admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DOT_IPV6 environment variable added, refers to #88

Browse Source
This commit is contained in:
Quentin McGaw (desktop)
2020-03-05 00:51:04 +00:00
parent 47a197be48
commit 0c48d2d5a0
8 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@@ -53,6 +53,7 @@ ENV VPNSP=pia \
DOT_VERBOSITY_DETAILS=0 \ DOT_VERBOSITY_DETAILS=0 \
DOT_VALIDATION_LOGLEVEL=0 \ DOT_VALIDATION_LOGLEVEL=0 \
DOT_CACHING=on \ DOT_CACHING=on \
DOT_IPV6=on \
BLOCK_MALICIOUS=on \ BLOCK_MALICIOUS=on \
BLOCK_SURVEILLANCE=off \ BLOCK_SURVEILLANCE=off \
BLOCK_ADS=off \ BLOCK_ADS=off \

1
README.md
View File

@@ -139,6 +139,7 @@ docker run --rm --network=container:pia alpine:3.11 wget -qO- https://ipinfo.io
| `DOT` | `on` | `on` or `off`, to activate DNS over TLS to 1.1.1.1 | | `DOT` | `on` | `on` or `off`, to activate DNS over TLS to 1.1.1.1 |
| `DOT_PROVIDERS` | `cloudflare` | Comma delimited list of DNS over TLS providers from `cloudflare`, `google`, `quad9`, `quadrant`, `cleanbrowsing`, `securedns`, `libredns` | | `DOT_PROVIDERS` | `cloudflare` | Comma delimited list of DNS over TLS providers from `cloudflare`, `google`, `quad9`, `quadrant`, `cleanbrowsing`, `securedns`, `libredns` |
| `DOT_CACHING` | `on` | Unbound caching feature, `on` or `off` | | `DOT_CACHING` | `on` | Unbound caching feature, `on` or `off` |
| `DOT_IPV6` | `on` | Unbound will resolve domain names using IPv6 as well as IPv4 |
| `DOT_PRIVATE_ADDRESS` | All IPv4 and IPv6 CIDRs private ranges | Comma separated list of CIDRs or single IP addresses. Note that the default setting prevents DNS rebinding | | `DOT_PRIVATE_ADDRESS` | All IPv4 and IPv6 CIDRs private ranges | Comma separated list of CIDRs or single IP addresses. Note that the default setting prevents DNS rebinding |
| `DOT_VERBOSITY` | `1` | Unbound verbosity level from `0` to `5` (full debug) | | `DOT_VERBOSITY` | `1` | Unbound verbosity level from `0` to `5` (full debug) |
| `DOT_VERBOSITY_DETAILS` | `0` | Unbound details verbosity level from `0` to `4` | | `DOT_VERBOSITY_DETAILS` | `0` | Unbound details verbosity level from `0` to `4` |

1
docker-compose.yml
View File

@@ -35,6 +35,7 @@ services:
# DNS over TLS # DNS over TLS
- DOT=on - DOT=on
- DOT_PROVIDERS=cloudflare - DOT_PROVIDERS=cloudflare
- DOT_IPV6=on
- DOT_VERBOSITY=1 - DOT_VERBOSITY=1
- BLOCK_MALICIOUS=on - BLOCK_MALICIOUS=on
- BLOCK_SURVEILLANCE=off - BLOCK_SURVEILLANCE=off

6
internal/dns/conf.go
View File

@@ -30,6 +30,10 @@ func (c *configurator) MakeUnboundConf(settings settings.DNS, uid, gid int) (err
// MakeUnboundConf generates an Unbound configuration from the user provided settings // MakeUnboundConf generates an Unbound configuration from the user provided settings
func generateUnboundConf(settings settings.DNS, client network.Client, logger logging.Logger) (lines []string, warnings []error, err error) { func generateUnboundConf(settings settings.DNS, client network.Client, logger logging.Logger) (lines []string, warnings []error, err error) {
doIPv6 := "no"
if settings.IPv6 {
doIPv6 = "yes"
}
serverSection := map[string]string{ serverSection := map[string]string{
// Logging // Logging
"verbosity": fmt.Sprintf("%d", settings.VerbosityLevel), "verbosity": fmt.Sprintf("%d", settings.VerbosityLevel),
@@ -60,7 +64,7 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
"harden-algo-downgrade": "yes", "harden-algo-downgrade": "yes",
// Network // Network
"do-ip4": "yes", "do-ip4": "yes",
"do-ip6": "yes", "do-ip6": doIPv6,
"interface": "127.0.0.1", "interface": "127.0.0.1",
"port": "53", "port": "53",
// Other // Other

1
internal/dns/conf_test.go
View File

@@ -26,6 +26,7 @@ func Test_generateUnboundConf(t *testing.T) {
VerbosityLevel: 2, VerbosityLevel: 2,
ValidationLogLevel: 3, ValidationLogLevel: 3,
Caching: true, Caching: true,
IPv6: true,
} }
client := &mocks.Client{} client := &mocks.Client{}
client.On("GetContent", string(constants.MaliciousBlockListHostnamesURL)). client.On("GetContent", string(constants.MaliciousBlockListHostnamesURL)).

