13 changed files with 393 additions and 690 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -5,7 +5,7 @@ steps:
 - name: build
  image: golang
  commands:
-  - go build cmd/cooldns.go
+  - go build
 - name: gitea_release
  image: plugins/gitea-release
@ -14,7 +14,7 @@ steps:
      from_secret: GITEA_API_KEY
    base_url: https://git.kapelle.org
    files:
-    - cooldns
+    - cool-dns
    checksum:
    - md5
    - sha1
@ -25,12 +25,6 @@ steps:
    event: 
    - tag
 - name: docker
  image: plugins/docker
  settings:
    repo: docker.kapelle.org/cooldns
    registry: docker.kapelle.org
 trigger:
  event:
  - tag
--- a/16
+++ b/16
@ -1,16 +0,0 @@
 FROM golang:alpine AS build
 WORKDIR /build
 COPY [ "go.mod", "go.sum", "./"]
 COPY internal ./internal
 COPY cmd ./cmd
 RUN go build -o cooldns cmd/cooldns.go
 FROM alpine:latest
 WORKDIR /app
 COPY --from=build /build/cooldns .
 ENTRYPOINT ["/app/cooldns"]
--- a/README.md
+++ b/README.md
@ -23,29 +23,10 @@ acl:                        # List of ip filter rules
 - name: local
  cidr: 127.0.0.1/32
 tls:
  enable: true              # Enable DNS over TLS
  address: 0.0.0.0:8853     # What address and port to liste for tls connections
  cert: cert.crt            # Path to the certificate file
  key: private.key          # Path to the private key file
 forward:
  acl:                      # What IPs are allowed
    - vpn
  server: "8.8.8.8:53"      # DNS server to forward to
 address: 0.0.0.0:8053       # What address and port to listen on
 blacklist:                  # What domains to block when forwarding
                            # URL of the blacklist
  - url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
    format: host            # Format of the blacklist: Hostfile
  - url: https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt
    format: line            # Format: One domain per line
 lego:                       # Support for Lego http provider. See https://go-acme.github.io/lego/dns/httpreq/
  enable: true
  address: :8080
  username: lego
  secret: "133742069ab"
 ```
--- a/internal/blacklist.go
+++ b/internal/blacklist.go
@ -1,4 +1,4 @@
-package cooldns
+package main
 import (
 	"errors"
@ -12,7 +12,7 @@ import (
 	"github.com/miekg/dns"
 )
-const blockTTL uint32 = 604800
+const blockTTL uint32 = 300
 var nullIPv4 = net.IPv4(0, 0, 0, 0)
 var nullIPv6 = net.ParseIP("::/0")
@ -69,7 +69,6 @@ func getBlacklistFromURL(url string) (*string, error) {
 	return &bodyString, err
 }
 // parseRawBlacklist parse the raw string depending on the given format
 func parseRawBlacklist(blacklist configBlacklist, raw string) []string {
 	switch blacklist.Format {
 	case "host":
@ -83,19 +82,19 @@ func parseRawBlacklist(blacklist configBlacklist, raw string) []string {
 	}
 }
 // parseHostFormat parse the string in the format of a hostfile
 func parseHostFormat(raw string) []string {
 	finalList := make([]string, 0)
-	reg := regexp.MustCompile(`(?m)^\s*(0\.0\.0\.0) ([a-zA-Z0-9-.]*)`)
+	reg := regexp.MustCompile(`(?mi)^\s*(#*)\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+([a-zA-Z0-9\.\- ]+)$`)
 	matches := reg.FindAllStringSubmatch(raw, -1)
 	for _, match := range matches {
-		finalList = append(finalList, dns.Fqdn(match[2]))
+		if match[1] != "#" {
 			finalList = append(finalList, dns.Fqdn(match[3]))
 		}
 	}
 	return finalList
 }
 // parseLineFormat one domain per line, ignore comments
 func parseLineFormat(raw string) []string {
 	list := make([]string, 0)
@ -114,7 +113,6 @@ func handleBlockedDomain(w dns.ResponseWriter, r *dns.Msg) {
 	m := new(dns.Msg)
 	m.SetReply(r)
 	if q.Qtype == dns.TypeA {
 		// Respond with 0.0.0.0
 		m.Answer = append(m.Answer, &dns.A{
 			Hdr: dns.RR_Header{
 				Name:   q.Name,
@ -125,7 +123,6 @@ func handleBlockedDomain(w dns.ResponseWriter, r *dns.Msg) {
 			A: nullIPv4,
 		})
 	} else if q.Qtype == dns.TypeAAAA {
 		// Respond with ::/0
 		m.Answer = append(m.Answer, &dns.AAAA{
 			Hdr: dns.RR_Header{
 				Name:   q.Name,
--- a/cmd/cooldns.go
+++ b/cmd/cooldns.go
@ -1,24 +0,0 @@
 package main
 import (
 	"flag"
 	"log"
 	"os"
 	"os/signal"
 	"syscall"
 	cooldns "git.kapelle.org/niklas/cool-dns/internal"
 )
 func main() {
 	configPath := flag.String("c", "/etc/cool-dns/config.yaml", "path to the config file")
 	flag.Parse()
 	cooldns.Start(*configPath)
 	sig := make(chan os.Signal)
 	signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
 	s := <-sig
 	log.Printf("Signal (%v) received, stopping\n", s)
 	os.Exit(0)
 }
--- a/exampleConfig.yml
+++ b/exampleConfig.yml
@ -5,7 +5,7 @@ zones:
 - zone: example.com.
