mirrors/Xray-core
0
Fork 0
mirror of https://github.com/XTLS/Xray-core.git synced 2025-06-18 06:09:48 +03:00
Code Issues Releases Activity

DNS: Add new nonIPQuery "reject"

Browse Source
This commit is contained in:
风扇滑翔翼
2025-06-17 16:02:18 +00:00
committed by GitHub
parent fbae89d017
commit f036c270d4
2 changed files with 41 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/conf/dns_proxy.go
View File

@ -30,7 +30,7 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) {
switch c.NonIPQuery { switch c.NonIPQuery {
case "": case "":
c.NonIPQuery = "drop" c.NonIPQuery = "drop"
case "drop", "skip": case "drop", "skip", "reject":
default: default:
return nil, errors.New(`unknown "nonIPQuery": `, c.NonIPQuery) return nil, errors.New(`unknown "nonIPQuery": `, c.NonIPQuery)
} }

40
proxy/dns/dns.go
View File

@ -187,6 +187,9 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
if len(h.blockTypes) > 0 { if len(h.blockTypes) > 0 {
for _, blocktype := range h.blockTypes { for _, blocktype := range h.blockTypes {
if blocktype == int32(qType) { if blocktype == int32(qType) {
if h.nonIPQuery == "reject" {
go h.rejectNonIPQuery(id, qType, domain, writer)
}
errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain) errors.LogInfo(ctx, "blocked type ", qType, " query for domain ", domain)
return nil return nil
} }
@ -199,6 +202,11 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
b.Release() b.Release()
continue continue
} }
if h.nonIPQuery == "reject" {
go h.rejectNonIPQuery(id, qType, domain, writer)
b.Release()
continue
}
} }
if err := connWriter.WriteMessage(b); err != nil { if err := connWriter.WriteMessage(b); err != nil {
@ -317,6 +325,38 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string,
} }
} }
func (h *Handler) rejectNonIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter) {
b := buf.New()
rawBytes := b.Extend(buf.Size)
builder := dnsmessage.NewBuilder(rawBytes[:0], dnsmessage.Header{
ID: id,
RCode: dnsmessage.RCodeRefused,
RecursionAvailable: true,
RecursionDesired: true,
Response: true,
Authoritative: true,
})
builder.EnableCompression()
common.Must(builder.StartQuestions())
common.Must(builder.Question(dnsmessage.Question{
Name: dnsmessage.MustNewName(domain),
Class: dnsmessage.ClassINET,
Type: qType,
}))
msgBytes, err := builder.Finish()
if err != nil {
errors.LogInfoInner(context.Background(), err, "pack reject message")
b.Release()
return
}
b.Resize(0, int32(len(msgBytes)))
if err := writer.WriteMessage(b); err != nil {
errors.LogInfoInner(context.Background(), err, "write reject answer")
}
}
type outboundConn struct { type outboundConn struct {
access sync.Mutex access sync.Mutex
dialer func() (stat.Connection, error) dialer func() (stat.Connection, error)