Coder Social home page Coder Social logo

luckyturtledev / crab-hole Goto Github PK

View Code? Open in Web Editor NEW
24.0 3.0 2.0 93.96 MB

๐Ÿฆ€ Pi-Hole clone written in rust using hickory-dns/trust-dns

License: GNU Affero General Public License v3.0

Rust 100.00%
dns dns-over-https dns-over-quic dns-over-tls dns-server pihole trust-dns

crab-hole's Introduction

crab-hole's People

Contributors

luckyturtledev avatar msrd0 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

x0f5c3 dr460nf1r3

crab-hole's Issues

Split DNS

I want to forward DNS requests to an upstream based on the domain requested.

Let's assume an organization (mycorp.com) runs authoritative DNS servers for its own domain under dns.mycorp.com (at IP 100.100.100.100). I want to configure crab-hole so that all requests to any subdomain (as deep as necessary) of mycorp.com terminate at dns.mycorp.com, while all other requests go to Cloudflare for example.

See the following example requests:
www.subdomain.mycorp.com -> crab-hole uses dns.mycorp.com as Upstream
test.mycorp.com -> crab-hole uses dns.mycorp.com as Upstream
mycorp.com -> crab-hole uses dns.mycorp.com as Upstream

google.com -> crab-hole uses another configured Upstream
mail.google.com -> crab-hole uses another configured Upstream

Config-wise it could look the following:

[upstream]

[[upstream.name_servers]]
socket_addr = "[2606:4700:4700::1111]:853"
protocol = "tls"
tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"

[[upstream.name_servers]]
socket_addr = "100.100.100.100:85"
protocol = "udp"
domains = [
    "mycorp.com",
    "mycorp.eu"
]

Blocklist Storage

We need a datastructure that can efficiently store our blocklist and allow domain lookup. That means, for an input domain, we need to know if the domain itself or any domain it is a subdomain of. I see two possibilities:

  • We just use a HashMap for the blocklist. Then the lookup needs to split the domain up into all domains it is a subdomain of, and we need (in the worst case) to check for each if it is part of the hash map
  • We use a trie. It appears as if none of the libraries provided on crates.io suffice - the best they have is common prefix, but we need the largest superstring that is actually part of the tree, not any prefix of it. (also, we're running on suffixes, not prefixes)

quic: Not resuming any session

Crab-hole client can not get dns entry from a crab-hole sever via quic.
Querry the server directly works fine kdig +quic example.com @dns.luckyturtle.dev.
But if I querry my local carb-hole I get a time out.
kdig example.com @127.0.0.1:8053

crab-hole-crab-hole-1  | 2023-09-02T13:16:57Z  โš™๏ธ DEBUG crab_hole            > LowerQuery { name: LowerName(Name("example.com.")), original: Query { name: Name("example.com."), query_type: A, query_class: IN } }
crab-hole-crab-hole-1  | 2023-09-02T13:16:57Z  โš™๏ธ DEBUG rustls::client::hs   > No cached session for DnsName(DnsName(DnsName("dns.luckyturtle.dev")))
crab-hole-crab-hole-1  | 2023-09-02T13:16:57Z  โš™๏ธ DEBUG rustls::client::hs   > Not resuming any session
crab-hole-crab-hole-1  | 2023-09-02T13:16:57Z  โš™๏ธ DEBUG rustls::client::hs   > No cached session for DnsName(DnsName(DnsName("dns.luckyturtle.dev")))
crab-hole-crab-hole-1  | 2023-09-02T13:16:57Z  โš™๏ธ DEBUG rustls::client::hs   > Not resuming any session
crab-hole-crab-hole-1  | 2023-09-02T13:16:57Z  โš™๏ธ DEBUG rustls::client::hs   > No cached session for DnsName(DnsName(DnsName("dns.luckyturtle.dev")))
crab-hole-crab-hole-1  | 2023-09-02T13:16:57Z  โš™๏ธ DEBUG rustls::client::hs   > Not resuming any session

local docker-compose:

version: '3.3'
services:
    crab-hole:
        image: 'ghcr.io/luckyturtledev/crab-hole:v0.1'
        ports:
            - "8053:8053/udp"
        environment:
            - RUST_LOG=debug
        volumes:
            - './config.toml:/data/config.toml:ro'

local config:

[blocklist]
include_subdomains = true
lists = []

[[downstream]]
protocol = "udp"
listen = "[::]"
port = 8053

[[upstream.name_servers]]
socket_addr = "185.163.118.254:853"
protocol = "quic"
tls_dns_name = "dns.luckyturtle.dev"

depends on:

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.