From 28984090e537699103c00ddabbb8b51916e99cb7 Mon Sep 17 00:00:00 2001
From: Cuong Manh Le <cuong@windscribe.com>
Date: Thu, 18 Jan 2024 18:55:42 +0700
Subject: [PATCH] internal/router: report error if DNS shield is enabled in
 UniFi OS

---
 internal/router/edgeos/edgeos.go | 19 +++++++++++++++++++
 internal/router/ubios/ubios.go   |  4 ++++
 2 files changed, 23 insertions(+)

diff --git a/internal/router/edgeos/edgeos.go b/internal/router/edgeos/edgeos.go
index df7b57b..2e229ac 100644
--- a/internal/router/edgeos/edgeos.go
+++ b/internal/router/edgeos/edgeos.go
@@ -20,11 +20,15 @@ const (
 	usgDNSMasqConfigPath       = "/etc/dnsmasq.conf"
 	usgDNSMasqBackupConfigPath = "/etc/dnsmasq.conf.bak"
 	toggleContentFilteringLink = "https://community.ui.com/questions/UDM-Pro-disable-enable-DNS-filtering/e2cc4060-e56a-4139-b200-62d7f773ff8f"
+	toggleDnsShieldLink        = "https://community.ui.com/questions/UniFi-OS-3-2-7-DNS-Shield-Missing/d3a85905-4ce0-4fe4-8bf0-6cb04f21371d"
 )
 
 var ErrContentFilteringEnabled = fmt.Errorf(`the "Content Filtering" feature" is enabled, which is conflicted with ctrld.\n
 To disable it, folowing instruction here: %s`, toggleContentFilteringLink)
 
+var ErrDnsShieldEnabled = fmt.Errorf(`the "DNS Shield" feature" is enabled, which is conflicted with ctrld.\n
+To disable it, folowing screenshot here: %s`, toggleDnsShieldLink)
+
 type EdgeOS struct {
 	cfg   *ctrld.Config
 	isUSG bool
@@ -50,6 +54,11 @@ func (e *EdgeOS) Install(_ *service.Config) error {
 	if ContentFilteringEnabled() {
 		return ErrContentFilteringEnabled
 	}
+	// If "DNS Shield" is enabled, UniFi OS will spawn dnscrypt-proxy process, and route all DNS queries to it. So
+	// reporting an error and guiding users to disable the feature using UniFi OS web UI.
+	if DnsShieldEnabled() {
+		return ErrDnsShieldEnabled
+	}
 	return nil
 }
 
@@ -169,6 +178,16 @@ func ContentFilteringEnabled() bool {
 	return err == nil && !st.IsDir()
 }
 
+// DnsShieldEnabled reports whether DNS Shield is enabled.
+// See: https://community.ui.com/releases/UniFi-OS-Dream-Machines-3-2-7/251dfc1e-f4dd-4264-a080-3be9d8b9e02b
+func DnsShieldEnabled() bool {
+	buf, err := os.ReadFile("/var/run/dnsmasq.conf.d/dns.conf")
+	if err != nil {
+		return false
+	}
+	return bytes.Contains(buf, []byte("server=127.0.0.1#5053"))
+}
+
 func LeaseFileDir() string {
 	if checkUSG() {
 		return ""
diff --git a/internal/router/ubios/ubios.go b/internal/router/ubios/ubios.go
index 6513657..a1f0b6c 100644
--- a/internal/router/ubios/ubios.go
+++ b/internal/router/ubios/ubios.go
@@ -36,6 +36,10 @@ func (u *Ubios) Install(config *service.Config) error {
 	if edgeos.ContentFilteringEnabled() {
 		return edgeos.ErrContentFilteringEnabled
 	}
+	// See comment in (*edgeos.EdgeOS).Install method.
+	if edgeos.DnsShieldEnabled() {
+		return edgeos.ErrDnsShieldEnabled
+	}
 	return nil
 }