Change the format of how IP addresses are specified

5 years ago · 0b76ef2cce
parent 4dbdfaca5c
commit 0b76ef2cce
5 changed files with 61 additions and 17 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -3,7 +3,7 @@ name = "encrypted-dns"
 version = "0.1.6"
 authors = ["Frank Denis <github@pureftpd.org>"]
 edition = "2018"
-description = "A modern encrypted DNS server (DNSCrypt, Anonymized DNSCrypt, DoH)"
+description = "A modern encrypted DNS server (DNSCrypt v2, Anonymized DNSCrypt, DoH)"
 keywords = ["dnscrypt", "encryption", "dns", "doh", "proxy"]
 license = "MIT"
 homepage = "https://github.com/jedisct1/encrypted-dns-server"
@ -13,13 +13,13 @@ readme = "README.md"

 [dependencies]
 byteorder = "1.3.2"
-clap = { version="2.33.0", features=["wrap_help", "nightly"] }
+clap = { version="2.33.0", default-features = false, features=["wrap_help", "nightly"] }
 clockpro-cache = "0.1.8"
 coarsetime = "0.1.11"
 daemonize-simple = "0.1.2"
 derivative = "1.0.3"
 dnsstamps = "0.1.1"
-env_logger = "0.6.2"
+env_logger = { version="0.6.2", default-features = false, features = ["humantime"]}
 failure = "0.1.5"
 futures-preview = { version = "=0.3.0-alpha.18", features = ["async-await", "nightly", "cfg-target-has-atomic"] }
 jemallocator = "0.3.2"
--- a/README.md
+++ b/README.md
@ -57,7 +57,9 @@ That resolver can run locally and only respond to `127.0.0.1`. External resolver

 In order to support DoH in addition to DNSCrypt, a DoH proxy must be running as well. [rust-doh](https://github.com/jedisct1/rust-doh) is the recommended DoH proxy server. DoH support is optional, as it is currently way more complicated to setup than DNSCrypt due to certificate management.

-Review the [`encrypted-dns.toml`](https://raw.githubusercontent.com/jedisct1/encrypted-dns-server/master/encrypted-dns.toml) configuration file. This is where all the parameters can be configured, including the IP addresses to listen to. You should probably at least change the `provider_name` setting.
+Review the [`encrypted-dns.toml`](https://raw.githubusercontent.com/jedisct1/encrypted-dns-server/master/encrypted-dns.toml) configuration file. This is where all the parameters can be configured, including the IP addresses to listen to.
+
+You should probably at least change the `listen_addresses` and `provider_name` settings.

 Start the proxy. It will automatically create a new provider key pair if there isn't any.

--- a/encrypted-dns.toml
+++ b/encrypted-dns.toml
@ -11,10 +11,14 @@
 ##################################


-## IP addresses and ports to listen to
-
-listen_addrs = ["0.0.0.0:443", "[::1]:4443"]
+## IP addresses and ports to listen to, as well as their external IP
+## If there is no NAT involved, `local` and `external` can be the same.
+## As many addresses as needed can be configured here, IPv4 and/or IPv6.

+listen_addrs = [
+    { local = "0.0.0.0:443",    external = "198.51.100.1:443" },
+    { local = "[::]:443",       external = "[2001:db8::1]:443" }
+]

 ## IP address to connect to upstream servers from

@ -114,6 +118,21 @@ daemonize = false
 provider_name = "secure.dns.test"


+## Does the server support DNSSEC?
+
+dnssec = true
+
+
+## Does the server always returns correct answers (no filtering, including ad blocking)?
+
+no_filters = true
+
+
+## Set to `true` if the server doesn't keep any information that can be used to identify users
+
+no_logs = true
+
+
 ## Key cache capacity, per certificate

 key_cache_capacity = 10000
--- a/src/config.rs
+++ b/src/config.rs
@ -13,6 +13,9 @@ use tokio::prelude::*;
 pub struct DNSCryptConfig {
    pub provider_name: String,
    pub key_cache_capacity: usize,
+    pub dnssec: bool,
+    pub no_filters: bool,
+    pub no_logs: bool,
 }

 #[derive(Serialize, Deserialize, Debug)]
@ -20,9 +23,15 @@ pub struct TLSConfig {
    pub upstream_addr: Option<SocketAddr>,
 }

+#[derive(Serialize, Deserialize, Debug)]
+pub struct ListenAddrConfig {
+    pub local: SocketAddr,
+    pub external: SocketAddr,
+}
+
 #[derive(Serialize, Deserialize, Debug)]
 pub struct Config {
-    pub listen_addrs: Vec<SocketAddr>,
+    pub listen_addrs: Vec<ListenAddrConfig>,
    pub external_addr: IpAddr,
    pub upstream_addr: SocketAddr,
    pub state_file: PathBuf,
--- a/src/main.rs
+++ b/src/main.rs
@ -388,6 +388,12 @@ fn main() -> Result<(), Error> {
                .takes_value(true)
                .help("Path to the dnscrypt-wrapper secret key"),
        )
+        .arg(
+            Arg::with_name("dry-run")
+                .long("dry-run")
+                .takes_value(false)
+                .help("Only print the connection information and quit"),
+        )
        .get_matches();

    let config_path = matches.value_of("config").unwrap();
@ -448,21 +454,29 @@ fn main() -> Result<(), Error> {
    };
    let provider_kp = state.provider_kp;
    for listen_addr_s in &config.listen_addrs {
-        info!("Server address: {}", listen_addr_s);
+        info!("Public server address: {}", listen_addr_s.external);
        info!("Provider public key: {}", provider_kp.pk.as_string());
        info!("Provider name: {}", provider_name);
-        let stamp = dnsstamps::DNSCryptBuilder::new(dnsstamps::DNSCryptProvider::new(
+        let mut stamp = dnsstamps::DNSCryptBuilder::new(dnsstamps::DNSCryptProvider::new(
            provider_name.clone(),
            provider_kp.pk.as_bytes().to_vec(),
        ))
-        .with_addr(listen_addr_s.to_string())
-        .with_informal_property(InformalProperty::DNSSEC)
-        .with_informal_property(InformalProperty::NoFilters)
-        .with_informal_property(InformalProperty::NoLogs)
-        .serialize()
-        .unwrap();
+        .with_addr(listen_addr_s.external.to_string());
+        if config.dnscrypt.dnssec {
+            stamp = stamp.with_informal_property(InformalProperty::DNSSEC);
+        }
+        if config.dnscrypt.no_filters {
+            stamp = stamp.with_informal_property(InformalProperty::NoFilters);
+        }
+        if config.dnscrypt.no_logs {
+            stamp = stamp.with_informal_property(InformalProperty::NoLogs);
+        }
+        let stamp = stamp.serialize().unwrap();
        info!("DNS Stamp: {}", stamp);
    }
+    if matches.is_present("dry-run") {
+        return Ok(());
+    }
    let dnscrypt_encryption_params_set = state
        .dnscrypt_encryption_params_set
        .into_iter()
@ -488,7 +502,7 @@ fn main() -> Result<(), Error> {
        ))),
        provider_name,
        provider_kp,
-        listen_addrs: config.listen_addrs,
+        listen_addrs: config.listen_addrs.iter().map(|x| x.local).collect(),
        upstream_addr: config.upstream_addr,
        tls_upstream_addr: config.tls.upstream_addr,
        external_addr,