Add DNS over TLS ipv6 upstream servers, see #88
This commit is contained in:
Quentin McGaw (desktop)
@@ -28,33 +28,39 @@ const (
|
|||||||
func DNSProviderMapping() map[models.DNSProvider]models.DNSProviderData {
|
func DNSProviderMapping() map[models.DNSProvider]models.DNSProviderData {
|
||||||
return map[models.DNSProvider]models.DNSProviderData{
|
return map[models.DNSProvider]models.DNSProviderData{
|
||||||
Cloudflare: models.DNSProviderData{
|
Cloudflare: models.DNSProviderData{
|
||||||
IPs: []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}},
|
IPs: []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x11}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x01}},
|
||||||
SupportsTLS: true,
|
SupportsTLS: true,
|
||||||
|
SupportsIPv6: true,
|
||||||
Host: models.DNSHost("cloudflare-dns.com"),
|
Host: models.DNSHost("cloudflare-dns.com"),
|
||||||
},
|
},
|
||||||
Google: models.DNSProviderData{
|
Google: models.DNSProviderData{
|
||||||
IPs: []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}},
|
IPs: []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x88}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x44}},
|
||||||
SupportsTLS: true,
|
SupportsTLS: true,
|
||||||
|
SupportsIPv6: true,
|
||||||
Host: models.DNSHost("dns.google"),
|
Host: models.DNSHost("dns.google"),
|
||||||
},
|
},
|
||||||
Quad9: models.DNSProviderData{
|
Quad9: models.DNSProviderData{
|
||||||
IPs: []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}},
|
IPs: []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}},
|
||||||
SupportsTLS: true,
|
SupportsTLS: true,
|
||||||
|
SupportsIPv6: true,
|
||||||
Host: models.DNSHost("dns.quad9.net"),
|
Host: models.DNSHost("dns.quad9.net"),
|
||||||
},
|
},
|
||||||
Quadrant: models.DNSProviderData{
|
Quadrant: models.DNSProviderData{
|
||||||
IPs: []net.IP{{12, 159, 2, 159}},
|
IPs: []net.IP{{12, 159, 2, 159}, {0x20, 0x1, 0x18, 0x90, 0x14, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x59}},
|
||||||
SupportsTLS: true,
|
SupportsTLS: true,
|
||||||
|
SupportsIPv6: true,
|
||||||
Host: models.DNSHost("dns-tls.qis.io"),
|
Host: models.DNSHost("dns-tls.qis.io"),
|
||||||
},
|
},
|
||||||
CleanBrowsing: models.DNSProviderData{
|
CleanBrowsing: models.DNSProviderData{
|
||||||
IPs: []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}},
|
IPs: []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}},
|
||||||
SupportsTLS: true,
|
SupportsTLS: true,
|
||||||
|
SupportsIPv6: true,
|
||||||
Host: models.DNSHost("security-filter-dns.cleanbrowsing.org"),
|
Host: models.DNSHost("security-filter-dns.cleanbrowsing.org"),
|
||||||
},
|
},
|
||||||
SecureDNS: models.DNSProviderData{
|
SecureDNS: models.DNSProviderData{
|
||||||
IPs: []net.IP{{146, 185, 167, 43}},
|
IPs: []net.IP{{146, 185, 167, 43}, {0x2a, 0x3, 0xb0, 0xc0, 0x0, 0x0, 0x10, 0x10, 0x0, 0x0, 0x0, 0x0, 0xe, 0x9a, 0x30, 0x1}},
|
||||||
SupportsTLS: true,
|
SupportsTLS: true,
|
||||||
|
SupportsIPv6: true,
|
||||||
Host: models.DNSHost("dot.securedns.eu"),
|
Host: models.DNSHost("dot.securedns.eu"),
|
||||||
},
|
},
|
||||||
LibreDNS: models.DNSProviderData{
|
LibreDNS: models.DNSProviderData{
|
||||||
|
|||||||
@@ -117,12 +117,7 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
|
|||||||
return forwardZoneLines[i] < forwardZoneLines[j]
|
return forwardZoneLines[i] < forwardZoneLines[j]
|
||||||
})
|
})
|
||||||
for _, provider := range settings.Providers {
|
for _, provider := range settings.Providers {
|
||||||
providerData, ok := constants.DNSProviderMapping()[provider]
|
providerData := constants.DNSProviderMapping()[provider]
|
||||||
if !ok {
|
|
||||||
return nil, warnings, fmt.Errorf("DNS provider %q does not have associated data", provider)
|
|
||||||
} else if !providerData.SupportsTLS {
|
|
||||||
return nil, warnings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
|
|
||||||
}
|
|
||||||
for _, IP := range providerData.IPs {
|
for _, IP := range providerData.IPs {
|
||||||
forwardZoneLines = append(forwardZoneLines,
|
forwardZoneLines = append(forwardZoneLines,
|
||||||
fmt.Sprintf(" forward-addr: %s@853#%s", IP.String(), providerData.Host))
|
fmt.Sprintf(" forward-addr: %s@853#%s", IP.String(), providerData.Host))
|
||||||
|
|||||||
@@ -80,8 +80,12 @@ forward-zone:
|
|||||||
name: "."
|
name: "."
|
||||||
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||||
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||||
|
forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||||
|
forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||||
forward-addr: 9.9.9.9@853#dns.quad9.net
|
forward-addr: 9.9.9.9@853#dns.quad9.net
|
||||||
forward-addr: 149.112.112.112@853#dns.quad9.net`
|
forward-addr: 149.112.112.112@853#dns.quad9.net
|
||||||
|
forward-addr: 2620:fe::fe@853#dns.quad9.net
|
||||||
|
forward-addr: 2620:fe::9@853#dns.quad9.net`
|
||||||
assert.Equal(t, expected, "\n"+strings.Join(lines, "\n"))
|
assert.Equal(t, expected, "\n"+strings.Join(lines, "\n"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -6,5 +6,6 @@ import "net"
|
|||||||
type DNSProviderData struct {
|
type DNSProviderData struct {
|
||||||
IPs []net.IP
|
IPs []net.IP
|
||||||
SupportsTLS bool
|
SupportsTLS bool
|
||||||
|
SupportsIPv6 bool
|
||||||
Host DNSHost
|
Host DNSHost
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/qdm12/private-internet-access-docker/internal/constants"
|
||||||
"github.com/qdm12/private-internet-access-docker/internal/models"
|
"github.com/qdm12/private-internet-access-docker/internal/models"
|
||||||
"github.com/qdm12/private-internet-access-docker/internal/params"
|
"github.com/qdm12/private-internet-access-docker/internal/params"
|
||||||
)
|
)
|
||||||
@@ -112,5 +113,21 @@ func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return settings, err
|
return settings, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Consistency check
|
||||||
|
IPv6Support := false
|
||||||
|
for _, provider := range settings.Providers {
|
||||||
|
providerData, ok := constants.DNSProviderMapping()[provider]
|
||||||
|
if !ok {
|
||||||
|
return settings, fmt.Errorf("DNS provider %q does not have associated data", provider)
|
||||||
|
} else if !providerData.SupportsTLS {
|
||||||
|
return settings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
|
||||||
|
} else if providerData.SupportsIPv6 {
|
||||||
|
IPv6Support = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if settings.IPv6 && !IPv6Support {
|
||||||
|
return settings, fmt.Errorf("None of the DNS over TLS provider(s) set support IPv6")
|
||||||
|
}
|
||||||
return settings, nil
|
return settings, nil
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user