dnsforward: upd proxy, imp code, docs

go.mod

@@ -3,7 +3,7 @@ module github.com/AdguardTeam/AdGuardHome
 go 1.22.2
 
 require (
-	github.com/AdguardTeam/dnsproxy v0.69.0
+	github.com/AdguardTeam/dnsproxy v0.69.1
 	github.com/AdguardTeam/golibs v0.23.0
 	github.com/AdguardTeam/urlfilter v0.18.0
 	github.com/NYTimes/gziphandler v1.1.1

go.sum

@@ -1,5 +1,5 @@
-github.com/AdguardTeam/dnsproxy v0.69.0 h1:VaaXpvkkNkf3gx9d8EvUutRQu/BVtT8vvDa572U3wTk=
-github.com/AdguardTeam/dnsproxy v0.69.0/go.mod h1:atO3WeeuyepyhjSt6hC+MF7/IN7TZHfG3/ZwhImHzYs=
+github.com/AdguardTeam/dnsproxy v0.69.1 h1:KiLkKUSrvHeUO/YEf4Bbo/5zyFRIvQstjL7W9G/24pk=
+github.com/AdguardTeam/dnsproxy v0.69.1/go.mod h1:atO3WeeuyepyhjSt6hC+MF7/IN7TZHfG3/ZwhImHzYs=
 github.com/AdguardTeam/golibs v0.23.0 h1:PHz/QhJhLmoaOokkqrPFUgu9Hw4iVAqLtBP0O3g1D3Q=
 github.com/AdguardTeam/golibs v0.23.0/go.mod h1:/xZCf6gZZzz7k1qaoJmI+hhxN98kHFr7LJ22j1nLH0c=
 github.com/AdguardTeam/urlfilter v0.18.0 h1:ZZzwODC/ADpjJSODxySrrUnt/fvOCfGFaCW6j+wsGfQ=

internal/dnsforward/dnsforward.go

@@ -517,7 +517,7 @@ func (s *Server) prepareUpstreamSettings(boot upstream.Resolver) (err error) {
 		return fmt.Errorf("loading upstreams: %w", err)
 	}
 
-	s.conf.UpstreamConfig, err = newUpstreamConfig(upstreams, defaultDNS, &upstream.Options{
+	uc, err := newUpstreamConfig(upstreams, defaultDNS, &upstream.Options{
 		Bootstrap:    boot,
 		Timeout:      s.conf.UpstreamTimeout,
 		HTTPVersions: UpstreamHTTPVersions(s.conf.UseHTTP3Upstreams),
@@ -536,6 +536,8 @@ func (s *Server) prepareUpstreamSettings(boot upstream.Resolver) (err error) {
 		return fmt.Errorf("preparing upstream config: %w", err)
 	}
 
+	s.conf.UpstreamConfig = uc
+
 	return nil
 }
 
@@ -582,18 +584,11 @@ func (s *Server) prepareLocalResolvers() (uc *proxy.UpstreamConfig, err error) {
 	}
 
 	addrs := s.conf.LocalPTRResolvers
-	uc, err = newLocalResolvers(addrs, ownAddrs, s.sysResolvers, s.privateNets, opts)
+	uc, err = newPrivateConfig(addrs, ownAddrs, s.sysResolvers, s.privateNets, opts)
 	if err != nil {
 		return nil, fmt.Errorf("preparing resolvers: %w", err)
 	}
 
-	// Prevalidate the config to catch the exact error before creating proxy.
-	// See TODO on [ErrBadPrivateRDNSUpstreams].
-	err = proxy.ValidatePrivateConfig(uc, s.privateNets)
-	if err != nil {
-		return nil, err
-	}
-
 	return uc, nil
 }
 

internal/dnsforward/http.go

@@ -342,15 +342,15 @@ func (req *jsonDNSConfig) validateUpstreamDNSServers(
 	opts := &upstream.Options{}
 
 	if req.Upstreams != nil {
-		uc, err = newUpstreamConfig(*req.Upstreams, nil, opts)
+		uc, err = proxy.ParseUpstreamsConfig(*req.Upstreams, opts)
 		err = errors.WithDeferred(err, uc.Close())
 		if err != nil {
 			return fmt.Errorf("upstream servers: %w", err)
 		}
 	}
 
 	if addrs := req.LocalPTRUpstreams; addrs != nil {
-		uc, err = newLocalResolvers(*addrs, ownAddrs, sysResolvers, privateNets, opts)
+		uc, err = newPrivateConfig(*addrs, ownAddrs, sysResolvers, privateNets, opts)
 		err = errors.WithDeferred(err, uc.Close())
 		if err != nil {
 			return fmt.Errorf("private upstream servers: %w", err)
@@ -364,7 +364,7 @@ func (req *jsonDNSConfig) validateUpstreamDNSServers(
 	}
 
 	if req.Fallbacks != nil {
-		uc, err = newUpstreamConfig(*req.Fallbacks, nil, opts)
+		uc, err = proxy.ParseUpstreamsConfig(*req.Fallbacks, opts)
 		err = errors.WithDeferred(err, uc.Close())
 		if err != nil {
 			return fmt.Errorf("fallback servers: %w", err)
@@ -440,6 +440,7 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
 	// TODO(e.burkov):  Consider prebuilding this set on startup.
 	ourAddrs, err := s.conf.ourAddrsSet()
 	if err != nil {
+		// TODO(e.burkov):  !! Put into openapi
 		aghhttp.Error(r, w, http.StatusInternalServerError, "getting our addresses: %s", err)
 
 		return

internal/dnsforward/upstreams.go

@@ -81,11 +81,11 @@ func newUpstreamConfig(
 	return uc, nil
 }
 
-// newLocalResolvers creates an upstream configuration for resolving PTR records
+// newPrivateConfig creates an upstream configuration for resolving PTR records
 // for local addresses.  The configuration is built either from the provided
 // addresses or from the system resolvers.  unwanted filters the resulting
 // upstream configuration.
-func newLocalResolvers(
+func newPrivateConfig(
 	addrs []string,
 	unwanted addrPortSet,
 	sysResolvers SystemResolvers,
@@ -105,23 +105,25 @@ func newLocalResolvers(
 
 	log.Debug("dnsforward: upstreams to resolve ptr for local addresses: %v", addrs)
 
-	uc, err = newUpstreamConfig(addrs, nil, opts)
+	uc, err = proxy.ParseUpstreamsConfig(addrs, opts)
 	if err != nil {
-		return nil, fmt.Errorf("preparing private upstreams: %w", err)
+		return uc, fmt.Errorf("preparing private upstreams: %w", err)
 	}
 
-	if confNeedsFiltering {
-		err = filterOutAddrs(uc, unwanted)
-		if err != nil {
-			return nil, fmt.Errorf("filtering private upstreams: %w", err)
-		}
+	if !confNeedsFiltering {
+		return uc, nil
+	}
 
-		err = proxy.ValidatePrivateConfig(uc, privateNets)
-		if err != nil {
-			log.Debug("dnsforward: validating private rdns upstreams: %s", err)
+	err = filterOutAddrs(uc, unwanted)
+	if err != nil {
+		return uc, fmt.Errorf("filtering private upstreams: %w", err)
+	}
 
-			return nil, &PrivateRDNSError{err: err}
-		}
+	// Prevalidate the config to catch the exact error before creating proxy.
+	// See TODO on [PrivateRDNSError].
+	err = proxy.ValidatePrivateConfig(uc, privateNets)
+	if err != nil {
+		return uc, &PrivateRDNSError{err: err}
 	}
 
 	return uc, nil