diff --git a/Dockerfile b/Dockerfile index 435f0249f..81fdb17cd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -167,7 +167,6 @@ ENV VPN_SERVICE_PROVIDER=pia \ HEALTH_ICMP_TARGET_IP=1.1.1.1 \ HEALTH_RESTART_VPN=on \ # DNS - DNS_SERVER=on \ DNS_UPSTREAM_RESOLVER_TYPE=DoT \ DNS_UPSTREAM_RESOLVERS=cloudflare \ DNS_BLOCK_IPS= \ @@ -180,8 +179,7 @@ ENV VPN_SERVICE_PROVIDER=pia \ DNS_UNBLOCK_HOSTNAMES= \ DNS_REBINDING_PROTECTION_EXEMPT_HOSTNAMES= \ DNS_UPDATE_PERIOD=24h \ - DNS_ADDRESS=127.0.0.1 \ - DNS_KEEP_NAMESERVER=off \ + DNS_UPSTREAM_PLAIN_ADDRESSES= \ # HTTP proxy HTTPPROXY= \ HTTPPROXY_LOG=off \ diff --git a/internal/configuration/settings/deprecated.go b/internal/configuration/settings/deprecated.go index 1e745eb0c..5da27053f 100644 --- a/internal/configuration/settings/deprecated.go +++ b/internal/configuration/settings/deprecated.go @@ -14,6 +14,10 @@ func readObsolete(r *reader.Reader) (warnings []string) { "DOT_VALIDATION_LOGLEVEL": "DOT_VALIDATION_LOGLEVEL is obsolete because DNSSEC validation is not implemented.", "HEALTH_VPN_DURATION_INITIAL": "HEALTH_VPN_DURATION_INITIAL is obsolete", "HEALTH_VPN_DURATION_ADDITION": "HEALTH_VPN_DURATION_ADDITION is obsolete", + "DNS_SERVER": "DNS_SERVER is obsolete because the forwarding server is always enabled.", + "DOT": "DOT is obsolete because the forwarding server is always enabled.", + "DNS_KEEP_NAMESERVER": "DNS_KEEP_NAMESERVER is obsolete because the forwarding server is always used and " + + "forwards local names to private DNS resolvers found in /etc/resolv.conf", } sortedKeys := maps.Keys(keyToMessage) slices.Sort(sortedKeys) diff --git a/internal/configuration/settings/dns.go b/internal/configuration/settings/dns.go index 4bf62b067..74185c7da 100644 --- a/internal/configuration/settings/dns.go +++ b/internal/configuration/settings/dns.go @@ -4,6 +4,7 @@ import ( "errors" "fmt" "net/netip" + "slices" "time" "github.com/qdm12/dns/v2/pkg/provider" @@ -13,20 +14,25 @@ import ( "github.com/qdm12/gotree" ) +const ( + DNSUpstreamTypeDot = "dot" + DNSUpstreamTypeDoh = "doh" + DNSUpstreamTypePlain = "plain" +) + // DNS contains settings to configure DNS. type DNS struct { - // ServerEnabled is true if the server should be running - // and used. It defaults to true, and cannot be nil - // in the internal state. - ServerEnabled *bool - // UpstreamType can be dot or plain, and defaults to dot. + // UpstreamType can be [dnsUpstreamTypeDot], [dnsUpstreamTypeDoh] + // or [dnsUpstreamTypePlain]. It defaults to [dnsUpstreamTypeDot]. UpstreamType string `json:"upstream_type"` // UpdatePeriod is the period to update DNS block lists. // It can be set to 0 to disable the update. // It defaults to 24h and cannot be nil in // the internal state. UpdatePeriod *time.Duration - // Providers is a list of DNS providers + // Providers is a list of DNS providers. + // It defaults to either ["cloudflare"] or [] if the + // UpstreamPlainAddresses field is set. Providers []string `json:"providers"` // Caching is true if the server should cache // DNS responses. @@ -36,32 +42,23 @@ type DNS struct { // Blacklist contains settings to configure the filter // block lists. Blacklist DNSBlacklist - // ServerAddress is the DNS server to use inside - // the Go program and for the system. - // It defaults to '127.0.0.1' to be used with the - // local server. It cannot be the zero value in the internal - // state. - ServerAddress netip.Addr - // KeepNameserver is true if the existing DNS server - // found in /etc/resolv.conf should be used - // Note setting this to true will likely DNS traffic - // outside the VPN tunnel since it would go through - // the local DNS server of your Docker/Kubernetes - // configuration, which is likely not going through the tunnel. - // This will also disable the DNS forwarder server and the - // `ServerAddress` field will be ignored. - // It defaults to false and cannot be nil in the - // internal state. - KeepNameserver *bool + // UpstreamPlainAddresses are the upstream plaintext DNS resolver + // addresses to use by the built-in DNS server forwarder. + // Note, if the upstream type is [dnsUpstreamTypePlain] these are merged + // together with provider names set in the Providers field. + // If this field is set, the Providers field will default to the empty slice. + UpstreamPlainAddresses []netip.AddrPort } var ( ErrDNSUpstreamTypeNotValid = errors.New("DNS upstream type is not valid") ErrDNSUpdatePeriodTooShort = errors.New("update period is too short") + ErrDNSUpstreamPlainNoIPv6 = errors.New("upstream plain addresses do not contain any IPv6 address") + ErrDNSUpstreamPlainNoIPv4 = errors.New("upstream plain addresses do not contain any IPv4 address") ) func (d DNS) validate() (err error) { - if !helpers.IsOneOf(d.UpstreamType, "dot", "doh", "plain") { + if !helpers.IsOneOf(d.UpstreamType, DNSUpstreamTypeDot, DNSUpstreamTypeDoh, DNSUpstreamTypePlain) { return fmt.Errorf("%w: %s", ErrDNSUpstreamTypeNotValid, d.UpstreamType) } @@ -79,6 +76,18 @@ func (d DNS) validate() (err error) { } } + if d.UpstreamType == DNSUpstreamTypePlain { + if *d.IPv6 && !slices.ContainsFunc(d.UpstreamPlainAddresses, func(addrPort netip.AddrPort) bool { + return addrPort.Addr().Is6() + }) { + return fmt.Errorf("%w: in %d addresses", ErrDNSUpstreamPlainNoIPv6, len(d.UpstreamPlainAddresses)) + } else if !slices.ContainsFunc(d.UpstreamPlainAddresses, func(addrPort netip.AddrPort) bool { + return addrPort.Addr().Is4() + }) { + return fmt.Errorf("%w: in %d addresses", ErrDNSUpstreamPlainNoIPv4, len(d.UpstreamPlainAddresses)) + } + } + err = d.Blacklist.validate() if err != nil { return err @@ -89,15 +98,13 @@ func (d DNS) validate() (err error) { func (d *DNS) Copy() (copied DNS) { return DNS{ - ServerEnabled: gosettings.CopyPointer(d.ServerEnabled), - UpstreamType: d.UpstreamType, - UpdatePeriod: gosettings.CopyPointer(d.UpdatePeriod), - Providers: gosettings.CopySlice(d.Providers), - Caching: gosettings.CopyPointer(d.Caching), - IPv6: gosettings.CopyPointer(d.IPv6), - Blacklist: d.Blacklist.copy(), - ServerAddress: d.ServerAddress, - KeepNameserver: gosettings.CopyPointer(d.KeepNameserver), + UpstreamType: d.UpstreamType, + UpdatePeriod: gosettings.CopyPointer(d.UpdatePeriod), + Providers: gosettings.CopySlice(d.Providers), + Caching: gosettings.CopyPointer(d.Caching), + IPv6: gosettings.CopyPointer(d.IPv6), + Blacklist: d.Blacklist.copy(), + UpstreamPlainAddresses: d.UpstreamPlainAddresses, } } @@ -105,20 +112,17 @@ func (d *DNS) Copy() (copied DNS) { // settings object with any field set in the other // settings. func (d *DNS) overrideWith(other DNS) { - d.ServerEnabled = gosettings.OverrideWithPointer(d.ServerEnabled, other.ServerEnabled) d.UpstreamType = gosettings.OverrideWithComparable(d.UpstreamType, other.UpstreamType) d.UpdatePeriod = gosettings.OverrideWithPointer(d.UpdatePeriod, other.UpdatePeriod) d.Providers = gosettings.OverrideWithSlice(d.Providers, other.Providers) d.Caching = gosettings.OverrideWithPointer(d.Caching, other.Caching) d.IPv6 = gosettings.OverrideWithPointer(d.IPv6, other.IPv6) d.Blacklist.overrideWith(other.Blacklist) - d.ServerAddress = gosettings.OverrideWithValidator(d.ServerAddress, other.ServerAddress) - d.KeepNameserver = gosettings.OverrideWithPointer(d.KeepNameserver, other.KeepNameserver) + d.UpstreamPlainAddresses = gosettings.OverrideWithSlice(d.UpstreamPlainAddresses, other.UpstreamPlainAddresses) } func (d *DNS) setDefaults() { - d.ServerEnabled = gosettings.DefaultPointer(d.ServerEnabled, true) - d.UpstreamType = gosettings.DefaultComparable(d.UpstreamType, "dot") + d.UpstreamType = gosettings.DefaultComparable(d.UpstreamType, DNSUpstreamTypeDot) const defaultUpdatePeriod = 24 * time.Hour d.UpdatePeriod = gosettings.DefaultPointer(d.UpdatePeriod, defaultUpdatePeriod) d.Providers = gosettings.DefaultSlice(d.Providers, []string{ @@ -127,26 +131,53 @@ func (d *DNS) setDefaults() { d.Caching = gosettings.DefaultPointer(d.Caching, true) d.IPv6 = gosettings.DefaultPointer(d.IPv6, false) d.Blacklist.setDefaults() - d.ServerAddress = gosettings.DefaultValidator(d.ServerAddress, - netip.AddrFrom4([4]byte{127, 0, 0, 1})) - d.KeepNameserver = gosettings.DefaultPointer(d.KeepNameserver, false) + d.UpstreamPlainAddresses = gosettings.DefaultSlice(d.UpstreamPlainAddresses, []netip.AddrPort{}) +} + +func defaultDNSProviders() []string { + return []string{ + provider.Cloudflare().Name, + } } func (d DNS) GetFirstPlaintextIPv4() (ipv4 netip.Addr) { - localhost := netip.AddrFrom4([4]byte{127, 0, 0, 1}) - if d.ServerAddress.Compare(localhost) != 0 && d.ServerAddress.Is4() { - return d.ServerAddress + if d.UpstreamType == DNSUpstreamTypePlain { + for _, addrPort := range d.UpstreamPlainAddresses { + if addrPort.Addr().Is4() { + return addrPort.Addr() + } + } } - providers := provider.NewProviders() - provider, err := providers.Get(d.Providers[0]) - if err != nil { - // Settings should be validated before calling this function, - // so an error happening here is a programming error. - panic(err) + ipv4 = findPlainIPv4InProviders(d.Providers) + if ipv4.IsValid() { + return ipv4 } - return provider.Plain.IPv4[0].Addr() + // Either: + // - all upstream plain addresses are IPv6 and no provider is set + // - all providers set do not have a plaintext IPv4 address + ipv4 = findPlainIPv4InProviders(defaultDNSProviders()) + if !ipv4.IsValid() { + panic("no plaintext IPv4 address found in default DNS providers") + } + return ipv4 +} + +func findPlainIPv4InProviders(providerNames []string) netip.Addr { + providers := provider.NewProviders() + for _, name := range providerNames { + provider, err := providers.Get(name) + if err != nil { + // Settings should be validated before calling this function, + // so an error happening here is a programming error. + panic(err) + } + if len(provider.Plain.IPv4) > 0 { + return provider.Plain.IPv4[0].Addr() + } + } + return netip.Addr{} } func (d DNS) String() string { @@ -155,22 +186,22 @@ func (d DNS) String() string { func (d DNS) toLinesNode() (node *gotree.Node) { node = gotree.New("DNS settings:") - node.Appendf("Keep existing nameserver(s): %s", gosettings.BoolToYesNo(d.KeepNameserver)) - if *d.KeepNameserver { - return node - } - node.Appendf("DNS server address to use: %s", d.ServerAddress) - - node.Appendf("DNS forwarder server enabled: %s", gosettings.BoolToYesNo(d.ServerEnabled)) - if !