From 1c4ea24da1cf7f7a837a0af097a29b963c753c8a Mon Sep 17 00:00:00 2001
From: Marc Brugger <github@bakito.ch>
Date: Sun, 24 Mar 2024 18:51:07 +0100
Subject: [PATCH] Sanitize dns config (#321)

Sanitize dns config for misconfigurations
---
 Makefile                               |  4 ++--
 pkg/client/model/model-functions.go    | 10 +++++++++
 pkg/client/model/model_private_test.go | 29 ++++++++++++++++++++++++++
 pkg/sync/action-general.go             |  3 +++
 4 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 786461c..402406f 100644
--- a/Makefile
+++ b/Makefile
@@ -124,10 +124,10 @@ kind-test:
 
 model: oapi-codegen
 	@mkdir -p tmp
-	go run openapi/main.go v0.107.44
+	go run openapi/main.go v0.107.46
 	$(OAPI_CODEGEN) -package model -generate types,client -config .oapi-codegen.yaml tmp/schema.yaml > pkg/client/model/model_generated.go
 
 model-diff:
-	go run openapi/main.go v0.107.44
+	go run openapi/main.go v0.107.46
 	go run openapi/main.go
 	diff tmp/schema.yaml tmp/schema-master.yaml
diff --git a/pkg/client/model/model-functions.go b/pkg/client/model/model-functions.go
index 642d816..564fd1a 100644
--- a/pkg/client/model/model-functions.go
+++ b/pkg/client/model/model-functions.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/bakito/adguardhome-sync/pkg/utils"
 	"github.com/jinzhu/copier"
+	"go.uber.org/zap"
 )
 
 // Clone the config
@@ -401,3 +402,12 @@ func ArrayString(a *[]string) string {
 	sort.Strings(sorted)
 	return fmt.Sprintf("[%s]", strings.Join(sorted, ","))
 }
+
+func (c *DNSConfig) Sanitize(l *zap.SugaredLogger) {
+	// disable UsePrivatePtrResolvers if not configured
+	if c.UsePrivatePtrResolvers != nil && *c.UsePrivatePtrResolvers &&
+		(c.LocalPtrUpstreams == nil || len(*c.LocalPtrUpstreams) == 0) {
+		l.Warn("disabling replica 'Use private reverse DNS resolvers' as no 'Private reverse DNS servers' are configured on origin")
+		c.UsePrivatePtrResolvers = utils.Ptr(false)
+	}
+}
diff --git a/pkg/client/model/model_private_test.go b/pkg/client/model/model_private_test.go
index e0b5843..6efa465 100644
--- a/pkg/client/model/model_private_test.go
+++ b/pkg/client/model/model_private_test.go
@@ -1,9 +1,11 @@
 package model
 
 import (
+	"github.com/bakito/adguardhome-sync/pkg/log"
 	"github.com/bakito/adguardhome-sync/pkg/utils"
 	. "github.com/onsi/ginkgo/v2"
 	"github.com/onsi/gomega"
+	"go.uber.org/zap"
 )
 
 var _ = Describe("Types", func() {
@@ -71,4 +73,31 @@ var _ = Describe("Types", func() {
 			Entry(`When SubnetMask is ""`, DhcpConfigV6{RangeStart: utils.Ptr("")}),
 		)
 	})
+	Context("DNSConfig", func() {
+		var (
+			cfg *DNSConfig
+			l   *zap.SugaredLogger
+		)
+
+		BeforeEach(func() {
+			cfg = &DNSConfig{
+				UsePrivatePtrResolvers: utils.Ptr(true),
+			}
+			l = log.GetLogger("test")
+		})
+		Context("Sanitize", func() {
+			It("should disable UsePrivatePtrResolvers resolvers is nil ", func() {
+				cfg.LocalPtrUpstreams = nil
+				cfg.Sanitize(l)
+				gomega.Ω(cfg.UsePrivatePtrResolvers).ShouldNot(gomega.BeNil())
+				gomega.Ω(*cfg.UsePrivatePtrResolvers).Should(gomega.Equal(false))
+			})
+			It("should disable UsePrivatePtrResolvers resolvers is empty ", func() {
+				cfg.LocalPtrUpstreams = utils.Ptr([]string{})
+				cfg.Sanitize(l)
+				gomega.Ω(cfg.UsePrivatePtrResolvers).ShouldNot(gomega.BeNil())
+				gomega.Ω(*cfg.UsePrivatePtrResolvers).Should(gomega.Equal(false))
+			})
+		})
+	})
 })
diff --git a/pkg/sync/action-general.go b/pkg/sync/action-general.go
index 67ed8a6..1284a76 100644
--- a/pkg/sync/action-general.go
+++ b/pkg/sync/action-general.go
@@ -186,6 +186,9 @@ var (
 		if err != nil {
 			return err
 		}
+
+		dc.Sanitize(ac.rl)
+
 		if !dc.Equals(ac.origin.dnsConfig) {
 			if err = ac.client.SetDNSConfig(ac.origin.dnsConfig); err != nil {
 				return err