Skip to content

Commit e4a22ca

Browse files
Fanglidingmaoxikun
authored andcommitted
DNS: Add new nonIPQuery "reject" (XTLS#4824)
(cherry picked from commit 38ed2cc)
1 parent eca971d commit e4a22ca

2 files changed

Lines changed: 41 additions & 1 deletion

File tree

infra/conf/dns_proxy.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) {
3030
switch c.NonIPQuery {
3131
case "":
3232
c.NonIPQuery = "drop"
33-
case "drop", "skip":
33+
case "drop", "skip", "reject":
3434
default:
3535
return nil, errors.New(`unknown "nonIPQuery": `, c.NonIPQuery)
3636
}

proxy/dns/dns.go

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -186,6 +186,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
186186
if len(h.blockTypes) > 0 {
187187
for _, blocktype := range h.blockTypes {
188188
if blocktype == int32(qType) {
189+
if h.nonIPQuery == "reject" {
190+
go h.rejectNonIPQuery(id, qType, domain, writer)
191+
}
189192
errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain)
190193
return nil
191194
}
@@ -198,6 +201,11 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
198201
b.Release()
199202
continue
200203
}
204+
if h.nonIPQuery == "reject" {
205+
go h.rejectNonIPQuery(id, qType, domain, writer)
206+
b.Release()
207+
continue
208+
}
201209
}
202210

203211
if err := connWriter.WriteMessage(b); err != nil {
@@ -316,6 +324,38 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string,
316324
}
317325
}
318326

327+
func (h *Handler) rejectNonIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter) {
328+
b := buf.New()
329+
rawBytes := b.Extend(buf.Size)
330+
builder := dnsmessage.NewBuilder(rawBytes[:0], dnsmessage.Header{
331+
ID: id,
332+
RCode: dnsmessage.RCodeRefused,
333+
RecursionAvailable: true,
334+
RecursionDesired: true,
335+
Response: true,
336+
Authoritative: true,
337+
})
338+
builder.EnableCompression()
339+
common.Must(builder.StartQuestions())
340+
common.Must(builder.Question(dnsmessage.Question{
341+
Name: dnsmessage.MustNewName(domain),
342+
Class: dnsmessage.ClassINET,
343+
Type: qType,
344+
}))
345+
346+
msgBytes, err := builder.Finish()
347+
if err != nil {
348+
errors.LogInfoInner(context.Background(), err, "pack reject message")
349+
b.Release()
350+
return
351+
}
352+
b.Resize(0, int32(len(msgBytes)))
353+
354+
if err := writer.WriteMessage(b); err != nil {
355+
errors.LogInfoInner(context.Background(), err, "write reject answer")
356+
}
357+
}
358+
319359
type outboundConn struct {
320360
access sync.Mutex
321361
dialer func() (stat.Connection, error)

0 commit comments

Comments
 (0)