Documentation
¶
Overview ¶
Package agd contains common entities and interfaces of AdGuard DNS.
Index ¶
- Constants
- func Branch() (b string)
- func BuildTime() (t string)
- func ContextWithRequestInfo(parent context.Context, ri *RequestInfo) (ctx context.Context)
- func InitRequestID()
- func Revision() (r string)
- func ValidateInclusion(n, max, min int, unitName string) (err error)
- func Version() (v string)
- func WithRequestID(parent context.Context, id RequestID) (ctx context.Context)
- type ArgumentError
- type BlockPageRedirect
- type BlockPageRedirectApply
- type BlockPageRedirectSkip
- type BlockedServiceID
- type DDR
- type DNSCryptConfig
- type DayRange
- type Device
- type DeviceID
- type DeviceName
- type ECS
- type FilterListID
- type FilterRuleText
- type FilteringGroup
- type FilteringGroupID
- type ParentalProtectionSchedule
- type ParentalProtectionSettings
- type Probability
- type Profile
- type ProfileID
- type Protocol
- type QUICConfig
- type RequestID
- type RequestInfo
- type SafeBrowsingSettings
- type Server
- func (s *Server) BindData() (data []*ServerBindData)
- func (s *Server) BindDataPrefixes() (ps []netip.Prefix)
- func (s *Server) BindsToInterfaces() (ok bool)
- func (s *Server) HasAddr(addr netip.AddrPort) (ok bool)
- func (s *Server) HasIPv6() (ok bool)
- func (s *Server) SetBindData(data []*ServerBindData)
- type ServerBindData
- type ServerGroup
- type ServerGroupName
- type ServerName
- type TCPConfig
- type TLS
- type UDPConfig
- type WeeklySchedule
Constants ¶
const ( UnitByte = "bytes" UnitRune = "runes" )
Unit name constants.
const ( MaxDeviceIDLen = 8 MinDeviceIDLen = 1 )
The maximum and minimum lengths of a device ID.
const ( ProtoInvalid = dnsserver.ProtoInvalid ProtoDNS = dnsserver.ProtoDNS ProtoDoH = dnsserver.ProtoDoH ProtoDoQ = dnsserver.ProtoDoQ ProtoDoT = dnsserver.ProtoDoT ProtoDNSCrypt = dnsserver.ProtoDNSCrypt )
Protocol value constants. They are reexported here to lower the degree of dependency on the dnsserver module.
const ( MaxFilterListIDLen = 128 MinFilterListIDLen = 1 )
The maximum and minimum lengths of a filter list ID.
const ( MaxBlockedServiceIDLen = 64 MinBlockedServiceIDLen = 1 )
The maximum and minimum lengths of a blocked service ID.
const DefaultDirPerm fs.FileMode = 0o700
DefaultDirPerm is the default set of permissions for directories.
const DefaultPerm fs.FileMode = 0o600
DefaultPerm is the default set of permissions for non-executable files. Be strict and allow only reading and writing for the file, and only to the user.
DefaultWOFlags is the default set of flags for opening a write-only files.
const MaxDayRangeMinutes = 24*60 - 1
MaxDayRangeMinutes is the maximum value for DayRange.Start and DayRange.End fields, excluding the zero-length range ones.
const MaxDeviceNameRuneLen = 128
MaxDeviceNameRuneLen is the maximum length of a human-readable device name in runes.
const MaxFilterRuleTextRuneLen = 1024
MaxFilterRuleTextRuneLen is the maximum length of a filter rule in runes.
const MaxProfileIDLen = 8
MaxProfileIDLen is the maximum length of a profile ID.
const RequestIDLen = 16
RequestIDLen is the length of a RequestID in bytes. A RequestID is currently a random 16-byte (128-bit) number.
Variables ¶
This section is empty.