  file: zonefile2.txt
  acl:
-    - vpn
+    - lan
 acl:
 - name: vpn
@ -22,20 +22,8 @@ forward:
 address: 0.0.0.0:8053
 tls:
  enable: false
  address: 0.0.0.0:8853
  cert: cert.crt
  key: private.key
 blacklist:
  - url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
    format: host
  - url: https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt
    format: line
 lego:
  enable: true
  address: :8080
  username: lego
  secret: "133742069ab"
--- a/coolDns.go
+++ b/coolDns.go
@ -0,0 +1,364 @@
 package main
 import (
 	"flag"
 	"io/ioutil"
 	"log"
 	"net"
 	"os"
 	"os/signal"
 	"strings"
 	"syscall"
 	"github.com/miekg/dns"
 	"gopkg.in/yaml.v3"
 )
 type zoneView struct {
 	rr  rrMap
 	acl []string
 }
 type zoneMap map[string][]zoneView
 type rrMap map[uint16]map[string][]dns.RR
 type config struct {
 	Zones     []configZone      `yaml:"zones"`
 	ACL       []configACL       `yaml:"acl"`
 	Forward   configForward     `yaml:"forward"`
 	Address   string            `yaml:"address"`
 	Blacklist []configBlacklist `yaml:"blacklist"`
 }
 type configForward struct {
 	ACL    []string `yaml:"acl"`
 	Server string   `yaml:"server"`
 }
 type configACL struct {
 	Name string `yaml:"name"`
 	CIDR string `yaml:"cidr"`
 }
 type configZone struct {
 	Zone string   `yaml:"zone"`
 	File string   `yaml:"file"`
 	ACL  []string `yaml:"acl"`
 }
 type configBlacklist struct {
 	URL    string `yaml:"url"`
 	Format string `yaml:"format"`
 }
 var anyRecordTypes = []uint16{
 	dns.TypeSOA,
 	dns.TypeA,
 	dns.TypeAAAA,
 	dns.TypeNS,
 	dns.TypeCNAME,
 	dns.TypeMX,
 	dns.TypeTXT,
 	dns.TypeSRV,
 	dns.TypeCAA,
 }
 func loadConfig(configPath string) (*config, error) {
 	file, err := ioutil.ReadFile(configPath)
 	if err != nil {
 		return nil, err
 	}
 	var loadedConfig config
 	err = yaml.Unmarshal(file, &loadedConfig)
 	if err != nil {
 		return nil, err
 	}
 	return &loadedConfig, nil
 }
 func loadZones(configZones []configZone) (zoneMap, error) {
 	zones := make(zoneMap)
 	for _, z := range configZones {
 		rrs, err := loadZonefile(z.File, z.Zone)
 		if err != nil {
 			return nil, err
 		}
 		if zones[z.Zone] == nil {
 			zones[z.Zone] = make([]zoneView, 0)
 		}
 		zones[z.Zone] = append(zones[z.Zone], zoneView{
 			rr:  createRRMap(rrs),
 			acl: z.ACL,
 		})
 		log.Printf("Loaded zone %s\n", z.Zone)
 	}
 	return zones, nil
 }
 func createRRMap(rrs []dns.RR) rrMap {
 	rrMap := make(rrMap)
 	for _, rr := range rrs {
 		if rrMap[rr.Header().Rrtype] == nil {
 			rrMap[rr.Header().Rrtype] = make(map[string][]dns.RR)
 		}
 		if rrMap[rr.Header().Rrtype][rr.Header().Name] == nil {
 			rrMap[rr.Header().Rrtype][rr.Header().Name] = make([]dns.RR, 0)
 		}
 		rrMap[rr.Header().Rrtype][rr.Header().Name] = append(rrMap[rr.Header().Rrtype][rr.Header().Name], rr)
 	}
 	return rrMap
 }
 func loadZonefile(filepath, origin string) ([]dns.RR, error) {
 	file, err := os.Open(filepath)
 	if err != nil {
 		return nil, err
 	}
 	parser := dns.NewZoneParser(file, origin, filepath)
 	var rrs = make([]dns.RR, 0)
 	for rr, ok := parser.Next(); ok; rr, ok = parser.Next() {
 		rrs = append(rrs, rr)
 	}
