Further refactoring

Author: qdm12

cmd/gluetun/main.go

@@ -367,18 +367,18 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 		"port forwarding", goroutine.OptionTimeout(time.Second))
 	go portForwardLooper.Run(portForwardCtx, portForwardDone)
 
-	unboundLogger := logger.New(log.SetComponent("dns over tls"))
-	unboundLooper := dns.NewLoop(allSettings.DNS, httpClient,
-		unboundLogger)
+	dnsLogger := logger.New(log.SetComponent("dns"))
+	dnsLooper := dns.NewLoop(allSettings.DNS, httpClient,
+		dnsLogger)
 	dnsHandler, dnsCtx, dnsDone := goshutdown.NewGoRoutineHandler(
 		"dns", goroutine.OptionTimeout(defaultShutdownTimeout))
-	// wait for unboundLooper.Restart or its ticker launched with RunRestartTicker
-	go unboundLooper.Run(dnsCtx, dnsDone)
+	// wait for dnsLooper.Restart or its ticker launched with RunRestartTicker
+	go dnsLooper.Run(dnsCtx, dnsDone)
 	otherGroupHandler.Add(dnsHandler)
 
 	dnsTickerHandler, dnsTickerCtx, dnsTickerDone := goshutdown.NewGoRoutineHandler(
 		"dns ticker", goroutine.OptionTimeout(defaultShutdownTimeout))
-	go unboundLooper.RunRestartTicker(dnsTickerCtx, dnsTickerDone)
+	go dnsLooper.RunRestartTicker(dnsTickerCtx, dnsTickerDone)
 	controlGroupHandler.Add(dnsTickerHandler)
 
 	ipFetcher := ipinfo.New(httpClient)
@@ -406,7 +406,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 	vpnLogger := logger.New(log.SetComponent("vpn"))
 	vpnLooper := vpn.NewLoop(allSettings.VPN, ipv6Supported, allSettings.Firewall.VPNInputPorts,
 		providers, storage, ovpnConf, netLinker, firewallConf, routingConf, portForwardLooper,
-		cmder, publicIPLooper, unboundLooper, vpnLogger, httpClient,
+		cmder, publicIPLooper, dnsLooper, vpnLogger, httpClient,
 		buildInfo, *allSettings.Version.Enabled)
 	vpnHandler, vpnCtx, vpnDone := goshutdown.NewGoRoutineHandler(
 		"vpn", goroutine.OptionTimeout(time.Second))
@@ -446,7 +446,7 @@ func _main(ctx context.Context, buildInfo models.BuildInformation,
 		"http server", goroutine.OptionTimeout(defaultShutdownTimeout))
 	httpServer, err := server.New(httpServerCtx, controlServerAddress, controlServerLogging,
 		logger.New(log.SetComponent("http server")),
-		buildInfo, vpnLooper, portForwardLooper, unboundLooper, updaterLooper, publicIPLooper,
+		buildInfo, vpnLooper, portForwardLooper, dnsLooper, updaterLooper, publicIPLooper,
 		storage, ipv6Supported)
 	if err != nil {
 		return fmt.Errorf("setting up control server: %w", err)

internal/configuration/settings/dot.go

@@ -3,8 +3,10 @@ package settings
 import (
 	"errors"
 	"fmt"
+	"net/netip"
 	"time"
 
+	"github.com/qdm12/dns/v2/pkg/provider"
 	"github.com/qdm12/gosettings"
 	"github.com/qdm12/gotree"
 )
@@ -15,14 +17,18 @@ type DoT struct {
 	// and used. It defaults to true, and cannot be nil
 	// in the internal state.
 	Enabled *bool
-	// UpdatePeriod is the period to update DNS block
-	// lists and cryptographic files for DNSSEC validation.
+	// UpdatePeriod is the period to update DNS block lists.
 	// It can be set to 0 to disable the update.
 	// It defaults to 24h and cannot be nil in
 	// the internal state.
 	UpdatePeriod *time.Duration
-	// Unbound contains settings to configure Unbound.
-	Unbound Unbound
+	// Providers is a list of DNS over TLS providers
+	Providers []string `json:"providers"`
+	// Caching is true if the DoT server should cache
+	// DNS responses.
+	Caching *bool `json:"caching"`
+	// IPv6 is true if the DoT server should connect over IPv6.
+	IPv6 *bool `json:"ipv6"`
 	// Blacklist contains settings to configure the filter
 	// block lists.
 	Blacklist DNSBlacklist
@@ -39,9 +45,11 @@ func (d DoT) validate() (err error) {
 			ErrDoTUpdatePeriodTooShort, *d.UpdatePeriod, minUpdatePeriod)
 	}
 
-	err = d.Unbound.validate()
-	if err != nil {
-		return err
+	for _, s := range d.Providers {
+		_, err := provider.Parse(s)
+		if err != nil {
+			return err
+		}
 	}
 
 	err = d.Blacklist.validate()
@@ -56,7 +64,9 @@ func (d *DoT) copy() (copied DoT) {
 	return DoT{
 		Enabled:      gosettings.CopyPointer(d.Enabled),
 		UpdatePeriod: gosettings.CopyPointer(d.UpdatePeriod),
-		Unbound:      d.Unbound.copy(),
+		Providers:    gosettings.CopySlice(d.Providers),
+		Caching:      gosettings.CopyPointer(d.Caching),
+		IPv6:         gosettings.CopyPointer(d.IPv6),
 		Blacklist:    d.Blacklist.copy(),
 	}
 }
@@ -66,7 +76,9 @@ func (d *DoT) copy() (copied DoT) {
 func (d *DoT) mergeWith(other DoT) {
 	d.Enabled = gosettings.MergeWithPointer(d.Enabled, other.Enabled)
 	d.UpdatePeriod = gosettings.MergeWithPointer(d.UpdatePeriod, other.UpdatePeriod)
-	d.Unbound.mergeWith(other.Unbound)
+	d.Providers = gosettings.MergeWithSlice(d.Providers, other.Providers)
+	d.Caching = gosettings.MergeWithPointer(d.Caching, other.Caching)
+	d.IPv6 = gosettings.MergeWithPointer(d.IPv6, other.IPv6)
 	d.Blacklist.mergeWith(other.Blacklist)
 }
 
