fcdns 0.3.12 → 0.3.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +21 -0
- package/README.md +5 -36
- package/lib/cli.js +7 -2
- package/lib/cli.js.map +1 -1
- package/lib/hostname-list.js +20 -0
- package/lib/hostname-list.js.map +1 -0
- package/lib/router.js +9 -2
- package/lib/router.js.map +1 -1
- package/package.json +10 -10
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,27 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
|
4
4
|
|
|
5
|
+
### [0.3.15](https://github.com/BlackGlory/fcdns/compare/v0.3.14...v0.3.15) (2022-04-16)
|
|
6
|
+
|
|
7
|
+
|
|
8
|
+
### Bug Fixes
|
|
9
|
+
|
|
10
|
+
* hostname blacklist ([0e21a21](https://github.com/BlackGlory/fcdns/commit/0e21a214c13633ee4a3b2fe6353ae97d72f3fa65))
|
|
11
|
+
|
|
12
|
+
### [0.3.14](https://github.com/BlackGlory/fcdns/compare/v0.3.13...v0.3.14) (2022-04-16)
|
|
13
|
+
|
|
14
|
+
|
|
15
|
+
### Features
|
|
16
|
+
|
|
17
|
+
* add hostname blacklist ([f196de1](https://github.com/BlackGlory/fcdns/commit/f196de13e742935ccdf4f67e1b54f73b057e15e8))
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
### Bug Fixes
|
|
21
|
+
|
|
22
|
+
* make hostname list files optional ([ab2352f](https://github.com/BlackGlory/fcdns/commit/ab2352ff55dd05f947fa8eedd9dc6706e36c67ad))
|
|
23
|
+
|
|
24
|
+
### [0.3.13](https://github.com/BlackGlory/fcdns/compare/v0.3.12...v0.3.13) (2022-04-01)
|
|
25
|
+
|
|
5
26
|
### [0.3.12](https://github.com/BlackGlory/fcdns/compare/v0.3.11...v0.3.12) (2022-03-26)
|
|
6
27
|
|
|
7
28
|
|
package/README.md
CHANGED
|
@@ -1,27 +1,13 @@
|
|
|
1
1
|
# fcdns
|
|
2
|
-
|
|
3
2
|
DNS relay server with fact-checking.
|
|
4
3
|
|
|
5
4
|
## Install
|
|
6
|
-
|
|
7
5
|
```sh
|
|
6
|
+
# Please do not use Yarn v1 to install this package globally, Yarn v1 cannot properly patch dependencies.
|
|
8
7
|
npm install --global fcdns
|
|
9
|
-
# or
|
|
10
|
-
yarn global add fcdns
|
|
11
|
-
```
|
|
12
|
-
|
|
13
|
-
### Install from source
|
|
14
|
-
|
|
15
|
-
```sh
|
|
16
|
-
git clone git@github.com:BlackGlory/fcdns.git
|
|
17
|
-
cd fcdns
|
|
18
|
-
yarn install
|
|
19
|
-
yarn build
|
|
20
|
-
yarn global add "file:$(pwd)"
|
|
21
8
|
```
|
|
22
9
|
|
|
23
10
|
## Usage
|
|
24
|
-
|
|
25
11
|
```sh
|
|
26
12
|
Usage: fcdns [options]
|
|
27
13
|
|
|
@@ -35,6 +21,7 @@ Options:
|
|
|
35
21
|
--port <port> (default: "53")
|
|
36
22
|
--ip-whitelist <filename> (default: "ip-whitelist.txt")
|
|
37
23
|
--hostname-whitelist <filename> (default: "hostname-whitelist.txt")
|
|
24
|
+
--hostname-blacklist <filename> (default: "hostname-blacklist.txt")
|
|
38
25
|
--route-cache <filename> (default: "route.txt")
|
|
39
26
|
--test-cache <filename> (default: "test.txt")
|
|
40
27
|
--test-timeout <ms> (default: "200")
|
|
@@ -52,15 +39,12 @@ fcdns \
|
|
|
52
39
|
```
|
|
53
40
|
|
|
54
41
|
## 原理
|
|
55
|
-
|
|
56
42
|
|
|
57
43
|
|
|
58
44
|
## 必要条件
|
|
59
|
-
|
|
60
45
|
使用fcdns需要指定3个服务器地址, 1份IP地址白名单, 1份主机名白名单.