*d.ServerEnabled { - return node - } node.Appendf("Upstream resolver type: %s", d.UpstreamType) upstreamResolvers := node.Append("Upstream resolvers:") - for _, provider := range d.Providers { - upstreamResolvers.Append(provider) + if len(d.UpstreamPlainAddresses) > 0 { + if d.UpstreamType == DNSUpstreamTypePlain { + for _, addr := range d.UpstreamPlainAddresses { + upstreamResolvers.Append(addr.String()) + } + } else { + node.Appendf("Upstream plain addresses: ignored because upstream type is not plain") + } + } else { + for _, provider := range d.Providers { + upstreamResolvers.Append(provider) + } } node.Appendf("Caching: %s", gosettings.BoolToYesNo(d.Caching)) @@ -188,11 +219,6 @@ func (d DNS) toLinesNode() (node *gotree.Node) { } func (d *DNS) read(r *reader.Reader) (err error) { - d.ServerEnabled, err = r.BoolPtr("DNS_SERVER", reader.RetroKeys("DOT")) - if err != nil { - return err - } - d.UpstreamType = r.String("DNS_UPSTREAM_RESOLVER_TYPE") d.UpdatePeriod, err = r.DurationPtr("DNS_UPDATE_PERIOD") @@ -217,15 +243,43 @@ func (d *DNS) read(r *reader.Reader) (err error) { return err } - d.ServerAddress, err = r.NetipAddr("DNS_ADDRESS", reader.RetroKeys("DNS_PLAINTEXT_ADDRESS")) + err = d.readUpstreamPlainAddresses(r) if err != nil { return err } - d.KeepNameserver, err = r.BoolPtr("DNS_KEEP_NAMESERVER") + return nil +} + +func (d *DNS) readUpstreamPlainAddresses(r *reader.Reader) (err error) { + // If DNS_UPSTREAM_PLAIN_ADDRESSES is set, the user must also set DNS_UPSTREAM_TYPE=plain + // for these to be used. This is an added safety measure to reduce misunderstandings, and + // reduce odd settings overrides. + d.UpstreamPlainAddresses, err = r.CSVNetipAddrPorts("DNS_UPSTREAM_PLAIN_ADDRESSES") if err != nil { return err } + // Retro-compatibility - remove in v4 + // If DNS_ADDRESS is set to a non-localhost address, append it to the other + // upstream plain addresses, assuming port 53, and force the upstream type to plain AND + // clear any user picked providers, to maintain retro-compatibility behavior. + serverAddress, err := r.NetipAddr("DNS_ADDRESS", + reader.RetroKeys("DNS_PLAINTEXT_ADDRESS"), + reader.IsRetro("DNS_UPSTREAM_PLAIN_ADDRESSES")) + if err != nil { + return err + } else if !serverAddress.IsValid() { + return nil + } + isLocalhost := serverAddress.Compare(netip.AddrFrom4([4]byte{127, 0, 0, 1})) == 0 + if isLocalhost { + return nil + } + const defaultPlainPort = 53 + addrPort := netip.AddrPortFrom(serverAddress, defaultPlainPort) + d.UpstreamPlainAddresses = append(d.UpstreamPlainAddresses, addrPort) + d.UpstreamType = DNSUpstreamTypePlain + d.Providers = []string{} return nil } diff --git a/internal/configuration/settings/dns_test.go b/internal/configuration/settings/dns_test.go new file mode 100644 index 000000000..81f29d061 --- /dev/null +++ b/internal/configuration/settings/dns_test.go @@ -0,0 +1,26 @@ +package settings + +import ( + "testing" + + "github.com/qdm12/dns/v2/pkg/provider" + "github.com/stretchr/testify/require" +) + +func Test_defaultDNSProviders(t *testing.T) { + t.Parallel() + + names := defaultDNSProviders() + + found := false + providers := provider.NewProviders() + for _, name := range