Add DNS over TLS ipv6 upstream servers, see #88

2020-03-05 00:54:33 +00:00
parent 0c48d2d5a0
commit d0f678c315
5 changed files with 51 additions and 28 deletions
--- a/internal/constants/dns.go
+++ b/internal/constants/dns.go
@@ -28,33 +28,39 @@ const (
 func DNSProviderMapping() map[models.DNSProvider]models.DNSProviderData {
 	return map[models.DNSProvider]models.DNSProviderData{
 		Cloudflare: models.DNSProviderData{
-			IPs:         []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}},
+			IPs:          []net.IP{{1, 1, 1, 1}, {1, 0, 0, 1}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x11}, {0x26, 0x6, 0x47, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x01}},
 			SupportsTLS:  true,
+			SupportsIPv6: true,
 			Host:         models.DNSHost("cloudflare-dns.com"),
 		},
 		Google: models.DNSProviderData{
-			IPs:         []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}},
+			IPs:          []net.IP{{8, 8, 8, 8}, {8, 8, 4, 4}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x88}, {0x20, 0x1, 0x48, 0x60, 0x48, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x44}},
 			SupportsTLS:  true,
+			SupportsIPv6: true,
 			Host:         models.DNSHost("dns.google"),
 		},
 		Quad9: models.DNSProviderData{
-			IPs:         []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}},
+			IPs:          []net.IP{{9, 9, 9, 9}, {149, 112, 112, 112}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe}, {0x26, 0x20, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}},
 			SupportsTLS:  true,
+			SupportsIPv6: true,
 			Host:         models.DNSHost("dns.quad9.net"),
 		},
 		Quadrant: models.DNSProviderData{
-			IPs:         []net.IP{{12, 159, 2, 159}},
+			IPs:          []net.IP{{12, 159, 2, 159}, {0x20, 0x1, 0x18, 0x90, 0x14, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x59}},
 			SupportsTLS:  true,
+			SupportsIPv6: true,
 			Host:         models.DNSHost("dns-tls.qis.io"),
 		},
 		CleanBrowsing: models.DNSProviderData{
-			IPs:         []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}},
+			IPs:          []net.IP{{185, 228, 168, 9}, {185, 228, 169, 9}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x2a, 0xd, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}},
 			SupportsTLS:  true,
+			SupportsIPv6: true,
 			Host:         models.DNSHost("security-filter-dns.cleanbrowsing.org"),
 		},
 		SecureDNS: models.DNSProviderData{
-			IPs:         []net.IP{{146, 185, 167, 43}},
+			IPs:          []net.IP{{146, 185, 167, 43}, {0x2a, 0x3, 0xb0, 0xc0, 0x0, 0x0, 0x10, 0x10, 0x0, 0x0, 0x0, 0x0, 0xe, 0x9a, 0x30, 0x1}},
 			SupportsTLS:  true,
+			SupportsIPv6: true,
 			Host:         models.DNSHost("dot.securedns.eu"),
 		},
 		LibreDNS: models.DNSProviderData{
--- a/internal/dns/conf.go
+++ b/internal/dns/conf.go
@@ -117,12 +117,7 @@ func generateUnboundConf(settings settings.DNS, client network.Client, logger lo
 		return forwardZoneLines[i] < forwardZoneLines[j]
 	})
 	for _, provider := range settings.Providers {
-		providerData, ok := constants.DNSProviderMapping()[provider]
-		if !ok {
-			return nil, warnings, fmt.Errorf("DNS provider %q does not have associated data", provider)
-		} else if !providerData.SupportsTLS {
-			return nil, warnings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
-		}
+		providerData := constants.DNSProviderMapping()[provider]
 		for _, IP := range providerData.IPs {
 			forwardZoneLines = append(forwardZoneLines,
 				fmt.Sprintf("  forward-addr: %s@853#%s", IP.String(), providerData.Host))
--- a/internal/dns/conf_test.go
+++ b/internal/dns/conf_test.go
@@ -80,8 +80,12 @@ forward-zone:
  name: "."
  forward-addr: 1.1.1.1@853#cloudflare-dns.com
  forward-addr: 1.0.0.1@853#cloudflare-dns.com
+  forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+  forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
  forward-addr: 9.9.9.9@853#dns.quad9.net
-  forward-addr: 149.112.112.112@853#dns.quad9.net`
+  forward-addr: 149.112.112.112@853#dns.quad9.net
+  forward-addr: 2620:fe::fe@853#dns.quad9.net
+  forward-addr: 2620:fe::9@853#dns.quad9.net`
 	assert.Equal(t, expected, "\n"+strings.Join(lines, "\n"))
 }

--- a/internal/models/dns.go
+++ b/internal/models/dns.go
@@ -6,5 +6,6 @@ import "net"
 type DNSProviderData struct {
 	IPs          []net.IP
 	SupportsTLS  bool
+	SupportsIPv6 bool
 	Host         DNSHost
 }
--- a/internal/settings/dns.go
+++ b/internal/settings/dns.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"

+	"github.com/qdm12/private-internet-access-docker/internal/constants"
 	"github.com/qdm12/private-internet-access-docker/internal/models"
 	"github.com/qdm12/private-internet-access-docker/internal/params"
 )
@@ -112,5 +113,21 @@ func GetDNSSettings(params params.ParamsReader) (settings DNS, err error) {
 	if err != nil {
 		return settings, err
 	}
+
+	// Consistency check
+	IPv6Support := false
+	for _, provider := range settings.Providers {
+		providerData, ok := constants.DNSProviderMapping()[provider]
+		if !ok {
+			return settings, fmt.Errorf("DNS provider %q does not have associated data", provider)
+		} else if !providerData.SupportsTLS {
+			return settings, fmt.Errorf("DNS provider %q does not support DNS over TLS", provider)
+		} else if providerData.SupportsIPv6 {
+			IPv6Support = true
+		}
+	}
+	if settings.IPv6 && !IPv6Support {
+		return settings, fmt.Errorf("None of the DNS over TLS provider(s) set support IPv6")
+	}
 	return settings, nil
 }