all: support multiple dns hosts

AdguardTeam · Mar 22, 2021 · 5766a97 · 5766a97
1 parent 3b2f5d7
commit 5766a97
Show file tree

Hide file tree

Showing 10 changed files with 272 additions and 187 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@ and this project adheres to
 
 ### Added
 
+- The ability to serve DNS queries on multiple hosts and interfaces ([#1401]).
 - `ips` and `text` DHCP server options ([#2385]).
 - `SRV` records support in `$dnsrewrite` filters ([#2533]).
 
@@ -38,6 +39,7 @@ and this project adheres to
 
 - Go 1.14 support.
 
+[#1401]: https://github.com/AdguardTeam/AdGuardHome/issues/1401
 [#2385]: https://github.com/AdguardTeam/AdGuardHome/issues/2385
 [#2412]: https://github.com/AdguardTeam/AdGuardHome/issues/2412
 [#2498]: https://github.com/AdguardTeam/AdGuardHome/issues/2498

diff --git a/internal/dnsforward/config.go b/internal/dnsforward/config.go
@@ -93,8 +93,8 @@ type FilteringConfig struct {
 
 // TLSConfig is the TLS configuration for HTTPS, DNS-over-HTTPS, and DNS-over-TLS
 type TLSConfig struct {
-	TLSListenAddr  *net.TCPAddr `yaml:"-" json:"-"`
-	QUICListenAddr *net.UDPAddr `yaml:"-" json:"-"`
+	TLSListenAddrs  []*net.TCPAddr `yaml:"-" json:"-"`
+	QUICListenAddrs []*net.UDPAddr `yaml:"-" json:"-"`
 
 	// Reject connection if the client uses server name (in SNI) that doesn't match the certificate
 	StrictSNICheck bool `yaml:"strict_sni_check" json:"-"`
@@ -121,18 +121,18 @@ type TLSConfig struct {
 
 // DNSCryptConfig is the DNSCrypt server configuration struct.
 type DNSCryptConfig struct {
-	UDPListenAddr *net.UDPAddr
-	TCPListenAddr *net.TCPAddr
-	ProviderName  string
-	ResolverCert  *dnscrypt.Cert
-	Enabled       bool
+	UDPListenAddrs []*net.UDPAddr
+	TCPListenAddrs []*net.TCPAddr
+	ProviderName   string
+	ResolverCert   *dnscrypt.Cert
+	Enabled        bool
 }
 
 // ServerConfig represents server configuration.
 // The zero ServerConfig is empty and ready for use.
 type ServerConfig struct {
-	UDPListenAddr  *net.UDPAddr          // UDP listen address
-	TCPListenAddr  *net.TCPAddr          // TCP listen address
+	UDPListenAddrs []*net.UDPAddr        // UDP listen address
+	TCPListenAddrs []*net.TCPAddr        // TCP listen address
 	UpstreamConfig *proxy.UpstreamConfig // Upstream DNS servers config
 	OnDNSRequest   func(d *proxy.DNSContext)
 
@@ -153,16 +153,16 @@ type ServerConfig struct {
 
 // if any of ServerConfig values are zero, then default values from below are used
 var defaultValues = ServerConfig{
-	UDPListenAddr:   &net.UDPAddr{Port: 53},
-	TCPListenAddr:   &net.TCPAddr{Port: 53},
+	UDPListenAddrs:  []*net.UDPAddr{{Port: 53}},
+	TCPListenAddrs:  []*net.TCPAddr{{Port: 53}},
 	FilteringConfig: FilteringConfig{BlockedResponseTTL: 3600},
 }
 
 // createProxyConfig creates and validates configuration for the main proxy
 func (s *Server) createProxyConfig() (proxy.Config, error) {
 	proxyConfig := proxy.Config{
-		UDPListenAddr:          []*net.UDPAddr{s.conf.UDPListenAddr},
-		TCPListenAddr:          []*net.TCPAddr{s.conf.TCPListenAddr},
+		UDPListenAddr:          s.conf.UDPListenAddrs,
+		TCPListenAddr:          s.conf.TCPListenAddrs,
 		Ratelimit:              int(s.conf.Ratelimit),
 		RatelimitWhitelist:     s.conf.RatelimitWhitelist,
 		RefuseAny:              s.conf.RefuseAny,
@@ -205,8 +205,8 @@ func (s *Server) createProxyConfig() (proxy.Config, error) {
 	}
 
