DNS: Add new nonIPQuery "reject" (XTLS#4824)

Fangliding · maoxikun · commit e4a22ca68d87 · 2025-08-23T16:20:20.000+08:00
(cherry picked from commit 38ed2cc)
diff --git a/infra/conf/dns_proxy.go b/infra/conf/dns_proxy.go
@@ -30,7 +30,7 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) {
 	switch c.NonIPQuery {
 	case "":
 		c.NonIPQuery = "drop"
-	case "drop", "skip":
+	case "drop", "skip", "reject":
 	default:
 		return nil, errors.New(`unknown "nonIPQuery": `, c.NonIPQuery)
 	}
diff --git a/proxy/dns/dns.go b/proxy/dns/dns.go
@@ -186,6 +186,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 				if len(h.blockTypes) > 0 {
 					for _, blocktype := range h.blockTypes {
 						if blocktype == int32(qType) {
+							if h.nonIPQuery == "reject" {
+								go h.rejectNonIPQuery(id, qType, domain, writer)
+							}
 							errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain)
 							return nil
 						}
@@ -198,6 +201,11 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 					b.Release()
 					continue
 				}
+				if h.nonIPQuery == "reject" {
+					go h.rejectNonIPQuery(id, qType, domain, writer)
+					b.Release()
+					continue
+				}
 			}
 
 			if err := connWriter.WriteMessage(b); err != nil {
@@ -316,6 +324,38 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string,
 	}
 }
 
+func (h *Handler) rejectNonIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter) {
+	b := buf.New()
+	rawBytes := b.Extend(buf.Size)
+	builder := dnsmessage.NewBuilder(rawBytes[:0], dnsmessage.Header{
+		ID:                 id,
+		RCode:              dnsmessage.RCodeRefused,
+		RecursionAvailable: true,
+		RecursionDesired:   true,
+		Response:           true,
+		Authoritative:      true,
+	})
+	builder.EnableCompression()
+	common.Must(builder.StartQuestions())
+	common.Must(builder.Question(dnsmessage.Question{
+		Name:  dnsmessage.MustNewName(domain),
+		Class: dnsmessage.ClassINET,
+		Type:  qType,
+	}))
+
+	msgBytes, err := builder.Finish()
+	if err != nil {
+		errors.LogInfoInner(context.Background(), err, "pack reject message")
+		b.Release()
+		return
+	}
+	b.Resize(0, int32(len(msgBytes)))
+
+	if err := writer.WriteMessage(b); err != nil {
+		errors.LogInfoInner(context.Background(), err, "write reject answer")
+	}
+}
+
 type outboundConn struct {
 	access sync.Mutex
 	dialer func() (stat.Connection, error)

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) {`
`30`	`30`	`switch c.NonIPQuery {`
`31`	`31`	`case "":`
`32`	`32`	`c.NonIPQuery = "drop"`
`33`		`- case "drop", "skip":`
	`33`	`+ case "drop", "skip", "reject":`
`34`	`34`	`default:`
`35`	`35`	return nil, errors.New(`unknown "nonIPQuery": `, c.NonIPQuery)
`36`	`36`	`}`