feat: all dns client support skip-cert-verify params

Author: wwqgtxx

dns/client.go

@@ -108,9 +108,9 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error)
 
 func (c *client) ResetConnection() {}
 
-func newClient(addr string, resolver *Resolver, netType string, proxyAdapter C.ProxyAdapter, proxyName string) *client {
+func newClient(addr string, resolver *Resolver, netType string, params map[string]string, proxyAdapter C.ProxyAdapter, proxyName string) *client {
 	host, port, _ := net.SplitHostPort(addr)
-	return &client{
+	c := &client{
 		Client: &D.Client{
 			Net: netType,
 			TLSConfig: &tls.Config{
@@ -123,4 +123,8 @@ func newClient(addr string, resolver *Resolver, netType string, proxyAdapter C.P
 		host:   host,
 		dialer: newDNSDialer(resolver, proxyAdapter, proxyName),
 	}
+	if params["skip-cert-verify"] == "true" {
+		c.TLSConfig.InsecureSkipVerify = true
+	}
+	return c
 }

dns/doq.go

@@ -61,15 +61,16 @@ type dnsOverQUIC struct {
 	bytesPool      *sync.Pool
 	bytesPoolGuard sync.Mutex
 
-	addr   string
-	dialer *dnsDialer
+	addr           string
+	dialer         *dnsDialer
+	skipCertVerify bool
 }
 
 // type check
 var _ dnsClient = (*dnsOverQUIC)(nil)
 
 // newDoQ returns the DNS-over-QUIC Upstream.
-func newDoQ(addr string, resolver *Resolver, proxyAdapter C.ProxyAdapter, proxyName string) *dnsOverQUIC {
+func newDoQ(addr string, resolver *Resolver, params map[string]string, proxyAdapter C.ProxyAdapter, proxyName string) *dnsOverQUIC {
 	doq := &dnsOverQUIC{
 		addr:   addr,
 		dialer: newDNSDialer(resolver, proxyAdapter, proxyName),
@@ -79,6 +80,10 @@ func newDoQ(addr string, resolver *Resolver, proxyAdapter C.ProxyAdapter, proxyN
 		},
 	}
 
+	if params["skip-cert-verify"] == "true" {
+		doq.skipCertVerify = true
+	}
+
 	runtime.SetFinalizer(doq, (*dnsOverQUIC).Close)
 	return doq
 }
@@ -329,7 +334,7 @@ func (doq *dnsOverQUIC) openConnection(ctx context.Context) (conn quic.Connectio
 	tlsConfig := ca.GetGlobalTLSConfig(
 		&tls.Config{
 			ServerName:         host,
-			InsecureSkipVerify: false,
+			InsecureSkipVerify: doq.skipCertVerify,
 			NextProtos: []string{
 				NextProtoDQ,
 			},

dns/util.go

@@ -101,9 +101,9 @@ func transform(servers []NameServer, resolver *Resolver) []dnsClient {
 		case "rcode":
 			c = newRCodeClient(s.Addr)
 		case "quic":
-			c = newDoQ(s.Addr, resolver, s.ProxyAdapter, s.ProxyName)
+			c = newDoQ(s.Addr, resolver, s.Params, s.ProxyAdapter, s.ProxyName)
 		default:
-			c = newClient(s.Addr, resolver, s.Net, s.ProxyAdapter, s.ProxyName)
+			c = newClient(s.Addr, resolver, s.Net, s.Params, s.ProxyAdapter, s.ProxyName)
 		}
 
 		c = warpClientWithEdns0Subnet(c, s.Params)