 	if s.conf.DNSCryptConfig.Enabled {
-		proxyConfig.DNSCryptUDPListenAddr = []*net.UDPAddr{s.conf.DNSCryptConfig.UDPListenAddr}
-		proxyConfig.DNSCryptTCPListenAddr = []*net.TCPAddr{s.conf.DNSCryptConfig.TCPListenAddr}
+		proxyConfig.DNSCryptUDPListenAddr = s.conf.DNSCryptConfig.UDPListenAddrs
+		proxyConfig.DNSCryptTCPListenAddr = s.conf.DNSCryptConfig.TCPListenAddrs
 		proxyConfig.DNSCryptProviderName = s.conf.DNSCryptConfig.ProviderName
 		proxyConfig.DNSCryptResolverCert = s.conf.DNSCryptConfig.ResolverCert
 	}
@@ -225,21 +225,27 @@ func (s *Server) initDefaultSettings() {
 	if len(s.conf.UpstreamDNS) == 0 {
 		s.conf.UpstreamDNS = defaultDNS
 	}
+
 	if len(s.conf.BootstrapDNS) == 0 {
 		s.conf.BootstrapDNS = defaultBootstrap
 	}
+
 	if len(s.conf.ParentalBlockHost) == 0 {
 		s.conf.ParentalBlockHost = parentalBlockHost
 	}
+
 	if len(s.conf.SafeBrowsingBlockHost) == 0 {
 		s.conf.SafeBrowsingBlockHost = safeBrowsingBlockHost
 	}
-	if s.conf.UDPListenAddr == nil {
-		s.conf.UDPListenAddr = defaultValues.UDPListenAddr
+
+	if s.conf.UDPListenAddrs == nil {
+		s.conf.UDPListenAddrs = defaultValues.UDPListenAddrs
 	}
-	if s.conf.TCPListenAddr == nil {
-		s.conf.TCPListenAddr = defaultValues.TCPListenAddr
+
+	if s.conf.TCPListenAddrs == nil {
+		s.conf.TCPListenAddrs = defaultValues.TCPListenAddrs
 	}
+
 	if len(s.conf.BlockedHosts) == 0 {
 		s.conf.BlockedHosts = defaultBlockedHosts
 	}
@@ -325,17 +331,16 @@ func (s *Server) prepareTLS(proxyConfig *proxy.Config) error {
 		return nil
 	}
 
-	if s.conf.TLSListenAddr == nil &&
-		s.conf.QUICListenAddr == nil {
+	if s.conf.TLSListenAddrs == nil && s.conf.QUICListenAddrs == nil {
 		return nil
 	}
 
-	if s.conf.TLSListenAddr != nil {
-		proxyConfig.TLSListenAddr = []*net.TCPAddr{s.conf.TLSListenAddr}
+	if s.conf.TLSListenAddrs != nil {
+		proxyConfig.TLSListenAddr = s.conf.TLSListenAddrs
 	}
 
-	if s.conf.QUICListenAddr != nil {
-		proxyConfig.QUICListenAddr = []*net.UDPAddr{s.conf.QUICListenAddr}
+	if s.conf.QUICListenAddrs != nil {
+		proxyConfig.QUICListenAddr = s.conf.QUICListenAddrs
 	}
 
 	var err error

diff --git a/internal/dnsforward/dnsforward_test.go b/internal/dnsforward/dnsforward_test.go
@@ -123,8 +123,8 @@ func createTestTLS(t *testing.T, tlsConf TLSConfig) (s *Server, certPem []byte)
 	_, certPem, keyPem = createServerTLSConfig(t)
 
 	s = createTestServer(t, &dnsfilter.Config{}, ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 	})
 
 	tlsConf.CertificateChainData, tlsConf.PrivateKeyData = certPem, keyPem
@@ -219,8 +219,8 @@ func sendTestMessages(t *testing.T, conn *dns.Conn) {
 
 func TestServer(t *testing.T) {
 	s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 	})
 	s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
 		&aghtest.TestUpstream{
@@ -257,8 +257,8 @@ func TestServer(t *testing.T) {
 
 func TestServerWithProtectionDisabled(t *testing.T) {
 	s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 	})
 	s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
 		&aghtest.TestUpstream{
@@ -281,7 +281,7 @@ func TestServerWithProtectionDisabled(t *testing.T) {
 
 func TestDoTServer(t *testing.T) {
 	s, certPem := createTestTLS(t, TLSConfig{
-		TLSListenAddr: &net.TCPAddr{},
+		TLSListenAddrs: []*net.TCPAddr{{}},
 	})
 	s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
 		&aghtest.TestUpstream{
@@ -311,7 +311,7 @@ func TestDoTServer(t *testing.T) {
 
 func TestDoQServer(t *testing.T) {
 	s, _ := createTestTLS(t, TLSConfig{
-		QUICListenAddr: &net.UDPAddr{},
+		QUICListenAddrs: []*net.UDPAddr{{}},
 	})
 	s.conf.UpstreamConfig.Upstreams = []upstream.Upstream{
 		&aghtest.TestUpstream{
@@ -348,8 +348,8 @@ func TestServerRace(t *testing.T) {
 		CacheTime:             30,
 	}
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 			UpstreamDNS:       []string{"8.8.8.8:53", "8.8.4.4:53"},
@@ -383,8 +383,8 @@ func TestSafeSearch(t *testing.T) {
 		CustomResolver:      resolver,
 	}
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 		},
@@ -440,8 +440,8 @@ func TestSafeSearch(t *testing.T) {
 
 func TestInvalidRequest(t *testing.T) {
 	s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 	})
 	startDeferStop(t, s)
 