|
|
61
46
|
|
|
62
47
|
### 投毒测试服务器(test server)
|
|
63
|
-
|
|
64
48
|
投毒测试服务器是一台非DNS服务器,
|
|
65
49
|
当客户端向该远程主机的53端口发送DNS查询(question)时, 查询将会超时或被拒绝.
|
|
66
50
|
当网络内存在DNS污染时, 向该远程主机发送DNS查询时, 将得到查询结果(answer).
|
|
@@ -73,7 +57,6 @@ fcdns会在发出DNS查询的同时发出ping, 因此投毒测试服务器必须
|
|
|
73
57
|
fcdns会持久化缓存投毒测试的结果, 同一个主机名只在第一次查询时会经历投毒测试.
|
|
74
58
|
|
|
75
59
|
### 不可信DNS服务器(untrusted server)
|
|
76
|
-
|
|
77
60
|
不可信DNS服务器是一台DNS服务器, 客户端与该服务器的连接是被污染的, 或该服务器可能返回被污染的结果.
|
|
78
61
|
从该服务器返回的结果虽然并不总是可信, 但借助投毒测试, 可以从中筛选出大量的可信结果.
|
|
79
62
|
|
|
@@ -82,7 +65,6 @@ fcdns会持久化缓存投毒测试的结果, 同一个主机名只在第一次
|
|
|
82
65
|
*fcdns只具有最低限度的DNS功能, 强烈建议使用CoreDNS等程序建立本地DNS服务器作为代理.*
|
|
83
66
|
|
|
84
67
|
### 可信DNS服务器(trusted server)
|
|
85
|
-
|
|
86
68
|
可信DNS服务器是一台DNS服务器, 客户端与该服务器的连接是不被污染的, 且该服务器不会返回被污染的结果.
|
|
87
69
|
|
|
88
70
|
之所以需要可信DNS服务器, 是为了能够查询那些被投毒的主机名的正确记录.
|
|
@@ -91,7 +73,6 @@ fcdns会持久化缓存投毒测试的结果, 同一个主机名只在第一次
|
|
|
91
73
|
*fcdns只具有最低限度的DNS功能, 强烈建议使用CoreDNS等程序建立本地DNS服务器作为代理.*
|
|
92
74
|
|
|
93
75
|
### IP地址白名单(ip whitelist)
|
|
94
|
-
|
|
95
76
|
IP地址白名单用于指定允许用"不可信DNS服务器"返回的IP地址或IP地址范围,
|
|
96
77
|
所有不在白名单内的IP地址都会转用"可信DNS服务器"进行二次查询.
|
|
97
78
|
|
|
@@ -102,7 +83,6 @@ fcdns会持久化缓存查询最终选择的服务器, 同一个主机名只在
|
|
|
102
83
|
fcdns之所以使用白名单而不是黑名单, 是因为在真实世界的案例中, 白名单所需的内容条数较少.
|
|
103
84
|
|
|
104
85
|
#### 文件格式
|
|
105
|
-
|
|
106
86
|
白名单是一个文本文件, 以行为分隔符储存地址或地址范围.
|
|
107
87
|
地址范围由起点IP和终点IP组成, 以`-`相连.
|
|
108
88
|
|
|
@@ -133,11 +113,12 @@ IPv6地址范围示例:
|
|
|
133
113
|
```
|
|
134
114
|
|
|
135
115
|
### 主机名白名单(hostname whitelist)
|
|
136
|
-
|
|
137
116
|
主机名白名单用于强制使某些主机名在解析时使用不可信DNS服务器, 其优先级高于fcdns里的其他规则.
|
|
138
117
|
|
|
139
|
-
|
|
118
|
+
### 主机名黑名单(hostname blacklist)
|
|
119
|
+
主机名白名单用于强制使某些主机名在解析时使用可信DNS服务器, 其优先级低于白名单, 高于fcdns里的其他规则.
|
|
140
120
|
|
|
121
|
+
#### 文件格式
|
|
141
122
|
白名单是一个文本文件, 以行为分隔符存储主机名模式.
|
|
142
123
|
主机名模式使用`*`作为通配符, 可以匹配任意个字符.
|
|
143
124
|
fcdns认为的合法主机名模式只能由数字, 字母, 连字符(`-`), 点(`.`), 通配符(`*`)组成.
