From c500287498a05b07c3af8effa23a0ba4c42f00f1 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 20 Feb 2021 18:50:42 +0100 Subject: [PATCH] Rename fallback_resolvers to bootstrap_resolvers Clarify what they are used for. Remove the legacy `fallback_resolver`. --- dnscrypt-proxy/config.go | 22 ++++++------- dnscrypt-proxy/example-dnscrypt-proxy.toml | 36 ++++++++++++++-------- dnscrypt-proxy/xtransport.go | 34 ++++++++++---------- 3 files changed, 51 insertions(+), 41 deletions(-) diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index 177c645b..0a4af124 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -82,8 +82,8 @@ type Config struct { SourceIPv4 bool `toml:"ipv4_servers"` SourceIPv6 bool `toml:"ipv6_servers"` MaxClients uint32 `toml:"max_clients"` - FallbackResolver string `toml:"fallback_resolver"` - FallbackResolvers []string `toml:"fallback_resolvers"` + BootstrapResolversLegacy []string `toml:"fallback_resolvers"` + BootstrapResolvers []string `toml:"bootstrap_resolvers"` IgnoreSystemDNS bool `toml:"ignore_system_dns"` AllWeeklyRanges map[string]WeeklyRangesStr `toml:"schedules"` LogMaxSize int `toml:"log_files_max_size"` @@ -132,7 +132,7 @@ func newConfig() Config { SourceDNSCrypt: true, SourceDoH: true, MaxClients: 250, - FallbackResolvers: []string{DefaultFallbackResolver}, + BootstrapResolvers: []string{DefaultBootstrapResolver}, IgnoreSystemDNS: false, LogMaxSize: 10, LogMaxAge: 7, @@ -368,18 +368,18 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { proxy.xTransport.tlsDisableSessionTickets = config.TLSDisableSessionTickets proxy.xTransport.tlsCipherSuite = config.TLSCipherSuite proxy.xTransport.mainProto = proxy.mainProto - if len(config.FallbackResolver) > 0 { - config.FallbackResolvers = []string{config.FallbackResolver} + if len(config.BootstrapResolvers) == 0 && len(config.BootstrapResolversLegacy) > 0 { + config.BootstrapResolvers = config.BootstrapResolversLegacy } - if len(config.FallbackResolvers) > 0 { - for _, resolver := range config.FallbackResolvers { + if len(config.BootstrapResolvers) > 0 { + for _, resolver := range config.BootstrapResolvers { if err := isIPAndPort(resolver); err != nil { - return fmt.Errorf("Fallback resolver [%v]: %v", resolver, err) + return fmt.Errorf("Bootstrap resolver [%v]: %v", resolver, err) } } proxy.xTransport.ignoreSystemDNS = config.IgnoreSystemDNS } - proxy.xTransport.fallbackResolvers = config.FallbackResolvers + proxy.xTransport.bootstrapResolvers = config.BootstrapResolvers proxy.xTransport.useIPv4 = config.SourceIPv4 proxy.xTransport.useIPv6 = config.SourceIPv6 proxy.xTransport.keepAlive = time.Duration(config.KeepAlive) * time.Second @@ -677,8 +677,8 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error { netprobeAddress := DefaultNetprobeAddress if len(config.NetprobeAddress) > 0 { netprobeAddress = config.NetprobeAddress - } else if len(config.FallbackResolvers) > 0 { - netprobeAddress = config.FallbackResolvers[0] + } else if len(config.BootstrapResolvers) > 0 { + netprobeAddress = config.BootstrapResolvers[0] } proxy.showCerts = *flags.ShowCerts || len(os.Getenv("SHOW_CERTS")) > 0 if !*flags.Check && !*flags.ShowCerts && !*flags.List && !*flags.ListAll { diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml index 8c561a04..0e39f66c 100644 --- a/dnscrypt-proxy/example-dnscrypt-proxy.toml +++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml @@ -208,27 +208,37 @@ cert_refresh_delay = 240 # tls_cipher_suite = [52392, 49199] -## Fallback resolvers +## Bootstrap resolvers +## ## These are normal, non-encrypted DNS resolvers, that will be only used -## for one-shot queries when retrieving the initial resolvers list, and -## only if the system DNS configuration doesn't work. +## for one-shot queries when retrieving the initial resolvers list and the +## the system DNS configuration doesn't work. ## -## No user application queries will ever be leaked through these resolvers, -## and they will not be used after IP addresses of resolvers URLs have been found. -## They will never be used if lists have already been cached, and if stamps -## don't include host names without IP addresses. +## No user queries will ever be leaked through these resolvers, and they will +## not be used after IP addresses of DoH resolvers have been found (if you are +## using DoH). +## +## They will never be used if lists have already been cached, and if the stamps +## of the configured servers already include IP addresses (which is the case for +## most of DoH servers, and for all DNSCrypt servers and relays). +## +## They will not be used if the configured system DNS works, or after the +## proxy already has at least one usable secure resolver. ## -## They will not be used if the configured system DNS works. ## Resolvers supporting DNSSEC are recommended, and, if you are using -## DoH, fallback resolvers should ideally be operated by a different entity than -## the DoH servers you will be using, especially if you have IPv6 enabled. +## DoH, bootstrap resolvers should ideally be operated by a different entity +## than the DoH servers you will be using, especially if you have IPv6 enabled. ## -## People in China may need to use 114.114.114.114:53 here. -## Other popular options include 8.8.8.8 and 1.1.1.1. +## People in China may want to use 114.114.114.114:53 here. +## Other popular options include 8.8.8.8, 9.9.9.9 and 1.1.1.1. ## ## If more than one resolver is specified, they will be tried in sequence. +## +## TL;DR: put valid standard resolver addresess here. Your actual queries will +## not be sent there. If you're using DNSCrypt or Anonymized DNS and your +## lists are up to date, these resolvers will not even be used. -fallback_resolvers = ['9.9.9.9:53', '8.8.8.8:53'] +bootstrap_resolvers = ['9.9.9.9:53', '8.8.8.8:53'] ## Always use the fallback resolver before the system DNS settings. diff --git a/dnscrypt-proxy/xtransport.go b/dnscrypt-proxy/xtransport.go index af40ef39..183d3de2 100644 --- a/dnscrypt-proxy/xtransport.go +++ b/dnscrypt-proxy/xtransport.go @@ -28,12 +28,12 @@ import ( ) const ( - DefaultFallbackResolver = "9.9.9.9:53" - DefaultKeepAlive = 5 * time.Second - DefaultTimeout = 30 * time.Second - SystemResolverIPTTL = 24 * time.Hour - MinResolverIPTTL = 12 * time.Hour - ExpiredCachedIPGraceTTL = 15 * time.Minute + DefaultBootstrapResolver = "9.9.9.9:53" + DefaultKeepAlive = 5 * time.Second + DefaultTimeout = 30 * time.Second + SystemResolverIPTTL = 24 * time.Hour + MinResolverIPTTL = 12 * time.Hour + ExpiredCachedIPGraceTTL = 15 * time.Minute ) type CachedIPItem struct { @@ -51,7 +51,7 @@ type XTransport struct { keepAlive time.Duration timeout time.Duration cachedIPs CachedIPs - fallbackResolvers []string + bootstrapResolvers []string mainProto string ignoreSystemDNS bool useIPv4 bool @@ -64,14 +64,14 @@ type XTransport struct { } func NewXTransport() *XTransport { - if err := isIPAndPort(DefaultFallbackResolver); err != nil { - panic("DefaultFallbackResolver does not parse") + if err := isIPAndPort(DefaultBootstrapResolver); err != nil { + panic("DefaultBootstrapResolver does not parse") } xTransport := XTransport{ cachedIPs: CachedIPs{cache: make(map[string]*CachedIPItem)}, keepAlive: DefaultKeepAlive, timeout: DefaultTimeout, - fallbackResolvers: []string{DefaultFallbackResolver}, + bootstrapResolvers: []string{DefaultBootstrapResolver}, mainProto: "", ignoreSystemDNS: true, useIPv4: true, @@ -272,12 +272,12 @@ func (xTransport *XTransport) resolveUsingResolvers(proto, host string, resolver ip, ttl, err = xTransport.resolveUsingResolver(proto, host, resolver) if err == nil { if i > 0 { - dlog.Infof("Resolution succeeded with fallback resolver %s[%s]", proto, resolver) + dlog.Infof("Resolution succeeded with bootstrap resolver %s[%s]", proto, resolver) resolvers[0], resolvers[i] = resolvers[i], resolvers[0] } break } - dlog.Infof("Unable to resolve [%s] using fallback resolver %s[%s]: %v", host, proto, resolver, err) + dlog.Infof("Unable to resolve [%s] using bootstrap resolver %s[%s]: %v", host, proto, resolver, err) } return } @@ -307,18 +307,18 @@ func (xTransport *XTransport) resolveAndUpdateCache(host string) error { } for _, proto := range protos { if err != nil { - dlog.Noticef("System DNS configuration not usable yet, exceptionally resolving [%s] using fallback resolvers over %s", host, proto) + dlog.Noticef("System DNS configuration not usable yet, exceptionally resolving [%s] using bootstrap resolvers over %s", host, proto) } else { - dlog.Debugf("Resolving [%s] using fallback resolvers over %s", host, proto) + dlog.Debugf("Resolving [%s] using bootstrap resolvers over %s", host, proto) } - foundIP, ttl, err = xTransport.resolveUsingResolvers(proto, host, xTransport.fallbackResolvers) + foundIP, ttl, err = xTransport.resolveUsingResolvers(proto, host, xTransport.bootstrapResolvers) if err == nil { break } } } if err != nil && xTransport.ignoreSystemDNS { - dlog.Noticef("Fallback resolvers didn't respond - Trying with the system resolver as a last resort") + dlog.Noticef("Bootstrap resolvers didn't respond - Trying with the system resolver as a last resort") foundIP, ttl, err = xTransport.resolveUsingSystem(host) } if ttl < MinResolverIPTTL { @@ -364,7 +364,7 @@ func (xTransport *XTransport) Fetch(method string, url *url.URL, accept string, return nil, nil, 0, errors.New("Onion service is not reachable without Tor") } if err := xTransport.resolveAndUpdateCache(host); err != nil { - dlog.Errorf("Unable to resolve [%v] - Make sure that the system resolver works, or that `fallback_resolver` has been set to a resolver that can be reached", host) + dlog.Errorf("Unable to resolve [%v] - Make sure that the system resolver works, or that `bootstrap_resolvers` has been set to resolvers that can be reached", host) return nil, nil, 0, err } req := &http.Request{