names { + provider, err := providers.Get(name) + require.NoError(t, err) + if len(provider.Plain.IPv4) > 0 { + found = true + break + } + } + require.True(t, found, "no default DNS provider has a plaintext IPv4 address") +} diff --git a/internal/configuration/settings/settings.go b/internal/configuration/settings/settings.go index 091c4a4dc..f55723804 100644 --- a/internal/configuration/settings/settings.go +++ b/internal/configuration/settings/settings.go @@ -2,7 +2,6 @@ package settings import ( "fmt" - "net/netip" "github.com/qdm12/gluetun/internal/configuration/settings/helpers" "github.com/qdm12/gluetun/internal/constants/providers" @@ -174,13 +173,11 @@ func (s Settings) Warnings() (warnings []string) { "by creating an issue, attaching the new certificate and we will update Gluetun.") } - // TODO remove in v4 - if s.DNS.ServerAddress.Unmap().Compare(netip.AddrFrom4([4]byte{127, 0, 0, 1})) != 0 { - warnings = append(warnings, "DNS address is set to "+s.DNS.ServerAddress.String()+ - " so the local forwarding DNS server will not be used."+ - " The default value changed to 127.0.0.1 so it uses the internal DNS server."+ - " If this server fails to start, the IPv4 address of the first plaintext DNS server"+ - " corresponding to the first DNS provider chosen is used.") + for _, upstreamAddress := range s.DNS.UpstreamPlainAddresses { + if upstreamAddress.Addr().IsPrivate() { + warnings = append(warnings, "DNS upstream address "+upstreamAddress.String()+" is private: "+ + "DNS traffic might leak out of the VPN tunnel to that address.") + } } return warnings diff --git a/internal/configuration/settings/settings_test.go b/internal/configuration/settings/settings_test.go index 907655c5c..6e0d4903a 100644 --- a/internal/configuration/settings/settings_test.go +++ b/internal/configuration/settings/settings_test.go @@ -38,9 +38,6 @@ func Test_Settings_String(t *testing.T) { | ├── Run OpenVPN as: root | └── Verbosity level: 1 ├── DNS settings: -| ├── Keep existing nameserver(s): no -| ├── DNS server address to use: 127.0.0.1 -| ├── DNS forwarder server enabled: yes | ├── Upstream resolver type: dot | ├── Upstream resolvers: | | └── Cloudflare diff --git a/internal/dns/run.go b/internal/dns/run.go index 430ab0ef5..b0d35578b 100644 --- a/internal/dns/run.go +++ b/internal/dns/run.go @@ -18,14 +18,8 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) { return } - if *l.GetSettings().KeepNameserver { - l.logger.Warn("⚠️⚠️⚠️ keeping the default container nameservers, " + - "this will likely leak DNS traffic outside the VPN " + - "and go through your container network DNS outside the VPN tunnel!") - } else { - const fallback = false - l.useUnencryptedDNS(fallback) - } + const fallback = false + l.useUnencryptedDNS(fallback) select { case <-l.start: @@ -38,8 +32,7 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) { // Their values are to be used if DOT=off var runError <-chan error - settings := l.GetSettings() - for !*settings.KeepNameserver && *settings.ServerEnabled { + for { var err error runError, err = l.setupServer(ctx) if err == nil { @@ -59,15 +52,11 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) { l.useUnencryptedDNS(fallback) } l.logAndWait(ctx, err) - settings = l.GetSettings() } l.signalOrSetStatus(constants.Running) - settings = l.GetSettings() - if !*settings.KeepNameserver && !