Functions ¶
func BuildTime ¶
func BuildTime() (t string)
BuildTime returns the compiled-in value of the build time as a string.
func ContextWithRequestInfo ¶
func ContextWithRequestInfo(parent context.Context, ri *RequestInfo) (ctx context.Context)
ContextWithRequestInfo returns a copy of the parent context with the request and server group information added. ri must not be modified after calling ContextWithRequestInfo.
func Revision ¶
func Revision() (r string)
Revision returns the compiled-in value of the Git revision.
func ValidateInclusion ¶
ValidateInclusion returns an error if n is greater than max or less than min. unitName is used for error messages, see UnitFoo constants.
TODO(a.garipov): Consider switching min and max; the current order seems confusing.
Types ¶
type ArgumentError ¶
type ArgumentError struct {
// Name is the name of the argument.
Name string
// Message is an optional additional message.
Message string
}
ArgumentError is returned by functions when a value of an argument is invalid.
func (*ArgumentError) Error ¶
func (err *ArgumentError) Error() (msg string)
Error implements the error interface for *ArgumentError.
type BlockPageRedirect ¶
type BlockPageRedirect struct {
// Apply defines request parameters based on which the block page is shown
// always. If a request matches Apply, both [BlockPageRedirect.Skip] and
// [BlockPageRedirect.Probability] are ignored.
//
// If [BlockPageRedirect.Enabled] is true, Apply must not be nil.
Apply *BlockPageRedirectApply
// Skip defines request parameters based on which the block page is not
// shown, regardless of [BlockPageRedirect.Probability].
//
// If [BlockPageRedirect.Enabled] is true, Skip must not be nil.
Skip *BlockPageRedirectSkip
// IPv4 are the IPv4 addresses of the block page, used to respond to A
// queries.
//
// If [BlockPageRedirect.Enabled] is true, IPv4, [BlockPageRedirect.IPv6],
// or both must be filled.
IPv4 []netip.Addr
// IPv6 are the IPv6 addresses of the block page, used to respond to AAAA
// queries.
//
// If [BlockPageRedirect.Enabled] is true, [BlockPageRedirect.IPv4], IPv6,
// or both must be filled.
IPv6 []netip.Addr
// Probability defines the probability of responding with the block page IPs
// based on remote address. Probability must be between 0.0 and 1.0.
Probability Probability
// Enabled defines whether the block-page feature is enabled.
Enabled bool
}
BlockPageRedirect is the configuration for a ServerGroup's block page.
type BlockPageRedirectApply ¶
type BlockPageRedirectApply struct {
// ClientSubnets are the subnets for which block page is always enabled.
ClientSubnets []netip.Prefix
}
BlockPageRedirectApply defines the conditions for applying the block-page logic for a particular request.
type BlockPageRedirectSkip ¶
type BlockPageRedirectSkip struct {
// ClientSubnets are the subnets for which block page is always disabled.
ClientSubnets []netip.Prefix
// QuestionDomains are the domain names for which block page is always
// disabled.
QuestionDomains []string
}
BlockPageRedirectSkip defines the conditions for skipping the block page logic for a particular request.
type BlockedServiceID ¶
type BlockedServiceID string
BlockedServiceID is the ID of a blocked service. While these are usually human-readable, clients should treat them as opaque strings.
When a request is blocked by the service blocker, this ID is used as the text of the blocking rule.
func NewBlockedServiceID ¶
func NewBlockedServiceID(s string) (id BlockedServiceID, err error)
NewBlockedServiceID converts a simple string into a BlockedServiceID and makes sure that it's valid. This should be preferred to a simple type conversion.
type DDR ¶
type DDR struct {
// DeviceTargets is the set of all domain names, subdomains of which should
// be checked for DDR queries with device IDs.
DeviceTargets *stringutil.Set
// PublicTargets is the set of all public domain names, DDR queries for
// which should be processed.
PublicTargets *stringutil.Set
// DeviceRecordTemplates are used to respond to DDR queries from recognized
// devices.
DeviceRecordTemplates []*dns.SVCB
// PubilcRecordTemplates are used to respond to DDR queries from
// unrecognized devices.
PublicRecordTemplates []*dns.SVCB
// Enabled shows if DDR queries are processed. If it is false, DDR domain
// name queries receive an NXDOMAIN response.
