From af22d59ce8cc2298cd1e645715a82e931af7cea9 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sun, 22 Dec 2019 00:50:09 +0100
Subject: [PATCH] Add an option to disable DNSCrypt, and do only TLS and
 relaying

---
 src/config.rs  | 1 +
 src/globals.rs | 1 +
 src/main.rs    | 6 +++++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/config.rs b/src/config.rs
index 33ff323..a59249a 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -27,6 +27,7 @@ pub struct MetricsConfig {
 
 #[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct DNSCryptConfig {
+    pub enabled: Option<bool>,
     pub provider_name: String,
     pub key_cache_capacity: usize,
     pub dnssec: bool,
diff --git a/src/globals.rs b/src/globals.rs
index 761728c..21e36ce 100644
--- a/src/globals.rs
+++ b/src/globals.rs
@@ -43,6 +43,7 @@ pub struct Globals {
     pub blacklist: Option<BlackList>,
     pub undelegated_list: Option<BlackList>,
     pub ignore_unqualified_hostnames: bool,
+    pub dnscrypt_enabled: bool,
     pub anonymized_dns_enabled: bool,
     pub anonymized_dns_allowed_ports: Vec<u16>,
     pub anonymized_dns_allow_non_reserved_ports: bool,
diff --git a/src/main.rs b/src/main.rs
index a293803..c14c01c 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -181,6 +181,9 @@ async fn handle_client_query(
         )
         .await;
     }
+    if !globals.dnscrypt_enabled {
+        return Ok(());
+    }
     let mut dnscrypt_encryption_params_set = vec![];
     for params in &**globals.dnscrypt_encryption_params_set.read() {
         dnscrypt_encryption_params_set.push((*params).clone())
@@ -490,7 +493,7 @@ fn main() -> Result<(), Error> {
 
     let config_path = matches.value_of("config").unwrap();
     let config = Config::from_path(config_path)?;
-
+    let dnscrypt_enabled = config.dnscrypt.enabled.unwrap_or(true);
     let provider_name = match &config.dnscrypt.provider_name {
         provider_name if provider_name.starts_with("2.dnscrypt-cert.") => provider_name.to_string(),
         provider_name => format!("2.dnscrypt-cert.{}", provider_name),
@@ -678,6 +681,7 @@ fn main() -> Result<(), Error> {
         blacklist,
         undelegated_list,
         ignore_unqualified_hostnames,
+        dnscrypt_enabled,
         anonymized_dns_enabled,
         anonymized_dns_allowed_ports,
         anonymized_dns_allow_non_reserved_ports,