap;
 use std::net::SocketAddr;

 #[derive(Deserialize, Clone)]
+#[serde(default)]
 pub struct DnsConfig {
 	pub allow_forward_lookup: bool,
 	pub allow_reverse_lookup: bool,
 	pub hidden_suffixes: Vec<String>,
-	#[serde(default="default_dns_resolver_name")]
-	pub default_resolver: String,
+	pub search: Vec<String>,
 	pub resolver: HashMap<String,DnsResolverConfig>,
+
+	pub enable_system_resolver: bool,
+	pub system_resolver_name: String,
+	pub system_resolver_weight: i32,
+	pub system_resolver_id: String,
 }

 #[derive(Deserialize, Serialize, Clone)]
@ -25,10 +30,6 @@ pub enum DnsProtocol {
 	Quic,
 }

-pub fn default_dns_resolver_name() -> String {
-	"default".to_string()
-}
-
 #[derive(Deserialize, Serialize, Clone)]
 pub struct DnsResolverConfig {
 	pub display_name: String,
@ -63,8 +64,13 @@ impl Default for DnsConfig {
 			allow_forward_lookup: true,
 			allow_reverse_lookup: false,
 			hidden_suffixes: Vec::new(),
-			default_resolver: "default".to_string(),
 			resolver: Default::default(),
+			search: Vec::new(),
+
+			enable_system_resolver: true,
+			system_resolver_name: "System".to_string(),
+			system_resolver_weight: 1000,
+			system_resolver_id: "system".to_string(),
 		}
 	}
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -103,6 +103,7 @@ struct ServiceSharedState {
 #[derive(Clone)]
 struct DerivedConfiguration {
 	dns_resolver_selectables: Vec<Selectable>,
+	default_resolver: String,
 }

 #[derive(Parser)]
@ -228,61 +229,30 @@ async fn main() {
 	location_db.reload_database().ok();
 	
 	// Initalize DNS resolver with os defaults
-	println!("Initalizing dns resolver ...");
+	println!("Initalizing dns resolvers ...");

 	let mut dns_resolver_selectables = Vec::<Selectable>::new();
-
-	println!("Initalizing System resolver ...");
-	let res = TokioAsyncResolver::tokio_from_system_conf();
-	//let res = TokioAsyncResolver::tokio(ResolverConfig::default(), ResolverOpts::default());
-	let dns_resolver = match res {
-		Ok(resolver) => resolver,
-		Err(e) => {
-			println!("Error while setting up dns resolver: {e}");
-			::std::process::exit(1);
-		}
-	};
-
-	dns_resolver_selectables.push(Selectable {
-		id: "default".to_string(),
-		name: "System".to_string(),
-		weight: 1000,
-	});
-
-	//FIXME: Not release ready,must be configurable and have better error handling.
-	println!("Initalizing Quad9 resolver ...");
-	let quad9_resolver = TokioAsyncResolver::tokio(
-		trust_dns_resolver::config::ResolverConfig::quad9_tls(),
-		Default::default()
-	).unwrap();
-	dns_resolver_selectables.push(Selectable {
-		id: "quad9".to_string(),
-		name: "Quad9".to_string(),
-		weight: 500
-	});
-	println!("Initalizing Google resolver ...");
-	let google_resolver = TokioAsyncResolver::tokio(
-		trust_dns_resolver::config::ResolverConfig::google(),
-		Default::default()
-	).unwrap();
-	dns_resolver_selectables.push(Selectable {
-		id: "google".to_string(),
-		name: "Google".to_string(),
-		weight: 10,
-	});
-	println!("Initalizing Cloudflare resolver ...");
-	let cloudflare_resolver = TokioAsyncResolver::tokio(
-		trust_dns_resolver::config::ResolverConfig::cloudflare_tls(),
-		Default::default()
-	).unwrap();
-	dns_resolver_selectables.push(Selectable {
-		id: "cloudflare".to_string(),
-		name: "Cloudflare".to_string(),
-		weight: 20,
-	});
-
 	let mut dns_resolver_map: HashMap<String,TokioAsyncResolver> = HashMap::new();

+	if config.dns.enable_system_resolver {
+		println!("Initalizing System resolver ...");
+		let res = TokioAsyncResolver::tokio_from_system_conf();
+		let resolver = match res {
+			Ok(resolver) => resolver,
+			Err(e) => {
+				println!("Error while setting up dns resolver: {e}");
+				::std::process::exit(1);
+			}
+		};
+
+		dns_resolver_map.insert(config.dns.system_resolver_id.clone(), resolver);
+		dns_resolver_selectables.push(Selectable {
+			id: config.dns.system_resolver_id.clone(),
+			name: config.dns.system_resolver_name.clone(),
+			weight: config.dns.system_resolver_weight,
+		});
+	}
+
 	for (key, resolver_config) in &config.dns.resolver {
 		println!("Initalizing {} resolver ...", key);
 		let resolver = TokioAsyncResolver::tokio(
@ -297,11 +267,6 @@ async fn main() {
 		});
 	}
 	
-	dns_resolver_map.insert("default".to_string(), dns_resolver);
-	dns_resolver_map.insert("quad9".to_string(), quad9_resolver);
-	dns_resolver_map.insert("google".to_string(), google_resolver);
-	dns_resolver_map.insert("cloudflare".to_string(), cloudflare_resolver);
-
 	let listen_on = config.server.listen_on;
 	let ip_header = config.server.ip_header.clone();

@ -317,8 +282,12 @@ async fn main() {
 	});

 	dns_resolver_selectables.sort_by(|a,b| b.weight.cmp(&a.weight));
+	let default_resolver = dns_resolver_selectables.get(0)
+		.map(|s| s.id.clone() )
+		.unwrap_or("none".to_string());
 	let derived_config = DerivedConfiguration {
 		dns_resolver_selectables: dns_resolver_selectables,
+		default_resolver: default_resolver,
 	};

 	let signal_usr1_handlers_state = shared_state.clone();
@ -386,7 +355,7 @@ async fn settings_query_middleware<B>(
 	next: Next<B>
 ) -> Response {
 	let mut format = query.format;
-	let mut dns_resolver_id = config.dns.default_resolver;
+	let mut dns_resolver_id = derived_config.default_resolver;

 	if let Some(resolver_id) = query.dns {
 		dns_resolver_id = resolver_id;