Enabled bool
}
DDR is the configuration for the server group's Discovery Of Designated Resolvers (DDR) handlers.
type DNSCryptConfig ¶
type DNSCryptConfig struct {
// Cert is the DNSCrypt certificate.
Cert *dnscrypt.Cert
// ProviderName is the name of the DNSCrypt provider.
ProviderName string
}
DNSCryptConfig is the DNSCrypt configuration of a DNS server.
type DayRange ¶
DayRange is a range within a single day. Start and End are minutes from the start of day, with 0 being 00:00:00.(0) and 1439, 23:59:59.(9).
Additionally, if both Start and End are set to math.MaxUint16, the range is a special zero-length range. This is needed, because when both Start and End are zero, such DayRange indicates one minute after midnight; as well as to reduce the amount of pointers and thus GC time.
TODO(a.garipov): Refactor. See AGDNS-1516.
func ZeroLengthDayRange ¶
func ZeroLengthDayRange() (r DayRange)
ZeroLengthDayRange returns a new zero-length day range.
func (DayRange) IsZeroLength ¶
IsZeroLength returns true if r is a zero-length range.
type Device ¶
type Device struct {
// ID is the unique ID of the device.
ID DeviceID
// LinkedIP, when non-empty, allows AdGuard DNS to identify a device by its
// IP address when it can only use plain DNS.
LinkedIP netip.Addr
// Name is the human-readable name of the device.
Name DeviceName
// DedicatedIPs are the destination (server) IP-addresses dedicated to this
// device, if any. A device can use one of these addresses as a DNS server
// address for AdGuard DNS to recognize it.
DedicatedIPs []netip.Addr
// FilteringEnabled defines whether queries from the device should be
// filtered in any way at all.
FilteringEnabled bool
}
Device is a device of a device attached to a profile.
NOTE: Do not change fields of this structure without incrementing internal/profiledb/internal.FileCacheVersion.
type DeviceID ¶
type DeviceID string
DeviceID is the ID of a device attached to a profile. It is an opaque string.
func NewDeviceID ¶
NewDeviceID converts a simple string into a DeviceID and makes sure that it's valid. This should be preferred to a simple type conversion.
type DeviceName ¶
type DeviceName string
DeviceName is the human-readable name of a device attached to a profile.
func NewDeviceName ¶
func NewDeviceName(s string) (n DeviceName, err error)
NewDeviceName converts a simple string into a DeviceName and makes sure that it's valid. This should be preferred to a simple type conversion.
type ECS ¶
type ECS struct {
// Location is the GeoIP location data about the IP address from the
// request's ECS data, if any.
Location *geoip.Location
// Subnet is the source subnet.
Subnet netip.Prefix
// Scope is the scope prefix.
Scope uint8
}
ECS is the content of the EDNS Client Subnet option of a DNS message.
See https://datatracker.ietf.org/doc/html/rfc7871#section-6.
type FilterListID ¶
type FilterListID string
FilterListID is the ID of a filter list. It is an opaque string.
const ( // FilterListIDNone means that no filter were applied at all. FilterListIDNone FilterListID = "" // FilterListIDBlockedService is the shared filter list ID used when a // request was blocked by the service blocker. FilterListIDBlockedService FilterListID = "blocked_service" // FilterListIDCustom is the special shared filter list ID used when // a request was filtered by a custom profile rule. FilterListIDCustom FilterListID = "custom" // FilterListIDAdultBlocking is the special shared filter list ID used when // a request was filtered by the adult content blocking filter. FilterListIDAdultBlocking FilterListID = "adult_blocking" // FilterListIDSafeBrowsing is the special shared filter list ID used when // a request was filtered by the safe browsing filter. FilterListIDSafeBrowsing FilterListID = "safe_browsing" // FilterListIDNewRegDomains is the special shared filter list ID used when // a request was filtered by the newly registered domains filter. FilterListIDNewRegDomains FilterListID = "newly_registered_domains" // FilterListIDGeneralSafeSearch is the shared filter list ID used when // a request was modified by the general safe search filter. FilterListIDGeneralSafeSearch FilterListID = "general_safe_search" // FilterListIDYoutubeSafeSearch is the special shared filter list ID used // when a request was modified by the YouTube safe search filter. FilterListIDYoutubeSafeSearch FilterListID = "youtube_safe_search" )
Special FilterListID values shared across the AdGuard DNS system.
