drone tag gitea release

added blacklist line parser
removed unused function
2020-12-30 17:15:02 +01:00 · 2020-12-30 14:14:52 +01:00 · 2020-12-30 00:24:59 +01:00 · 2020-12-29 22:34:30 +01:00 · 2020-12-29 14:47:00 +01:00 · 2020-12-29 14:45:41 +01:00
4 changed files with 224 additions and 32 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,30 @@
+kind: pipeline
+name: default
+
+steps:
+- name: build
+  image: golang
+  commands:
+  - go build
+
+- name: gitea_release
+  image: plugins/gitea-release
+  settings:
+    api_key: 
+      from_secret: GITEA_API_KEY
+    base_url: https://git.kapelle.org
+    files:
+    - cool-dns
+    checksum:
+    - md5
+    - sha1
+    - sha256
+    title: ${DRONE_TAG}
+    prerelease: true
+  when:
+    event: 
+    - tag
+
+trigger:
+  event:
+  - tag
--- a/blacklist.go
+++ b/blacklist.go
@@ -0,0 +1,138 @@
+package main
+
+import (
+	"errors"
+	"io/ioutil"
+	"log"
+	"net"
+	"net/http"
+	"regexp"
+	"strings"
+
+	"github.com/miekg/dns"
+)
+
+const blockTTL uint32 = 300
+
+var nullIPv4 = net.IPv4(0, 0, 0, 0)
+var nullIPv6 = net.ParseIP("::/0")
+
+func loadBlacklist(config []configBlacklist) map[string]bool {
+	list := make([]string, 0)
+	for _, element := range config {
+		raw, err := requestBacklist(element)
+
+		if err != nil {
+			log.Printf("Failed to load blacklist %s reason: %s", element.URL, err.Error())
+			continue
+		}
+
+		domains := parseRawBlacklist(element, *raw)
+		log.Printf("Added %d blocked domains", len(domains))
+		list = append(list, domains...)
+	}
+
+	domainMap := make(map[string]bool)
+	for _, e := range list {
+		domainMap[e] = true
+	}
+
+	return domainMap
+}
+
+func requestBacklist(blacklist configBlacklist) (*string, error) {
+	if blacklist.URL != "" {
+		return getBlacklistFromURL(blacklist.URL)
+	}
+
+	return nil, errors.New("No blacklist provided")
+}
+
+func getBlacklistFromURL(url string) (*string, error) {
+	// Request list
+	resp, err := http.Get(url)
+	if err != nil {
+		return nil, err
+	}
+
+	defer resp.Body.Close()
+
+	if resp.StatusCode != 200 {
+		log.Printf("Got %d status code. Continueing anyway.", resp.StatusCode)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	bodyString := string(body)
+
+	log.Printf("Downloaded blacklist %s", url)
+
+	return &bodyString, err
+}
+
+func parseRawBlacklist(blacklist configBlacklist, raw string) []string {
+	switch blacklist.Format {
+	case "host":
+		return parseHostFormat(raw)
+	case "line":
+		return parseLineFormat(raw)
+	default:
+		log.Printf("Failed to parse blacklist. Format not supported: %s", blacklist.Format)
+		log.Println("Supported types are: host, line")
+		return make([]string, 0)
+	}
+}
+
+func parseHostFormat(raw string) []string {
+	finalList := make([]string, 0)
+	reg := regexp.MustCompile(`(?mi)^\s*(#*)\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+([a-zA-Z0-9\.\- ]+)$`)
+	matches := reg.FindAllStringSubmatch(raw, -1)
+	for _, match := range matches {
+		if match[1] != "#" {
+			finalList = append(finalList, dns.Fqdn(match[3]))
+		}
+	}
+
+	return finalList
+}
+
+func parseLineFormat(raw string) []string {
+	list := make([]string, 0)
+
+	for _, line := range strings.Split(raw, "\n") {
+		if !strings.HasPrefix(line, "#") {
+			list = append(list, line)
+		}
+	}
+
+	return list
+}
+
+func handleBlockedDomain(w dns.ResponseWriter, r *dns.Msg) {
+	q := r.Question[0]
+
+	m := new(dns.Msg)
+	m.SetReply(r)
+	if q.Qtype == dns.TypeA {
+		m.Answer = append(m.Answer, &dns.A{
+			Hdr: dns.RR_Header{
+				Name:   q.Name,
+				Rrtype: dns.TypeA,
+				Class:  dns.ClassINET,
+				Ttl:    blockTTL,
+			},
+			A: nullIPv4,
+		})
+	} else if q.Qtype == dns.TypeAAAA {
+		m.Answer = append(m.Answer, &dns.AAAA{
+			Hdr: dns.RR_Header{
+				Name:   q.Name,
+				Rrtype: dns.TypeAAAA,
+				Class:  dns.ClassINET,
+				Ttl:    blockTTL,
+			},
+			AAAA: nullIPv6,
+		})
+	}
+
+	w.WriteMsg(m)
+}
--- a/config.yml
+++ b/config.yml
@@ -17,7 +17,13 @@ acl:

