From d0f678c315626ef2fa2dbaa36ccff8c86ad7d51b Mon Sep 17 00:00:00 2001
From: "Quentin McGaw (desktop)" <quentin.mcgaw@gmail.com>
Date: Thu, 5 Mar 2020 00:54:33 +0000
Subject: [PATCH] Add DNS over TLS ipv6 upstream servers, see #88

---
 internal/constants/dns.go | 42 ++++++++++++++++++++++-----------------
 internal/dns/conf.go      |  7 +------
 internal/dns/conf_test.go |  6 +++++-
 internal/models/dns.go    |  7 ++++---
 internal/settings/dns.go  | 17 ++++++++++++++++
 5 files changed, 51 insertions(+), 28 deletions(-)

diff --git a/internal/constants/dns.go b/internal/constants/dns.go
index 10545225..9bed13e5 100644
--- a/internal/constants/dns.go
+++ b/internal/constants/dns.go
@@ -28,34 +28,40 @@ const (
 func DNSProviderMapping() map[models.DNSProvider]models.DNSProviderData {
 	return map[models.DNSProvider]models.DNSProviderData{
 		Cloudflare: models.DNSProviderData{
-			IPs:         []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}},
-			SupportsTLS: true,
-			Host:        models.DNSHost("cloudflare-dns.com"),
+			IPs:          []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x11}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x01}},
+			SupportsTLS:  true,
+			SupportsIPv6: true,
+			Host:         models.DNSHost("cloudflare-dns.com"),
 		},
 		Google: models.DNSProviderData{
-			IPs:         []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}},
-			SupportsTLS: true,
-			Host:        models.DNSHost("dns.google"),
+			IPs:          []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x88}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x44}},
+			SupportsTLS:  true,
+			SupportsIPv6: true,
+			Host:         models.DNSHost("dns.google"),
 		},
 		Quad9: models.DNSProviderData{
-			IPs:         []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}},
-			SupportsTLS: true,
-			Host:        models.DNSHost("dns.quad9.net"),
+			IPs:          []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}},
+			SupportsTLS:  true,
+			SupportsIPv6: true,
+			Host:         models.DNSHost("dns.quad9.net"),
 		},
 		Quadrant: models.DNSProviderData{
-			IPs:         []net.IP{{12, 159, 2, 159}},
-			SupportsTLS: true,
-			Host:        models.DNSHost("dns-tls.qis.io"),
+			IPs:          []net.IP{{12, 159, 2, 159}, {0x20, 0x1, 0x18, 0x90, 0x14, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x59}},
+			SupportsTLS:  true,
+			SupportsIPv6: true,
+			Host:         models.DNSHost("dns-tls.qis.io"),
 		},
 		CleanBrowsing: models.DNSProviderData{
-			IPs:         []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}},
-			SupportsTLS: true,
-			Host:        models.DNSHost("security-filter-dns.cleanbrowsing.org"),
+			IPs:          []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}},
+			SupportsTLS:  true,
+			SupportsIPv6: true,
+			Host:         models.DNSHost("security-filter-dns.cleanbrowsing.org"),
 		},
 		SecureDNS: models.DNSProviderData{
-			IPs:         []net.IP{{146, 185, 167, 43}},
-			SupportsTLS: true,
-			Host:        models.DNSHost("dot.securedns.eu"),
+			IPs:          []net.IP{{146, 185, 167, 43}, {0x2a, 0x3, 0xb0, 0xc0, 0x0, 0x0, 0x10, 0x10, 0x0, 0x0, 0x0, 0x0, 0xe, 0x9a, 0x30, 0x1}},
+			SupportsTLS:  true,
+			SupportsIPv6: true,
+			Host:         models.DNSHost("dot.securedns.eu"),
 		},
 		LibreDNS: models.DNSProviderData{
 			IPs:         []net.IP{{116, 203, 115, 192}},
diff --git a/internal/dns/conf.go b/internal/dns/conf.go
index dacb2ade..5255cebe 100644
--- a/internal/dns/conf.go
+++ b/internal/dns/conf.go
@@ -117,12 +117,7 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
 		return forwardZoneLines[i] < forwardZoneLines[j]
 	})
 	for _, provider := range settings.Providers {
-		providerData, ok := constants.DNSProviderMapping()[provider]
-		if !ok {
-			return nil, warnings, fmt.Errorf("DNS provider %q does not have associated data", provider)
-		} else if !providerData.SupportsTLS {
-			return nil, warnings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
-		}
+		providerData := constants.DNSProviderMapping()[provider]
 		for _, IP := range providerData.IPs {
 			forwardZoneLines = append(forwardZoneLines,
 				fmt.Sprintf("  forward-addr: %s@853#%s", IP.String(), providerData.Host))
diff --git a/internal/dns/conf_test.go b/internal/dns/conf_test.go
index 7b88adb3..b7bba8eb 100644
--- a/internal/dns/conf_test.go
+++ b/internal/dns/conf_test.go
@@ -80,8 +80,12 @@ forward-zone:
   name: "."
   forward-addr: 1.1.1.1@853#cloudflare-dns.com
   forward-addr: 1.0.0.1@853#cloudflare-dns.com
+  forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+  forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
   forward-addr: 9.9.9.9@853#dns.quad9.net
-  forward-addr: 149.112.112.112@853#dns.quad9.net`
+  forward-addr: 149.112.112.112@853#dns.quad9.net
+  forward-addr: 2620:fe::fe@853#dns.quad9.net
+  forward-addr: 2620:fe::9@853#dns.quad9.net`
 	assert.Equal(t, expected, "\n"+strings.Join(lines, "\n"))
 }
 
diff --git a/internal/models/dns.go b/internal/models/dns.go
index 14dcebcc..ccdd984b 100644
--- a/internal/models/dns.go
+++ b/internal/models/dns.go
@@ -4,7 +4,8 @@ import "net"
 
 // DNSProviderData contains information for a DNS provider
 type DNSProviderData struct {
-	IPs         []net.IP
-	SupportsTLS bool
-	Host        DNSHost
+	IPs          []net.IP
+	SupportsTLS  bool
+	SupportsIPv6 bool
+	Host         DNSHost
 }
diff --git a/internal/settings/dns.go b/internal/settings/dns.go
index 35455a3b..3fb1a363 100644
--- a/internal/settings/dns.go
+++ b/internal/settings/dns.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/qdm12/private-internet-access-docker/internal/constants"
 	"github.com/qdm12/private-internet-access-docker/internal/models"
 	"github.com/qdm12/private-internet-access-docker/internal/params"
 )
@@ -112,5 +113,21 @@ func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
 	if err != nil {
 		return settings, err
 	}
+
+	// Consistency check
+	IPv6Support := false
+	for _, provider := range settings.Providers {
+		providerData, ok := constants.DNSProviderMapping()[provider]
+		if !ok {
+			return settings, fmt.Errorf("DNS provider %q does not have associated data", provider)
+		} else if !providerData.SupportsTLS {
+			return settings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
+		} else if providerData.SupportsIPv6 {
+			IPv6Support = true
+		}
+	}
+	if settings.IPv6 && !IPv6Support {
+		return settings, fmt.Errorf("None of the DNS over TLS provider(s) set support IPv6")
+	}
 	return settings, nil
 }