|
|
@@ -149,13 +130,11 @@ wikipedia.org
|
|
|
149
130
|
```
|
|
150
131
|
|
|
151
132
|
## 宽松模式
|
|
152
|
-
|
|
153
133
|
在宽松模式下, 当相关主机名不存在路由缓存时(即第一次查询该主机名), 会立即查询不可信服务器并返回记录, 然后在后台执行投毒测试和路由缓存.
|
|
154
134
|
|
|
155
135
|
宽松模式通过降低fcdns的准确性, 提升了在可信信道不稳定情况下的用户体验, 这适用于只有少数主机名被投毒的环境.
|
|
156
136
|
|
|
157
137
|
## 性能
|
|
158
|
-
|
|
159
138
|
fcdns不是作为高性能DNS服务器开发的, 选择Node.js栈完全是出于开发方面的便利性.
|
|
160
139
|
fcdns的性能经过测试足以应付日常使用.
|
|
161
140
|
|
|
@@ -163,7 +142,6 @@ fcdns的性能经过测试足以应付日常使用.
|
|
|
163
142
|
不实施这些优化的主要原因是为了避免降低代码的可读性.
|
|
164
143
|
|
|
165
144
|
### 延迟
|
|
166
|
-
|
|
167
145
|
fcdns存在一些可以被注意到的延迟:
|
|
168
146
|
- 投毒测试
|
|
169
147
|
- 可信DNS服务器在无缓存的情况下被查询
|
|
@@ -181,9 +159,7 @@ fcdns存在一些可以被注意到的延迟:
|
|
|
181
159
|
理论上可以通过将地址范围排序后做二分查找来加速此过程, 但暂未实现.
|
|
182
160
|
|
|
183
161
|
## 资源占用
|
|
184
|
-
|
|
185
162
|
### 硬盘占用
|
|
186
|
-
|
|
187
163
|
fcdns的缓存文件会在启动时自动压缩, 但在运行时是仅追加(append)的,
|
|
188
164
|
出现相同域名的并行查询时, 会重复写入相同的记录.
|
|
189
165
|
如果有非常大量完全不同域名的查询, 则缓存文件可能导致硬盘占用增加, 但在大部分场景下应该无需担心.
|
|
@@ -193,29 +169,22 @@ fcdns有两个缓存文件, 分别缓存投毒测试结果和路由结果.
|
|
|
193
169
|
fcdns保留投毒测试缓存是考虑到了收集投毒测试结果的需要, 以及清空路由缓存的场景.
|
|
194
170
|
|
|
195
171
|
### 内存占用
|
|
196
|
-
|
|
197
172
|
fcdns的内存缓存受V8引擎的实现限制, 且缓存是只增不减的.
|
|
198
173
|
根据经验, Node.js程序的内存占用量通常会是使用类似数据类型的本地程序的两倍以上.
|
|
199
174
|
如果有非常大量完全不同域名的查询, 则内存缓存可能导致内存占用增加, 但在大部分场景下应该无需担心.
|
|
200
175
|
|
|
201
176
|
## 针对fcdns的攻击
|
|
202
|
-
|
|
203
177
|
### DNS服务器黑名单/白名单
|
|
204
|
-
|
|
205
178
|
禁止向非DNS服务器发送DNS数据包将会破坏fcdns的投毒测试功能.
|
|
206
179
|
|
|
207
180
|
### 禁止ping
|
|
208
|
-
|
|
209
181
|
禁止发送ping(echo request)或丢弃reply(echo reply)将会破坏fcdns的投毒测试功能.
|
|
210
182
|
|
|
211
183
|
### 无差别污染
|
|
212
|
-
|
|
213
184
|
劫持所有DNS响应将会破坏fcdns的投毒测试功能.
|
|
214
185
|
|
|
215
186
|
### 无规律/间歇性投毒
|
|
216
|
-
|
|
217
187
|
无规律/间歇性投毒将会使fcdns生成错误的缓存记录.