DO NOT change these as other parts of the system depend on these values.
func NewFilterListID ¶
func NewFilterListID(s string) (id FilterListID, err error)
NewFilterListID converts a simple string into a FilterListID and makes sure that it's valid. This should be preferred to a simple type conversion.
type FilterRuleText ¶
type FilterRuleText string
FilterRuleText is the text of a single rule within a filter.
func NewFilterRuleText ¶
func NewFilterRuleText(s string) (t FilterRuleText, err error)
NewFilterRuleText converts a simple string into a FilterRuleText and makes sure that it's valid. This should be preferred to a simple type conversion.
type FilteringGroup ¶
type FilteringGroup struct {
// ID is the unique ID of this filtering group.
ID FilteringGroupID
// RuleListIDs are the filtering rule list IDs used for this filtering
// group. They are ignored if RuleListsEnabled is false.
RuleListIDs []FilterListID
// RuleListsEnabled shows whether the rule-list based filtering is enabled.
// This must be true in order for all parameters below to work.
RuleListsEnabled bool
// ParentalEnabled shows whether the parental protection functionality is
// enabled. This must be true in order for all parameters below to
// work.
ParentalEnabled bool
// BlockAdult shows whether the adult content blocking safe browsing
// filtering should be enforced.
BlockAdult bool
// SafeBrowsingEnabled shows whether the general safe browsing filtering
// should be enforced.
SafeBrowsingEnabled bool
// BlockDangerousDomains shows whether the dangerous domains safe browsing
// filtering should be enforced.
BlockDangerousDomains bool
// BlockNewlyRegisteredDomains shows whether the newly registered domains
// safe browsing filtering should be enforced.
BlockNewlyRegisteredDomains bool
// GeneralSafeSearch shows whether the general safe search filtering should
// be enforced.
GeneralSafeSearch bool
// YoutubeSafeSearch shows whether the YouTube safe search filtering should
// be enforced.
YoutubeSafeSearch bool
// BlockPrivateRelay shows if Apple Private Relay is blocked for requests
// using this filtering group.
BlockPrivateRelay bool
// BlockFirefoxCanary shows if Firefox canary domain is blocked for
// requests using this filtering group.
BlockFirefoxCanary bool
}
FilteringGroup represents a set of filtering settings.
TODO(a.garipov): Consider making it closer to the config file and the backend response by grouping parental, rule list, and safe browsing settings into separate structs.
type FilteringGroupID ¶
type FilteringGroupID string
FilteringGroupID is the ID of a filter group. It is an opaque string.
type ParentalProtectionSchedule ¶
type ParentalProtectionSchedule struct {
// Week is the parental protection schedule for every day of the week.
Week *WeeklySchedule
// TimeZone is the profile's time zone.
TimeZone *agdtime.Location
}
ParentalProtectionSchedule is the schedule of a client's parental protection. All fields must not be nil.
NOTE: Do not change fields of this structure without incrementing internal/profiledb/internal.FileCacheVersion.
type ParentalProtectionSettings ¶
type ParentalProtectionSettings struct {
Schedule *ParentalProtectionSchedule
// BlockedServices are the IDs of the services blocked for this profile.
BlockedServices []BlockedServiceID
// Enabled tells whether the parental protection should be enabled at all.
// This must be true in order for all parameters below to work.
Enabled bool
// BlockAdult tells if AdGuard DNS should enforce blocking of adult content
// using the safe browsing filter.
BlockAdult bool
// GeneralSafeSearch tells if AdGuard DNS should enforce general safe search
// in most search engines.
GeneralSafeSearch bool
// YoutubeSafeSearch tells if AdGuard DNS should enforce safe search on
// YouTube.
YoutubeSafeSearch bool
}
ParentalProtectionSettings are the parental protection settings of a profile.
