Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DoH server support #61

Merged
merged 5 commits into from
May 23, 2020
Merged

DoH server support #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift click to select a range
9c734a9
#17: DoH server support
0xERR0R May 21, 2020
d73e21d
use fix swag version
0xERR0R May 21, 2020
9d31e1d
#17: DoH server support
0xERR0R May 23, 2020
dc522ff
#17: DoH server support
0xERR0R May 23, 2020
6ea8430
#17: DoH server support
0xERR0R May 23, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 1,6 @@
.idea/
*.iml
*.pem
bin/
docs/swagger.json
docs/swagger.yaml
Expand Down
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 9,7 @@ BIN_OUT_DIR=bin

tools: ## prepare build tools
mkdir -p ~/.docker && echo "{\"experimental\": \"enabled\"}" > ~/.docker/config.json
go get github.com/swaggo/swag/cmd/swag
go get github.com/swaggo/swag/cmd/swag@v1.6.5

all: test lint build ## Build binary (with tests)

Expand Down
2 changes: 1 addition & 1 deletion cmd/serve.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 44,7 @@ func startServer(_ *cobra.Command, _ []string) {

srv, err := server.NewServer(&cfg)
if err != nil {
log.Fatal("cant start server ", err)
log.Fatal("cant start server: ", err)
}

srv.Start()
Expand Down
3 changes: 3 additions & 0 deletions config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 123,9 @@ type Config struct {
LogLevel string `yaml:"logLevel"`
Port uint16 `yaml:"port"`
HTTPPort uint16 `yaml:"httpPort"`
HTTPSPort uint16 `yaml:"httpsPort"`
CertFile string `yaml:"httpsCertFile"`
KeyFile string `yaml:"httpsKeyFile"`
BootstrapDNS Upstream `yaml:"bootstrapDns"`
}

Expand Down
20 changes: 11 additions & 9 deletions docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 20,7 @@ Blocky is a DNS proxy for the local network written in Go with following feature
- blocking of request domain, response CNAME (deep CNAME inspection) and response IP addresses (against IP lists)
- Caching of DNS answers for queries -> improves DNS resolution speed and reduces amount of external DNS queries
- Custom DNS resolution for certain domain names
- Serves DNS over UDP, TCP and HTTPS (DNS over HTTPS, aka DoH)
- Supports UDP, TCP and TCP over TLS DNS resolvers with DNSSEC support
- Supports DNS over HTTPS (DoH) resolvers
- Delegates DNS query to 2 external resolvers from a list of configured resolvers, uses the answer from the fastest one -> improves you privacy and resolution time
Expand Down Expand Up @@ -134,8 135,13 @@ queryLog:

# optional: DNS listener port, default 53 (UDP and TCP)
port: 53
# optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, ...
# optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH ...
httpPort: 4000
# optional: HTTPS listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH...
httpsPort: 443
# mandatory, if https port > 0: path to cert and key file for SSL encryption
httpsCertFile: server.crt
httpsKeyFile: server.key
# optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured and blocky needs to resolve a host name. Format net:IP:port, net must be udp or tcp
bootstrapDns: tcp:1.1.1.1
# optional: Log level (one from debug, info, warn, error). Default: info
Expand Down Expand Up @@ -187,16 193,16 @@ To run this inside docker run `docker exec blocky ./blocky blocking status`

## Additional information

### HTTPS configuration (for DoH)
See [Wiki - Configuration of HTTPS](https://github.com/0xERR0R/blocky/wiki/Configuration-of-HTTPS-for-DoH-and-Rest-API) for detailed information, how to configure HTTPS.

### Prometheus / Grafana
Blocky can export metrics for prometheus. Example grafana dashboard definition [as JSON](blocky-grafana.json)
![grafana-dashboard](grafana-dashboard.png).

See [Wiki - Prometheus / Grafana](https://github.com/0xERR0R/blocky/wiki/Prometheus---Grafana-integration) for more information.





### Print current configuration
To print runtime configuration / statistics, you can send `SIGUSR1` signal to running process

Expand All @@ -210,8 216,4 @@ blocky collects statistics and aggregates them hourly. If signal `SIGUSR2` is re
Hint: To send a signal to a process you can use `kill -s USR1 <PID>` or `docker kill -s SIGUSR1 blocky` for docker setup

### Debug / Profiling
If http listener is enabled, pprof endpoint (`/debug/pprof`) is enabled automatically.


## License
[![FOSSA Status](https://app.fossa.io/api/projects/git+github.com/0xERR0R/blocky.svg?type=large)](https://app.fossa.io/projects/git+github.com/0xERR0R/blocky?ref=badge_large)
If http listener is enabled, pprof endpoint (`/debug/pprof`) is enabled automatically.
4 changes: 2 additions & 2 deletions metrics/metrics.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 22,8 @@ func Start(router *chi.Mux, cfg config.PrometheusConfig) {
enabled = cfg.Enable

if cfg.Enable {
reg.MustRegister(prometheus.NewProcessCollector(prometheus.ProcessCollectorOpts{}))
reg.MustRegister(prometheus.NewGoCollector())
_ = reg.Register(prometheus.NewProcessCollector(prometheus.ProcessCollectorOpts{}))
_ = reg.Register(prometheus.NewGoCollector())
router.Handle(cfg.Path, promhttp.InstrumentMetricHandler(reg,
promhttp.HandlerFor(reg, promhttp.HandlerOpts{})))
}
Expand Down
4 changes: 2 additions & 2 deletions resolver/mocks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 116,8 @@ func TestUDPUpstream(fn func(request *dns.Msg) (response *dns.Msg)) config.Upstr
response := fn(msg)
// nil should indicate an error
if response == nil {
ln.Close()
return
_, _ = ln.WriteToUDP([]byte("dummy"), addr)
continue
}

rCode := response.Rcode
Expand Down
2 changes: 1 addition & 1 deletion resolver/upstream_resolver_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 188,7 @@ var _ = Describe("UpstreamResolver", func() {
It("should return error", func() {
_, err := sut.Resolve(newRequest("example.com.", dns.TypeA))
Expect(err).Should(HaveOccurred())
Expect(err.Error()).Should(ContainSubstring("lookup wronghost.example.com: no such host"))
Expect(err.Error()).Should(ContainSubstring("no such host"))
})
})
When("Configured DOH resolver receives wrong request", func() {
Expand Down
Loading