Pr 586 tweaks (#594)

* add proxy tcp * add truncated for tcp to udp response * move truncation to scrubbing * add test that executes upstream over tcp * middleware/proxy: some tweaks rename force-tcp to force_tcp to be inline with the rest and use a dnsOptions struct to put the options in to allow it to be extended. Add some parse tests as well. * Fix test and rename dnsOptions Options
2025-11-18 09:52:17 -05:00 · 2017-03-14 21:32:21 +00:00
parent 5b32a07ae6
commit 5ac6020f45
6 changed files with 94 additions and 7 deletions
--- a/middleware/proxy/README.md
+++ b/middleware/proxy/README.md
@@ -26,7 +26,7 @@ proxy FROM TO... {
    health_check PATH:PORT [DURATION]
    except IGNORED_NAMES...
    spray
-    protocol [dns|https_google [bootstrap ADDRESS...]|grpc [insecure|CA-PEM|KEY-PEM CERT-PEM|KEY-PEM CERT-PEM CA-PEM]]
+    protocol [dns [force_tcp]|https_google [bootstrap ADDRESS...]|grpc [insecure|CA-PEM|KEY-PEM CERT-PEM|KEY-PEM CERT-PEM CA-PEM]]
 }
 ~~~

@@ -71,7 +71,8 @@ Currently `protocol` supports `dns` (i.e., standard DNS over UDP/TCP) and `https
 payload over HTTPS). Note that with `https_google` the entire transport is encrypted. Only *you* and
 *Google* can see your DNS activity.

-* `dns`: no options can be given at the moment.
+* `dns`: uses the standard DNS exchange. You can pass `force_tcp` to make sure that the proxied connection is performed
+  over TCP, regardless of the inbound request's protocol.
 * `https_google`: bootstrap **ADDRESS...** is used to (re-)resolve `dns.google.com` to an address to
  connect to. This happens every 300s. If not specified the default is used: 8.8.8.8:53/8.8.4.4:53.
  Note that **TO** is *ignored* when `https_google` is used, as its upstream is defined as