|
|
218
188
|
|
|
219
189
|
## 未实现的功能
|
|
220
|
-
|
|
221
190
|
- [ ] 复用相同域名的并行查询
|
package/lib/cli.js
CHANGED
|
@@ -5,7 +5,7 @@ const commander_1 = require("commander");
|
|
|
5
5
|
const server_1 = require("./server");
|
|
6
6
|
const router_1 = require("./router");
|
|
7
7
|
const ip_whitelist_1 = require("./ip-whitelist");
|
|
8
|
-
const
|
|
8
|
+
const hostname_list_1 = require("./hostname-list");
|
|
9
9
|
const tester_1 = require("./tester");
|
|
10
10
|
const create_dns_resolver_1 = require("./utils/create-dns-resolver");
|
|
11
11
|
const errors_1 = require("@blackglory/errors");
|
|
@@ -21,6 +21,7 @@ commander_1.program
|
|
|
21
21
|
.option('--port <port>', '', '53')
|
|
22
22
|
.option('--ip-whitelist <filename>', '', 'ip-whitelist.txt')
|
|
23
23
|
.option('--hostname-whitelist <filename>', '', 'hostname-whitelist.txt')
|
|
24
|
+
.option('--hostname-blacklist <filename>', '', 'hostname-blacklist.txt')
|
|
24
25
|
.option('--route-cache <filename>', '', 'route.txt')
|
|
25
26
|
.option('--test-cache <filename>', '', 'test.txt')
|
|
26
27
|
.option('--test-timeout <ms>', '', '200')
|
|
@@ -35,12 +36,14 @@ commander_1.program
|
|
|
35
36
|
});
|
|
36
37
|
const untrustedResolver = (0, create_dns_resolver_1.createDNSResolver)(options.untrustedServer);
|
|
37
38
|
const ipWhitelist = await ip_whitelist_1.IPWhitelist.create(options.ipWhitelistFilename);
|
|
38
|
-
const hostnameWhitelist = await
|
|
39
|
+
const hostnameWhitelist = await hostname_list_1.HostnameList.create(options.hostnameWhitelistFilename);
|
|
40
|
+
const hostnameBlacklist = await hostname_list_1.HostnameList.create(options.hostnameBlacklistFilename);
|
|
39
41
|
const router = await router_1.Router.create({
|
|
40
42
|
tester,
|
|
41
43
|
untrustedResolver,
|
|
42
44
|
ipWhitelist,
|
|
43
45
|
hostnameWhitelist,
|
|
46
|
+
hostnameBlacklist,
|
|
44
47
|
cacheFilename: options.routeCacheFilename,
|
|
45
48
|
looseMode: options.looseMode
|
|
46
49
|
});
|
|
@@ -68,6 +71,7 @@ function getOptions() {
|
|
|
68
71
|
const port = Number.parseInt(opts.port, 10);
|
|
69
72
|
const ipWhitelistFilename = opts.ipWhitelist;
|
|
70
73
|
const hostnameWhitelistFilename = opts.hostnameWhitelist;
|
|
74
|
+
const hostnameBlacklistFilename = opts.hostnameBlacklist;
|
|
71
75
|
const routeCacheFilename = opts.routeCache;
|
|
72
76
|
const testCacheFilename = opts.testCache;
|
|
73
77
|
(0, errors_1.assert)(/^\d+$/.test(opts.testTimeout), 'The parameter test timeout must be integer');
|
|
@@ -81,6 +85,7 @@ function getOptions() {
|
|
|
81
85
|
port,
|
|
82
86
|
ipWhitelistFilename,
|
|
83
87
|
hostnameWhitelistFilename,
|
|
88
|
+
hostnameBlacklistFilename,
|
|
84
89
|
routeCacheFilename,
|
|
85
90
|
testCacheFilename,
|
|
86
91
|
testTimeout,
|
package/lib/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;AACA,yCAAmC;AACnC,qCAAsC;AACtC,qCAAiC;AACjC,iDAA4C;AAC5C,
