luci-app-mosdns: add Prevent DNS Leaks options, fix #85

2023-05-16 21:58:13 +08:00 · 2023-05-16 21:58:13 +08:00 · 39c9008c30
commit 39c9008c30
parent 1ef4c6a5c6
4 changed files with 17 additions and 3 deletions
--- a/luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua
+++ b/luci-app-mosdns/luasrc/model/cbi/mosdns/basic.lua
@ -123,6 +123,11 @@ o.rmempty = false
 o.default = false
 o:depends("configfile", "/etc/mosdns/config.yaml")

+o = s:taboption("advanced", Flag, "dns_leak", translate("Prevent DNS Leaks"), translate("Enable this option fallback policy forces forwarding to remote DNS"))
+o.rmempty = false
+o.default = false
+o:depends("configfile", "/etc/mosdns/config.yaml")
+
 o = s:taboption("advanced", Value, "cache_size", translate("DNS Cache Size"))
 o.datatype = "and(uinteger,min(0))"
 o.default = "20000"
--- a/luci-app-mosdns/po/zh-cn/mosdns.po
+++ b/luci-app-mosdns/po/zh-cn/mosdns.po
@ -199,12 +199,18 @@ msgstr "启用 EDNS 客户端子网"
 msgid "Add the EDNS Client Subnet option (ECS) to Remote DNS"
 msgstr "在远程 DNS 请求中加入 EDNS 客户端子网（即 ECS）选项（需要上游 DNS 服务器支持）"

-msgid "MosDNS will auto identify the IP address subnet segment of your remote connection (.0/24)"
-msgstr "MosDNS 将会自动获取您访问远程连接时使用的 IP 子网段（.0/24）"
+msgid "MosDNS will auto identify the IP address subnet segment of your remote connection (0/24)"
+msgstr "MosDNS 将会自动获取您访问远程连接时使用的 IP 子网段（0/24）"

 msgid "If your remote access network changes, May need restart MosDNS to update the ECS request address"
 msgstr "如果您的远程访问网络发生改变时可能需要重启 MosDNS 以更新 ECS 请求地址"

+msgid "Prevent DNS Leaks"
+msgstr "防止 DNS 泄漏"
+
+msgid "Enable this option fallback policy forces forwarding to remote DNS"
+msgstr "启用此选项 fallback 策略会强制转发到远程 DNS"
+
 msgid "DNS Cache Size"
 msgstr "DNS 缓存大小（条）"

--- a/luci-app-mosdns/root/etc/config/mosdns
+++ b/luci-app-mosdns/root/etc/config/mosdns
@ -22,6 +22,7 @@ config mosdns 'config'
 	option enable_pipeline '0'
 	option insecure_skip_verify '0'
 	option enable_http3 '0'
+	option dns_leak '0'
 	option listen_port_api '9091'
 	option bootstrap_dns '119.29.29.29'
 	list remote_dns 'tls://8.8.8.8'
--- a/luci-app-mosdns/root/etc/init.d/mosdns
+++ b/luci-app-mosdns/root/etc/init.d/mosdns
@ -59,6 +59,7 @@ get_config() {
    config_get idle_timeout $1 idle_timeout 30
    config_get enable_http3 $1 enable_http3 0
    config_get enable_ecs_remote $1 enable_ecs_remote 0
+    config_get dns_leak $1 dns_leak 0
 }

 init_yaml() {
@ -85,11 +86,12 @@ init_yaml() {
    [ "$dump_file" -eq 1 ] && [ ! -f $DUMP_FILE ] && cp -a $DUMP_FILE_DEFAULT $DUMP_FILE
    [ "$dump_file" -eq 0 ] && \cp -a $DUMP_FILE_DEFAULT $DUMP_FILE
    if [ "$enable_ecs_remote" -eq 1 ]; then
-        ecs_remote=$(sh /usr/share/mosdns/mosdns.sh ecs_remote)
+        ecs_remote=$(sh $MOSDNS_SCRIPT ecs_remote)
        sed -i "s,ecs_remote,$ecs_remote,g" $CONF
    else
        sed -i "/ecs_remote/d;" $CONF
    fi
+    [ $dns_leak -eq 1 ] && sed -i "s,primary: query_is_local_ip,primary: query_is_remote,g" $CONF
    rm -rf $TMPDIR
 }