 forward:
  acl:
-    - vpn
+    - local
  server: "8.8.8.8:53"

 address: 0.0.0.0:8053
+
+blacklist:
+  - url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
+    format: host
+  - url: https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt
+    format: line
--- a/coolDns.go
+++ b/coolDns.go
@@ -1,6 +1,7 @@
 package main

 import (
+	"flag"
 	"io/ioutil"
 	"log"
 	"net"
@@ -27,6 +28,7 @@ type config struct {
 	ACL       []configACL       `yaml:"acl"`
 	Forward   configForward     `yaml:"forward"`
 	Address   string            `yaml:"address"`
+	Blacklist []configBlacklist `yaml:"blacklist"`
 }

 type configForward struct {
@@ -45,6 +47,11 @@ type configZone struct {
 	ACL  []string `yaml:"acl"`
 }

+type configBlacklist struct {
+	URL    string `yaml:"url"`
+	Format string `yaml:"format"`
+}
+
 var anyRecordTypes = []uint16{
 	dns.TypeSOA,
 	dns.TypeA,
@@ -57,8 +64,8 @@ var anyRecordTypes = []uint16{
 	dns.TypeCAA,
 }

-func loadConfig() (*config, error) {
-	file, err := ioutil.ReadFile("config.yml")
+func loadConfig(configPath string) (*config, error) {
+	file, err := ioutil.ReadFile(configPath)
 	if err != nil {
 		return nil, err
 	}
@@ -76,7 +83,7 @@ func loadConfig() (*config, error) {
 func loadZones(configZones []configZone) (zoneMap, error) {
 	zones := make(zoneMap)
 	for _, z := range configZones {
-		rrs, err := loadZonefile(z.File)
+		rrs, err := loadZonefile(z.File, z.Zone)
 		if err != nil {
 			return nil, err
 		}
@@ -110,14 +117,14 @@ func createRRMap(rrs []dns.RR) rrMap {
 	return rrMap
 }

-func loadZonefile(filepath string) ([]dns.RR, error) {
+func loadZonefile(filepath, origin string) ([]dns.RR, error) {
 	file, err := os.Open(filepath)

 	if err != nil {
 		return nil, err
 	}

-	parser := dns.NewZoneParser(file, "", "")
+	parser := dns.NewZoneParser(file, origin, filepath)

 	var rrs = make([]dns.RR, 0)

@@ -148,7 +155,7 @@ func createACLList(config []configACL) (map[string]*net.IPNet, error) {
 	return acls, nil
 }

-func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet) *dns.ServeMux {
+func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, blacklist map[string]bool) *dns.ServeMux {
 	srv := dns.NewServeMux()
 	c := new(dns.Client)

@@ -159,7 +166,7 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet) *
 			remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
 			ip := net.ParseIP(remoteIP)
 			if err != nil && ip != nil {
-				log.Printf("Faild to parse remote IP WTF? :%s", err.Error())
+				log.Printf("Faild to parse remote IP WTF? :%s\n", err.Error())
 				return
 			}