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;AACA,yCAAmC;AACnC,qCAAsC;AACtC,qCAAiC;AACjC,iDAA4C;AAC5C,mDAA8C;AAC9C,qCAAiC;AACjC,oEAA8D;AAC9D,+CAA2C;AAC3C,+CAA8E;AAC9E,gEAA0D;AAE1D,mBAAO;KACJ,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC;KACrC,OAAO,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC;KAC3C,WAAW,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,WAAW,CAAC;KACnD,MAAM,CAAC,wBAAwB,EAAE,EAAE,CAAC;KACpC,MAAM,CAAC,6BAA6B,EAAE,EAAE,CAAC;KACzC,MAAM,CAAC,2BAA2B,EAAE,EAAE,CAAC;KACvC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE,IAAI,CAAC;KACjC,MAAM,CAAC,2BAA2B,EAAE,EAAE,EAAE,kBAAkB,CAAC;KAC3D,MAAM,CAAC,iCAAiC,EAAE,EAAE,EAAE,wBAAwB,CAAC;KACvE,MAAM,CAAC,iCAAiC,EAAE,EAAE,EAAE,wBAAwB,CAAC;KACvE,MAAM,CAAC,0BAA0B,EAAE,EAAE,EAAE,WAAW,CAAC;KACnD,MAAM,CAAC,yBAAyB,EAAE,EAAE,EAAE,UAAU,CAAC;KACjD,MAAM,CAAC,qBAAqB,EAAE,EAAE,EAAE,KAAK,CAAC;KACxC,MAAM,CAAC,eAAe,EAAE,EAAE,EAAE,MAAM,CAAC;KACnC,MAAM,CAAC,cAAc,CAAC;KACtB,MAAM,CAAC,KAAK,IAAI,EAAE;IACjB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAA;IAC5B,MAAM,MAAM,GAAG,MAAM,eAAM,CAAC,MAAM,CAAC;QACjC,MAAM,EAAE,OAAO,CAAC,UAAU;QAC1B,OAAO,EAAE,OAAO,CAAC,WAAW;QAC5B,aAAa,EAAE,OAAO,CAAC,iBAAiB;KACzC,CAAC,CAAA;IACF,MAAM,iBAAiB,GAAG,IAAA,uCAAiB,EAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IACpE,MAAM,WAAW,GAAG,MAAM,0BAAW,CAAC,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IACzE,MAAM,iBAAiB,GAAG,MAAM,4BAAY,CAAC,MAAM,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAA;IACtF,MAAM,iBAAiB,GAAG,MAAM,4BAAY,CAAC,MAAM,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAA;IACtF,MAAM,MAAM,GAAG,MAAM,eAAM,CAAC,MAAM,CAAC;QACjC,MAAM;QACN,iBAAiB;QACjB,WAAW;QACX,iBAAiB;QACjB,iBAAiB;QACjB,aAAa,EAAE,OAAO,CAAC,kBAAkB;QACzC,SAAS,EAAE,OAAO,CAAC,SAAS;KAC7B,CAAC,CAAA;IACF,MAAM,MAAM,GAAG,IAAI,qBAAM,CAAC;QACxB,KAAK,EAAE,OAAO,CAAC,QAAQ;QACvB,SAAS,EAAE,IAAI,gCAAiB,CAAC,EAAE,CAAC;KACrC,CAAC,CAAA;IAEF,MAAM,eAAe,GAAG,IAAA,mCAAe,EAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IAChE,MAAM,aAAa,GAAG,IAAA,mCAAe,EAAC,OAAO,CAAC,aAAa,CAAC,CAAA;IAE5D,IAAA,oBAAW,EAAC;QACV,MAAM;QACN,MAAM;QACN,aAAa;QACb,eAAe;QACf,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAC,CAAA;AACJ,CAAC,CAAC;KACD,KAAK,EAAE,CAAA;AAEV,SAAS,UAAU;IACjB,MAAM,IAAI,GAAG,mBAAO,CAAC,IAAI,EAAE,CAAA;IAE3B,MAAM,UAAU,GAAW,IAAI,CAAC,UAAU,CAAA;IAC1C,MAAM,eAAe,GAAW,IAAI,CAAC,eAAe,CAAA;IACpD,MAAM,aAAa,GAAW,IAAI,CAAC,aAAa,CAAA;IAEhD,IAAA,eAAM,EAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,oCAAoC,CAAC,CAAA;IACrE,MAAM,IAAI,GAAW,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IAEnD,MAAM,mBAAmB,GAAW,IAAI,CAAC,WAAW,CAAA;IACpD,MAAM,yBAAyB,GAAW,IAAI,CAAC,iBAAiB,CAAA;IAChE,MAAM,yBAAyB,GAAW,IAAI,CAAC,iBAAiB,CAAA;IAChE,MAAM,kBAAkB,GAAW,IAAI,CAAC,UAAU,CAAA;IAClD,MAAM,iBAAiB,GAAW,IAAI,CAAC,SAAS,CAAA;IAEhD,IAAA,eAAM,EAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,4CAA4C,CAAC,CAAA;IACpF,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;IAEzD,MAAM,QAAQ,GAAU,IAAA,4BAAa,EAAC,IAAI,CAAC,GAAG,EAAE,oBAAK,CAAC,IAAI,CAAC,CAAA;IAC3D,MAAM,SAAS,GAAY,IAAI,CAAC,SAAS,CAAA;IAEzC,OAAO;QACL,UAAU;QACV,eAAe;QACf,aAAa;QACb,IAAI;QACJ,mBAAmB;QACnB,yBAAyB;QACzB,yBAAyB;QACzB,kBAAkB;QAClB,iBAAiB;QACjB,WAAW;QACX,QAAQ;QACR,SAAS;KACV,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.HostnameList = void 0;
