Skip to content

Commit

Permalink
dns: make blocky config fully customizable (#1311)
Browse files Browse the repository at this point in the history
BeryJu authored Nov 23, 2024
1 parent e243211 commit 6dfd3dc
Showing 2 changed files with 70 additions and 20 deletions.
36 changes: 35 additions & 1 deletion docs/content/docs/dns/zones.md
Original file line number Diff line number Diff line change
@@ -81,6 +81,10 @@ Forward queries to another DNS server via Blocky for advert/privacy blocking.
Defaults to 0. Attempts to cache for the TTL of the response.
Set to -1 to never cache, and set to -2 to cache without a TTL.

- `config`: Optional Blocky configuration as string. (Requires Gravity 0.15.0)

See [here](https://0xerr0r.github.io/blocky/main/configuration/) for a reference configuration file and options that can be configured.

- `blocklists`: List of blocklists to load.
- `allowlists`: List of allowlists to load.

@@ -101,6 +105,9 @@ Forward queries to another DNS server via Blocky for advert/privacy blocking.

##### Example

{{< tabpane text=true >}}
{{% tab header="Customized options" lang="en" %}}

```yaml
- type: forward_blocky
to: 8.8.8.8
@@ -110,6 +117,33 @@ Forward queries to another DNS server via Blocky for advert/privacy blocking.
- exception.com
```

{{% /tab %}}
{{% tab header="Full custom config" lang="en" %}}

```yaml
- type: forward_blocky
# Non-exhaustive Blocky configuration, this is just an example to show the usage of `config:`
config: |
upstreams:
init:
# Configure startup behavior.
# accepted: blocking, failOnError, fast
# default: blocking
strategy: fast
groups:
# these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
# format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
# this configuration is mandatory, please define at least one external DNS resolver
default:
# example for tcp+udp IPv4 server (https://digitalcourage.de/)
- 5.9.164.112
# Cloudflare
- 1.1.1.1
```
{{% /tab %}}
{{< /tabpane >}}
### `coredns`

Resolve queries by using a variety of CoreDNS Plugins. See [here](https://coredns.io/plugins/) for all plugins.
@@ -120,7 +154,7 @@ Resolve queries by using a variety of CoreDNS Plugins. See [here](https://coredn

Example:

```
```caddy
.:1053 {
whoami
}
54 changes: 35 additions & 19 deletions pkg/roles/dns/handler_forward_blocky.go
Original file line number Diff line number Diff line change
@@ -13,6 +13,7 @@ import (
"github.com/getsentry/sentry-go"
"github.com/sirupsen/logrus"
"go.uber.org/zap"
"gopkg.in/yaml.v2"

"github.com/0xERR0R/blocky/config"
blockylog "github.com/0xERR0R/blocky/log"
@@ -85,7 +86,9 @@ func (bfwd *BlockyForwarder) Identifier() string {
return BlockyForwarderType
}

func (bfwd *BlockyForwarder) getConfig() (*config.Config, error) {
// Generate the configuration for Blocky based on parameters specified.
// Used if no full custom config is specified
func (bfwd *BlockyForwarder) generateConfig(cfg *config.Config) error {
forwarders := []string{}
switch v := bfwd.c["to"].(type) {
case string:
@@ -123,25 +126,9 @@ func (bfwd *BlockyForwarder) getConfig() (*config.Config, error) {
if all, ok := bfwd.c["allowlists"]; ok {
allowLists = bfwd.getLists(all)
}

cfg := config.Config{}
err := defaults.Set(&cfg)
if err != nil {
return nil, fmt.Errorf("failed to set config defaults: %w", err)
}
// Blocky uses a custom registry, so this doesn't work as expected
// cfg.Prometheus.Enable = true
cfg.Log.Level = logrus.DebugLevel
cfg.QueryLog.Type = config.QueryLogTypeConsole
if !extconfig.Get().Debug {
cfg.Log.Format = blockylog.FormatTypeJson
// Only log errors from blocky to prevent double-logging all queries
cfg.Log.Level = logrus.FatalLevel
cfg.QueryLog.Type = config.QueryLogTypeNone
}
bootstrap, err := netip.ParseAddrPort(extconfig.Get().FallbackDNS)
if err != nil {
return nil, err
return err
}
cfg.BootstrapDNS = config.BootstrapDNS{
{
@@ -158,7 +145,6 @@ func (bfwd *BlockyForwarder) getConfig() (*config.Config, error) {
},
Timeout: config.Duration(types.DefaultUpstreamTimeout),
}
// TODO: Blocky config
cfg.Blocking = config.Blocking{
BlockType: "zeroIP",
Denylists: map[string][]config.BytesSource{
@@ -176,6 +162,36 @@ func (bfwd *BlockyForwarder) getConfig() (*config.Config, error) {
"default": {"default"},
},
}
return nil
}

func (bfwd *BlockyForwarder) getConfig() (*config.Config, error) {
cfg := config.Config{}
if ccfg, ok := bfwd.c["config"].(string); ok {
err := yaml.UnmarshalStrict([]byte(ccfg), &cfg)
if err != nil {
return nil, fmt.Errorf("failed to parse specified config: %w", err)
}
} else {
err := defaults.Set(&cfg)
if err != nil {
return nil, fmt.Errorf("failed to set config defaults: %w", err)
}
err = bfwd.generateConfig(&cfg)
if err != nil {
return nil, fmt.Errorf("failed to generate config: %w", err)
}
}
// Blocky uses a custom registry, so this doesn't work as expected
// cfg.Prometheus.Enable = true
cfg.Log.Level = logrus.DebugLevel
cfg.QueryLog.Type = config.QueryLogTypeConsole
if !extconfig.Get().Debug {
cfg.Log.Format = blockylog.FormatTypeJson
// Only log errors from blocky to prevent double-logging all queries
cfg.Log.Level = logrus.FatalLevel
cfg.QueryLog.Type = config.QueryLogTypeNone
}
return &cfg, nil
}

0 comments on commit 6dfd3dc

Please sign in to comment.