@@ -187,7 +194,7 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet) *
 		ip := net.ParseIP(remoteIP)

 		if err != nil && ip != nil {
-			log.Printf("Faild to parse remote IP WTF? :%s", err.Error())
+			log.Printf("Faild to parse remote IP WTF? :%s\n", err.Error())
 			return
 		}

@@ -197,6 +204,9 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet) *
 			return
 		}

+		if _, ok := blacklist[r.Question[0].Name]; ok {
+			handleBlockedDomain(w, r)
+		} else {
 			// Forward request
 			in, _, err := c.Exchange(r, config.Forward.Server)

@@ -204,8 +214,9 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet) *
 				rcodeRequest(w, r, dns.RcodeServerFailure)
 				return
 			}
-
 			w.WriteMsg(in)
+		}
+
 	})

 	return srv
@@ -223,12 +234,6 @@ func listenAndServer(server *dns.ServeMux, address string) {
 			log.Fatalf("Failed to set tcp listener %s\n", err.Error())
 		}
 	}()
-
-	sig := make(chan os.Signal)
-	signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
-	s := <-sig
-	log.Printf("Signal (%v) received, stopping\n", s)
-	os.Exit(0)
 }

 func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool {
@@ -324,23 +329,36 @@ func handleRequest(w dns.ResponseWriter, r *dns.Msg, zone zoneView) {
 }

 func main() {
-	config, err := loadConfig()
+
+	configPath := flag.String("c", "/etc/cool-dns/config.yaml", "path to the config file")
+	flag.Parse()
+
+	config, err := loadConfig(*configPath)
 	if err != nil {
-		log.Fatalf("Failed to load config: %s", err.Error())
+		log.Fatalf("Failed to load config: %s\n", err.Error())
 	}

 	zones, err := loadZones(config.Zones)
 	if err != nil {
-		log.Fatalf("Failed to load zones: %s", err.Error())
+		log.Fatalf("Failed to load zones: %s\n", err.Error())
 	}

 	aclList, err := createACLList(config.ACL)
 	if err != nil {
-		log.Fatalf("Failed to parse ACL rules: %s", err.Error())
+		log.Fatalf("Failed to parse ACL rules: %s\n", err.Error())
 	}

-	server := createServer(zones, *config, aclList)
+	blacklist := loadBlacklist(config.Blacklist)
+
+	server := createServer(zones, *config, aclList, blacklist)
+
+	listenAndServer(server, config.Address)

 	log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address)
-	listenAndServer(server, config.Address)
+
+	sig := make(chan os.Signal)
+	signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
+	s := <-sig
+	log.Printf("Signal (%v) received, stopping\n", s)
+	os.Exit(0)
 }
Author	SHA1	Message	Date
Niklas	c0a109466f	drone tag gitea release All checks were successful continuous-integration/drone/tag Build is passing Details	2020-12-30 17:15:02 +01:00
Niklas	7b412e404c	added blacklist line parser	2020-12-30 14:14:52 +01:00
Niklas	87d9dca1ce	removed unused function	2020-12-30 00:24:59 +01:00
Niklas	4ddaa5a4c0	improved blacklist parsing	2020-12-29 22:34:30 +01:00
Niklas	c995920b68	fixed typo in drone file All checks were successful continuous-integration/drone/tag Build is passing Details	2020-12-29 14:47:00 +01:00
Niklas	88a9ead27d	added drone file	2020-12-29 14:45:41 +01:00
Niklas	d77db9234e	moved handle of blacklist domains	2020-12-28 00:36:54 +01:00
Niklas	9bc041ca7e	implemented blacklist	2020-12-27 22:13:13 +01:00
Niklas	1771ca2a53	zoneparsing improvment and log newline	2020-12-26 21:56:51 +01:00
Niklas	0da61804f7	moved blocking wait	2020-12-26 21:34:11 +01:00
Niklas	5ce381f370	added config path as parameter	2020-12-26 21:31:50 +01:00