Make RFC1918 listener spawning opt-in via --rfc1918 flag instead of automatic behavior.
This allows users to explicitly control when ctrld listens on private network addresses
to receive DNS queries from LAN clients, improving security and configurability.
Refactor network interface detection to better distinguish between physical and virtual
interfaces, ensuring only real hardware interfaces are used for RFC1918 address binding.
In v1.4.3, ControlD bootstrap DNS is used again for bootstrapping
process. When this happened, the default system nameservers will be
retrieved first, then ControlD DNS will be used if none available.
However, getting default system nameservers process may take longer than
reloading command timeout, causing invalid error message printed.
To fix this, ensuring default system nameservers is retrieved once.
For cached or singleflight messages, the edns0 cookie is currently
shared among all of them, causing mismatch cookie warning from clients.
The ctrld proxy should re-set client cookies for each request
separately, even though they use the same shared answer.
To guard ctrld from possible DoS to remote upstreams, this commit
implements following things:
- Optimizing multiple queries with the same domain and qtype to use
singleflight group, so there's only 1 query to remote upstreams at
any time.
- Adding a hot cache with 1 second TTL, so repeated queries will re-use
the result from cache if existed, preventing unnecessary requests to
remote upstreams.
As part of v1.4.0 release, reading DNS from /etc/resolv.conf file is
only available for Macos. However, there's no reason to prevent this
function from working on other *nix systems.
This commit unify the function to *nix, so it could be added as DNS
source for Linux and Freebsd.
So on system where there's no available DNS, non-ControlD upstreams
could be bootstrapped like before.
While at it, also improving lookupIP to not initializing OS resolver
anymore, removing the un-necessary contention for accquiring/releasing
OS resolver mutex.
postRun should not restore static settings
put back validInterface check
better debug logs for os resolver init, use mutex to prevent duplicate initializations
use WMI instead of registry keys for static DNS data on Windows
use WMI instead of registry keys for static DNS data on Windows
use winipcfg DNS method
use WMI with registry fallback
go back to registry method
restore saved static configs on stop and uninstall
restore ipv6 DHCP if no saved static ipv6 addresses
do not save loopback IPs for static configs
handle watchdog interface changed for new interfaces
dont overwrite static file on start when staticdns is set to loopback
dont overwrite static file on start when staticdns is set to loopback
dont overwrite static file on start when staticdns is set to loopback
no need to resetDNS on start, uninstall already takes care of this
fix bad logger usages
patch darwin interface name
patch darwin interface name, debugging
make resetDNS check for static config on startup, optionally restoring static confiration as needed
fix netmon logging
os resolver debugging improvement
use first public non success answer when no LAN nameservers exist
use first public non success answer when no LAN nameservers exist
fix the os resolver test
debugging
debugging
debugging
debugging
use default route interface IP for OS resolver queries
remove retries
fix resolv.conf clobbering on MacOS, set custom local addr for os resolver queries
remove the client info discovery logic on network change, this was overkill just for the IP, and was causing service failure after switching networks many times rapidly
handle ipv6 local addresses
guard ciTable from nil pointer
debugging failure count
flush dns cache, manually hit captive portal on MacOS
fix real ip in debug log
treat all upstreams as down upon network change
delay upstream checks when leaking queries on network changes
set service on new run, fix duplicate args
set service on new run, fix duplicate args
revert startCmd in upgrade flow due to pin compat issues
make restart reset DNS like upgrade, add debugging to uninstall method
debugging
debugging
debugging
debugging
debugging WMI
remove stackexchange lib, use ms wmi pkg
debugging
debugging
set correct class
fix os reolver init issues
fix netadapter class
use os resolver instead of fetching default nameservers while already running
remove debug lines
fix lookup IP
fix lookup IP
fix lookup IP
fix lookup IP
fix dns namserver retries when not needed
fix logging
fix logging
try to enable nameserver logs
try to enable nameserver logs
handle flags in interface state changes
debugging
debugging
debugging
fix state detection, AD status fix
fix debugging line
more dc info
always log state changes
remove unused method
windows AD IP discovery
windows AD IP discovery
windows AD IP discovery
For normal OS resolver, ctrld does not use local addresses as nameserver
to avoid possible looping. However, on AD environment with local DNS
running, AD queries must be sent to the local DNS server for proper
resolving.
fix test
use upstreamIS var
init map, fix watcher flag
attempt to detect network changes
attempt to detect network changes
cancel and rerun reinitializeOSResolver
cancel and rerun reinitializeOSResolver
cancel and rerun reinitializeOSResolver
ignore invalid inferaces
ignore invalid inferaces
allow OS resolver upstream to fail
dont wait for dnsWait group on reinit, check for active interfaces to trigger reinit
fix unused var
simpler active iface check, debug logs
dont spam network service name patching on Mac
dont wait for os resolver nameserver testing
remove test for osresovlers for now
async nameserver testing
remove unused test
smol tweaks to nameserver test queries
fix restoreDNS errors
add some debugging information
fix wront type in log msg
set send logs command timeout to 5 mins
when the runningIface is no longer up, attempt to find a new interface
prefer default route, ignore non physical interfaces
prefer default route, ignore non physical interfaces
add max context timeout on performLeakingQuery with more debug logs
With new leaking queries features, the initialization of OS resolver can
now lead to data race if queries are resolving while re-initialization
happens.
To fix it, using an atomic pointer to store list of nameservers which
were initialized, making read/write to the list concurrently safe.
There are several issues with OS resolver right now:
- The list of nameservers are obtained un-conditionally from all
running interfaces.
- ControlD public DNS query is always be used if response ok.
This could lead to slow query time, and also incorrect result if a
domain is resolved differently between internal DNS and ControlD public
DNS.
To fix these problems:
- While initializing OS resolver, sending a test query to the
nameserver to ensure it will response. Unreachable nameserver will
not be used.
- Only use ControlD public DNS success response as last one, preferring
ok response from internal DNS servers.
While at it, also using standard package slices, since ctrld now
requires go1.21 as the minimum version.
Since the OS resolver only returns response with NOERROR first, it's
safe to use ControlD public DNS in parallel with system DNS. Local
domains would resolve only though local resolvers, because public ones
will return NXDOMAIN response.
By making dnsFromAdapter ignores DNS server which is the same IP address
of the adapter.
While at it, also changes OS resolver to use ctrld bootstrap DNS only if
there's no available nameservers.
By attempting to reset DNS before starting new ctrld process. This way,
ctrld will read the correct system DNS settings before changing itself.
While at it, some optimizations are made:
- "ctrld start" won't set DNS anymore, since "ctrld run" has already did
this, start command could just query socket control server and emittin
proper message to users.
- The gateway won't be included as nameservers on Windows anymore,
since the GetAdaptersAddresses Windows API always returns the correct
DNS servers of the interfaces.
- The nameservers list that OS resolver is using will be shown during
ctrld startup, making it easier for debugging.
The default gateway is usually the DNS server in normal home network
setup for most users. However, there's case that it is not, causing
discover ptr failed.
This commit add discover_ptr_endpoints config parameter, so users can
define what DNS nameservers will be used.
