block

package module

v0.0.0-...-ce3bd7b Latest Latest Go to latest Published: Mar 6, 2024 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spr-networks/coredns-block

Links

Open Source Insights

README ¶

block

This is an updated version of miekg's block plugin from https://github.com/miekg/block

Supports multiple lists
Integrated with SPR for applying blocklists by tag, provide API for managing lists.
Has support for per-client overrides and expiring entries

Name

block - blocks domains

Description

The block plugin will block any domain that is on the block lists. The block lists are downloaded on startup or otherwise once a week -- can also be updated by configuration in the spr-api.

For a domain that is blocked we will return a NXDOMAIN response.

Syntax

block enable_superapi

Metrics

If monitoring is enabled (via the prometheus directive) the following metric is exported:

coredns_block_count_total{server} - counter of total number of blocked domains.

The server label indicates which server handled the request, see the metrics plugin for details.

Examples

Block all domain on the block list.

. {
  forward . 9.9.9.9
  block
}

On startup the block lists are downloaded, and assuming 005.example.org is on the list, it will be blocked, including any subdomains.

[INFO] plugin/block: Block lists updated: 226126 domains added
[INFO] plugin/block: Blocked 005.example.org.
[INFO] plugin/block: Blocked www.005.example.org.

Documentation ¶

Overview ¶

Package example is a CoreDNS plugin that prints "example" to stdout on every packet received.

It serves as an example CoreDNS plugin with numerous code comments.

Index ¶

Variables
func APIDevices() (map[string]DeviceEntry, error)
func BoltOpen(filename string) *bolt.DB
func IPHasTags(IP string, applied_tags []string) bool
func IPQuarantined(IP string) bool
type Block
- func New() *Block
- func (b *Block) Name() string
- func (b *Block) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error)
- func (b *Block) ShouldRetryRefresh() bool
- func (b *Block) UpdateDomains(update map[string]DomainValue) error
type BlockMetrics
type BucketItem
- func (item *BucketItem) DecodeValue(rawValue []byte) error
- func (item *BucketItem) EncodeKey() []byte
- func (item *BucketItem) EncodeValue() ([]byte, error)
type DNSBlockEvent
- func (i *DNSBlockEvent) String() string
type DNSOverrideEvent
- func (i *DNSOverrideEvent) String() string
type DeviceEntry
type DomainOverride
type DomainValue
type ListEntry
type PSKEntry
type SPRBlockConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrBucketList        = errors.New("error listing buckets")
	ErrBucketGet         = errors.New("error retrieving bucket")
	ErrBucketMissing     = errors.New("bucket doesn't exist")
	ErrBucketCreate      = errors.New("error creating bucket")
	ErrBucketDelete      = errors.New("error deleting bucket")
	ErrBucketDecodeName  = errors.New("error reading bucket name")
	ErrBucketInvalidName = errors.New("invalid bucket name")
	ErrBucketItemDecode  = errors.New("error reading bucket item")
	ErrBucketItemEncode  = errors.New("error encoding bucket item")
	ErrBucketItemGet     = errors.New("error getting bucket item")
	ErrBucketItemCreate  = errors.New("error creating bucket item")
	ErrBucketItemUpdate  = errors.New("error updating bucket item")
	ErrBucketItemDelete  = errors.New("error deleting bucket item")
)

View Source

var BLmtx sync.RWMutex

View Source

var CONFIG_PATH = TEST_PREFIX + "/state/dns/block_rules.json"

View Source

var Configmtx sync.Mutex

View Source

var DLmtx sync.RWMutex

View Source

var DevicesConfigPath = TEST_PREFIX + "/configs/devices/"

View Source

var DevicesPublicConfigFile = TEST_PREFIX + "/state/public/devices-public.json"

View Source

var Dmtx sync.RWMutex

View Source

var IPPolicyMap = make(map[string][]string)

View Source

var IPTagMap = make(map[string][]string)

View Source

var IPTagmtx sync.RWMutex

View Source

var Stagemtx sync.RWMutex

View Source

var TEST_PREFIX = os.Getenv("TEST_PREFIX")

View Source

var UNIX_PLUGIN_LISTENER = TEST_PREFIX + "/state/dns/dns_block_plugin"

Functions ¶

func APIDevices ¶

func APIDevices() (map[string]DeviceEntry, error)

func BoltOpen ¶

func BoltOpen(filename string) *bolt.DB

func IPHasTags ¶

func IPHasTags(IP string, applied_tags []string) bool

func IPQuarantined ¶

func IPQuarantined(IP string) bool

Types ¶

type Block ¶

type Block struct {
	Db     *bolt.DB
	DbPath string
	Next   plugin.Handler
	// contains filtered or unexported fields
}

Block is the block plugin.

func New ¶

func New() *Block

func (*Block) Name ¶

func (b *Block) Name() string

Name implements the Handler interface.

func (*Block) ServeDNS ¶

func (b *Block) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error)

ServeDNS implements the plugin.Handler interface.

func (*Block) ShouldRetryRefresh ¶

func (b *Block) ShouldRetryRefresh() bool

func (*Block) UpdateDomains ¶

func (b *Block) UpdateDomains(update map[string]DomainValue) error

type BlockMetrics ¶

type BlockMetrics struct {
	TotalQueries   int64
	BlockedQueries int64
	BlockedDomains int64
}

type BucketItem ¶

type BucketItem struct {
	Key   string
	Value DomainValue
}

func (*BucketItem) DecodeValue ¶

func (item *BucketItem) DecodeValue(rawValue []byte) error

func (*BucketItem) EncodeKey ¶

func (item *BucketItem) EncodeKey() []byte

func (*BucketItem) EncodeValue ¶

func (item *BucketItem) EncodeValue() ([]byte, error)

type DNSBlockEvent ¶

type DNSBlockEvent struct {
	ClientIP string
	Name     string
}

func (*DNSBlockEvent) String ¶

func (i *DNSBlockEvent) String() string

type DNSOverrideEvent ¶

type DNSOverrideEvent struct {
	ClientIP string
	IP       string // the new IP response
	Name     string
}

func (*DNSOverrideEvent) String ¶

func (i *DNSOverrideEvent) String() string

type DeviceEntry ¶

type DeviceEntry struct {
	Name       string
	MAC        string
	WGPubKey   string
	VLANTag    string
	RecentIP   string
	PSKEntry   PSKEntry
	Policies   []string //tbd: dns quarantine mode in the future?
	Groups     []string
	DeviceTags []string
}

type DomainOverride ¶

type DomainOverride struct {
	Type       string // Permit or Block
	Domain     string //
	ResultIP   string //ip to return
	ClientIP   string //target to apply to, '*' for all
	Expiration int64  //if non zero has unix time for when the entry should disappear
	Tags       []string
}

type DomainValue ¶

type DomainValue struct {
	List_ids []int
	Disabled bool
}

type ListEntry ¶

type ListEntry struct {
	URI     string
	Enabled bool
	Tags    []string //tags for which the list applies to
}

type PSKEntry ¶

type PSKEntry struct {
	Type string
	Psk  string
}

type SPRBlockConfig ¶

type SPRBlockConfig struct {
	BlockLists         []ListEntry //list of URIs with DNS block lists
	PermitDomains      []DomainOverride
	BlockDomains       []DomainOverride
	ClientIPExclusions []string //these IPs should not have ad blocking
	RefreshSeconds     int
	QuarantineHostIP   string //for devices in quarantine mode
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL