From a40f68f1dffbf28b4c4d88c89cf3e0559d47953c Mon Sep 17 00:00:00 2001 From: "Quentin McGaw (desktop)" Date: Sat, 8 Feb 2020 17:13:19 +0000 Subject: [PATCH] Refactored DNS provider data structures --- internal/constants/dns.go | 64 +++++++++++++++++++++++++-------------- internal/dns/conf.go | 13 +++++--- internal/models/alias.go | 4 +-- internal/models/dns.go | 10 ++++++ 4 files changed, 62 insertions(+), 29 deletions(-) create mode 100644 internal/models/dns.go diff --git a/internal/constants/dns.go b/internal/constants/dns.go index 61f25d74..10545225 100644 --- a/internal/constants/dns.go +++ b/internal/constants/dns.go @@ -1,6 +1,8 @@ package constants import ( + "net" + "github.com/qdm12/private-internet-access-docker/internal/models" ) @@ -21,28 +23,46 @@ const ( LibreDNS models.DNSProvider = "libredns" ) -const ( - CloudflareAddress1 models.DNSForwardAddress = "1.1.1.1@853#cloudflare-dns.com" - CloudflareAddress2 models.DNSForwardAddress = "1.0.0.1@853#cloudflare-dns.com" - GoogleAddress1 models.DNSForwardAddress = "8.8.8.8@853#dns.google" - GoogleAddress2 models.DNSForwardAddress = "8.8.4.4@853#dns.google" - Quad9Address1 models.DNSForwardAddress = "9.9.9.9@853#dns.quad9.net" - Quad9Address2 models.DNSForwardAddress = "149.112.112.112@853#dns.quad9.net" - QuadrantAddress models.DNSForwardAddress = "12.159.2.159@853#dns-tls.qis.io" - CleanBrowsingAddress1 models.DNSForwardAddress = "185.228.168.9@853#security-filter-dns.cleanbrowsing.org" - CleanBrowsingAddress2 models.DNSForwardAddress = "185.228.169.9@853#security-filter-dns.cleanbrowsing.org" - SecureDNSAddress models.DNSForwardAddress = "146.185.167.43@853#dot.securedns.eu" - LibreDNSAddress models.DNSForwardAddress = "116.203.115.192@853#dot.libredns.gr" -) - -var DNSAddressesMapping = map[models.DNSProvider][]models.DNSForwardAddress{ - Cloudflare: []models.DNSForwardAddress{CloudflareAddress1, CloudflareAddress2}, - Google: []models.DNSForwardAddress{GoogleAddress1, GoogleAddress2}, - Quad9: []models.DNSForwardAddress{Quad9Address1, Quad9Address2}, - Quadrant: []models.DNSForwardAddress{QuadrantAddress}, - CleanBrowsing: []models.DNSForwardAddress{CleanBrowsingAddress1, CleanBrowsingAddress2}, - SecureDNS: []models.DNSForwardAddress{SecureDNSAddress}, - LibreDNS: []models.DNSForwardAddress{LibreDNSAddress}, +// DNSProviderMapping returns a constant mapping of dns provider name +// to their data such as IP addresses or TLS host name. +func DNSProviderMapping() map[models.DNSProvider]models.DNSProviderData { + return map[models.DNSProvider]models.DNSProviderData{ + Cloudflare: models.DNSProviderData{ + IPs: []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}}, + SupportsTLS: true, + Host: models.DNSHost("cloudflare-dns.com"), + }, + Google: models.DNSProviderData{ + IPs: []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}}, + SupportsTLS: true, + Host: models.DNSHost("dns.google"), + }, + Quad9: models.DNSProviderData{ + IPs: []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}}, + SupportsTLS: true, + Host: models.DNSHost("dns.quad9.net"), + }, + Quadrant: models.DNSProviderData{ + IPs: []net.IP{{12, 159, 2, 159}}, + SupportsTLS: true, + Host: models.DNSHost("dns-tls.qis.io"), + }, + CleanBrowsing: models.DNSProviderData{ + IPs: []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}}, + SupportsTLS: true, + Host: models.DNSHost("security-filter-dns.cleanbrowsing.org"), + }, + SecureDNS: models.DNSProviderData{ + IPs: []net.IP{{146, 185, 167, 43}}, + SupportsTLS: true, + Host: models.DNSHost("dot.securedns.eu"), + }, + LibreDNS: models.DNSProviderData{ + IPs: []net.IP{{116, 203, 115, 192}}, + SupportsTLS: true, + Host: models.DNSHost("dot.libredns.gr"), + }, + } } // Block lists URLs diff --git a/internal/dns/conf.go b/internal/dns/conf.go index deccc36e..40637899 100644 --- a/internal/dns/conf.go +++ b/internal/dns/conf.go @@ -108,12 +108,15 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo return forwardZoneLines[i] < forwardZoneLines[j] }) for _, provider := range settings.Providers { - forwardAddresses, ok := constants.DNSAddressesMapping[provider] - if !ok || len(forwardAddresses) == 0 { - return nil, warnings, fmt.Errorf("DNS provider %q does not have any matching forward addresses", provider) + providerData, ok := constants.DNSProviderMapping()[provider] + if !ok { + return nil, warnings, fmt.Errorf("DNS provider %q does not have associated data", provider) + } else if !providerData.SupportsTLS { + return nil, warnings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider) } - for _, forwardAddress := range forwardAddresses { - forwardZoneLines = append(forwardZoneLines, fmt.Sprintf(" forward-addr: %s", forwardAddress)) + for _, IP := range providerData.IPs { + forwardZoneLines = append(forwardZoneLines, + fmt.Sprintf(" forward-addr: %s@853#%s", IP.String(), providerData.Host)) } } lines = append(lines, forwardZoneLines...) diff --git a/internal/models/alias.go b/internal/models/alias.go index e6c9df33..05d6fc8b 100644 --- a/internal/models/alias.go +++ b/internal/models/alias.go @@ -5,8 +5,8 @@ type ( VPNDevice string // DNSProvider is a DNS over TLS server provider name DNSProvider string - // DNSForwardAddress is the Unbound formatted forward address - DNSForwardAddress string + // DNSHost is the DNS host to use for TLS validation + DNSHost string // PIAEncryption defines the level of encryption for communication with PIA servers PIAEncryption string // PIARegion contains the list of regions available for PIA diff --git a/internal/models/dns.go b/internal/models/dns.go new file mode 100644 index 00000000..14dcebcc --- /dev/null +++ b/internal/models/dns.go @@ -0,0 +1,10 @@ +package models + +import "net" + +// DNSProviderData contains information for a DNS provider +type DNSProviderData struct { + IPs []net.IP + SupportsTLS bool + Host DNSHost +}