Use DoT as fallback (#1597)

* Use DoT as fallback / add cache * Stage * merge * fix lint * Fallback server * use fallback * add nxdomain * Address comments
2020-03-27 00:38:54 +01:00 · 2020-03-27 00:38:54 +01:00 · d0db466e67
parent 3010bd4eb6
commit d0db466e67
4 changed files with 32 additions and 15 deletions
--- a/rootfs/etc/services.d/supervisor/run
+++ b/rootfs/etc/services.d/supervisor/run
@ -2,4 +2,6 @@
 # ==============================================================================
 # Start Service service
 # ==============================================================================
+export LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"
+
 exec python3 -m supervisor
--- a/supervisor/const.py
+++ b/supervisor/const.py
@ -34,7 +34,6 @@ DOCKER_NETWORK = "hassio"
 DOCKER_NETWORK_MASK = ip_network("172.30.32.0/23")
 DOCKER_NETWORK_RANGE = ip_network("172.30.33.0/24")

-DNS_SERVERS = ["dns://1.1.1.1", "dns://9.9.9.9"]
 DNS_SUFFIX = "local.hass.io"

 LABEL_VERSION = "io.hass.version"
--- a/supervisor/data/coredns.tmpl
+++ b/supervisor/data/coredns.tmpl
@ -1,15 +1,31 @@
 .:53 {
    log
    errors
+    loop
    hosts /config/hosts {
        fallthrough
    }
    template ANY AAAA local.hass.io hassio {
        rcode NOERROR
    }
-    forward . $servers {
+    forward . {{ locals | join(" ") }} dns://127.0.0.1:5353 {
        except local.hass.io
        policy sequential
+        health_check 5s
+    }
+    fallback REFUSED . dns://127.0.0.1:5353
+    fallback SERVFAIL . dns://127.0.0.1:5353
+    fallback NXDOMAIN . dns://127.0.0.1:5353
+    cache 10
+}
+
+.:5353 {
+    log
+    errors
+    forward . tls://1.1.1.1 tls://1.0.0.1 {
+        tls_servername cloudflare-dns.com
+        except local.hass.io
        health_check 10s
    }
+    cache 30
 }
--- a/supervisor/dns.py
+++ b/supervisor/dns.py
@ -4,13 +4,13 @@ from contextlib import suppress
 from ipaddress import IPv4Address
 import logging
 from pathlib import Path
-from string import Template
 from typing import Awaitable, List, Optional

 import attr
+import jinja2
 import voluptuous as vol

-from .const import ATTR_SERVERS, ATTR_VERSION, DNS_SERVERS, DNS_SUFFIX, FILE_HASSIO_DNS
+from .const import ATTR_SERVERS, ATTR_VERSION, DNS_SUFFIX, FILE_HASSIO_DNS
 from .coresys import CoreSys, CoreSysAttributes
 from .docker.dns import DockerDNS
 from .docker.stats import DockerStats
@ -42,6 +42,7 @@ class CoreDNS(JsonConfig, CoreSysAttributes):
        self.coresys: CoreSys = coresys
        self.instance: DockerDNS = DockerDNS(coresys)
        self.forwarder: DNSForward = DNSForward()
+        self.coredns_template: Optional[jinja2.Template] = None

        self._hosts: List[HostEntry] = []

@ -116,6 +117,12 @@ class CoreDNS(JsonConfig, CoreSysAttributes):
        # Start DNS forwarder
        self.sys_create_task(self.forwarder.start(self.sys_docker.network.dns))

+        # Initialize CoreDNS Template
+        try:
+            self.coredns_template = jinja2.Template(COREDNS_TMPL.read_text())
+        except OSError as err:
+            _LOGGER.error("Can't read coredns.tmpl: %s", err)
+
        # Run CoreDNS
        with suppress(CoreDNSError):
            if await self.instance.is_running():
@ -208,24 +215,17 @@ class CoreDNS(JsonConfig, CoreSysAttributes):
        """Write CoreDNS config."""
        dns_servers: List[str] = []

-        # Load Template
-        try:
-            corefile_template: Template = Template(COREDNS_TMPL.read_text())
-        except OSError as err:
-            _LOGGER.error("Can't read coredns template file: %s", err)
-            raise CoreDNSError() from None
-
        # Prepare DNS serverlist: Prio 1 Manual, Prio 2 Local, Prio 3 Fallback
        local_dns: List[str] = self.sys_host.network.dns_servers or ["dns://127.0.0.11"]
-        servers: List[str] = self.servers + local_dns + DNS_SERVERS
+        servers: List[str] = self.servers + local_dns

        _LOGGER.debug(
-            "config-dns = %s, local-dns = %s , backup-dns = %s",
+            "config-dns = %s, local-dns = %s , backup-dns = CloudFlare DoT",
            self.servers,
            local_dns,
-            DNS_SERVERS,
        )

+        # Make sure, they are valid
        for server in servers:
            try:
                dns_url(server)
@ -235,7 +235,7 @@ class CoreDNS(JsonConfig, CoreSysAttributes):
                _LOGGER.warning("Ignore invalid DNS Server: %s", server)

        # Generate config file
-        data = corefile_template.safe_substitute(servers=" ".join(dns_servers))
+        data = self.coredns_template.render(locals=dns_servers)

        try:
            self.corefile.write_text(data)