@@ -464,8 +464,8 @@ func TestInvalidRequest(t *testing.T) {
 
 func TestBlockedRequest(t *testing.T) {
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 		},
@@ -488,8 +488,8 @@ func TestBlockedRequest(t *testing.T) {
 
 func TestServerCustomClientUpstream(t *testing.T) {
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 		},
@@ -537,8 +537,8 @@ var testIPv4 = map[string][]net.IP{
 
 func TestBlockCNAMEProtectionEnabled(t *testing.T) {
 	s := createTestServer(t, &dnsfilter.Config{}, ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 	})
 	testUpstm := &aghtest.TestUpstream{
 		CName: testCNAMEs,
@@ -564,8 +564,8 @@ func TestBlockCNAMEProtectionEnabled(t *testing.T) {
 
 func TestBlockCNAME(t *testing.T) {
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 		},
@@ -622,8 +622,8 @@ func TestBlockCNAME(t *testing.T) {
 
 func TestClientRulesForCNAMEMatching(t *testing.T) {
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 			FilterHandler: func(_ net.IP, _ string, settings *dnsfilter.RequestFilteringSettings) {
@@ -664,8 +664,8 @@ func TestClientRulesForCNAMEMatching(t *testing.T) {
 
 func TestNullBlockedRequest(t *testing.T) {
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 			BlockingMode:      "null_ip",
@@ -707,8 +707,8 @@ func TestBlockedCustomIP(t *testing.T) {
 		DNSFilter: dnsfilter.New(&dnsfilter.Config{}, filters),
 	})
 	conf := &ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 			BlockingMode:      "custom_ip",
@@ -746,8 +746,8 @@ func TestBlockedCustomIP(t *testing.T) {
 
 func TestBlockedByHosts(t *testing.T) {
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 		},
@@ -780,8 +780,8 @@ func TestBlockedBySafeBrowsing(t *testing.T) {
 		SafeBrowsingEnabled: true,
 	}
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			SafeBrowsingBlockHost: ans4.String(),
 			ProtectionEnabled:     true,
@@ -824,8 +824,8 @@ func TestRewrite(t *testing.T) {
 
 	s := NewServer(DNSCreateParams{DNSFilter: f})
 	assert.Nil(t, s.Prepare(&ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{{}},
+		TCPListenAddrs: []*net.TCPAddr{{}},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 			UpstreamDNS:       []string{"8.8.8.8:53"},
@@ -1109,8 +1109,8 @@ func TestPTRResponseFromDHCPLeases(t *testing.T) {
 		DHCPServer: &testDHCP{},
 	})
 
-	s.conf.UDPListenAddr = &net.UDPAddr{}
-	s.conf.TCPListenAddr = &net.TCPAddr{}
+	s.conf.UDPListenAddrs = []*net.UDPAddr{{}}
+	s.conf.TCPListenAddrs = []*net.TCPAddr{{}}
 	s.conf.UpstreamDNS = []string{"127.0.0.1:53"}
 	s.conf.FilteringConfig.ProtectionEnabled = true
 	require.Nil(t, s.Prepare(nil))
@@ -1154,8 +1154,8 @@ func TestPTRResponseFromHosts(t *testing.T) {
 	t.Cleanup(c.AutoHosts.Close)
 
 	s := NewServer(DNSCreateParams{DNSFilter: dnsfilter.New(&c, nil)})
-	s.conf.UDPListenAddr = &net.UDPAddr{}
-	s.conf.TCPListenAddr = &net.TCPAddr{}
+	s.conf.UDPListenAddrs = []*net.UDPAddr{{}}
+	s.conf.TCPListenAddrs = []*net.TCPAddr{{}}
 	s.conf.UpstreamDNS = []string{"127.0.0.1:53"}
 	s.conf.FilteringConfig.ProtectionEnabled = true
 	require.Nil(t, s.Prepare(nil))

diff --git a/internal/dnsforward/http_test.go b/internal/dnsforward/http_test.go
@@ -23,8 +23,8 @@ func TestDNSForwardHTTTP_handleGetConfig(t *testing.T) {
 		CacheTime:             30,
 	}
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{},
+		TCPListenAddrs: []*net.TCPAddr{},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 			UpstreamDNS:       []string{"8.8.8.8:53", "8.8.4.4:53"},
@@ -94,8 +94,8 @@ func TestDNSForwardHTTTP_handleSetConfig(t *testing.T) {
 		CacheTime:             30,
 	}
 	forwardConf := ServerConfig{
-		UDPListenAddr: &net.UDPAddr{},
-		TCPListenAddr: &net.TCPAddr{},
+		UDPListenAddrs: []*net.UDPAddr{},
+		TCPListenAddrs: []*net.TCPAddr{},
 		FilteringConfig: FilteringConfig{
 			ProtectionEnabled: true,
 			UpstreamDNS:       []string{"8.8.8.8:53", "8.8.4.4:53"},