|
|
4
|
+
const hostname_list_file_1 = require("./utils/hostname-list-file");
|
|
5
|
+
const extra_filesystem_1 = require("extra-filesystem");
|
|
6
|
+
class HostnameList {
|
|
7
|
+
constructor(patterns) {
|
|
8
|
+
this.patterns = patterns;
|
|
9
|
+
}
|
|
10
|
+
static async create(filename) {
|
|
11
|
+
await (0, extra_filesystem_1.ensureFile)(filename);
|
|
12
|
+
const patterns = await (0, hostname_list_file_1.readHostnameListFile)(filename);
|
|
13
|
+
return new HostnameList(patterns);
|
|
14
|
+
}
|
|
15
|
+
includes(hostname) {
|
|
16
|
+
return this.patterns.some(x => x.match(hostname));
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
exports.HostnameList = HostnameList;
|
|
20
|
+
//# sourceMappingURL=hostname-list.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hostname-list.js","sourceRoot":"","sources":["../src/hostname-list.ts"],"names":[],"mappings":";;;AAAA,kEAAgE;AAEhE,uDAA6C;AAE7C,MAAa,YAAY;IACvB,YAA4B,QAA2B;QAA3B,aAAQ,GAAR,QAAQ,CAAmB;IAAG,CAAC;IAE3D,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,QAAgB;QAClC,MAAM,IAAA,6BAAU,EAAC,QAAQ,CAAC,CAAA;QAC1B,MAAM,QAAQ,GAAG,MAAM,IAAA,yCAAoB,EAAC,QAAQ,CAAC,CAAA;QAErD,OAAO,IAAI,YAAY,CAAC,QAAQ,CAAC,CAAA;IACnC,CAAC;IAED,QAAQ,CAAC,QAAgB;QACvB,OAAO,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;IACnD,CAAC;CACF;AAbD,oCAaC"}
|
package/lib/router.js
CHANGED
|
@@ -9,7 +9,7 @@ var Target;
|
|
|
9
9
|
Target[Target["Trusted"] = 1] = "Trusted";
|
|
10
10
|
})(Target = exports.Target || (exports.Target = {}));
|
|
11
11
|
class Router {
|
|
12
|
-
constructor(cacheFilename, cache, looseMode, tester, untrustedResolver, ipWhitelist, hostnameWhitelist) {
|
|
12
|
+
constructor(cacheFilename, cache, looseMode, tester, untrustedResolver, ipWhitelist, hostnameWhitelist, hostnameBlacklist) {
|
|
13
13
|
this.cacheFilename = cacheFilename;
|
|
14
14
|
this.cache = cache;
|
|
15
15
|
this.looseMode = looseMode;
|
|
@@ -17,21 +17,25 @@ class Router {
|
|
|
17
17
|
this.untrustedResolver = untrustedResolver;
|
|
18
18
|
this.ipWhitelist = ipWhitelist;
|
|
19
19
|
this.hostnameWhitelist = hostnameWhitelist;
|
|
20
|
+
this.hostnameBlacklist = hostnameBlacklist;
|
|
20
21
|
}
|
|
21
22
|
static async create(options) {
|
|
22
23
|
const tester = options.tester;
|
|
23
24
|
const untrustedResolver = options.untrustedResolver;
|
|
24
25
|
const ipWhitelist = options.ipWhitelist;
|
|
25
26
|
const hostnameWhitelist = options.hostnameWhitelist;
|
|
27
|
+
const hostnameBlacklist = options.hostnameBlacklist;
|
|
26
28
|
const cacheFilename = options.cacheFilename;
|
|
27
29
|
const looseMode = options.looseMode;
|
|
28
30
|
const cache = await (0, map_file_1.readMapFile)(cacheFilename);
|
|
29
31
|
await (0, map_file_1.writeMapFile)(cacheFilename, cache);
|
|
30
|
-
return new Router(cacheFilename, cache, looseMode, tester, untrustedResolver, ipWhitelist, hostnameWhitelist);
|
|
32
|
+
