Accept relay names in routes, improve documentation

jedisct1 · jedisct1 · commit 320197a00e85 · 2019-10-20T14:19:21.000+02:00
diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go
@@ -485,9 +485,22 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error {
 		os.Exit(0)
 	}
 	if proxy.routes != nil && len(*proxy.routes) > 0 {
+		hasSpecificRoutes := false
 		for _, server := range proxy.registeredServers {
 			if via, ok := (*proxy.routes)[server.name]; ok {
-				dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via)
+				if server.stamp.Proto != stamps.StampProtoTypeDNSCrypt {
+					dlog.Errorf("DNS anonymization is only supported with the DNSCrypt protocol - Connections to [%v] cannot be anonymized", server.name)
+				} else {
+					dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via)
+				}
+				hasSpecificRoutes = true
+			}
+		}
+		if via, ok := (*proxy.routes)["*"]; ok {
+			if hasSpecificRoutes {
+				dlog.Noticef("Anonymized DNS: routing everything else via %v", via)
+			} else {
+				dlog.Noticef("Anonymized DNS: routing everything via %v", via)
 			}
 		}
 	}
@@ -617,12 +630,14 @@ func (config *Config) loadSource(proxy *Proxy, requiredProps stamps.ServerInform
 		dlog.Warnf("Error in source [%s]: [%s] -- Continuing with reduced server count [%d]", cfgSourceName, err, len(registeredServers))
 	}
 	for _, registeredServer := range registeredServers {
-		if len(config.ServerNames) > 0 {
-			if !includesName(config.ServerNames, registeredServer.name) {
+		if registeredServer.stamp.Proto != stamps.StampProtoTypeDNSCryptRelay {
+			if len(config.ServerNames) > 0 {
+				if !includesName(config.ServerNames, registeredServer.name) {
+					continue
+				}
+			} else if registeredServer.stamp.Props&requiredProps != requiredProps {
 				continue
 			}
-		} else if registeredServer.stamp.Props&requiredProps != requiredProps {
-			continue
 		}
 		if includesName(config.DisabledServerNames, registeredServer.name) {
 			continue
@@ -639,12 +654,17 @@ func (config *Config) loadSource(proxy *Proxy, requiredProps stamps.ServerInform
 				continue
 			}
 		}
-		if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) ||
-			(config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) {
-			continue
+		if registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCryptRelay {
+			dlog.Debugf("Adding [%s] to the set of available relays", registeredServer.name)
+			proxy.registeredRelays = append(proxy.registeredRelays, registeredServer)
+		} else {
+			if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) ||
+				(config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) {
+				continue
+			}
+			dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)
+			proxy.registeredServers = append(proxy.registeredServers, registeredServer)
 		}
-		dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)
-		proxy.registeredServers = append(proxy.registeredServers, registeredServer)
 	}
 	return nil
 }
diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml
@@ -561,14 +561,28 @@ cache_neg_max_ttl = 600
 
 [anonymized_dns]
 
-## Define one or more routes, i.e. indirect ways to reach servers.
-## A set of possible relay servers is assigned to each DNS resolver.
+## Routes are indirect ways to reach DNSCrypt servers.
+##
+## A route maps a server name ("server_name") to one or more relays that will be
+## used to connect to that server.
+##
 ## A relay can be specified as a DNS Stamp (either a relay stamp, or a
-## DNSCrypt stamp), an IP:port, a hostname:port, or a server name, if
-## the server is in the servers_list.
+## DNSCrypt stamp), an IP:port, a hostname:port, or a server name.
+##
+## The following example routes "comodo-02" via `anon-kama` or `anon-ibksturm`,
+## and "quad9-dnscrypt-ip4-nofilter-pri" via the relay whose relay DNS stamp
+## is "sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM".
+## These are just example routes. Review the list of available relays from the
+## "relays.md` file, and, for each server you want to use, define the relays you
+## want connections to go through.
+##
+## Carefully choose relays and servers so that the are run by different entities.
+##
+## "server_name" can also be set to "*" to define a default route, but this is not
+## recommended. if you do so, keep "server_names" short and distinct from relays.
 