 	if err := parser.Err(); err != nil {
 		log.Println(err)
 	}
 	return rrs, nil
 }
 func createACLList(config []configACL) (map[string]*net.IPNet, error) {
 	acls := make(map[string]*net.IPNet)
 	for _, aclRule := range config {
 		_, mask, err := net.ParseCIDR(aclRule.CIDR)
 		if err != nil {
 			return nil, err
 		}
 		acls[aclRule.Name] = mask
 	}
 	return acls, nil
 }
 func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, blacklist map[string]bool) *dns.ServeMux {
 	srv := dns.NewServeMux()
 	c := new(dns.Client)
 	for zoneName, zones := range zones {
 		srv.HandleFunc(zoneName, func(w dns.ResponseWriter, r *dns.Msg) {
 			// Parse IP
 			remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
 			ip := net.ParseIP(remoteIP)
 			if err != nil && ip != nil {
 				log.Printf("Faild to parse remote IP WTF? :%s\n", err.Error())
 				return
 			}
 			// find out what view to handle the request
 			zoneIndex := -1
 			for i, zone := range zones {
 				if (len(zone.acl) == 0 && zoneIndex == -1) || checkACL(zone.acl, aclList, ip) {
 					zoneIndex = i
 				}
 			}
 			if zoneIndex == -1 {
 				rcodeRequest(w, r, dns.RcodeRefused)
 				return
 			}
 			handleRequest(w, r, zones[zoneIndex])
 		})
 	}
 	// Handle any other request
 	srv.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) {
 		remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
 		ip := net.ParseIP(remoteIP)
 		if err != nil && ip != nil {
 			log.Printf("Faild to parse remote IP WTF? :%s\n", err.Error())
 			return
 		}
 		// Check ACL rules
 		if !checkACL(config.Forward.ACL, aclList, ip) {
 			rcodeRequest(w, r, dns.RcodeRefused)
 			return
 		}
 		if _, ok := blacklist[r.Question[0].Name]; ok {
 			handleBlockedDomain(w, r)
 		} else {
 			// Forward request
 			in, _, err := c.Exchange(r, config.Forward.Server)
 			if err != nil {
 				rcodeRequest(w, r, dns.RcodeServerFailure)
 				return
 			}
 			w.WriteMsg(in)
 		}
 	})
 	return srv
 }
 func listenAndServer(server *dns.ServeMux, address string) {
 	go func() {
 		if err := dns.ListenAndServe(address, "udp", server); err != nil {
 			log.Fatalf("Failed to set udp listener %s\n", err.Error())
 		}
 	}()
 	go func() {
 		if err := dns.ListenAndServe(address, "tcp", server); err != nil {
 			log.Fatalf("Failed to set tcp listener %s\n", err.Error())
 		}
 	}()
 }
 func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool {
 	if len(alcRules) != 0 {
 		passed := false
 		for _, rule := range alcRules {
 			if aclList[rule].Contains(ip) {
 				passed = true
 			}
 		}
 		return passed
 	}
 	return true
 }
 func rcodeRequest(w dns.ResponseWriter, r *dns.Msg, rcode int) {
 	m := new(dns.Msg)
 	m.SetReply(r)
 	m.SetRcode(r, rcode)
 	w.WriteMsg(m)
 }
 func handleRequest(w dns.ResponseWriter, r *dns.Msg, zone zoneView) {
 	m := new(dns.Msg)
 	m.SetReply(r)
 	m.Authoritative = true
 	// maybe only support one question per query like most servers do it ???
 	for _, q := range r.Question {
 		rrs := zone.rr[q.Qtype]
 		// Handle ANY
 		if q.Qtype == dns.TypeANY {
 			for _, rrType := range anyRecordTypes {
 				m.Answer = append(m.Answer, zone.rr[rrType][q.Name]...)
 			}
 		} else {
 			// Handle any other type
 			m.Answer = append(m.Answer, rrs[q.Name]...)
 			// Check for wildcard
 			if len(m.Answer) == 0 {
 				parts := dns.SplitDomainName(q.Name)[1:]
 				searchDomain := "*." + dns.Fqdn(strings.Join(parts, "."))
 				foundDomain := rrs[searchDomain]
 				for _, rr := range foundDomain {
 					newRR := rr
 					newRR.Header().Name = q.Name
 					m.Answer = append(m.Answer, newRR)
 				}
 			}
 		}
 		// Handle extras
 		switch q.Qtype {
 		// Dont handle extra stuff when answering ANY request
 		// case dns.TypeANY:
 		// 	fallthrough
 		case dns.TypeMX:
 			// Resolve MX domains
 			for _, mxRR := range m.Answer {
 				if t, ok := mxRR.(*dns.MX); ok {
 					m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Mx]...)
 					m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Mx]...)
 				}
 			}
 		case dns.TypeA, dns.TypeAAAA:
 			if len(m.Answer) == 0 {
 				// no A or AAAA found. Look for CNAME
 				m.Answer = append(m.Answer, zone.rr[dns.TypeCNAME][q.Name]...)
 				if len(m.Answer) != 0 {
 					// Resolve CNAME
 					for _, nameRR := range m.Answer {
 						if t, ok := nameRR.(*dns.CNAME); ok {
 							m.Answer = append(m.Answer, zone.rr[q.Qtype][t.Target]...)
 						}
 					}
 				}
 			}
 		case dns.TypeNS:
 			// Resove NS records
 			for _, nsRR := range m.Answer {
 				if t, ok := nsRR.(*dns.NS); ok {
 					m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Ns]...)
 					m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Ns]...)
 				}
 			}
 		}
 	}
 	w.WriteMsg(m)
 }
 func main() {
 	configPath := flag.String("c", "/etc/cool-dns/config.yaml", "path to the config file")
 	flag.Parse()
 	config, err := loadConfig(*configPath)
 	if err != nil {
 		log.Fatalf("Failed to load config: %s\n", err.Error())
 	}
 	zones, err := loadZones(config.Zones)
 	if err != nil {
 		log.Fatalf("Failed to load zones: %s\n", err.Error())
 	}
 	aclList, err := createACLList(config.ACL)
 	if err != nil {
 		log.Fatalf("Failed to parse ACL rules: %s\n", err.Error())
 	}
 	blacklist := loadBlacklist(config.Blacklist)
 	server := createServer(zones, *config, aclList, blacklist)
 	listenAndServer(server, config.Address)
 	log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address)
 	sig := make(chan os.Signal)
 	signal.Notify(sig, syscall.SIGINT, syscall.SIGTERM)
 	s := <-sig
 	log.Printf("Signal (%v) received, stopping\n", s)
 	os.Exit(0)
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,11 +0,0 @@
 version: "3"
 services:
  cool-dns:
    build: .
    ports:
      - "53:53"
      - "53:53/udp"
      - "853:853"
      - "80:80"
    volumes:
      - ./docker:/etc/cool-dns/
--- a/internal/authoritative.go
+++ b/internal/authoritative.go
@ -1,136 +0,0 @@
 package cooldns
 import (
 	"strings"
 	"github.com/miekg/dns"
 )
 type rrMap map[uint16]map[string][]dns.RR
 // All record types to send when a ANY request is send
 var anyRecordTypes = []uint16{
 	dns.TypeSOA,
 	dns.TypeA,
 	dns.TypeAAAA,
 	dns.TypeNS,
 	dns.TypeCNAME,
 	dns.TypeMX,
 	dns.TypeTXT,
 	dns.TypeSRV,
 	dns.TypeCAA,
 }
 // handleRequest find the right RR(s) in the view and send them back
 func handleRequest(w dns.ResponseWriter, r *dns.Msg, zone zoneView) {
 	m := new(dns.Msg)
 	m.SetReply(r)
 	m.Authoritative = true
 	// Only support one question per query because all the other server also does that
 	if len(r.Question) != 1 {
 		rcodeRequest(w, r, dns.RcodeServerFailure)
 	}
 	q := r.Question[0]
 	rrs := zone.rr[q.Qtype]
 	// Handle ANY
 	if q.Qtype == dns.TypeANY {
 		for _, rrType := range anyRecordTypes {
 			m.Answer = append(m.Answer, zone.rr[rrType][q.Name]...)
