Archives
/
encrypted-dns-server
mirror of https://github.com/jedisct1/encrypted-dns-server
2
0
Fork 0
Code Issues Releases Wiki Activity

Add a reasonable default set of ports + a new option

Browse Source
pull/12/head
Frank Denis 5 years ago
parent e43ad4949b
commit 2706b2994d
5 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File

8
example-encrypted-dns.toml
Unescape Escape View File

@ -195,8 +195,14 @@ enabled = false
# Allowed upstream ports # Allowed upstream ports
# This is a list of commonly used ports for encrypted DNS services
allowed_ports = [ 443 ] allowed_ports = [ 443, 553, 853, 1443, 2053, 4343, 4434, 4443, 5353, 5443, 8443, 15353 ]
# Allow all ports >= 1024 in addition to the list above
allow_non_reserved_ports = false
# Blacklisted upstream IP addresses # Blacklisted upstream IP addresses

3
src/anonymized_dns.rs
Unescape Escape View File

@ -45,7 +45,8 @@ pub async fn handle_anonymized_dns(
); );
let port = BigEndian::read_u16(&encrypted_packet[16..18]); let port = BigEndian::read_u16(&encrypted_packet[16..18]);
ensure!( ensure!(
globals.anonymized_dns_allowed_ports.contains(&port), (globals.anonymized_dns_allow_non_reserved_ports && port >= 1024)
|| globals.anonymized_dns_allowed_ports.contains(&port),
"Forbidden upstream port" "Forbidden upstream port"
); );
let upstream_address = SocketAddr::new(ip, port); let upstream_address = SocketAddr::new(ip, port);

1
src/config.rs
Unescape Escape View File

@ -13,6 +13,7 @@ use tokio::prelude::*;
pub struct AnonymizedDNSConfig { pub struct AnonymizedDNSConfig {
pub enabled: bool, pub enabled: bool,
pub allowed_ports: Vec<u16>, pub allowed_ports: Vec<u16>,
pub allow_non_reserved_ports: Option<bool>,
pub blacklisted_ips: Vec<IpAddr>, pub blacklisted_ips: Vec<IpAddr>,
} }

1
src/globals.rs
Unescape Escape View File

@ -42,6 +42,7 @@ pub struct Globals {
pub blacklist: Option<BlackList>, pub blacklist: Option<BlackList>,
pub anonymized_dns_enabled: bool, pub anonymized_dns_enabled: bool,
pub anonymized_dns_allowed_ports: Vec<u16>, pub anonymized_dns_allowed_ports: Vec<u16>,
pub anonymized_dns_allow_non_reserved_ports: bool,
pub anonymized_dns_blacklisted_ips: Vec<IpAddr>, pub anonymized_dns_blacklisted_ips: Vec<IpAddr>,
#[cfg(feature = "metrics")] #[cfg(feature = "metrics")]
#[derivative(Debug = "ignore")] #[derivative(Debug = "ignore")]

24
src/main.rs
Unescape Escape View File

@ -615,15 +615,20 @@ fn main() -> Result<(), Error> {
.map_err(|e| format_err!("Unable to load the blacklist [{:?}]: [{}]", path, e))?, .map_err(|e| format_err!("Unable to load the blacklist [{:?}]: [{}]", path, e))?,
), ),
}; };
let (anonymized_dns_enabled, anonymized_dns_allowed_ports, anonymized_dns_blacklisted_ips) = let (
match config.anonymized_dns { anonymized_dns_enabled,
None => (false, vec![], vec![]), anonymized_dns_allowed_ports,
Some(anonymized_dns) => ( anonymized_dns_allow_non_reserved_ports,
anonymized_dns.enabled, anonymized_dns_blacklisted_ips,
anonymized_dns.allowed_ports, ) = match config.anonymized_dns {
anonymized_dns.blacklisted_ips, None => (false, vec![], false, vec![]),
), Some(anonymized_dns) => (
}; anonymized_dns.enabled,
anonymized_dns.allowed_ports,
anonymized_dns.allow_non_reserved_ports.unwrap_or(false),
anonymized_dns.blacklisted_ips,
),
};
let globals = Arc::new(Globals { let globals = Arc::new(Globals {
runtime: runtime.clone(), runtime: runtime.clone(),
@ -655,6 +660,7 @@ fn main() -> Result<(), Error> {
blacklist, blacklist,
anonymized_dns_enabled, anonymized_dns_enabled,
anonymized_dns_allowed_ports, anonymized_dns_allowed_ports,
anonymized_dns_allow_non_reserved_ports,
anonymized_dns_blacklisted_ips, anonymized_dns_blacklisted_ips,
#[cfg(feature = "metrics")] #[cfg(feature = "metrics")]
varz: Varz::default(), varz: Varz::default(),

Write Preview
Loading…
Cancel
Save