diff --git a/.ci/whitelist.txt b/.ci/allowed-names.txt similarity index 100% rename from .ci/whitelist.txt rename to .ci/allowed-names.txt diff --git a/.ci/ip-blacklist.txt b/.ci/blocked-ips.txt similarity index 100% rename from .ci/ip-blacklist.txt rename to .ci/blocked-ips.txt diff --git a/.ci/blacklist.txt b/.ci/blocked-names.txt similarity index 94% rename from .ci/blacklist.txt rename to .ci/blocked-names.txt index d5b69d6b..2531fc2d 100644 --- a/.ci/blacklist.txt +++ b/.ci/blocked-names.txt @@ -1,5 +1,5 @@ ################## -# Test blacklist # +# Test blocklist # ################## ad.* diff --git a/.ci/ci-test.sh b/.ci/ci-test.sh index e6853984..60ed11d9 100755 --- a/.ci/ci-test.sh +++ b/.ci/ci-test.sh @@ -20,7 +20,7 @@ section() { true } -rm -f blocked.log ip-blocked.log query.log nx.log whitelisted.log +rm -f blocked-names.log blocked-ips.log query.log nx.log allowed-names.log t || ( cd ../dnscrypt-proxy @@ -94,14 +94,14 @@ kill $(cat /tmp/dnscrypt-proxy.pidfile) sleep 5 section -t || grep -Fq 'telemetry.example' blocked.log || fail -t || grep -Fq 'telemetry.*' blocked.log || fail -t || grep -Fq 'tracker.xdebian.org' blocked.log || fail -t || grep -Fq 'tracker.*' blocked.log || fail +t || grep -Fq 'telemetry.example' blocked-names.log || fail +t || grep -Fq 'telemetry.*' blocked-names.log || fail +t || grep -Fq 'tracker.xdebian.org' blocked-names.log || fail +t || grep -Fq 'tracker.*' blocked-names.log || fail section -t || grep -Fq 'dns.google' ip-blocked.log || fail -t || grep -Fq '8.8.8.8' ip-blocked.log || fail +t || grep -Fq 'dns.google' blocked-ips.log || fail +t || grep -Fq '8.8.8.8' blocked-ips.log || fail section t || grep -Fq 'a.www.dnscrypt-test' nx.log || fail @@ -127,8 +127,8 @@ t || grep -Eq 'tracker.xdebian.org.*REJECT' query.log || fail t || grep -Eq 'tracker.debian.org.*PASS' query.log || fail section -t || grep -Fq 'tracker.debian.org' whitelisted.log || fail -t || grep -Fq '*.tracker.debian' whitelisted.log || fail +t || grep -Fq 'tracker.debian.org' allowed-names.log || fail +t || grep -Fq '*.tracker.debian' allowed-names.log || fail if [ -s error.log ]; then cat *.log diff --git a/.ci/test2-dnscrypt-proxy.toml b/.ci/test2-dnscrypt-proxy.toml index 91a308ee..2ccc3309 100644 --- a/.ci/test2-dnscrypt-proxy.toml +++ b/.ci/test2-dnscrypt-proxy.toml @@ -23,17 +23,17 @@ file = 'query.log' [nx_log] file = 'nx.log' -[blacklist] -blacklist_file = 'blacklist.txt' -log_file = 'blocked.log' +[blocked_names] +blocked_names_file = 'blocked-names.txt' +log_file = 'blocked-names.log' -[ip_blacklist] -blacklist_file = 'ip-blacklist.txt' -log_file = 'ip-blocked.log' +[blocked_ips] +blocked_ips_file = 'blocked-ips.txt' +log_file = 'blocked-ips.log' -[whitelist] -whitelist_file = 'whitelist.txt' -log_file = 'whitelisted.log' +[allowed_names] +allowed_names_file = 'allowed-names.txt' +log_file = 'allowed-names.log' [schedules] diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index 2a195719..319e96e3 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -61,9 +61,12 @@ type Config struct { CloakTTL uint32 `toml:"cloak_ttl"` QueryLog QueryLogConfig `toml:"query_log"` NxLog NxLogConfig `toml:"nx_log"` - BlockName BlockNameConfig `toml:"blacklist"` - WhitelistName WhitelistNameConfig `toml:"whitelist"` - BlockIP BlockIPConfig `toml:"ip_blacklist"` + BlockName BlockNameConfig `toml:"blocked_names"` + BlockNameLegacy BlockNameConfigLegacy `toml:"blacklist"` + WhitelistNameLegacy WhitelistNameConfigLegacy `toml:"whitelist"` + AllowedName AllowedNameConfig `toml:"allowed_names"` + BlockIP BlockIPConfig `toml:"blocked_ips"` + BlockIPLegacy BlockIPConfigLegacy `toml:"ip_blacklist"` ForwardFile string `toml:"forwarding_rules"` CloakFile string `toml:"cloaking_rules"` StaticsConfig map[string]StaticConfig `toml:"static"` @@ -174,18 +177,36 @@ type NxLogConfig struct { } type BlockNameConfig struct { + File string `toml:"blocked_names_file"` + LogFile string `toml:"log_file"` + Format string `toml:"log_format"` +} + +type BlockNameConfigLegacy struct { File string `toml:"blacklist_file"` LogFile string `toml:"log_file"` Format string `toml:"log_format"` } -type WhitelistNameConfig struct { +type WhitelistNameConfigLegacy struct { File string `toml:"whitelist_file"` LogFile string `toml:"log_file"` Format string `toml:"log_format"` } +type AllowedNameConfig struct { + File string `toml:"allowed_names_file"` + LogFile