 		}
 	} else {
 		// Handle any other type
 		m.Answer = append(m.Answer, rrs[q.Name]...)
 		// if no rr found yet
 		if len(m.Answer) == 0 {
 			// Check for wildcard
 			parts := dns.SplitDomainName(q.Name)[1:]
 			searchDomain := "*." + dns.Fqdn(strings.Join(parts, "."))
 			foundDomain := rrs[searchDomain]
 			for _, rr := range foundDomain {
 				newRR := rr
 				newRR.Header().Name = q.Name
 				m.Answer = append(m.Answer, newRR)
 			}
 		}
 	}
 	// Handle extras
 	switch q.Qtype {
 	// Dont handle extra stuff when answering ANY request
 	// case dns.TypeANY:
 	// 	fallthrough
 	case dns.TypeMX:
 		// Resolve MX domains
 		for _, mxRR := range m.Answer {
 			if t, ok := mxRR.(*dns.MX); ok {
 				m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Mx]...)
 				m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Mx]...)
 			}
 		}
 	case dns.TypeA, dns.TypeAAAA:
 		if len(m.Answer) == 0 {
 			// no A or AAAA found. Look for CNAME
 			m.Answer = append(m.Answer, zone.rr[dns.TypeCNAME][q.Name]...)
 			if len(m.Answer) != 0 {
 				// Resolve CNAME
 				for _, nameRR := range m.Answer {
 					if t, ok := nameRR.(*dns.CNAME); ok {
 						m.Answer = append(m.Answer, zone.rr[q.Qtype][t.Target]...)
 					}
 				}
 			} else {
 				// No direct A/AAAA or CNAME found. Check for CNAME wildcard
 				parts := dns.SplitDomainName(q.Name)[1:]
 				searchDomain := "*." + dns.Fqdn(strings.Join(parts, "."))
 				foundDomain := zone.rr[dns.TypeCNAME][searchDomain]
 				for _, rr := range foundDomain {
 					// Add CNAME to answer section
 					newRR := rr
 					newRR.Header().Name = q.Name
 					m.Answer = append(m.Answer, newRR)
 					// Add resolved CNAME to *also* to the answer section (bind does the same soo)
 					if t, ok := rr.(*dns.CNAME); ok {
 						m.Answer = append(m.Answer, zone.rr[dns.TypeA][t.Target]...)
 						m.Answer = append(m.Answer, zone.rr[dns.TypeAAAA][t.Target]...)
 					}
 				}
 			}
 		}
 	case dns.TypeNS:
 		// Resove NS records
 		for _, nsRR := range m.Answer {
 			if t, ok := nsRR.(*dns.NS); ok {
 				m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Ns]...)
 				m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Ns]...)
 			}
 		}
 	case dns.TypeCNAME:
 		// Resolve CNAME
 		for _, cnameRR := range m.Answer {
 			if t, ok := cnameRR.(*dns.CNAME); ok {
 				m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Target]...)
 				m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Target]...)
 			}
 		}
 	}
 	if len(m.Answer) == 0 {
 		var soa dns.RR
 		for _, v := range zone.rr[dns.TypeSOA] {
 			if len(v) == 1 {
 				soa = v[0]
 			}
 		}
 		if soa != nil {
 			m.Extra = append(m.Extra, soa)
 		}
 	}
 	w.WriteMsg(m)
 }
--- a/internal/config.go
+++ b/internal/config.go
@ -1,144 +0,0 @@
 package cooldns
 import (
 	"io/ioutil"
 	"log"
 	"net"
 	"os"
 	"github.com/miekg/dns"
 	"gopkg.in/yaml.v3"
 )
 // config format of the config file
 type config struct {
 	Zones     []configZone      `yaml:"zones"`
 	ACL       []configACL       `yaml:"acl"`
 	Forward   configForward     `yaml:"forward"`
 	Address   string            `yaml:"address"`
 	Blacklist []configBlacklist `yaml:"blacklist"`
 	TLS       configTLS         `yaml:"tls"`
 	Lego      configLego        `yaml:"lego"`
 }
 type configForward struct {
 	Enable bool     `yaml:"enable"`
 	ACL    []string `yaml:"acl"`
 	Server string   `yaml:"server"`
 }
 type configACL struct {
 	Name string `yaml:"name"`
 	CIDR string `yaml:"cidr"`
 }
 type configZone struct {
 	Zone string   `yaml:"zone"`
 	File string   `yaml:"file"`
 	ACL  []string `yaml:"acl"`
 }
 type configBlacklist struct {
 	URL    string `yaml:"url"`
 	Format string `yaml:"format"`
 }
 type configTLS struct {
