dnsx: summarize all targets in dns answer

Author: ignoramous

intra/backend/dnsx_listener.go

@@ -22,6 +22,8 @@ type DNSSummary struct {
 	QName string
 	// Query type: A, AAAA, SVCB, HTTPS, etc. May be 0.
 	QType int
+	// CSV of all DNS aliases/names in the answer section (ex: CNAMEs)
+	Targets string
 	// Was this response returned from cache?
 	Cached bool
 	// DNS Response data, ex: a csv of ips for A, AAAA.
@@ -40,6 +42,8 @@ type DNSSummary struct {
 	Status int
 	// CSV of Rethink DNS+ blocklists (local or remote) names (if used).
 	Blocklists string
+	// Actual target (domain name) that was blocked (could be a CNAME or HTTPS/SVCB alias) by Blocklists
+	BlockedTarget string
 	// True if any among upstream transports (primary or secondary) returned blocked ans.
 	// Only valid for A/AAAA queries. Unspecified IPs are considered as "blocked ans".
 	UpstreamBlocks bool

intra/dnsx/rethinkdns.go

@@ -65,7 +65,7 @@ var (
 type RdnsResolver interface {
 	x.RDNSResolver
 	blockQ(Transport, Transport, *dns.Msg) (*dns.Msg, string, error)
-	blockA(Transport, Transport, *dns.Msg, *dns.Msg, string) (*dns.Msg, string)
+	blockA(Transport, Transport, *dns.Msg, *dns.Msg, string) (*dns.Msg, string, string)
 }
 
 // ResolverSelf is for internal resolution needs.
@@ -333,7 +333,7 @@ func (r *rethinkdnslocal) blockQuery(msg *dns.Msg) (blocklists string, err error
 	return
 }
 
-func (r *rethinkdnslocal) blockAnswer(msg *dns.Msg) (blocklists string, err error) {
+func (r *rethinkdnslocal) blockAnswer(msg *dns.Msg) (blockedtarget, blocklists string, err error) {
 	if msg == nil {
 		err = errNoAnswer
 		return
@@ -384,6 +384,7 @@ func (r *rethinkdnslocal) blockAnswer(msg *dns.Msg) (blocklists string, err erro
 		target, _ = xdns.NormalizeQName(target)
 		block, lists := r.ftrie.DNlookup(target, stamp)
 		if block { // TODO: handle empty lists as err?
+			blockedtarget = target
 			blocklists = strings.Join(r.keyToNames(lists), ",")
 			return
 		}

intra/dnsx/transport.go

@@ -510,6 +510,7 @@ func (r *resolver) forward(q []byte, uid string, chosenids ...string) (res0 []by
 	qtyp := qtype(msg)
 	ogsmm.QName = qname
 	ogsmm.QType = qtyp
+	ogsmm.Targets = qname
 
 	if len(qname) <= 0 { // unexpected; github.com/celzero/rethink-app/issues/1210
 		ogsmm.Latency = time.Since(starttime).Seconds()
@@ -629,14 +630,17 @@ runagain:
 		return res2, smm.ID, err
 	}
 
-	ans2, blocklistnames := r.blockA(t, t2, msg, nonalg, smm.Blocklists)
+	smm.Targets = xdns.GetTargets(ans1)
+
+	ans2, blockedtarget, blocklistnames := r.blockA(t, t2, msg, nonalg, smm.Blocklists)
 
 	isnewans := ans2 != nil
 	hasblocklists := len(blocklistnames) > 0
 	hasmsg := len(smm.Msg) > 0
 
 	if hasblocklists { // blocklists added even if pref.NOBLOCK is set
 		smm.Blocklists = blocklistnames
+		smm.BlockedTarget = blockedtarget
 	}
 	if !hasmsg {
 		smm.Msg = errNop.Error() // no error

intra/dnsx/wall.go

@@ -147,7 +147,7 @@ func applyBlocklists(b RDNS, q *dns.Msg) (ans *dns.Msg, blocklists string, err e
 // If blocklistStamp is empty, it resolves the answer to blocklist names, if blocked by local blocklists.
 // If blocklistStamp is empty and the answer is not blocked by local blocklists, it returns nil.
 // If blocklistStamp is empty and the answer is blocked by local blocklists, it returns a refused response.
-func (r *resolver) blockA(t, t2 Transport, q, ans *dns.Msg, blocklistStamp string) (finalans *dns.Msg, blocklistNames string) {
+func (r *resolver) blockA(t, t2 Transport, q, ans *dns.Msg, blocklistStamp string) (finalans *dns.Msg, blockedtarget, blocklistNames string) {
 	br := r.getRdnsRemote()
 	b := r.getRdnsLocal()
 
@@ -185,7 +185,7 @@ func (r *resolver) blockA(t, t2 Transport, q, ans *dns.Msg, blocklistStamp strin
 		return
 	}
 
-	if blocklistNames, err = b.blockAnswer(ans); err != nil {
+	if blockedtarget, blocklistNames, err = b.blockAnswer(ans); err != nil {
 		if settings.Debug {
 			log.D("wall: answer for %s not blocked %v", qname, err)
 		}

intra/xdns/dnsutil.go

@@ -217,6 +217,31 @@ func RTtl(msg *dns.Msg) int {
 	return int(maxttl)
 }
 
+func GetTargets(msg *dns.Msg) string {
+	if msg == nil {
+		return "--"
+	}
+
+	if !msg.Response {
+		return QName(msg)
+	}
+
+	targets := make(map[string]struct{}, len(msg.Answer))
+	for _, a := range msg.Answer {
+		nom := a.Header().Name
+		if len(nom) > 0 {
+			targets[nom] = struct{}{}
+		}
+	}
+	var sb strings.Builder
+	sb.Grow(len(targets))
+	for k := range targets {
+		sb.WriteString(k)
+		sb.WriteString(",")
+	}
+	return strings.TrimSuffix(sb.String(), ",")
+}
+
 func GetInterestingRData(msg *dns.Msg) string {
 	if msg == nil {
 		return "--"