mirror of
https://github.com/DNSCrypt/encrypted-dns-server.git
synced 2024-06-10 23:06:08 +02:00
Return a HINFO record when a query is blocked
This is extremely useful to understand why a query doesn't return e.g. IP addresses that resolve from other servers
This commit is contained in:
parent
8aae5ac52c
commit
c0faa11ac1
|
@ -20,7 +20,7 @@ daemonize-simple = "0.1.2"
|
|||
derivative = "1.0.3"
|
||||
dnsstamps = "0.1.1"
|
||||
env_logger = { version="0.7.0", default-features = false, features = ["humantime"]}
|
||||
failure = "0.1.5"
|
||||
failure = "0.1.6"
|
||||
futures-preview = { version = "=0.3.0-alpha.19", features = ["async-await", "unstable", "cfg-target-has-atomic"] }
|
||||
jemallocator = "0.3.2"
|
||||
libsodium-sys-stable="1.18.1"
|
||||
|
|
16
src/dns.rs
16
src/dns.rs
|
@ -18,6 +18,7 @@ const DNS_FLAGS_CD: u16 = 1u16 << 4;
|
|||
const DNS_OFFSET_QUESTION: usize = DNS_HEADER_SIZE;
|
||||
const DNS_TYPE_OPT: u16 = 41;
|
||||
const DNS_TYPE_TXT: u16 = 16;
|
||||
const DNS_TYPE_HINFO: u16 = 13;
|
||||
const DNS_CLASS_INET: u16 = 1;
|
||||
|
||||
const DNS_RCODE_SERVFAIL: u8 = 2;
|
||||
|
@ -462,7 +463,7 @@ pub fn serve_truncated(client_packet: Vec<u8>) -> Result<Vec<u8>, Error> {
|
|||
Ok(packet)
|
||||
}
|
||||
|
||||
pub fn serve_empty_response(client_packet: Vec<u8>) -> Result<Vec<u8>, Error> {
|
||||
pub fn serve_blocked_response(client_packet: Vec<u8>) -> Result<Vec<u8>, Error> {
|
||||
ensure!(client_packet.len() >= DNS_HEADER_SIZE, "Short packet");
|
||||
ensure!(qdcount(&client_packet) == 1, "No question");
|
||||
ensure!(
|
||||
|
@ -475,5 +476,18 @@ pub fn serve_empty_response(client_packet: Vec<u8>) -> Result<Vec<u8>, Error> {
|
|||
packet.truncate(offset + 4);
|
||||
an_ns_ar_count_clear(&mut packet);
|
||||
authoritative_response(&mut packet);
|
||||
let hinfo_cpu = b"Query blocked";
|
||||
let hinfo_rdata = b"by the DNS server";
|
||||
let rdata_len = 1 + hinfo_cpu.len() + 1 + hinfo_rdata.len();
|
||||
ancount_inc(&mut packet)?;
|
||||
packet.write_u16::<BigEndian>(0xc000 + DNS_HEADER_SIZE as u16)?;
|
||||
packet.write_u16::<BigEndian>(DNS_TYPE_HINFO)?;
|
||||
packet.write_u16::<BigEndian>(DNS_CLASS_INET)?;
|
||||
packet.write_u32::<BigEndian>(60)?;
|
||||
packet.write_u16::<BigEndian>(rdata_len as _)?;
|
||||
packet.push(hinfo_cpu.len() as u8);
|
||||
packet.extend_from_slice(hinfo_cpu);
|
||||
packet.push(hinfo_rdata.len() as u8);
|
||||
packet.extend_from_slice(hinfo_rdata);
|
||||
Ok(packet)
|
||||
}
|
||||
|
|
|
@ -152,7 +152,7 @@ pub async fn get_cached_response_or_resolve(
|
|||
if blacklist.find(&packet_qname) {
|
||||
#[cfg(feature = "metrics")]
|
||||
globals.varz.client_queries_blocked.inc();
|
||||
return dns::serve_empty_response(packet.to_vec());
|
||||
return dns::serve_blocked_response(packet.to_vec());
|
||||
}
|
||||
}
|
||||
let original_tid = dns::tid(&packet);
|
||||
|
|
Loading…
Reference in New Issue