string `toml:"log_file"` + Format string `toml:"log_format"` +} + type BlockIPConfig struct { + File string `toml:"blocked_ips_file"` + LogFile string `toml:"log_file"` + Format string `toml:"log_format"` +} + +type BlockIPConfigLegacy struct { File string `toml:"blacklist_file"` LogFile string `toml:"log_file"` Format string `toml:"log_format"` @@ -457,6 +478,15 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { proxy.nxLogFile = config.NxLog.File proxy.nxLogFormat = config.NxLog.Format + if len(config.BlockName.File) > 0 && len(config.BlockNameLegacy.File) > 0 { + dlog.Fatal("Don't specify both [blocked_names] and [blacklist] sections - Update your config file.") + } + if len(config.BlockNameLegacy.File) > 0 { + dlog.Notice("Use of [blacklist] is deprecated - Update your config file.") + config.BlockName.File = config.BlockNameLegacy.File + config.BlockName.Format = config.BlockNameLegacy.Format + config.BlockName.LogFile = config.BlockNameLegacy.LogFile + } if len(config.BlockName.Format) == 0 { config.BlockName.Format = "tsv" } else { @@ -469,18 +499,36 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { proxy.blockNameFormat = config.BlockName.Format proxy.blockNameLogFile = config.BlockName.LogFile - if len(config.WhitelistName.Format) == 0 { - config.WhitelistName.Format = "tsv" + if len(config.AllowedName.File) > 0 && len(config.WhitelistNameLegacy.File) > 0 { + dlog.Fatal("Don't specify both [whitelist] and [allowed_names] sections - Update your config file.") + } + if len(config.WhitelistNameLegacy.File) > 0 { + dlog.Notice("Use of [whitelist] is deprecated - Update your config file.") + config.AllowedName.File = config.WhitelistNameLegacy.File + config.AllowedName.Format = config.WhitelistNameLegacy.Format + config.AllowedName.LogFile = config.WhitelistNameLegacy.LogFile + } + if len(config.AllowedName.Format) == 0 { + config.AllowedName.Format = "tsv" } else { - config.WhitelistName.Format = strings.ToLower(config.WhitelistName.Format) + config.AllowedName.Format = strings.ToLower(config.AllowedName.Format) } - if config.WhitelistName.Format != "tsv" && config.WhitelistName.Format != "ltsv" { - return errors.New("Unsupported whitelist log format") + if config.AllowedName.Format != "tsv" && config.AllowedName.Format != "ltsv" { + return errors.New("Unsupported allowed_names log format") } - proxy.whitelistNameFile = config.WhitelistName.File - proxy.whitelistNameFormat = config.WhitelistName.Format - proxy.whitelistNameLogFile = config.WhitelistName.LogFile + proxy.whitelistNameFile = config.AllowedName.File + proxy.whitelistNameFormat = config.AllowedName.Format + proxy.whitelistNameLogFile = config.AllowedName.LogFile + if len(config.BlockIP.File) > 0 && len(config.BlockIPLegacy.File) > 0 { + dlog.Fatal("Don't specify both [blocked_ips] and [ip_blacklist] sections - Update your config file.") + } + if len(config.BlockIPLegacy.File) > 0 { + dlog.Notice("Use of [ip_blacklist] is deprecated - Update your config file.") + config.BlockIP.File = config.BlockIPLegacy.File + config.BlockIP.Format = config.BlockIPLegacy.Format + config.BlockIP.LogFile = config.BlockIPLegacy.LogFile + } if len(config.BlockIP.Format) == 0 { config.BlockIP.Format = "tsv" } else { diff --git a/dnscrypt-proxy/example-whitelist.txt b/dnscrypt-proxy/example-allowed-names.txt similarity index 100% rename from dnscrypt-proxy/example-whitelist.txt rename to dnscrypt-proxy/example-allowed-names.txt diff --git a/dnscrypt-proxy/example-ip-blacklist.txt b/dnscrypt-proxy/example-blocked-ips.txt similarity index 100% rename from dnscrypt-proxy/example-ip-blacklist.txt rename to dnscrypt-proxy/example-blocked-ips.txt diff --git a/dnscrypt-proxy/example-blacklist.txt b/dnscrypt-proxy/example-blocked-names.txt similarity index 100% rename from dnscrypt-proxy/example-blacklist.txt rename to dnscrypt-proxy/example-blocked-names.txt diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml index ce081dae..c668d2d6 100644 --- a/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -75,7 +75,7 @@ require_dnssec = false # Server must not log user queries (declarative) require_nolog = true -# Server must not enforce its own blacklist (for parental control, ads blocking...) +# Server must not enforce its own blocklist (for parental control, ads blocking...) require_nofilter = true # Server names to avoid even if they match all criteria @@ -275,7 +275,7 @@ log_files_max_backups = 1 ## Note: if you are using dnsmasq, disable the `dnssec` option in dnsmasq if you ## configure dnscrypt-proxy to do any kind of filtering (including the filters -## below and blacklists). +## below and blocklists). ## You can still choose resolvers that do DNSSEC validation. @@ -298,7 +298,7 @@ block_undelegated = true ## TTL for synthetic responses sent when a request has been blocked (due to -## IPv6 or blacklists). +## IPv6 or blocklists). reject_ttl = 600 @@ -444,10 +444,10 @@ cache_neg_max_ttl = 600 ###################################################### -# Pattern-based blocking (blacklists) # +# Pattern-based blocking (blocklists) # ###################################################### -## Blacklists are made of one pattern per line. Example of valid patterns: +## Blocklists are made of one pattern per line. Example of valid patterns: ## ## example.com ## =example.com @@ -456,20 +456,20 @@ cache_neg_max_ttl = 600 ## ads*.example.* ## ads*.example[0-9]*.com ## -## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/ -## A script to build blacklists from public feeds can be found in the +## Example blocklist files can be found at https://download.dnscrypt.info/blacklists/ +## A script to build blocklists from public feeds can be found in the ## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code. -[blacklist] +[blocked_names] ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) - # blacklist_file = 'blacklist.txt' + # blocked_names_file = 'blocked-names.txt' ## Optional path to a file logging blocked queries - # log_file = 'blocked.log' + # log_file = 'blocked-names.log' ## Optional log format: tsv or ltsv (default: tsv) @@ -479,25 +479,25 @@ cache_neg_max_ttl = 600 ########################################################### -# Pattern-based IP blocking (IP blacklists) # +# Pattern-based IP blocking (IP blocklists) # ########################################################### -## IP blacklists are made of one pattern per line. Example of valid patterns: +## IP blocklists are made of one pattern per line. Example of valid patterns: ## ## 127.* ## fe80:abcd:* ## 192.168.1.4 -[ip_blacklist] +[blocked_ips] ## Path to the file of blocking rules (absolute, or relative to the same directory as the config file) - # blacklist_file = 'ip-blacklist.txt' + # blocked_ips_file = 'blocked-ips.txt' ## Optional path to a file logging blocked queries - # log_file = 'ip-blocked.log' + # log_file = 'blocked-ips.log' ## Optional log format: tsv or ltsv (default: tsv) @@ -507,25 +507,25 @@ cache_neg_max_ttl = 600 ###################################################### -# Pattern-based whitelisting (blacklists bypass) # +# Pattern-based allowlisting (blocklists bypass) # ###################################################### -## Whitelists support the same patterns as blacklists -## If a name matches a whitelist entry, the corresponding session +## Allowlists support the same patterns as blocklists +## If a name matches a allowlist entry, the corresponding session ## will bypass names and IP filters. ## ## Time-based rules are also supported to make some websites only accessible at specific times of the day. -[whitelist] +[allowed_names] - ## Path to the file of whitelisting rules (absolute, or relative to the same directory as the config file) + ## Path to the file of allowlisting rules (absolute, or relative to the same directory as the config file) - # whitelist_file = 'whitelist.txt' + # allowed_names_file = 'allowed-names.txt' - ## Optional path to a file logging whitelisted queries + ## Optional path to a file logging allowlisted queries - # log_file = 'whitelisted.log' + # log_file = 'allowed-names.log' ## Optional log format: tsv or ltsv (default: tsv) @@ -539,10 +539,10 @@ cache_neg_max_ttl = 600 ########################################## ## One or more weekly schedules can be defined here. -## Patterns in the name-based blocklist can optionally be followed with @schedule_name +## Patterns in the name-based blocked_names file can optionally be followed with @schedule_name ## to apply the pattern 'schedule_name' only when it matches a time range of that schedule. ## -## For example, the following rule in a blacklist file: +## For example, the following rule in a blocklist file: ## *.youtube.* @time-to-sleep ## would block access to YouTube during the times defined by the 'time-to-sleep' schedule. ##