implemented forwarding

This commit is contained in:
Niklas 2020-12-23 21:44:33 +01:00
parent 62b22b9ad7
commit b079e6988f
2 changed files with 48 additions and 6 deletions

View File

@ -1,15 +1,12 @@
zones:
- zone: example.com.
file: zonefile.txt
acl:
- vpn
acl:
- name: vpn
cidr: 10.0.0.0/24
forward:
alc:
acl:
- vpn
server: "8.8.8.8:53"

View File

@ -30,6 +30,7 @@ type config struct {
type configForward struct {
ACL []string `yaml:"acl"`
Server string `yaml:"server"`
}
type configACL struct {
@ -145,6 +146,7 @@ func createACLList(config []configACL) (map[string]*net.IPNet, error) {
func createServer(zones []zone, config config, aclList map[string]*net.IPNet) *dns.ServeMux {
srv := dns.NewServeMux()
c := new(dns.Client)
for _, z := range zones {
srv.HandleFunc(z.zone, func(w dns.ResponseWriter, r *dns.Msg) {
@ -248,6 +250,49 @@ func createServer(zones []zone, config config, aclList map[string]*net.IPNet) *d
})
}
// Handle any other request
srv.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) {
remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
ip := net.ParseIP(remoteIP)
if err != nil && ip != nil {
log.Printf("Faild to parse remote IP WTF? :%s", err.Error())
return
}
// Check ACL rules
if len(config.Forward.ACL) != 0 {
passed := false
for _, rule := range config.Forward.ACL {
if aclList[rule].Contains(ip) {
passed = true
}
}
if !passed {
m := new(dns.Msg)
m.SetReply(r)
m.SetRcode(r, dns.RcodeRefused)
w.WriteMsg(m)
return
}
}
// Forward request
in, _, err := c.Exchange(r, config.Forward.Server)
if err != nil {
m := new(dns.Msg)
m.SetReply(r)
m.SetRcode(r, dns.RcodeServerFailure)
w.WriteMsg(m)
return
}
w.WriteMsg(in)
})
return srv
}