 	Enable  bool   `yaml:"enable"`
 	Address string `yaml:"address"`
 	Cert    string `yaml:"cert"`
 	Key     string `yaml:"key"`
 }
 func loadConfig(configPath string) (*config, error) {
 	file, err := ioutil.ReadFile(configPath)
 	if err != nil {
 		return nil, err
 	}
 	var loadedConfig config
 	err = yaml.Unmarshal(file, &loadedConfig)
 	if err != nil {
 		return nil, err
 	}
 	return &loadedConfig, nil
 }
 func loadZones(configZones []configZone) (zoneMap, error) {
 	zones := make(zoneMap)
 	for _, z := range configZones {
 		rrs, err := loadZonefile(z.File, z.Zone)
 		if err != nil {
 			return nil, err
 		}
 		if zones[z.Zone] == nil {
 			zones[z.Zone] = make([]zoneView, 0)
 		}
 		zones[z.Zone] = append(zones[z.Zone], zoneView{
 			rr:  createRRMap(rrs),
 			acl: z.ACL,
 		})
 		log.Printf("Loaded zone %s\n", z.Zone)
 	}
 	return zones, nil
 }
 // createRRMap order the rr into a structure that is more easy to use
 func createRRMap(rrs []dns.RR) rrMap {
 	rrMap := make(rrMap)
 	for _, rr := range rrs {
 		if rrMap[rr.Header().Rrtype] == nil {
 			rrMap[rr.Header().Rrtype] = make(map[string][]dns.RR)
 		}
 		if rrMap[rr.Header().Rrtype][rr.Header().Name] == nil {
 			rrMap[rr.Header().Rrtype][rr.Header().Name] = make([]dns.RR, 0)
 		}
 		rrMap[rr.Header().Rrtype][rr.Header().Name] = append(rrMap[rr.Header().Rrtype][rr.Header().Name], rr)
 	}
 	return rrMap
 }
 func loadZonefile(filepath, origin string) ([]dns.RR, error) {
 	file, err := os.Open(filepath)
 	if err != nil {
 		return nil, err
 	}
 	parser := dns.NewZoneParser(file, origin, filepath)
 	var rrs = make([]dns.RR, 0)
 	for rr, ok := parser.Next(); ok; rr, ok = parser.Next() {
 		rrs = append(rrs, rr)
 	}
 	if err := parser.Err(); err != nil {
 		log.Println(err)
 	}
 	return rrs, nil
 }
 // createACLList create a map with the CIDR and the name of the rule
 func createACLList(config []configACL) (map[string]*net.IPNet, error) {
 	acls := make(map[string]*net.IPNet)
 	for _, aclRule := range config {
 		_, mask, err := net.ParseCIDR(aclRule.CIDR)
 		if err != nil {
 			return nil, err
 		}
 		acls[aclRule.Name] = mask
 	}
 	return acls, nil
 }
--- a/internal/cooldns.go
+++ b/internal/cooldns.go
@ -1,192 +0,0 @@
 package cooldns
 import (
 	"log"
 	"net"
 	"os"
 	"path/filepath"
 	"github.com/miekg/dns"
 )
 type zoneView struct {
 	rr  rrMap
 	acl []string
 }
 type zoneMap map[string][]zoneView
 // Start starts cooldns
 func Start(configPath string) {
 	config, err := loadConfig(configPath)
 	if err != nil {
 		log.Fatalf("Failed to load config: %s\n", err.Error())
 	}
 	err = os.Chdir(filepath.Dir(configPath))
 	if err != nil {
 		log.Fatalf("Failed to goto config dir: %s", err.Error())
 	}
 	zones, err := loadZones(config.Zones)
 	if err != nil {
 		log.Fatalf("Failed to load zones: %s\n", err.Error())
 	}
 	aclList, err := createACLList(config.ACL)
 	if err != nil {
 		log.Fatalf("Failed to parse ACL rules: %s\n", err.Error())
 	}
 	blacklist := loadBlacklist(config.Blacklist)
 	var acmeMap *legoMap
 	if config.Lego.Enable {
 		acmeMap = startLEGOWebSever(config.Lego)
 	}
 	server := createServer(zones, *config, aclList, blacklist, acmeMap)
 	listenAndServer(server, config.Address)
 	if config.TLS.Enable {
 		listenAndServerTLS(server, config.TLS.Address, config.TLS.Cert, config.TLS.Key)
 		log.Printf("Start listening on tcp %s for tls", config.TLS.Address)
 	}
 	log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address)
 }
 // createServer creates a new serve mux. Adds all the logic to handle the request
 func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, blacklist map[string]bool, acmeList *legoMap) *dns.ServeMux {
 	srv := dns.NewServeMux()
 	c := new(dns.Client)