 # routes = [
-#    { server_name='comodo-02', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] },
+#    { server_name='comodo-02', via=['anon-kama', 'anon-ibksturm'] },
 #    { server_name='quad9-dnscrypt-ip4-nofilter-pri', via=['sdns://gRIxMzcuNzQuMjIzLjIzNDo0NDM'] }
 # ]
 
diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go
@@ -33,6 +33,7 @@ type Proxy struct {
 	listenAddresses              []string
 	daemonize                    bool
 	registeredServers            []RegisteredServer
+	registeredRelays             []RegisteredServer
 	pluginBlockIPv6              bool
 	cache                        bool
 	cacheSize                    int
diff --git a/dnscrypt-proxy/serversInfo.go b/dnscrypt-proxy/serversInfo.go
@@ -231,6 +231,9 @@ func route(proxy *Proxy, name string) (*net.UDPAddr, *net.TCPAddr, error) {
 		return nil, nil, nil
 	}
 	relayNames, ok := (*routes)[name]
+	if !ok {
+		relayNames, ok = (*routes)["*"]
+	}
 	if !ok {
 		return nil, nil, nil
 	}
@@ -250,9 +253,16 @@ func route(proxy *Proxy, name string) (*net.UDPAddr, *net.TCPAddr, error) {
 			Proto:         stamps.StampProtoTypeDNSCryptRelay,
 		}
 	} else {
+		for _, registeredServer := range proxy.registeredRelays {
+			if registeredServer.name == relayName {
+				relayCandidateStamp = &registeredServer.stamp
+				break
+			}
+		}
 		for _, registeredServer := range proxy.registeredServers {
 			if registeredServer.name == relayName {
 				relayCandidateStamp = &registeredServer.stamp
+				break
 			}
 		}
 	}
@@ -285,7 +295,6 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp
 	}
 	relayUDPAddr, relayTCPAddr, err := route(proxy, name)
 	if err != nil {
-		dlog.Error(err)
 		return ServerInfo{}, err
 	}
 	certInfo, rtt, err := FetchCurrentDNSCryptCert(proxy, &name, proxy.mainProto, stamp.ServerPk, stamp.ServerAddrStr, stamp.ProviderName, isNew, relayUDPAddr, relayTCPAddr)

Original file line number	Diff line number	Diff line change
`@@ -485,9 +485,22 @@ func ConfigLoad(proxy Proxy, svcFlag string) error {`
`485`	`485`	`os.Exit(0)`
`486`	`486`	`}`
`487`	`487`	`if proxy.routes != nil && len(*proxy.routes) > 0 {`
	`488`	`+ hasSpecificRoutes := false`
`488`	`489`	`for _, server := range proxy.registeredServers {`
`489`	`490`	`if via, ok := (*proxy.routes)[server.name]; ok {`
`490`		`- dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via)`
	`491`	`+ if server.stamp.Proto != stamps.StampProtoTypeDNSCrypt {`
	`492`	`+ dlog.Errorf("DNS anonymization is only supported with the DNSCrypt protocol - Connections to [%v] cannot be anonymized", server.name)`
	`493`	`+ } else {`
	`494`	`+ dlog.Noticef("Anonymized DNS: routing [%v] via %v", server.name, via)`
	`495`	`+ }`
	`496`	`+ hasSpecificRoutes = true`
	`497`	`+ }`
	`498`	`+ }`
	`499`	`+ if via, ok := (proxy.routes)[""]; ok {`
	`500`	`+ if hasSpecificRoutes {`
	`501`	`+ dlog.Noticef("Anonymized DNS: routing everything else via %v", via)`
	`502`	`+ } else {`
	`503`	`+ dlog.Noticef("Anonymized DNS: routing everything via %v", via)`
`491`	`504`	`}`
`492`	`505`	`}`
`493`	`506`	`}`
`@@ -617,12 +630,14 @@ func (config Config) loadSource(proxy Proxy, requiredProps stamps.ServerInform`
`617`	`630`	`dlog.Warnf("Error in source [%s]: [%s] -- Continuing with reduced server count [%d]", cfgSourceName, err, len(registeredServers))`
`618`	`631`	`}`
`619`	`632`	`for _, registeredServer := range registeredServers {`
`620`		`- if len(config.ServerNames) > 0 {`
`621`		`- if !includesName(config.ServerNames, registeredServer.name) {`
	`633`	`+ if registeredServer.stamp.Proto != stamps.StampProtoTypeDNSCryptRelay {`
	`634`	`+ if len(config.ServerNames) > 0 {`
	`635`	`+ if !includesName(config.ServerNames, registeredServer.name) {`
	`636`	`+ continue`
	`637`	`+ }`
	`638`	`+ } else if registeredServer.stamp.Props&requiredProps != requiredProps {`
`622`	`639`	`continue`
`623`	`640`	`}`
`624`		`- } else if registeredServer.stamp.Props&requiredProps != requiredProps {`
`625`		`- continue`
`626`	`641`	`}`
`627`	`642`	`if includesName(config.DisabledServerNames, registeredServer.name) {`
`628`	`643`	`continue`
`@@ -639,12 +654,17 @@ func (config Config) loadSource(proxy Proxy, requiredProps stamps.ServerInform`
`639`	`654`	`continue`
`640`	`655`	`}`
`641`	`656`	`}`
`642`		`- if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) \|\|`
`643`		`- (config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) {`
`644`		`- continue`
	`657`	`+ if registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCryptRelay {`
	`658`	`+ dlog.Debugf("Adding [%s] to the set of available relays", registeredServer.name)`
	`659`	`+ proxy.registeredRelays = append(proxy.registeredRelays, registeredServer)`
	`660`	`+ } else {`
	`661`	`+ if !((config.SourceDNSCrypt && registeredServer.stamp.Proto == stamps.StampProtoTypeDNSCrypt) \|\|`
	`662`	`+ (config.SourceDoH && registeredServer.stamp.Proto == stamps.StampProtoTypeDoH)) {`
	`663`	`+ continue`
	`664`	`+ }`
	`665`	`+ dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)`
	`666`	`+ proxy.registeredServers = append(proxy.registeredServers, registeredServer)`
`645`	`667`	`}`
`646`		`- dlog.Debugf("Adding [%s] to the set of wanted resolvers", registeredServer.name)`
`647`		`- proxy.registeredServers = append(proxy.registeredServers, registeredServer)`
`648`	`668`	`}`
`649`	`669`	`return nil`
`650`	`670`	`}`
Original file line number	Diff line number	Diff line change
`@@ -231,6 +231,9 @@ func route(proxy Proxy, name string) (net.UDPAddr, *net.TCPAddr, error) {`
`231`	`231`	`return nil, nil, nil`
`232`	`232`	`}`
`233`	`233`	`relayNames, ok := (*routes)[name]`
	`234`	`+ if !ok {`
	`235`	`+ relayNames, ok = (routes)[""]`
	`236`	`+ }`
`234`	`237`	`if !ok {`
`235`	`238`	`return nil, nil, nil`
`236`	`239`	`}`
`@@ -250,9 +253,16 @@ func route(proxy Proxy, name string) (net.UDPAddr, *net.TCPAddr, error) {`
`250`	`253`	`Proto: stamps.StampProtoTypeDNSCryptRelay,`
`251`	`254`	`}`
`252`	`255`	`} else {`
	`256`	`+ for _, registeredServer := range proxy.registeredRelays {`
	`257`	`+ if registeredServer.name == relayName {`
	`258`	`+ relayCandidateStamp = &registeredServer.stamp`
	`259`	`+ break`
	`260`	`+ }`
	`261`	`+ }`
`253`	`262`	`for _, registeredServer := range proxy.registeredServers {`
`254`	`263`	`if registeredServer.name == relayName {`
`255`	`264`	`relayCandidateStamp = &registeredServer.stamp`
	`265`	`+ break`
`256`	`266`	`}`
`257`	`267`	`}`
`258`	`268`	`}`
`@@ -285,7 +295,6 @@ func fetchDNSCryptServerInfo(proxy *Proxy, name string, stamp stamps.ServerStamp`
`285`	`295`	`}`
`286`	`296`	`relayUDPAddr, relayTCPAddr, err := route(proxy, name)`
`287`	`297`	`if err != nil {`
`288`		`- dlog.Error(err)`
`289`	`298`	`return ServerInfo{}, err`
`290`	`299`	`}`
`291`	`300`	`certInfo, rtt, err := FetchCurrentDNSCryptCert(proxy, &name, proxy.mainProto, stamp.ServerPk, stamp.ServerAddrStr, stamp.ProviderName, isNew, relayUDPAddr, relayTCPAddr)`