NOTE: Do not change fields of this structure without incrementing internal/profiledb/internal.FileCacheVersion.
type Probability ¶
type Probability float64
Probability is a type for probabilities ranging from 0.0 to 1.0.
func MustNewProbability ¶
func MustNewProbability(f float64) (prob Probability)
MustNewProbability returns a properly converted Probability or panics with an error.
func NewProbability ¶
func NewProbability(f float64) (prob Probability, err error)
NewProbability returns a properly converted Probability or an error.
type Profile ¶
type Profile struct {
// Parental are the parental settings for this profile. They are ignored if
// FilteringEnabled is set to false.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
Parental *ParentalProtectionSettings
// SafeBrowsing are the safe browsing settings for this profile. They are
// ignored if FilteringEnabled is set to false.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
SafeBrowsing *SafeBrowsingSettings
// Access is the access manager for this profile. Access is never nil.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
Access access.Profile
// BlockingMode defines the way blocked responses are constructed.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
BlockingMode dnsmsg.BlockingMode
// ID is the unique ID of this profile.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
ID ProfileID
// UpdateTime shows the last time this profile was updated from the backend.
// This is NOT the time of update in the backend's database, since the
// backend doesn't send this information.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
UpdateTime time.Time
// DeviceIDs are the IDs of devices attached to this profile.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
DeviceIDs []DeviceID
// RuleListIDs are the IDs of the filtering rule lists enabled for this
// profile. They are ignored if FilteringEnabled or RuleListsEnabled are
// set to false.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
RuleListIDs []FilterListID
// CustomRules are the custom filtering rules for this profile. They are
// ignored if RuleListsEnabled is set to false.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
CustomRules []FilterRuleText
// FilteredResponseTTL is the time-to-live value used for responses sent to
// the devices of this profile.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
FilteredResponseTTL time.Duration
// FilteringEnabled defines whether queries from devices of this profile
// should be filtered in any way at all.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
FilteringEnabled bool
// RuleListsEnabled defines whether queries from devices of this profile
// should be filtered using the filtering rule lists in RuleListIDs.
// Requires FilteringEnabled to be set to true.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
RuleListsEnabled bool
// QueryLogEnabled defines whether query logs should be saved for the
// devices of this profile.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
QueryLogEnabled bool
// Deleted shows if this profile is deleted.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
Deleted bool
// BlockPrivateRelay shows if Apple Private Relay queries are blocked for
// requests from all devices in this profile.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
BlockPrivateRelay bool
// BlockFirefoxCanary shows if Firefox canary domain is blocked for
// requests from all devices in this profile.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
BlockFirefoxCanary bool
// IPLogEnabled shows if client IP addresses are logged.
//
// NOTE: Do not change fields of this structure without incrementing
// [internal/profiledb/internal.FileCacheVersion].
IPLogEnabled bool
}
Profile contains information about an AdGuard DNS profile. In other parts of the infrastructure, a profile is also called a “DNS server”. We call it profile, because it's less confusing.
NOTE: Do not change fields of this structure without incrementing internal/profiledb/internal.FileCacheVersion.
TODO(a.garipov): Consider making it closer to the config file and the backend response by grouping parental, rule list, and safe browsing settings into separate structs.
type ProfileID ¶
type ProfileID string
ProfileID is the ID of a profile. It is an opaque string.
In other parts of the infrastructure, it's also known as “DNS ID” and “DNS Server ID”.
func NewProfileID ¶
NewProfileID converts a simple string into a ProfileID and makes sure that it's valid. This should be preferred to a simple type conversion.
type Protocol ¶
Protocol is a DNS protocol. It is reexported here to lower the degree of dependency on the dnsserver module.
type QUICConfig ¶
type QUICConfig struct {
// MaxStreamsPerPeer is the maximum number of concurrent streams that a peer
// is allowed to open.
MaxStreamsPerPeer int
// QUICLimitsEnabled, if true, enables QUIC limiting.
