mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-03-04 18:30:57 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feature: Add neg_ttl for rejected entries and cloak_ttl for cloaking-rules

Browse source 
entries

Previously cache_min_ttl was used. But one can certainly set
cache_min_ttl to 0, but still ensure synthetic values have ttl.
Hence new config file options.
This commit is contained in:
Markus Linnala 2019-10-17 17:19:07 +03:00 committed by Frank Denis
parent bc831816f5
commit bb01595320
5 changed files with 18 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
dnscrypt-proxy/config.go
View file

@ -52,6 +52,8 @@ type Config struct {
CacheNegMaxTTL uint32 `toml:"cache_neg_max_ttl"` CacheNegMaxTTL uint32 `toml:"cache_neg_max_ttl"`
CacheMinTTL uint32 `toml:"cache_min_ttl"` CacheMinTTL uint32 `toml:"cache_min_ttl"`
CacheMaxTTL uint32 `toml:"cache_max_ttl"` CacheMaxTTL uint32 `toml:"cache_max_ttl"`
NegTTL uint32 `toml:"neg_ttl"`
CloakTTL uint32 `toml:"cloak_ttl"`
QueryLog QueryLogConfig `toml:"query_log"` QueryLog QueryLogConfig `toml:"query_log"`
NxLog NxLogConfig `toml:"nx_log"` NxLog NxLogConfig `toml:"nx_log"`
BlockName BlockNameConfig `toml:"blacklist"` BlockName BlockNameConfig `toml:"blacklist"`
@ -103,6 +105,8 @@ func newConfig() Config {
CacheNegMaxTTL: 600, CacheNegMaxTTL: 600,
CacheMinTTL: 60, CacheMinTTL: 60,
CacheMaxTTL: 86400, CacheMaxTTL: 86400,
NegTTL: 600,
CloakTTL: 600,
SourceRequireNoLog: true, SourceRequireNoLog: true,
SourceRequireNoFilter: true, SourceRequireNoFilter: true,
SourceIPv4: true, SourceIPv4: true,
@ -365,6 +369,8 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
proxy.cacheMinTTL = config.CacheMinTTL proxy.cacheMinTTL = config.CacheMinTTL
proxy.cacheMaxTTL = config.CacheMaxTTL proxy.cacheMaxTTL = config.CacheMaxTTL
proxy.negTTL = config.NegTTL
proxy.cloakTTL = config.CloakTTL
proxy.queryMeta = config.QueryMeta proxy.queryMeta = config.QueryMeta

5
dnscrypt-proxy/example-dnscrypt-proxy.toml
View file

@ -293,6 +293,9 @@ block_ipv6 = false
# cloaking_rules = 'cloaking-rules.txt' # cloaking_rules = 'cloaking-rules.txt'
## TTL used when serving entries in cloaking-rules.txt
# cloak_ttl = 600
########################### ###########################
@ -328,7 +331,9 @@ cache_neg_min_ttl = 60
cache_neg_max_ttl = 600 cache_neg_max_ttl = 600
## TTL when dnscryp-proxy does reject entry
# neg_ttl = 600
############################### ###############################
# Query logging # # Query logging #

2
dnscrypt-proxy/plugin_cloak.go
View file

@ -41,7 +41,7 @@ func (plugin *PluginCloak) Init(proxy *Proxy) error {
if err != nil { if err != nil {
return err return err
} }
plugin.ttl = proxy.cacheMinTTL plugin.ttl = proxy.cloakTTL
plugin.patternMatcher = NewPatternPatcher() plugin.patternMatcher = NewPatternPatcher()
cloakedNames := make(map[string]*CloakedName) cloakedNames := make(map[string]*CloakedName)
for lineNo, line := range strings.Split(string(bin), "\n") { for lineNo, line := range strings.Split(string(bin), "\n") {

6
dnscrypt-proxy/plugins.go
View file

@ -76,6 +76,7 @@ type PluginsState struct {
cacheNegMaxTTL uint32 cacheNegMaxTTL uint32
cacheMinTTL uint32 cacheMinTTL uint32
cacheMaxTTL uint32 cacheMaxTTL uint32
negTTL uint32
questionMsg *dns.Msg questionMsg *dns.Msg
requestStart time.Time requestStart time.Time
requestEnd time.Time requestEnd time.Time
@ -221,6 +222,7 @@ func NewPluginsState(proxy *Proxy, clientProto string, clientAddr *net.Addr, sta
cacheNegMaxTTL: proxy.cacheNegMaxTTL, cacheNegMaxTTL: proxy.cacheNegMaxTTL,
cacheMinTTL: proxy.cacheMinTTL, cacheMinTTL: proxy.cacheMinTTL,
cacheMaxTTL: proxy.cacheMaxTTL, cacheMaxTTL: proxy.cacheMaxTTL,
negTTL: proxy.negTTL,
questionMsg: nil, questionMsg: nil,
requestStart: start, requestStart: start,
maxUnencryptedUDPSafePayloadSize: MaxDNSUDPSafePacketSize, maxUnencryptedUDPSafePayloadSize: MaxDNSUDPSafePacketSize,
@ -249,7 +251,7 @@ func (pluginsState *PluginsState) ApplyQueryPlugins(pluginsGlobals *PluginsGloba
return packet, err return packet, err
} }
if pluginsState.action == PluginsActionReject { if pluginsState.action == PluginsActionReject {
synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.cacheMinTTL) synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.negTTL)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -296,7 +298,7 @@ func (pluginsState *PluginsState) ApplyResponsePlugins(pluginsGlobals *PluginsGl
return packet, err return packet, err
} }
if pluginsState.action == PluginsActionReject { if pluginsState.action == PluginsActionReject {
synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.cacheMinTTL) synth, err := RefusedResponseFromMessage(&msg, pluginsGlobals.refusedCodeInResponses, pluginsGlobals.respondWithIPv4, pluginsGlobals.respondWithIPv6, pluginsState.negTTL)
if err != nil { if err != nil {
return nil, err return nil, err
} }

2
dnscrypt-proxy/proxy.go
View file

@ -41,6 +41,8 @@ type Proxy struct {
cacheNegMaxTTL uint32 cacheNegMaxTTL uint32
cacheMinTTL uint32 cacheMinTTL uint32
cacheMaxTTL uint32 cacheMaxTTL uint32
negTTL uint32
cloakTTL uint32
queryLogFile string queryLogFile string
queryLogFormat string queryLogFormat string
queryLogIgnoredQtypes []string queryLogIgnoredQtypes []string