Add $DHCPDNS for forwarding rules as auto detected DNS from routers

.ci/ci-test.sh

@@ -64,6 +64,7 @@ t || dig -p${DNS_PORT} +dnssec PTR 168.192.in-addr.arpa @127.0.0.1 | grep -Fq 'f
 section
 t || dig -p${DNS_PORT} +dnssec darpa.mil @127.0.0.1 2>&1 | grep -Fvq 'RRSIG' || fail
 t || dig -p${DNS_PORT} +dnssec www.darpa.mil @127.0.0.1 2>&1 | grep -Fvq 'RRSIG' || fail
+t || dig -p${DNS_PORT} A download.windowsupdate.com @127.0.0.1 | grep -Fq "NOERROR" || fail
 
 section
 t || dig -p${DNS_PORT} +short cloaked.com @127.0.0.1 | grep -Eq '1.1.1.1|1.0.0.1' || fail
@@ -122,6 +123,7 @@ t || grep -Eq 'invalid.*SYNTH' query.log || fail
 t || grep -Eq '168.192.in-addr.arpa.*SYNTH' query.log || fail
 t || grep -Eq 'darpa.mil.*FORWARD' query.log || fail
 t || grep -Eq 'www.darpa.mil.*FORWARD' query.log || fail
+t || grep -Eq 'download.windowsupdate.com.*FORWARD' query.log || fail
 t || grep -Eq 'cloaked.com.*CLOAK' query.log || fail
 t || grep -Eq 'www.cloaked2.com.*CLOAK' query.log || fail
 t || grep -Eq 'www.dnscrypt-test.*CLOAK' query.log || fail

.ci/forwarding-rules.txt

@@ -1,2 +1,2 @@
 darpa.mil 208.67.222.222
-
+download.windowsupdate.com $DHCPDNS

dnscrypt-proxy/example-forwarding-rules.txt

@@ -4,7 +4,10 @@
 
 ## This is used to route specific domain names to specific servers.
 ## The general format is:
-## <domain> <server address>[:port] [, <server address>[:port]...]
+## <domain> <server address>[:port] | $DHCPDNS [, <server address>[:port] | $DHCPDNS ...]
+## $DHCPDNS is case sensitive, represents a DNS detected from the upstream
+## router combining port 53, prefers IPv6 if `ipv6_servers`, and falls back to
+## random one of `bootstrap_resolvers` if auto detection fails.
 ## IPv6 addresses can be specified by enclosing the address in square brackets.
 
 ## In order to enable this feature, the "forwarding_rules" property needs to

dnscrypt-proxy/plugin_forward.go

@@ -7,6 +7,7 @@ import (
 	"strings"
 
 	"github.com/jedisct1/dlog"
+	"github.com/lifenjoiner/dhcpdns"
 	"github.com/miekg/dns"
 )
 
@@ -16,7 +17,9 @@ type PluginForwardEntry struct {
 }
 
 type PluginForward struct {
-	forwardMap []PluginForwardEntry
+	forwardMap      []PluginForwardEntry
+	dhcpdns         []*dhcpdns.Detector
+	dhcpdnsFallback []string
 }
 
 func (plugin *PluginForward) Name() string {
@@ -33,6 +36,7 @@ func (plugin *PluginForward) Init(proxy *Proxy) error {
 	if err != nil {
 		return err
 	}
+	hasVar := false
 	for lineNo, line := range strings.Split(lines, "\n") {
 		line = TrimAndStripInlineComments(line)
 		if len(line) == 0 {
@@ -49,7 +53,9 @@ func (plugin *PluginForward) Init(proxy *Proxy) error {
 		var servers []string
 		for _, server := range strings.Split(serversStr, ",") {
 			server = strings.TrimSpace(server)
-			if net.ParseIP(server) != nil {
+			if server == "$DHCPDNS" {
+				hasVar = true
+			} else if net.ParseIP(server) != nil {
 				server = fmt.Sprintf("%s:%d", server, 53)
 			}
 			servers = append(servers, server)
@@ -62,6 +68,19 @@ func (plugin *PluginForward) Init(proxy *Proxy) error {
 			servers: servers,
 		})
 	}
+	if hasVar {
+		if proxy.SourceIPv6 {
+			d6 := &dhcpdns.Detector{RemoteIPPort: "[2001:4860:4860::8888]:80"}
+			go d6.Serve(9, 10)
+			plugin.dhcpdns = append(plugin.dhcpdns, d6)
+		}
+		if proxy.SourceIPv4 {
+			d4 := &dhcpdns.Detector{RemoteIPPort: "8.8.8.8:80"}
+			go d4.Serve(9, 10)
+			plugin.dhcpdns = append(plugin.dhcpdns, d4)
+		}
+		plugin.dhcpdnsFallback = proxy.xTransport.bootstrapResolvers
+	}
 	return nil
 }
 
@@ -92,6 +111,23 @@ func (plugin *PluginForward) Eval(pluginsState *PluginsState, msg *dns.Msg) erro
 		return nil
 	}
 	server := servers[rand.Intn(len(servers))]
+	if server == "$DHCPDNS" {
+		for _, dhcpdns := range plugin.dhcpdns {
+			n, ip, DNS, err := dhcpdns.Status()
+			maxFail := 9
+			if err != nil && ip != "" && n > maxFail {
+				DNS = nil
+			}
+			if len(DNS) > 0 {
+				server = net.JoinHostPort(DNS[rand.Intn(len(DNS))].String(), "53")
+				break
+			}
+		}
+		if server == "$DHCPDNS" {
+			dlog.Noticef("$DHCPDNS han't been solved, forward to one of bootstrap_resolvers")
+			server = plugin.dhcpdnsFallback[rand.Intn(len(plugin.dhcpdnsFallback))]
+		}
+	}
 	pluginsState.serverName = server
 	client := dns.Client{Net: pluginsState.serverProto, Timeout: pluginsState.timeout}
 	respMsg, _, err := client.Exchange(msg, server)

go.mod

@@ -18,6 +18,7 @@ require (
 	github.com/jedisct1/xsecretbox v0.0.0-20230811132812-b950633f9f1f
 	github.com/k-sone/critbitgo v1.4.0
 	github.com/kardianos/service v1.2.2
+	github.com/lifenjoiner/dhcpdns v0.0.6
 	github.com/miekg/dns v1.1.55
 	github.com/powerman/check v1.7.0
 	github.com/quic-go/quic-go v0.37.4

go.sum

@@ -56,6 +56,8 @@ github.com/k-sone/critbitgo v1.4.0 h1:l71cTyBGeh6X5ATh6Fibgw3+rtNT80BA0uNNWgkPrb
 github.com/k-sone/critbitgo v1.4.0/go.mod h1:7E6pyoyADnFxlUBEKcnfS49b7SUAQGMK+OAp/UQvo0s=
 github.com/kardianos/service v1.2.2 h1:ZvePhAHfvo0A7Mftk/tEzqEZ7Q4lgnR8sGz4xu1YX60=
 github.com/kardianos/service v1.2.2/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
+github.com/lifenjoiner/dhcpdns v0.0.6 h1:rn4Y5RRR5sgQ6RjWenwhA7i/uHzHW9hbZpCobA4CAJs=
+github.com/lifenjoiner/dhcpdns v0.0.6/go.mod h1:BixeaGeafYzDIuDCYIUbSOdi4m+TScpzI9cZGYgzgSk=
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
 github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q=