QUICLimitsEnabled bool
}
QUICConfig is the QUIC configuration of a DNS server.
type RequestID ¶
type RequestID [RequestIDLen]byte
RequestID is the ID of a request. It is an opaque, randomly generated string. API users should not rely on it being pseudorandom or cryptographically random.
func NewRequestID ¶
func NewRequestID() (id RequestID)
NewRequestID returns a new pseudorandom RequestID. Prefer this to manual conversion from other string types.
func RequestIDFromContext ¶
RequestIDFromContext returns the request ID from the context, if any.
func (RequestID) String ¶
String implements the fmt.Stringer interface for RequestID.
type RequestInfo ¶
type RequestInfo struct {
// Device is the found device. It is nil for anonymous requests. If Device
// is present then Profile is also present.
Device *Device
// Profile is the found profile. It is nil for anonymous requests. If
// Profile is present then Device is also present.
Profile *Profile
// Location is the GeoIP location data about the remote IP address, if any.
Location *geoip.Location
// ECS contains the EDNS Client Subnet option information of the request, if
// any.
ECS *ECS
// FilteringGroup is the server's default filtering group.
FilteringGroup *FilteringGroup
// Messages is the message constructor to be used for the filtered responses
// to this request.
Messages *dnsmsg.Constructor
// RemoteIP is the remote IP address of the client.
RemoteIP netip.Addr
// ServerGroup is the name of the server group which handles this request.
ServerGroup ServerGroupName
// Server is the name of the server which handles this request.
Server ServerName
// Host is the lowercased, non-FQDN version of the hostname from the
// question of the request.
Host string
// ID is the unique ID of the request. It is resurfaced here to optimize
// context lookups.
ID RequestID
// QType is the type of question for this request.
QType dnsmsg.RRType
// QClass is the class of question for this request.
QClass dnsmsg.Class
// Proto is the protocol by which this request is made.
Proto Protocol
}
RequestInfo contains information about the current request. A RequestInfo put into the context must not be modified.
func MustRequestInfoFromContext ¶
func MustRequestInfoFromContext(ctx context.Context) (ri *RequestInfo)
MustRequestInfoFromContext is a helper that wraps a call to RequestInfoFromContext and panics if the request information isn't in the context. ri must not be modified.
func RequestInfoFromContext ¶
func RequestInfoFromContext(ctx context.Context) (ri *RequestInfo, ok bool)
RequestInfoFromContext returns the request information from the context, if any. ri must not be modified.
type SafeBrowsingSettings ¶
type SafeBrowsingSettings struct {
// Enabled defines whether queries from devices of this profile should be
// filtered using the safe browsing filter. This must be true in order for
// all parameters below to work.
Enabled bool
// BlockDangerousDomains shows whether the dangerous domains safe browsing
// filtering should be enforced.
BlockDangerousDomains bool
// BlockNewlyRegisteredDomains shows whether the newly registered domains
// safe browsing filtering should be enforced.
BlockNewlyRegisteredDomains bool
}
SafeBrowsingSettings are the safe browsing settings of a profile.
NOTE: Do not change fields of this structure without incrementing internal/profiledb/internal.FileCacheVersion.
type Server ¶
type Server struct {
// DNSCrypt are the DNSCrypt settings for this server, if any.
DNSCrypt *DNSCryptConfig
// TLS is the TLS configuration for this server, if any.
TLS *tls.Config
// QUICConf is the QUIC configuration for this server.
QUICConf *QUICConfig
// TCPConf is the TCP configuration for this server.
TCPConf *TCPConfig
// UDPConf is the UDP configuration for this server.
UDPConf *UDPConfig
// Name is the unique name of the server. Not to be confused with a TLS
// Server Name.
Name ServerName
// ReadTimeout defines the timeout for any read from a UDP connection or the
// first read from a TCP/TLS connection. It currently doesn't affect
// DNSCrypt, QUIC, or HTTPS.
//
// TODO(a.garipov): Make it work for DNSCrypt, QUIC, and HTTPS.
ReadTimeout time.Duration `yaml:"read_timeout"`
// WriteTimeout defines the timeout for writing to a UDP or TCP/TLS
// connection. It currently doesn't affect DNSCrypt, QUIC, or HTTPS.
//
// TODO(a.garipov): Make it work for DNSCrypt, QUIC, and HTTPS.
WriteTimeout time.Duration `yaml:"write_timeout"`
// Protocol is the protocol of the server.