6
internal/params/dns.go
View File

@@ -116,3 +116,9 @@ func (p *paramsReader) GetDNSOverTLSPrivateAddresses() (privateAddresses []strin
} }
return privateAddresses return privateAddresses
} }
// GetDNSOverTLSIPv6 obtains if Unbound should resolve ipv6 addresses using ipv6 DNS over TLS
// servers from the environment variable DOT_IPV6
func (p *paramsReader) GetDNSOverTLSIPv6() (ipv6 bool, err error) {
return p.envParams.GetOnOff("DOT_IPV6")
}

1
internal/params/params.go
View File

@@ -26,6 +26,7 @@ type ParamsReader interface {
GetDNSAdsBlocking() (blocking bool, err error) GetDNSAdsBlocking() (blocking bool, err error)
GetDNSUnblockedHostnames() (hostnames []string, err error) GetDNSUnblockedHostnames() (hostnames []string, err error)
GetDNSOverTLSPrivateAddresses() (privateAddresses []string) GetDNSOverTLSPrivateAddresses() (privateAddresses []string)
GetDNSOverTLSIPv6() (ipv6 bool, err error)
// Firewall getters // Firewall getters
GetExtraSubnets() (extraSubnets []net.IPNet, err error) GetExtraSubnets() (extraSubnets []net.IPNet, err error)

11
internal/settings/dns.go
View File

@@ -21,13 +21,14 @@ type DNS struct {
VerbosityLevel uint8 VerbosityLevel uint8
VerbosityDetailsLevel uint8 VerbosityDetailsLevel uint8
ValidationLogLevel uint8 ValidationLogLevel uint8
IPv6 bool
} }
func (d *DNS) String() string { func (d *DNS) String() string {
if !d.Enabled { if !d.Enabled {
return "DNS over TLS settings: disabled" return "DNS over TLS settings: disabled"
} }
caching, blockMalicious, blockSurveillance, blockAds := "disabled", "disabed", "disabed", "disabed" caching, blockMalicious, blockSurveillance, blockAds, ipv6 := "disabled", "disabed", "disabed", "disabed", "disabed"
if d.Caching { if d.Caching {
caching = "enabled" caching = "enabled"
} }
@@ -40,6 +41,9 @@ func (d *DNS) String() string {
if d.BlockAds { if d.BlockAds {
blockAds = "enabled" blockAds = "enabled"
} }
if d.IPv6 {
ipv6 = "enabled"
}
var providersStr []string var providersStr []string
for _, provider := range d.Providers { for _, provider := range d.Providers {
providersStr = append(providersStr, string(provider)) providersStr = append(providersStr, string(provider))
@@ -56,6 +60,7 @@ func (d *DNS) String() string {
"Verbosity level: " + fmt.Sprintf("%d/5", d.VerbosityLevel), "Verbosity level: " + fmt.Sprintf("%d/5", d.VerbosityLevel),
"Verbosity details level: " + fmt.Sprintf("%d/4", d.VerbosityDetailsLevel), "Verbosity details level: " + fmt.Sprintf("%d/4", d.VerbosityDetailsLevel),
"Validation log level: " + fmt.Sprintf("%d/2", d.ValidationLogLevel), "Validation log level: " + fmt.Sprintf("%d/2", d.ValidationLogLevel),
"IPv6 resolution: " + ipv6,
} }
return strings.Join(settingsList, "\n |--") return strings.Join(settingsList, "\n |--")
} }
@@ -103,5 +108,9 @@ func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
return settings, err return settings, err
} }
settings.PrivateAddresses = params.GetDNSOverTLSPrivateAddresses() settings.PrivateAddresses = params.GetDNSOverTLSPrivateAddresses()
settings.IPv6, err = params.GetDNSOverTLSIPv6()
if err != nil {
return settings, err
}
return settings, nil return settings, nil
} }