DNS outbound: Add skipRcodes

infra/conf/dns_proxy.go

@@ -14,6 +14,7 @@ type DNSOutboundConfig struct {
 	UserLevel  uint32   `json:"userLevel"`
 	NonIPQuery string   `json:"nonIPQuery"`
 	BlockTypes []int32  `json:"blockTypes"`
+	SkipRCodes []uint32 `json:"skipRCodes"`
 }
 
 func (c *DNSOutboundConfig) Build() (proto.Message, error) {
@@ -36,5 +37,6 @@ func (c *DNSOutboundConfig) Build() (proto.Message, error) {
 	}
 	config.Non_IPQuery = c.NonIPQuery
 	config.BlockTypes = c.BlockTypes
+	config.Skip_RCodes = c.SkipRCodes
 	return config, nil
 }

proxy/dns/config.pb.go

@@ -32,6 +32,7 @@ type Config struct {
 	UserLevel   uint32        `protobuf:"varint,2,opt,name=user_level,json=userLevel,proto3" json:"user_level,omitempty"`
 	Non_IPQuery string        `protobuf:"bytes,3,opt,name=non_IP_query,json=nonIPQuery,proto3" json:"non_IP_query,omitempty"`
 	BlockTypes  []int32       `protobuf:"varint,4,rep,packed,name=block_types,json=blockTypes,proto3" json:"block_types,omitempty"`
+	Skip_RCodes []uint32      `protobuf:"varint,5,rep,packed,name=skip_R_codes,json=skipRCodes,proto3" json:"skip_R_codes,omitempty"`
 }
 
 func (x *Config) Reset() {
@@ -92,6 +93,13 @@ func (x *Config) GetBlockTypes() []int32 {
 	return nil
 }
 
+func (x *Config) GetSkip_RCodes() []uint32 {
+	if x != nil {
+		return x.Skip_RCodes
+	}
+	return nil
+}
+
 var File_proxy_dns_config_proto protoreflect.FileDescriptor
 
 var file_proxy_dns_config_proto_rawDesc = []byte{
@@ -99,7 +107,7 @@ var file_proxy_dns_config_proto_rawDesc = []byte{
 	0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x70,
 	0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x1a, 0x1c, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e,
 	0x2f, 0x6e, 0x65, 0x74, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9d, 0x01, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xbf, 0x01, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69,
 	0x67, 0x12, 0x31, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28,
 	0x0b, 0x32, 0x19, 0x2e, 0x78, 0x72, 0x61, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e,
 	0x6e, 0x65, 0x74, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x06, 0x73, 0x65,
@@ -109,12 +117,14 @@ var file_proxy_dns_config_proto_rawDesc = []byte{
 	0x65, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6e, 0x6f, 0x6e, 0x49, 0x50,
 	0x51, 0x75, 0x65, 0x72, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x5f, 0x74,
 	0x79, 0x70, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x05, 0x52, 0x0a, 0x62, 0x6c, 0x6f, 0x63,
-	0x6b, 0x54, 0x79, 0x70, 0x65, 0x73, 0x42, 0x4c, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e, 0x78, 0x72,
-	0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01, 0x5a, 0x23,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c, 0x73, 0x2f,
-	0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f,
-	0x64, 0x6e, 0x73, 0xaa, 0x02, 0x0e, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79,
-	0x2e, 0x44, 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6b, 0x54, 0x79, 0x70, 0x65, 0x73, 0x12, 0x20, 0x0a, 0x0c, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x52,
+	0x5f, 0x63, 0x6f, 0x64, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x0a, 0x73, 0x6b,
+	0x69, 0x70, 0x52, 0x43, 0x6f, 0x64, 0x65, 0x73, 0x42, 0x4c, 0x0a, 0x12, 0x63, 0x6f, 0x6d, 0x2e,
+	0x78, 0x72, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x64, 0x6e, 0x73, 0x50, 0x01,
+	0x5a, 0x23, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x78, 0x74, 0x6c,
+	0x73, 0x2f, 0x78, 0x72, 0x61, 0x79, 0x2d, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x78,
+	0x79, 0x2f, 0x64, 0x6e, 0x73, 0xaa, 0x02, 0x0e, 0x58, 0x72, 0x61, 0x79, 0x2e, 0x50, 0x72, 0x6f,
+	0x78, 0x79, 0x2e, 0x44, 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (

proxy/dns/config.proto

@@ -15,4 +15,5 @@ message Config {
   uint32 user_level = 2;
   string non_IP_query = 3;
   repeated int32 block_types = 4;
+  repeated uint32 skip_R_codes = 5;
 }

proxy/dns/dns.go

@@ -51,6 +51,7 @@ type Handler struct {
 	timeout         time.Duration
 	nonIPQuery      string
 	blockTypes      []int32
+	skipRCodes      []uint32
 }
 
 func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager policy.Manager) error {
@@ -66,6 +67,7 @@ func (h *Handler) Init(config *Config, dnsClient dns.Client, policyManager polic
 	}
 	h.nonIPQuery = config.Non_IPQuery
 	h.blockTypes = config.BlockTypes
+	h.skipRCodes = config.Skip_RCodes
 	return nil
 }
 
@@ -193,9 +195,10 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 					}
 				}
 				if isIPQuery {
-					go h.handleIPQuery(id, qType, domain, writer)
+					go h.handleIPQuery(id, qType, domain, writer, connWriter, b)
+					continue
 				}
-				if isIPQuery || h.nonIPQuery == "drop" {
+				if h.nonIPQuery == "drop" {
 					b.Release()
 					continue
 				}
@@ -233,7 +236,7 @@ func (h *Handler) Process(ctx context.Context, link *transport.Link, d internet.
 	return nil
 }
 
-func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string, writer dns_proto.MessageWriter) {
+func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string, writer, conWriter dns_proto.MessageWriter, msg *buf.Buffer) {
 	var ips []net.IP
 	var err error
 
@@ -256,6 +259,16 @@ func (h *Handler) handleIPQuery(id uint16, qType dnsmessage.Type, domain string,
 	}
 
 	rcode := dns.RCodeFromError(err)
+	if rcode > 0 && len(h.skipRCodes) > 0 {
+		for _, skip := range h.skipRCodes {
+			if uint16(skip) == rcode {
+				conWriter.WriteMessage(msg)
+				errors.LogInfo(context.Background(), "skipped IP query with rcode ", rcode, " for domain ", domain)
+				return
+			}
+		}
+	}
+	msg.Release()
 	if rcode == 0 && len(ips) == 0 && !go_errors.Is(err, dns.ErrEmptyResponse) {
 		errors.LogInfoInner(context.Background(), err, "ip query")
 		return