Ignoring RFC 1918 addresses for ControlD upstream

2026-02-03 22:18:39 +00:00 · 2023-08-01 04:10:20 +00:00
parent 0dee7518c4
commit e1d078a2c3
2 changed files with 17 additions and 3 deletions
--- a/config.go
+++ b/config.go
@@ -343,9 +343,23 @@ func (uc *UpstreamConfig) SetupBootstrapIP() {
 // SetupBootstrapIP manually find all available IPs of the upstream.
 // The first usable IP will be used as bootstrap IP of the upstream.
 func (uc *UpstreamConfig) setupBootstrapIP(withBootstrapDNS bool) {
-	b := backoff.NewBackoff("setupBootstrapIP", func(format string, args ...any) {}, 2*time.Second)
+	b := backoff.NewBackoff("setupBootstrapIP", func(format string, args ...any) {}, 10*time.Second)
+	isControlD := uc.isControlD()
 	for {
 		uc.bootstrapIPs = lookupIP(uc.Domain, uc.Timeout, withBootstrapDNS)
+		// For ControlD upstream, the bootstrap IPs could not be RFC 1918 addresses,
+		// filtering them out here to prevent weird behavior.
+		if isControlD {
+			n := 0
+			for _, ip := range uc.bootstrapIPs {
+				netIP := net.ParseIP(ip)
+				if netIP != nil && !netIP.IsPrivate() {
+					uc.bootstrapIPs[n] = ip
+					n++
+				}
+			}
+			uc.bootstrapIPs = uc.bootstrapIPs[:n]
+		}
 		if len(uc.bootstrapIPs) > 0 {
 			break
 		}
--- a/resolver.go
+++ b/resolver.go
@@ -177,12 +177,12 @@ func lookupIP(domain string, timeout int, withBootstrapDNS bool) (ips []string)
 	ipFromRecord := func(record dns.RR, target string) string {
 		switch ar := record.(type) {
 		case *dns.A:
-			if ar.Hdr.Name != target {
+			if ar.Hdr.Name != target || len(ar.A) == 0 {
 				return ""
 			}
 			return ar.A.String()
 		case *dns.AAAA:
-			if ar.Hdr.Name != target {
+			if ar.Hdr.Name != target || len(ar.AAAA) == 0 {
 				return ""
 			}
 			return ar.AAAA.String()