DOT_IPV6 environment variable added, refers to #88
This commit is contained in:
Quentin McGaw (desktop)
@@ -53,6 +53,7 @@ ENV VPNSP=pia \
|
||||
DOT_VERBOSITY_DETAILS=0 \
|
||||
DOT_VALIDATION_LOGLEVEL=0 \
|
||||
DOT_CACHING=on \
|
||||
DOT_IPV6=on \
|
||||
BLOCK_MALICIOUS=on \
|
||||
BLOCK_SURVEILLANCE=off \
|
||||
BLOCK_ADS=off \
|
||||
|
||||
@@ -139,6 +139,7 @@ docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io
|
||||
| `DOT` | `on` | `on` or `off`, to activate DNS over TLS to 1.1.1.1 |
|
||||
| `DOT_PROVIDERS` | `cloudflare` | Comma delimited list of DNS over TLS providers from `cloudflare`, `google`, `quad9`, `quadrant`, `cleanbrowsing`, `securedns`, `libredns` |
|
||||
| `DOT_CACHING` | `on` | Unbound caching feature, `on` or `off` |
|
||||
| `DOT_IPV6` | `on` | Unbound will resolve domain names using IPv6 as well as IPv4 |
|
||||
| `DOT_PRIVATE_ADDRESS` | All IPv4 and IPv6 CIDRs private ranges | Comma separated list of CIDRs or single IP addresses. Note that the default setting prevents DNS rebinding |
|
||||
| `DOT_VERBOSITY` | `1` | Unbound verbosity level from `0` to `5` (full debug) |
|
||||
| `DOT_VERBOSITY_DETAILS` | `0` | Unbound details verbosity level from `0` to `4` |
|
||||
|
||||
@@ -35,6 +35,7 @@ services:
|
||||
# DNS over TLS
|
||||
- DOT=on
|
||||
- DOT_PROVIDERS=cloudflare
|
||||
- DOT_IPV6=on
|
||||
- DOT_VERBOSITY=1
|
||||
- BLOCK_MALICIOUS=on
|
||||
- BLOCK_SURVEILLANCE=off
|
||||
|
||||
@@ -30,6 +30,10 @@ func (c *configurator) MakeUnboundConf(settings settings.DNS, uid, gid int) (err
|
||||
|
||||
// MakeUnboundConf generates an Unbound configuration from the user provided settings
|
||||
func generateUnboundConf(settings settings.DNS, client network.Client, logger logging.Logger) (lines []string, warnings []error, err error) {
|
||||
doIPv6 := "no"
|
||||
if settings.IPv6 {
|
||||
doIPv6 = "yes"
|
||||
}
|
||||
serverSection := map[string]string{
|
||||
// Logging
|
||||
"verbosity": fmt.Sprintf("%d", settings.VerbosityLevel),
|
||||
@@ -60,7 +64,7 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
|
||||
"harden-algo-downgrade": "yes",
|
||||
// Network
|
||||
"do-ip4": "yes",
|
||||
"do-ip6": "yes",
|
||||
"do-ip6": doIPv6,
|
||||
"interface": "127.0.0.1",
|
||||
"port": "53",
|
||||
// Other
|
||||
|
||||
@@ -26,6 +26,7 @@ func Test_generateUnboundConf(t *testing.T) {
|
||||
VerbosityLevel: 2,
|
||||
ValidationLogLevel: 3,
|
||||
Caching: true,
|
||||
IPv6: true,
|
||||
}
|
||||
client := &mocks.Client{}
|
||||
client.On("GetContent", string(constants.MaliciousBlockListHostnamesURL)).
|
||||
|
||||
@@ -116,3 +116,9 @@ func (p *paramsReader) GetDNSOverTLSPrivateAddresses() (privateAddresses []strin
|
||||
}
|
||||
return privateAddresses
|
||||
}
|
||||
|
||||
// GetDNSOverTLSIPv6 obtains if Unbound should resolve ipv6 addresses using ipv6 DNS over TLS
|
||||
// servers from the environment variable DOT_IPV6
|
||||
func (p *paramsReader) GetDNSOverTLSIPv6() (ipv6 bool, err error) {
|
||||
return p.envParams.GetOnOff("DOT_IPV6")
|
||||
}
|
||||
|
||||
@@ -26,6 +26,7 @@ type ParamsReader interface {
|
||||
GetDNSAdsBlocking() (blocking bool, err error)
|
||||
GetDNSUnblockedHostnames() (hostnames []string, err error)
|
||||
GetDNSOverTLSPrivateAddresses() (privateAddresses []string)
|
||||
GetDNSOverTLSIPv6() (ipv6 bool, err error)
|
||||
|
||||
// Firewall getters
|
||||
GetExtraSubnets() (extraSubnets []net.IPNet, err error)
|
||||
|
||||
@@ -21,13 +21,14 @@ type DNS struct {
|
||||
VerbosityLevel uint8
|
||||
VerbosityDetailsLevel uint8
|
||||
ValidationLogLevel uint8
|
||||
IPv6 bool
|
||||
}
|
||||
|
||||
func (d *DNS) String() string {
|
||||
if !d.Enabled {
|
||||
return "DNS over TLS settings: disabled"
|
||||
}
|
||||
caching, blockMalicious, blockSurveillance, blockAds := "disabled", "disabed", "disabed", "disabed"
|
||||
caching, blockMalicious, blockSurveillance, blockAds, ipv6 := "disabled", "disabed", "disabed", "disabed", "disabed"
|
||||
if d.Caching {
|
||||
caching = "enabled"
|
||||
}
|
||||
@@ -40,6 +41,9 @@ func (d *DNS) String() string {
|
||||
if d.BlockAds {
|
||||
blockAds = "enabled"
|
||||
}
|
||||
if d.IPv6 {
|
||||
ipv6 = "enabled"
|
||||
}
|
||||
var providersStr []string
|
||||
for _, provider := range d.Providers {
|
||||
providersStr = append(providersStr, string(provider))
|
||||
@@ -56,6 +60,7 @@ func (d *DNS) String() string {
|
||||
"Verbosity level: " + fmt.Sprintf("%d/5", d.VerbosityLevel),
|
||||
"Verbosity details level: " + fmt.Sprintf("%d/4", d.VerbosityDetailsLevel),
|
||||
"Validation log level: " + fmt.Sprintf("%d/2", d.ValidationLogLevel),
|
||||
"IPv6 resolution: " + ipv6,
|
||||
}
|
||||
return strings.Join(settingsList, "\n |--")
|
||||
}
|
||||
@@ -103,5 +108,9 @@ func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
|
||||
return settings, err
|
||||
}
|
||||
settings.PrivateAddresses = params.GetDNSOverTLSPrivateAddresses()
|
||||
settings.IPv6, err = params.GetDNSOverTLSIPv6()
|
||||
if err != nil {
|
||||
return settings, err
|
||||
}
|
||||
return settings, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user