*settings.ServerEnabled { - const fallback = false - l.useUnencryptedDNS(fallback) - } + const fallback = false + l.useUnencryptedDNS(fallback) l.userTrigger = false @@ -82,19 +71,15 @@ func (l *Loop) runWait(ctx context.Context, runError <-chan error) (exitLoop boo for { select { case <-ctx.Done(): - if !*l.GetSettings().KeepNameserver { - l.stopServer() - // TODO revert OS and Go nameserver when exiting - } + l.stopServer() + // TODO revert OS and Go nameserver when exiting return true case <-l.stop: l.userTrigger = true l.logger.Info("stopping") - if !*l.GetSettings().KeepNameserver { - const fallback = false - l.useUnencryptedDNS(fallback) - l.stopServer() - } + const fallback = false + l.useUnencryptedDNS(fallback) + l.stopServer() l.stopped <- struct{}{} case <-l.start: l.userTrigger = true diff --git a/internal/dns/settings.go b/internal/dns/settings.go index ead3cec6c..60bb0c25e 100644 --- a/internal/dns/settings.go +++ b/internal/dns/settings.go @@ -26,31 +26,23 @@ func (l *Loop) SetSettings(ctx context.Context, settings settings.DNS) ( return l.state.SetSettings(ctx, settings) } -func buildServerSettings(settings settings.DNS, +func buildServerSettings(userSettings settings.DNS, filter *mapfilter.Filter, localResolvers []netip.Addr, logger Logger) ( serverSettings server.Settings, err error, ) { serverSettings.Logger = logger - providersData := provider.NewProviders() - upstreamResolvers := make([]provider.Provider, len(settings.Providers)) - for i := range settings.Providers { - var err error - upstreamResolvers[i], err = providersData.Get(settings.Providers[i]) - if err != nil { - panic(err) // this should already had been checked - } - } + upstreamResolvers := buildProviders(userSettings) ipVersion := "ipv4" - if *settings.IPv6 { + if *userSettings.IPv6 { ipVersion = "ipv6" } var dialer server.Dialer - switch settings.UpstreamType { - case "dot": + switch userSettings.UpstreamType { + case settings.DNSUpstreamTypeDot: dialerSettings := dot.Settings{ UpstreamResolvers: upstreamResolvers, IPVersion: ipVersion, @@ -59,7 +51,7 @@ func buildServerSettings(settings settings.DNS, if err != nil { return server.Settings{}, fmt.Errorf("creating DNS over TLS dialer: %w", err) } - case "doh": + case settings.DNSUpstreamTypeDoh: dialerSettings := doh.Settings{ UpstreamResolvers: upstreamResolvers, IPVersion: ipVersion, @@ -68,7 +60,7 @@ func buildServerSettings(settings settings.DNS, if err != nil { return server.Settings{}, fmt.Errorf("creating DNS over HTTPS dialer: %w", err) } - case "plain": + case settings.DNSUpstreamTypePlain: dialerSettings := plain.Settings{ UpstreamResolvers: upstreamResolvers, IPVersion: ipVersion, @@ -78,11 +70,11 @@ func buildServerSettings(settings settings.DNS, return server.Settings{}, fmt.Errorf("creating plain DNS dialer: %w", err) } default: - panic("unknown upstream type: " + settings.UpstreamType) + panic("unknown upstream type: " + userSettings.UpstreamType) } serverSettings.Dialer = dialer - if *settings.Caching { + if *userSettings.Caching { lruCache, err := lru.New(lru.Settings{}) if err != nil { return server.Settings{}, fmt.Errorf("creating LRU cache: %w", err) @@ -123,3 +115,48 @@ func buildServerSettings(settings settings.DNS, return serverSettings, nil } + +func buildProviders(userSettings settings.DNS) []provider.Provider { + if userSettings.UpstreamType == settings.DNSUpstreamTypePlain && + len(userSettings.UpstreamPlainAddresses) > 