Fix: dns

xtrime-ru · Aug 20, 2024 · 8721cb1 · 8721cb1
1 parent d3ae966
commit 8721cb1
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 14 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,4 @@
-.vs*
+.*
 /keys/
 /config/
 /.adguard/
diff --git a/README.md b/README.md
@@ -91,6 +91,7 @@ You can define these variables in docker-compose.yml file for your needs:
 - `PORT=1194` — will be used as a server port in .ovpn profiles upon keys generation (default: 1194)
 - `DNS=1.1.1.1` — DNS server to resolve domains (default: host DNS server)
 - `DNS_RU=77.88.8.8` — russian DNS server; used to fix issues with geo zones mismatch for domains like [apple.com](apple.com)
+- `ADGUARD=1` - Resolve .ru, .рф and .su via DNS. By default, this zones resolved through DNS_RU.
 - `CBC_CIPHERS=1` - Enable support of [legacy clients](#legacy-clients). WIll disable [DCO](#enable-openvpn-data-channel-offload-dco) 
 - `SCRAMBLE=1` - Enable additional obfuscation [XOR Tunneblick patch](https://tunnelblick.net/cOpenvpn_xorpatch.html) 
 

diff --git a/docker-compose.adguard.yml b/docker-compose.adguard.yml
@@ -5,6 +5,7 @@ services:
       service: antizapret-vpn
     environment:
       - DNS=adguardhome
+      - ADGUARD=1
     depends_on:
       - adguardhome
   adguardhome:
@@ -20,8 +21,8 @@ services:
       # - 784:784/udp
       # - 853:853/tcp
       - 3000:3000/tcp
-    dns:
-      - 1.1.1.1
+#    dns:
+#      - 1.1.1.1
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - ./.adguard/confdir:/opt/adguardhome/conf

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -13,11 +13,12 @@ services:
       - SCRAMBLE
       - DNS
       - DNS_RU
+      - ADGUARD
     ports:
       - 1194:1194/tcp
       - 1194:1194/udp
-    dns:
-      - 1.1.1.1
+#    dns:
+#      - 1.1.1.1
     volumes:
       - /etc/localtime:/etc/localtime:ro
       - ./keys:/etc/openvpn

diff --git a/rootfs/etc/knot-resolver/kresd.conf b/rootfs/etc/knot-resolver/kresd.conf
@@ -8,6 +8,7 @@ net.listen('192.168.104.1', 53, { freebind = true })
 user('knot-resolver','knot-resolver')
 -- Unprivileged
 cache.size = 100 * MB
+trust_anchors.remove('.')
 
 -- Clear cache upon restart
 cache.clear()
@@ -42,6 +43,7 @@ dofile('/etc/knot-resolver/knot-aliases-alt.conf')
 
 local dns = os.getenv('DNS')
 local dns_ru = os.getenv('DNS_RU')
+local adguard = os.getenv('ADGUARD')
 
 -- if not dns then dns = '127.0.0.11' end
 -- if not dns_ru then dns = '77.88.8.8' end
@@ -111,17 +113,19 @@ policy.add(
     )
 )
 
--- *.ru, *.рф, *.su
-policy.add(
-    policy.suffix(
-        policy.FORWARD(
-            {dns_ru}
-        ),
-        policy.todnames(
-            {'ru.', 'xn--p1ai.', 'su.'}
+if adguard == '0' then
+    -- *.ru, *.рф, *.su
+    policy.add(
+        policy.suffix(
+            policy.FORWARD(
+                {dns_ru}
+            ),
+            policy.todnames(
+                {'ru.', 'xn--p1ai.', 'su.'}
+            )
         )
     )
-)
+end
 
 -- Upstream DNS
 policy.add(

diff --git a/rootfs/init.sh b/rootfs/init.sh
@@ -49,6 +49,7 @@ CBC_CIPHERS=${CBC_CIPHERS:-0}
 SCRAMBLE=${SCRAMBLE:-0}
 DNS=$(resolve $DNS)
 DNS_RU=$(resolve $DNS_RU 77.88.8.8)
+ADGUARD=${ADGUARD:-0}
 PYTHONUNBUFFERED=1
 EOF