 	// For all zones set from the config
 	for zoneName, zones := range zones {
 		srv.HandleFunc(zoneName, createHandler(zones, config, aclList, acmeList))
 	}
 	// Handle any other request for forwarding
 	srv.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) {
 		// Parse IP
 		remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
 		ip := net.ParseIP(remoteIP)
 		if err != nil && ip != nil {
 			log.Printf("Faild to parse remote IP WTF? :%s\n", err.Error())
 			return
 		}
 		// Check if it is a ACME DNS-01 challange
 		if config.Lego.Enable && handleACMERequest(w, r, acmeList) {
 			return
 		}
 		// Check ACL rules
 		if config.Forward.Enable && !checkACL(config.Forward.ACL, aclList, ip) {
 			rcodeRequest(w, r, dns.RcodeRefused)
 			return
 		}
 		// Check if the domain is bocked
 		if _, ok := blacklist[r.Question[0].Name]; ok {
 			handleBlockedDomain(w, r)
 		} else {
 			// Forward request
 			in, _, err := c.Exchange(r, config.Forward.Server)
 			if err != nil {
 				rcodeRequest(w, r, dns.RcodeServerFailure)
 				return
 			}
 			w.WriteMsg(in)
 		}
 	})
 	return srv
 }
 func listenAndServer(server *dns.ServeMux, address string) {
 	// Start UDP listner
 	go func() {
 		if err := dns.ListenAndServe(address, "udp", server); err != nil {
 			log.Fatalf("Failed to set udp listener %s\n", err.Error())
 		}
 	}()
 	// Start TCP listner
 	go func() {
 		if err := dns.ListenAndServe(address, "tcp", server); err != nil {
 			log.Fatalf("Failed to set tcp listener %s\n", err.Error())
 		}
 	}()
 }
 func listenAndServerTLS(server *dns.ServeMux, address, cert, key string) {
 	// Start TLS listner
 	go func() {
 		if err := dns.ListenAndServeTLS(address, cert, key, server); err != nil {
 			log.Fatalf("Failed to set DoT listener %s", err.Error())
 		}
 	}()
 }
 func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool {
 	if len(alcRules) != 0 {
 		passed := false
 		for _, rule := range alcRules {
 			if aclList[rule].Contains(ip) {
 				passed = true
 			}
 		}
 		return passed
 	}
 	return true
 }
 // rcodeRequest respond to a request with a response code
 func rcodeRequest(w dns.ResponseWriter, r *dns.Msg, rcode int) {
 	m := new(dns.Msg)
 	m.SetReply(r)
 	m.SetRcode(r, rcode)
 	w.WriteMsg(m)
 }
 func createHandler(zones []zoneView, config config, aclList map[string]*net.IPNet, acmeList *legoMap) func(w dns.ResponseWriter, r *dns.Msg) {
 	return func(w dns.ResponseWriter, r *dns.Msg) {
 		// Parse IP
 		remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
 		ip := net.ParseIP(remoteIP)
 		if err != nil && ip != nil {
 			log.Printf("Faild to parse remote IP WTF? :%s\n", err.Error())
 			return
 		}
 		// Check if it is a ACME DNS-01 challange
 		if config.Lego.Enable && handleACMERequest(w, r, acmeList) {
 			return
 		}
 		// find out what view to handle the request
 		zoneIndex := -1
 		for i, zone := range zones {
 			if (len(zone.acl) == 0 && zoneIndex == -1) || checkACL(zone.acl, aclList, ip) {
 				zoneIndex = i
 			}
 		}
 		// No view found that can handle the request
 		if zoneIndex == -1 {
 			rcodeRequest(w, r, dns.RcodeRefused)
 			return
 		}
 		handleRequest(w, r, zones[zoneIndex])
 	}
 }
--- a/internal/lego.go
+++ b/internal/lego.go
@ -1,118 +0,0 @@
 package cooldns
 import (
 	"encoding/json"
 	"log"
 	"net/http"
 	"github.com/miekg/dns"
 )
 // See https://go-acme.github.io/lego/dns/httpreq/
 type configLego struct {
 	Enable   bool   `yaml:"enable"`
 	Address  string `yaml:"address"`
 	Username string `yaml:"username"`
 	Secret   string `yaml:"secret"`
 }
 type legoPresent struct {
 	Fqdn  string `json:"fqdn"`
 	Value string `json:"value"`
 }
 type legoMap map[string]string
 func startLEGOWebSever(config configLego) *legoMap {