@@ -76,18 +88,36 @@ func (d *DoT) mergeWith(other DoT) {
 func (d *DoT) overrideWith(other DoT) {
 	d.Enabled = gosettings.OverrideWithPointer(d.Enabled, other.Enabled)
 	d.UpdatePeriod = gosettings.OverrideWithPointer(d.UpdatePeriod, other.UpdatePeriod)
-	d.Unbound.overrideWith(other.Unbound)
+	d.Providers = gosettings.OverrideWithSlice(d.Providers, other.Providers)
+	d.Caching = gosettings.OverrideWithPointer(d.Caching, other.Caching)
+	d.IPv6 = gosettings.OverrideWithPointer(d.IPv6, other.IPv6)
 	d.Blacklist.overrideWith(other.Blacklist)
 }
 
 func (d *DoT) setDefaults() {
 	d.Enabled = gosettings.DefaultPointer(d.Enabled, true)
 	const defaultUpdatePeriod = 24 * time.Hour
 	d.UpdatePeriod = gosettings.DefaultPointer(d.UpdatePeriod, defaultUpdatePeriod)
-	d.Unbound.setDefaults()
+	d.Providers = gosettings.DefaultSlice(d.Providers, []string{
+		provider.Cloudflare().Name,
+	})
+	d.Caching = gosettings.DefaultPointer(d.Caching, true)
+	d.IPv6 = gosettings.DefaultPointer(d.IPv6, false)
 	d.Blacklist.setDefaults()
 }
 
+func (d DoT) GetFirstPlaintextIPv4() (ipv4 netip.Addr) {
+	s := d.Providers[0]
+	provider, err := provider.Parse(s)
+	if err != nil {
+		// Settings should be validated before calling this function,
+		// so an error happening here is a programming error.
+		panic(err)
+	}
+
+	return provider.DNS.IPv4[0]
+}
+
 func (d DoT) String() string {
 	return d.toLinesNode().String()
 }
@@ -106,7 +136,14 @@ func (d DoT) toLinesNode() (node *gotree.Node) {
 	}
 	node.Appendf("Update period: %s", update)
 
-	node.AppendNode(d.Unbound.toLinesNode())
+	authServers := node.Appendf("Authoritative servers:")
+	for _, provider := range d.Providers {
+		authServers.Appendf(provider)
+	}
+
+	node.Appendf("Caching: %s", gosettings.BoolToYesNo(d.Caching))
+	node.Appendf("IPv6: %s", gosettings.BoolToYesNo(d.IPv6))
+
 	node.AppendNode(d.Blacklist.toLinesNode())
 
 	return node

internal/configuration/settings/settings_test.go

@@ -43,11 +43,10 @@ func Test_Settings_String(t *testing.T) {
 |   └── DNS over TLS settings:
 |       ├── Enabled: yes
 |       ├── Update period: every 24h0m0s
-|       ├── DNS over TLS settings:
-|       |   ├── Authoritative servers:
-|       |   |   └── Cloudflare
-|       |   ├── Caching: yes
-|       |   └── IPv6: no
+|       ├── Authoritative servers:
+|       |   └── Cloudflare
+|       ├── Caching: yes
+|       ├── IPv6: no
 |       └── DNS filtering settings:
 |           ├── Block malicious: yes
 |           ├── Block ads: no

internal/configuration/settings/unbound.go

@@ -15,7 +15,14 @@ func (s *Source) readDoT() (dot settings.DoT, err error) {
 		return dot, err
 	}
 
-	dot.Unbound, err = s.readUnbound()
+	dot.Providers = s.env.CSV("DOT_PROVIDERS")
+
+	dot.Caching, err = s.env.BoolPtr("DOT_CACHING")
+	if err != nil {
+		return dot, err
+	}
+
+	dot.IPv6, err = s.env.BoolPtr("DOT_IPV6")
 	if err != nil {
 		return dot, err
 	}

internal/configuration/settings/unbound_test.go

@@ -17,7 +17,7 @@ func (l *Loop) useUnencryptedDNS(fallback bool) {
 	if settings.ServerAddress.Compare(netip.AddrFrom4([4]byte{127, 0, 0, 1})) != 0 {
 		targetIP = settings.ServerAddress
 	} else {
-		targetIP = settings.DoT.Unbound.GetFirstPlaintextIPv4()
+		targetIP = settings.DoT.GetFirstPlaintextIPv4()
 	}
 
 	if fallback {

internal/configuration/sources/env/dot.go

@@ -21,13 +21,13 @@ func (l *Loop) Run(ctx context.Context, done chan<- struct{}) {
 	}
 
 	for ctx.Err() == nil {
-		// Upper scope variables for Unbound only
+		// Upper scope variables for the DNS over TLS server only
 		// Their values are to be used if DOT=off
 		var runError <-chan error
 
 		for *l.GetSettings().DoT.Enabled {
 			var err error
-			runError, err = l.setupUnbound(ctx)
+			runError, err = l.setupServer(ctx)
 			if err == nil {
 				l.backoffTime = defaultBackoffTime
 				l.logger.Info("ready")