Protocol Protocol
// LinkedIPEnabled shows if the linked IP addresses should be used to detect
// profiles on this server.
LinkedIPEnabled bool
// contains filtered or unexported fields
}
Server represents a single DNS server. That is, an entity that binds to one or more ports and serves DNS over a single protocol.
func (*Server) BindData ¶
func (s *Server) BindData() (data []*ServerBindData)
BindData returns the bind data of this server. The elements of the slice must not be mutated.
func (*Server) BindDataPrefixes ¶
BindDataPrefixes returns a slice of CIDR networks collected from the bind data of this server.
func (*Server) BindsToInterfaces ¶
BindsToInterfaces returns true if server binds to interfaces. For a server with no bind data, BindsToInterfaces returns false.
func (*Server) HasAddr ¶
HasAddr returns true if addr is within the server's bind data. HasAddr does not check prefix addresses unless they are single-IP subnets.
func (*Server) HasIPv6 ¶
HasIPv6 returns true if the bind data of this server contains an IPv6 address. For a server with no bind data, HasIPv6 returns false.
func (*Server) SetBindData ¶
func (s *Server) SetBindData(data []*ServerBindData)
SetBindData sets the bind data of this server. data must have at least one element and all of its elements must be of the same underlying type. The elements of data must not be mutated after calling SetBindData.
type ServerBindData ¶
type ServerBindData struct {
ListenConfig netext.ListenConfig
PrefixAddr *agdnet.PrefixNetAddr
AddrPort netip.AddrPort
}
ServerBindData are the socket binding data for a server. Either AddrPort or ListenConfig with PrefixAddr must be set.
TODO(a.garipov): Consider turning this into a sum type.
TODO(a.garipov): Consider renaming this and the one in websvc to something like BindConfig.
type ServerGroup ¶
type ServerGroup struct {
// BlockPageRedirect is the configuration for the server group's block page.
// BlockPageRedirect is never nil.
//
// TODO(a.garipov): Use.
BlockPageRedirect *BlockPageRedirect
// DDR is the configuration for the server group's Discovery Of Designated
// Resolvers (DDR) handlers. DDR is never nil.
DDR *DDR
// TLS are the TLS settings for this server group. If Servers contains at
// least one server with a non-plain protocol (see [Protocol.IsPlain]), TLS
// must not be nil.
TLS *TLS
// Name is the unique name of the server group.
Name ServerGroupName
// FilteringGroup is the ID of the filtering group for this server.
FilteringGroup FilteringGroupID
// Servers are the settings for servers. Each element must be non-nil.
Servers []*Server
}
ServerGroup is a group of DNS servers all of which use the same filtering settings.
type TCPConfig ¶
type TCPConfig struct {
// IdleTimeout defines the timeout for consecutive reads from a TCP/TLS
// connection.
IdleTimeout time.Duration
// MaxPipelineCount is the maximum number of simultaneously processing TCP
// messages per one connection. If MaxPipelineEnabled is true, it must be
// greater than zero.
MaxPipelineCount uint
// MaxPipelineEnabled, if true, enables TCP pipeline limiting.
MaxPipelineEnabled bool
}
TCPConfig is the TCP configuration of a DNS server.
type TLS ¶
type TLS struct {
// Conf is the server's TLS configuration.
Conf *tls.Config
// DeviceIDWildcards are the domain wildcards used to detect device IDs from
// clients' server names.
DeviceIDWildcards []string
// SessionKeys are paths to files containing the TLS session keys for this
// server.
SessionKeys []string
}
TLS is the TLS configuration of a DNS server group.
type UDPConfig ¶
type UDPConfig struct {
// MaxRespSize is the maximum size in bytes of DNS response over UDP
// protocol.
MaxRespSize uint16
}
UDPConfig is the UDP configuration of a DNS server.
type WeeklySchedule ¶
type WeeklySchedule [7]DayRange
WeeklySchedule is a schedule for one week. The index is the same as time.Weekday values. That is, 0 is Sunday, 1 is Monday, etc. An empty DayRange means that there is no schedule for this day.
Source Files