From 4eab88c0179f7ffa70065b8f543af04f7a3187e9 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 17 Sep 2020 00:44:37 +0200 Subject: [PATCH] plugin_dns64: don't send queries to self Fixes #1477 --- dnscrypt-proxy/plugin_dns64.go | 32 ++++++++++++++++-------------- dnscrypt-proxy/plugin_query_log.go | 4 +++- 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/dnscrypt-proxy/plugin_dns64.go b/dnscrypt-proxy/plugin_dns64.go index 5aaa4f23e4..442683b91c 100644 --- a/dnscrypt-proxy/plugin_dns64.go +++ b/dnscrypt-proxy/plugin_dns64.go @@ -4,6 +4,7 @@ import ( "errors" "net" "sync" + "time" "github.com/jedisct1/dlog" "github.com/miekg/dns" @@ -21,6 +22,7 @@ type PluginDNS64 struct { pref64 []*net.IPNet dns64Resolvers []string ipv4Resolver string + proxy *Proxy } func (plugin *PluginDNS64) Name() string { @@ -34,6 +36,7 @@ func (plugin *PluginDNS64) Description() string { func (plugin *PluginDNS64) Init(proxy *Proxy) error { plugin.ipv4Resolver = proxy.listenAddresses[0] //recursively to ourselves plugin.pref64Mutex = new(sync.RWMutex) + plugin.proxy = proxy if len(proxy.dns64Prefixes) != 0 { plugin.pref64Mutex.RLock() @@ -65,26 +68,29 @@ func (plugin *PluginDNS64) Reload() error { } func (plugin *PluginDNS64) Eval(pluginsState *PluginsState, msg *dns.Msg) error { - if !hasAAAAQuestion(pluginsState.questionMsg) || hasAAAAAnswer(msg) { + if hasAAAAAnswer(msg) { return nil } - questions := msg.Question - if len(questions) != 1 { - return nil - } - question := questions[0] - if question.Qclass != dns.ClassINET { + question := pluginsState.questionMsg.Question[0] + if question.Qclass != dns.ClassINET || question.Qtype != dns.TypeAAAA { return nil } - msgA := new(dns.Msg) + msgA := pluginsState.questionMsg.Copy() msgA.SetQuestion(question.Name, dns.TypeA) + msgAPacket, err := msgA.Pack() + if err != nil { + return err + } - client := new(dns.Client) - resp, _, err := client.Exchange(msgA, plugin.ipv4Resolver) + respPacket := plugin.proxy.processIncomingQuery("trampoline", plugin.proxy.mainProto, msgAPacket, nil, nil, time.Now()) + resp := dns.Msg{} + if err := resp.Unpack(respPacket); err != nil { + return err + } - if err != nil || resp == nil || resp.Rcode != dns.RcodeSuccess { + if err != nil || resp.Rcode != dns.RcodeSuccess { return nil } @@ -134,10 +140,6 @@ func (plugin *PluginDNS64) Eval(pluginsState *PluginsState, msg *dns.Msg) error return nil } -func hasAAAAQuestion(msg *dns.Msg) bool { - return msg.Question[0].Qtype == dns.TypeAAAA -} - func hasAAAAAnswer(msg *dns.Msg) bool { for _, answer := range msg.Answer { if answer.Header().Rrtype == dns.TypeAAAA { diff --git a/dnscrypt-proxy/plugin_query_log.go b/dnscrypt-proxy/plugin_query_log.go index 5a806647b8..36de29db10 100644 --- a/dnscrypt-proxy/plugin_query_log.go +++ b/dnscrypt-proxy/plugin_query_log.go @@ -58,8 +58,10 @@ func (plugin *PluginQueryLog) Eval(pluginsState *PluginsState, msg *dns.Msg) err var clientIPStr string if pluginsState.clientProto == "udp" { clientIPStr = (*pluginsState.clientAddr).(*net.UDPAddr).IP.String() - } else { + } else if pluginsState.clientProto == "tcp" { clientIPStr = (*pluginsState.clientAddr).(*net.TCPAddr).IP.String() + } else { + clientIPStr = "-" } qName := pluginsState.qName