0 { + providers := make([]provider.Provider, len(userSettings.UpstreamPlainAddresses)) + for i, addrPort := range userSettings.UpstreamPlainAddresses { + providers[i] = provider.Provider{ + Name: addrPort.String(), + } + if addrPort.Addr().Is4() { + providers[i].Plain.IPv4 = []netip.AddrPort{addrPort} + } else { + providers[i].Plain.IPv6 = []netip.AddrPort{addrPort} + } + } + } + + providersData := provider.NewProviders() + providers := make([]provider.Provider, 0, len(userSettings.Providers)+len(userSettings.UpstreamPlainAddresses)) + for _, providerName := range userSettings.Providers { + provider, err := providersData.Get(providerName) + if err != nil { + panic(err) // this should already had been checked + } + providers = append(providers, provider) + } + + if userSettings.UpstreamType != settings.DNSUpstreamTypePlain { + return providers + } + + for _, addrPort := range userSettings.UpstreamPlainAddresses { + newProvider := provider.Provider{ + Name: addrPort.String(), + } + if addrPort.Addr().Is4() { + newProvider.Plain.IPv4 = []netip.AddrPort{addrPort} + } else { + newProvider.Plain.IPv6 = []netip.AddrPort{addrPort} + } + providers = append(providers, newProvider) + } + + return providers +} diff --git a/internal/dns/setup.go b/internal/dns/setup.go index f93004a7e..be11f02c1 100644 --- a/internal/dns/setup.go +++ b/internal/dns/setup.go @@ -4,7 +4,6 @@ import ( "context" "errors" "fmt" - "net/netip" "github.com/qdm12/dns/v2/pkg/check" "github.com/qdm12/dns/v2/pkg/nameserver" @@ -38,12 +37,8 @@ func (l *Loop) setupServer(ctx context.Context) (runError <-chan error, err erro l.server = server // use internal DNS server - const defaultDNSPort = 53 - nameserver.UseDNSInternally(nameserver.SettingsInternalDNS{ - AddrPort: netip.AddrPortFrom(settings.ServerAddress, defaultDNSPort), - }) + nameserver.UseDNSInternally(nameserver.SettingsInternalDNS{}) err = nameserver.UseDNSSystemWide(nameserver.SettingsSystemDNS{ - IPs: []netip.Addr{settings.ServerAddress}, ResolvPath: l.resolvConf, }) if err != nil { diff --git a/internal/dns/state/settings.go b/internal/dns/state/settings.go index 302c0e7c9..5eab82716 100644 --- a/internal/dns/state/settings.go +++ b/internal/dns/state/settings.go @@ -40,8 +40,6 @@ func (s *State) SetSettings(ctx context.Context, settings settings.DNS) ( // Restart _, _ = s.statusApplier.ApplyStatus(ctx, constants.Stopped) - if *settings.ServerEnabled { - outcome, _ = s.statusApplier.ApplyStatus(ctx, constants.Running) - } + outcome, _ = s.statusApplier.ApplyStatus(ctx, constants.Running) return outcome } diff --git a/internal/vpn/tunnelup.go b/internal/vpn/tunnelup.go index 009b9f3db..2149ea1df 100644 --- a/internal/vpn/tunnelup.go +++ b/internal/vpn/tunnelup.go @@ -4,7 +4,6 @@ import ( "context" "net/netip" - "github.com/qdm12/dns/v2/pkg/check" "github.com/qdm12/gluetun/internal/constants" "github.com/qdm12/gluetun/internal/version" ) @@ -46,14 +45,7 @@ func (l *Loop) onTunnelUp(ctx, loopCtx context.Context, data tunnelUpData) { return } - if *l.dnsLooper.GetSettings().ServerEnabled { - _, _ = l.dnsLooper.ApplyStatus(ctx, constants.Running) - } else { - err := check.WaitForDNS(ctx, check.Settings{}) - if err != nil { - l.logger.Error("waiting for DNS to be ready: " + err.Error()) - } - } + _, _ = l.dnsLooper.ApplyStatus(ctx, constants.Running) err = l.publicip.RunOnce(ctx) if err != nil {