 	mux := http.NewServeMux()
 	acmeMap := make(legoMap)
 	mux.HandleFunc("/present", func(rw http.ResponseWriter, r *http.Request) {
 		if !checkBasicAuth(r, config) {
 			rw.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 		var presentData legoPresent
 		err := json.NewDecoder(r.Body).Decode(&presentData)
 		defer r.Body.Close()
 		if err != nil {
 			log.Printf("Failed to parse request for ACME: %s", err.Error())
 		}
 		acmeMap[presentData.Fqdn] = presentData.Value
 		rw.WriteHeader(http.StatusOK)
 	})
 	mux.HandleFunc("/cleanup", func(rw http.ResponseWriter, r *http.Request) {
 		if !checkBasicAuth(r, config) {
 			rw.WriteHeader(http.StatusUnauthorized)
 			return
 		}
 		for k := range acmeMap {
 			delete(acmeMap, k)
 		}
 		rw.WriteHeader(http.StatusOK)
 	})
 	go func() {
 		if err := http.ListenAndServe(config.Address, mux); err != nil {
 			log.Fatalf("Failed to start Webserver for LEGO: %s\n", err.Error())
 		}
 	}()
 	log.Printf("Startet webserver on %s", config.Address)
 	return &acmeMap
 }
 func checkBasicAuth(r *http.Request, config configLego) bool {
 	if config.Username != "" && config.Secret != "" {
 		u, p, ok := r.BasicAuth()
 		if !ok {
 			return false
 		}
 		if u == config.Username && p == config.Secret {
 			return true
 		}
 		log.Printf("Failed lego authentication")
 		return false
 	}
 	return true
 }
 func handleACMERequest(w dns.ResponseWriter, r *dns.Msg, acmeMap *legoMap) bool {
 	if len(r.Question) == 1 {
 		if r.Question[0].Qtype == dns.TypeTXT && r.Question[0].Qclass == dns.ClassINET {
 			if value, ok := (*acmeMap)[r.Question[0].Name]; ok {
 				m := new(dns.Msg)
 				m.SetReply(r)
 				m.Answer = append(m.Answer, &dns.TXT{
 					Hdr: dns.RR_Header{
 						Name:   r.Question[0].Name,
 						Rrtype: dns.TypeTXT,
 						Class:  dns.ClassINET,
 						Ttl:    0,
 					},
 					Txt: []string{value},
 				})
 				w.WriteMsg(m)
 				return true
 			}
 		}
 	}
 	return false
 }
--- a/zonefile.txt
+++ b/zonefile.txt
@ -0,0 +1,20 @@
 $ORIGIN example.com.     ; designates the start of this zone file in the namespace
 $TTL 3600                ; default expiration time (in seconds) of all RRs without their own TTL value
 example.com.  IN  SOA   ns.example.com. username.example.com. ( 2020091025 7200 3600 1209600 3600 )
 example.com.  IN  NS    ns                    ; ns.example.com is a nameserver for example.com
 example.com.  IN  NS    ns.somewhere.example. ; ns.somewhere.example is a backup nameserver for example.com
 example.com.  IN  MX    10 mail.example.com.  ; mail.example.com is the mailserver for example.com
@             IN  MX    20 mail2.example.com. ; equivalent to above line, "@" represents zone origin
@             IN  MX    50 mail3              ; equivalent to above line, but using a relative host name
 example.com.  IN  A     192.0.2.1             ; IPv4 address for example.com
 example.com.  IN  A     192.0.3.1             ; IPv4 address for example.com
              IN  AAAA  2001:db8:10::1        ; IPv6 address for example.com
 ns            IN  A     192.0.2.2             ; IPv4 address for ns.example.com
              IN  AAAA  2001:db8:10::2        ; IPv6 address for ns.example.com
 www           IN  CNAME example.com.          ; www.example.com is an alias for example.com
 wwwtest       IN  CNAME www                   ; wwwtest.example.com is another alias for www.example.com
 mail          IN  A     192.0.2.3             ; IPv4 address for mail.example.com
 mail2         IN  A     192.0.2.4             ; IPv4 address for mail2.example.com
 mail3         IN  A     192.0.2.5             ; IPv4 address for mail3.example.com
 *.www         IN  A     192.1.0.1
 a.www         IN  A     192.1.0.11