diff options
| author | Shulhan <ms@kilabit.info> | 2026-03-26 05:34:30 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2026-03-26 05:34:30 +0700 |
| commit | 5a765dc7f90c2ebc9a11cd79dcfbd8a8b8d99fcd (patch) | |
| tree | dd98807227b3cbe3f85435c3b5cf743a1a9494f6 /lib/dns/server.go | |
| parent | b6ba871a86797ad2f028eab2e3820509c3a36109 (diff) | |
| download | pakakeh.go-5a765dc7f90c2ebc9a11cd79dcfbd8a8b8d99fcd.tar.xz | |
lib/dns: refactoring DoT and DoH to use address instead of port
Using port makes the IP address of DoT and DoH listen on the same
address with UDP.
If we set ListenAddress to 0.0.0.0 and TLS termination is handled
by proxy, this cause DoT and DoH will also listen on all
addresses.
Diffstat (limited to 'lib/dns/server.go')
| -rw-r--r-- | lib/dns/server.go | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/lib/dns/server.go b/lib/dns/server.go index 3d46d114..4ba59bd2 100644 --- a/lib/dns/server.go +++ b/lib/dns/server.go @@ -194,10 +194,10 @@ func (srv *Server) ListenAndServe() (err error) { srv.startAllForwarders() go srv.processRequest() - if srv.opts.TLSPort > 0 { + if srv.opts.DoTListen != `` { go srv.serveDoT() } - if srv.opts.HTTPPort > 0 { + if srv.opts.DoHListen != `` { go srv.serveDoH() } go srv.serveTCP() @@ -242,17 +242,14 @@ func (srv *Server) Stop() { // serveDoH listen for request over HTTPS using certificate and key // file in parameter. The path to request is static "/dns-query". func (srv *Server) serveDoH() { - var ( - logp = `serveDoH` - addr = srv.opts.getHTTPAddress().String() - ) + logp := `serveDoH` var mux = http.NewServeMux() mux.Handle(`/dns-query`, srv) srv.doh = &http.Server{ - Addr: addr, + Addr: srv.opts.DoHListen, IdleTimeout: srv.opts.HTTPIdleTimeout, ReadHeaderTimeout: 5 * time.Second, Handler: mux, @@ -260,11 +257,11 @@ func (srv *Server) serveDoH() { var err error if srv.tlsConfig != nil && !srv.opts.DoHBehindProxy { - log.Printf(`%s: listening at %s`, logp, addr) + log.Printf(`%s: listening at %s`, logp, srv.doh.Addr) srv.doh.TLSConfig = srv.tlsConfig err = srv.doh.ListenAndServeTLS("", "") } else { - log.Printf(`%s: listening behind proxy at %s`, logp, addr) + log.Printf(`%s: listening behind proxy at %s`, logp, srv.doh.Addr) err = srv.doh.ListenAndServe() } if errors.Is(err, io.EOF) { @@ -278,14 +275,19 @@ func (srv *Server) serveDoH() { func (srv *Server) serveDoT() { var ( - logp = `serveDoT` - dotAddr = srv.opts.getDoTAddress() + logp = `serveDoT` cl *TCPClient conn net.Conn err error ) + dotAddr, err := net.ResolveTCPAddr(`tcp`, srv.opts.DoTListen) + if err != nil { + log.Printf(`%s: %s`, logp, err) + return + } + for { if srv.opts.DoHBehindProxy || srv.tlsConfig == nil { srv.dot, err = net.ListenTCP("tcp", dotAddr) |