From bb015953208615610b275818ada215c04d266c31 Mon Sep 17 00:00:00 2001
From: Markus Linnala <markus.linnala@gmail.com>
Date: Thu, 17 Oct 2019 17:19:07 +0300
Subject: [PATCH] feature: Add neg_ttl for rejected entries and cloak_ttl for
 cloaking-rules entries

Previously cache_min_ttl was used. But one can certainly set
cache_min_ttl to 0, but still ensure synthetic values have ttl.
Hence new config file options.
---
 dnscrypt-proxy/config.go                   | 6 ++++++
 dnscrypt-proxy/example-dnscrypt-proxy.toml | 5 +++++
 dnscrypt-proxy/plugin_cloak.go             | 2 +-
 dnscrypt-proxy/plugins.go                  | 6 ++++--
 dnscrypt-proxy/proxy.go                    | 2 ++
 5 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go
index 7f43249b..aa680256 100644
--- a/dnscrypt-proxy/config.go
+++ b/dnscrypt-proxy/config.go
@@ -52,6 +52,8 @@ type Config struct {
 	CacheNegMaxTTL           uint32                     `toml:"cache_neg_max_ttl"`
 	CacheMinTTL              uint32                     `toml:"cache_min_ttl"`
 	CacheMaxTTL              uint32                     `toml:"cache_max_ttl"`
+	NegTTL                   uint32                     `toml:"neg_ttl"`
+	CloakTTL                 uint32                     `toml:"cloak_ttl"`
 	QueryLog                 QueryLogConfig             `toml:"query_log"`
 	NxLog                    NxLogConfig                `toml:"nx_log"`
 	BlockName                BlockNameConfig            `toml:"blacklist"`
@@ -103,6 +105,8 @@ func newConfig() Config {
 		CacheNegMaxTTL:           600,
 		CacheMinTTL:              60,
 		CacheMaxTTL:              86400,
+		NegTTL:                   600,
+		CloakTTL:                 600,
 		SourceRequireNoLog:       true,
 		SourceRequireNoFilter:    true,
 		SourceIPv4:               true,
@@ -365,6 +369,8 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
 
 	proxy.cacheMinTTL = config.CacheMinTTL
 	proxy.cacheMaxTTL = config.CacheMaxTTL
+	proxy.negTTL = config.NegTTL
+	proxy.cloakTTL = config.CloakTTL
 
 	proxy.queryMeta = config.QueryMeta
 
diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml
index 4a3add11..3d6a1190 100644
--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@@ -293,6 +293,9 @@ block_ipv6 = false
 
 # cloaking_rules = 'cloaking-rules.txt'
 
+## TTL used when serving entries in cloaking-rules.txt
+
+# cloak_ttl = 600
 
 
 ###########################
@@ -328,7 +331,9 @@ cache_neg_min_ttl = 60
 
 cache_neg_max_ttl = 600
 
+## TTL when dnscryp-proxy does reject entry
 
+# neg_ttl = 600
 
 ###############################
 #        Query logging        #
diff --git a/dnscrypt-proxy/plugin_cloak.go b/dnscrypt-proxy/plugin_cloak.go
index 086bb16f..8d43205e 100644
--- a/dnscrypt-proxy/plugin_cloak.go
+++ b/dnscrypt-proxy/plugin_cloak.go
@@ -41,7 +41,7 @@ func (plugin *PluginCloak) Init(proxy *Proxy) error {
 	if err != nil {
 		return err
 	}
-	plugin.ttl = proxy.cacheMinTTL
+	plugin.ttl = proxy.cloakTTL
 	plugin.patternMatcher = NewPatternPatcher()
 	cloakedNames := make(map[string]*CloakedName)
 	for lineNo, line := range strings.Split(string(bin), "\n") {
diff --git a/dnscrypt-proxy/plugins.go b/dnscrypt-proxy/plugins.go
index 92e635d1..17db157e 100644
--- a/dnscrypt-proxy/plugins.go
+++ b/dnscrypt-proxy/plugins.go
@@ -76,6 +76,7 @@ type PluginsState struct {
 	cacheNegMaxTTL                   uint32
 	cacheMinTTL                      uint32
 	cacheMaxTTL                      uint32
+	negTTL                           uint32
 	questionMsg                      *dns.Msg
 	requestStart                     time.Time
 	requestEnd                       time.Time
@@ -221,6 +222,7 @@ func NewPluginsState(proxy *Proxy, clientProto string, clientAddr *net.Addr, sta
 		cacheNegMaxTTL:                   proxy.cacheNegMaxTTL,
 		cacheMinTTL:                      proxy.cacheMinTTL,
 		cacheMaxTTL:                      proxy.cacheMaxTTL,
+		negTTL:                           proxy.negTTL,
 		questionMsg:                      nil,
 		requestStart:                     start,
 		maxUnencryptedUDPSafePayloadSize: MaxDNSUDPSafePacketSize,
@@ -249,7 +251,7 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
 			return packet, err
 		}
 		if pluginsState.action == PluginsActionReject {
-			synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.cacheMinTTL)
+			synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.negTTL)
 			if err != nil {
 				return nil, err
 			}
@@ -296,7 +298,7 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl
 			return packet, err
 		}
 		if pluginsState.action == PluginsActionReject {
-			synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.cacheMinTTL)
+			synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.negTTL)
 			if err != nil {
 				return nil, err
 			}
diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go
index 5fd60b84..ddb5f605 100644
--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@@ -41,6 +41,8 @@ type Proxy struct {
 	cacheNegMaxTTL               uint32
 	cacheMinTTL                  uint32
 	cacheMaxTTL                  uint32
+	negTTL                       uint32
+	cloakTTL                     uint32
 	queryLogFile                 string
 	queryLogFormat               string
 	queryLogIgnoredQtypes        []string