feature: Add neg_ttl for rejected entries and cloak_ttl for cloaking-rules

entries Previously cache_min_ttl was used. But one can certainly set cache_min_ttl to 0, but still ensure synthetic values have ttl. Hence new config file options.
2025-03-04 18:30:57 +01:00 · 2019-10-17 17:19:07 +03:00 · 2019-10-17 17:19:07 +03:00 · bb01595320
commit bb01595320
parent bc831816f5
5 changed files with 18 additions and 3 deletions
--- a/dnscrypt-proxy/config.go
+++ b/dnscrypt-proxy/config.go
@ -52,6 +52,8 @@ type Config struct {
 	CacheNegMaxTTL           uint32                     `toml:"cache_neg_max_ttl"`
 	CacheMinTTL              uint32                     `toml:"cache_min_ttl"`
 	CacheMaxTTL              uint32                     `toml:"cache_max_ttl"`
+	NegTTL                   uint32                     `toml:"neg_ttl"`
+	CloakTTL                 uint32                     `toml:"cloak_ttl"`
 	QueryLog                 QueryLogConfig             `toml:"query_log"`
 	NxLog                    NxLogConfig                `toml:"nx_log"`
 	BlockName                BlockNameConfig            `toml:"blacklist"`
@ -103,6 +105,8 @@ func newConfig() Config {
 		CacheNegMaxTTL:           600,
 		CacheMinTTL:              60,
 		CacheMaxTTL:              86400,
+		NegTTL:                   600,
+		CloakTTL:                 600,
 		SourceRequireNoLog:       true,
 		SourceRequireNoFilter:    true,
 		SourceIPv4:               true,
@ -365,6 +369,8 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {

 	proxy.cacheMinTTL = config.CacheMinTTL
 	proxy.cacheMaxTTL = config.CacheMaxTTL
+	proxy.negTTL = config.NegTTL
+	proxy.cloakTTL = config.CloakTTL

 	proxy.queryMeta = config.QueryMeta

--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@ -293,6 +293,9 @@ block_ipv6 = false

 # cloaking_rules = 'cloaking-rules.txt'

+## TTL used when serving entries in cloaking-rules.txt
+
+# cloak_ttl = 600


 ###########################
@ -328,7 +331,9 @@ cache_neg_min_ttl = 60

 cache_neg_max_ttl = 600

+## TTL when dnscryp-proxy does reject entry

+# neg_ttl = 600

 ###############################
 #        Query logging        #
--- a/dnscrypt-proxy/plugin_cloak.go
+++ b/dnscrypt-proxy/plugin_cloak.go
@ -41,7 +41,7 @@ func (plugin *PluginCloak) Init(proxy *Proxy) error {
 	if err != nil {
 		return err
 	}
-	plugin.ttl = proxy.cacheMinTTL
+	plugin.ttl = proxy.cloakTTL
 	plugin.patternMatcher = NewPatternPatcher()
 	cloakedNames := make(map[string]*CloakedName)
 	for lineNo, line := range strings.Split(string(bin), "\n") {
--- a/dnscrypt-proxy/plugins.go
+++ b/dnscrypt-proxy/plugins.go
@ -76,6 +76,7 @@ type PluginsState struct {
 	cacheNegMaxTTL                   uint32
 	cacheMinTTL                      uint32
 	cacheMaxTTL                      uint32
+	negTTL                           uint32
 	questionMsg                      *dns.Msg
 	requestStart                     time.Time
 	requestEnd                       time.Time
@ -221,6 +222,7 @@ func NewPluginsState(proxy *Proxy, clientProto string, clientAddr *net.Addr, sta
 		cacheNegMaxTTL:                   proxy.cacheNegMaxTTL,
 		cacheMinTTL:                      proxy.cacheMinTTL,
 		cacheMaxTTL:                      proxy.cacheMaxTTL,
+		negTTL:                           proxy.negTTL,
 		questionMsg:                      nil,
 		requestStart:                     start,
 		maxUnencryptedUDPSafePayloadSize: MaxDNSUDPSafePacketSize,
@ -249,7 +251,7 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
 			return packet, err
 		}
 		if pluginsState.action == PluginsActionReject {
-			synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.cacheMinTTL)
+			synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.negTTL)
 			if err != nil {
 				return nil, err
 			}
@ -296,7 +298,7 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl
 			return packet, err
 		}
 		if pluginsState.action == PluginsActionReject {
-			synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.cacheMinTTL)
+			synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.negTTL)
 			if err != nil {
 				return nil, err
 			}
--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@ -41,6 +41,8 @@ type Proxy struct {
 	cacheNegMaxTTL               uint32
 	cacheMinTTL                  uint32
 	cacheMaxTTL                  uint32
+	negTTL                       uint32
+	cloakTTL                     uint32
 	queryLogFile                 string
 	queryLogFormat               string
 	queryLogIgnoredQtypes        []string