return new Router(cacheFilename, cache, looseMode, tester, untrustedResolver, ipWhitelist, hostnameWhitelist, hostnameBlacklist);
|
|
31
33
|
}
|
|
32
34
|
async getTarget(hostname) {
|
|
33
35
|
if (this.inHostnameWhitelist(hostname))
|
|
34
36
|
return Target.Untrusted;
|
|
37
|
+
if (this.inHostnameBlacklist(hostname))
|
|
38
|
+
return Target.Trusted;
|
|
35
39
|
if (this.cache.has(hostname)) {
|
|
36
40
|
return this.cache.get(hostname);
|
|
37
41
|
}
|
|
@@ -73,6 +77,9 @@ class Router {
|
|
|
73
77
|
inHostnameWhitelist(hostname) {
|
|
74
78
|
return this.hostnameWhitelist.includes(hostname);
|
|
75
79
|
}
|
|
80
|
+
inHostnameBlacklist(hostname) {
|
|
81
|
+
return this.hostnameBlacklist.includes(hostname);
|
|
82
|
+
}
|
|
76
83
|
setCache(hostname, result) {
|
|
77
84
|
this.cache.set(hostname, result);
|
|
78
85
|
(0, map_file_1.appendMapFile)(this.cacheFilename, hostname, result);
|
package/lib/router.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.js","sourceRoot":"","sources":["../src/router.ts"],"names":[],"mappings":";;;AAIA,8CAA0E;AAC1E,gDAA2C;AAE3C,IAAY,MAGX;AAHD,WAAY,MAAM;IAChB,6CAAa,CAAA;IACb,yCAAW,CAAA;AACb,CAAC,EAHW,MAAM,GAAN,cAAM,KAAN,cAAM,QAGjB;AAED,MAAa,MAAM;IACjB,YACU,aAAqB,EACrB,KAA0B,EAC1B,SAAkB,EAClB,MAAc,EACd,iBAA+B,EAC/B,WAAwB,EACxB,
|
|
1
|
+
{"version":3,"file":"router.js","sourceRoot":"","sources":["../src/router.ts"],"names":[],"mappings":";;;AAIA,8CAA0E;AAC1E,gDAA2C;AAE3C,IAAY,MAGX;AAHD,WAAY,MAAM;IAChB,6CAAa,CAAA;IACb,yCAAW,CAAA;AACb,CAAC,EAHW,MAAM,GAAN,cAAM,KAAN,cAAM,QAGjB;AAED,MAAa,MAAM;IACjB,YACU,aAAqB,EACrB,KAA0B,EAC1B,SAAkB,EAClB,MAAc,EACd,iBAA+B,EAC/B,WAAwB,EACxB,iBAA+B,EAC/B,iBAA+B;QAP/B,kBAAa,GAAb,aAAa,CAAQ;QACrB,UAAK,GAAL,KAAK,CAAqB;QAC1B,cAAS,GAAT,SAAS,CAAS;QAClB,WAAM,GAAN,MAAM,CAAQ;QACd,sBAAiB,GAAjB,iBAAiB,CAAc;QAC/B,gBAAW,GAAX,WAAW,CAAa;QACxB,sBAAiB,GAAjB,iBAAiB,CAAc;QAC/B,sBAAiB,GAAjB,iBAAiB,CAAc;IACtC,CAAC;IAEJ,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAQnB;QACC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAA;QAC7B,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;QACnD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAA;QACvC,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;QACnD,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAA;QACnD,MAAM,aAAa,GAAG,OAAO,CAAC,aAAa,CAAA;QAC3C,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,CAAA;QAEnC,MAAM,KAAK,GAAG,MAAM,IAAA,sBAAW,EAAiB,aAAa,CAAC,CAAA;QAG9D,MAAM,IAAA,uBAAY,EAAC,aAAa,EAAE,KAAK,CAAC,CAAA;QAExC,OAAO,IAAI,MAAM,CACf,aAAa,EACb,KAAK,EACL,SAAS,EACT,MAAM,EACN,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,iBAAiB,CAClB,CAAA;IACH,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,QAAgB;QAC9B,IAAI,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC;YAAE,OAAO,MAAM,CAAC,SAAS,CAAA;QAC/D,IAAI,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC;YAAE,OAAO,MAAM,CAAC,OAAO,CAAA;QAE7D,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE;YAC5B,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAE,CAAA;SACjC;aAAM;YACL,IAAI,IAAI,CAAC,SAAS,EAAE;gBAClB,cAAc,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAC,CAAA;gBAC1D,OAAO,MAAM,CAAC,SAAS,CAAA;aACxB;iBAAM;gBACL,OAAO,MAAM,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,CAAA;aAClD;SACF;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,QAAgB;QAC1C,IAAI,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE;YAC1C,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;YACvC,OAAO,MAAM,CAAC,OAAO,CAAA;SACtB;aAAM;YACL,MAAM,SAAS,GAAG,MAAM,IAAA,oBAAQ,EAAC,IAAI,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAA;YAClE,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE;gBACxB,IAAI,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE;oBACjC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,CAAA;oBACzC,OAAO,MAAM,CAAC,SAAS,CAAA;iBACxB;qBAAM;oBACL,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,CAAA;oBACvC,OAAO,MAAM,CAAC,OAAO,CAAA;iBACtB;aACF;iBAAM;gBACL,OAAO,MAAM,CAAC,OAAO,CAAA;aACtB;SACF;IACH,CAAC;IAEO,aAAa,CAAC,SAAmB;QACvC,OAAO,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAA;IAC1D,CAAC;IAEO,mBAAmB,CAAC,QAAgB;QAC1C,OAAO,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IAClD,CAAC;IAEO,mBAAmB,CAAC,QAAgB;QAC1C,OAAO,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IAClD,CAAC;IAEO,QAAQ,CAAC,QAAgB,EAAE,MAAc;QAC/C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;QAChC,IAAA,wBAAa,EAAC,IAAI,CAAC,aAAa,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAA;IACrD,CAAC;CACF;AAlGD,wBAkGC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "fcdns",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.15",
|
|
4
4
|
"description": "DNS relay server with fact-checking.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"dns"
|
|
@@ -38,9 +38,9 @@
|
|
|
38
38
|
"@types/ms": "^0.7.31",
|
|
39
39
|
"@types/node": "14",
|
|
40
40
|
"@types/ping": "^0.4.1",
|
|
41
|
-
"@typescript-eslint/eslint-plugin": "^5.
|
|
42
|
-
"@typescript-eslint/parser": "^5.
|
|
43
|
-
"eslint": "^8.
|
|
41
|
+
"@typescript-eslint/eslint-plugin": "^5.19.0",
|
|
42
|
+
"@typescript-eslint/parser": "^5.19.0",
|
|
43
|
+
"eslint": "^8.13.0",
|
|
44
44
|
"husky": "4",
|
|
45
45
|
"internet-number": "^3.0.1",
|
|
46
46
|
"jest": "^27.5.1",
|
|
@@ -55,19 +55,19 @@
|
|
|
55
55
|
"dependencies": {
|
|
56
56
|
"@blackglory/errors": "^2.2.1",
|
|
57
57
|
"@blackglory/go": "^1.0.0",
|
|
58
|
-
"@blackglory/types": "^1.0
|
|
58
|
+
"@blackglory/types": "^1.1.0",
|
|
59
59
|
"address-range": "^0.2.9",
|
|
60
60
|
"chalk": "^4.1.2",
|
|
61
|
-
"commander": "^9.
|
|
61
|
+
"commander": "^9.2.0",
|
|
62
62
|
"extra-filesystem": "^0.4.2",
|
|
63
|
-
"extra-logger": "^0.6.
|
|
63
|
+
"extra-logger": "^0.6.6",
|
|
64
64
|
"extra-promise": "^1.0.2",
|
|
65
|
-
"iterable-operator": "^1.0
|
|
65
|
+
"iterable-operator": "^1.1.0",
|
|
66
66
|
"ms": "^2.1.3",
|
|
67
|
-
"native-node-dns": "
|
|
67
|
+
"native-node-dns": "0.7.6",
|
|
68
|
+
"native-node-dns-packet": "0.1.5",
|
|
68
69
|
"patch-package": "^6.4.7",
|
|
69
70
|
"ping": "^0.4.1",
|
|
70
|
-
"postinstall-postinstall": "^2.1.0",
|
|
71
71
|
"return-style": "^1.0.0"
|
|
72
72
|
}
|
|
73
73
|
}
|