feat: all dns client support skip-cert-verify params

2025-07-18 17:08:06 +08:00 · 2025-06-06 00:52:12 +08:00
parent 85e6d25de5
commit 40587b62b8
3 changed files with 17 additions and 8 deletions
--- a/dns/client.go
+++ b/dns/client.go
@ -108,9 +108,9 @@ func (c *client) ExchangeContext(ctx context.Context, m *D.Msg) (*D.Msg, error)

 func (c *client) ResetConnection() {}

-func newClient(addr string, resolver *Resolver, netType string, proxyAdapter C.ProxyAdapter, proxyName string) *client {
+func newClient(addr string, resolver *Resolver, netType string, params map[string]string, proxyAdapter C.ProxyAdapter, proxyName string) *client {
 	host, port, _ := net.SplitHostPort(addr)
-	return &client{
+	c := &client{
 		Client: &D.Client{
 			Net: netType,
 			TLSConfig: &tls.Config{
@ -123,4 +123,8 @@ func newClient(addr string, resolver *Resolver, netType string, proxyAdapter C.P
 		host:   host,
 		dialer: newDNSDialer(resolver, proxyAdapter, proxyName),
 	}
+	if params["skip-cert-verify"] == "true" {
+		c.TLSConfig.InsecureSkipVerify = true
+	}
+	return c
 }
--- a/dns/doq.go
+++ b/dns/doq.go
@ -61,15 +61,16 @@ type dnsOverQUIC struct {
 	bytesPool      *sync.Pool
 	bytesPoolGuard sync.Mutex

-	addr   string
-	dialer *dnsDialer
+	addr           string
+	dialer         *dnsDialer
+	skipCertVerify bool
 }

 // type check
 var _ dnsClient = (*dnsOverQUIC)(nil)

 // newDoQ returns the DNS-over-QUIC Upstream.
-func newDoQ(addr string, resolver *Resolver, proxyAdapter C.ProxyAdapter, proxyName string) *dnsOverQUIC {
+func newDoQ(addr string, resolver *Resolver, params map[string]string, proxyAdapter C.ProxyAdapter, proxyName string) *dnsOverQUIC {
 	doq := &dnsOverQUIC{
 		addr:   addr,
 		dialer: newDNSDialer(resolver, proxyAdapter, proxyName),
@ -79,6 +80,10 @@ func newDoQ(addr string, resolver *Resolver, proxyAdapter C.ProxyAdapter, proxyN
 		},
 	}

+	if params["skip-cert-verify"] == "true" {
+		doq.skipCertVerify = true
+	}
+
 	runtime.SetFinalizer(doq, (*dnsOverQUIC).Close)
 	return doq
 }
@ -329,7 +334,7 @@ func (doq *dnsOverQUIC) openConnection(ctx context.Context) (conn quic.Connectio
 	tlsConfig := ca.GetGlobalTLSConfig(
 		&tls.Config{
 			ServerName:         host,
-			InsecureSkipVerify: false,
+			InsecureSkipVerify: doq.skipCertVerify,
 			NextProtos: []string{
 				NextProtoDQ,
 			},
--- a/dns/util.go
+++ b/dns/util.go
@ -101,9 +101,9 @@ func transform(servers []NameServer, resolver *Resolver) []dnsClient {
 		case "rcode":
 			c = newRCodeClient(s.Addr)
 		case "quic":
-			c = newDoQ(s.Addr, resolver, s.ProxyAdapter, s.ProxyName)
+			c = newDoQ(s.Addr, resolver, s.Params, s.ProxyAdapter, s.ProxyName)
 		default:
-			c = newClient(s.Addr, resolver, s.Net, s.ProxyAdapter, s.ProxyName)
+			c = newClient(s.Addr, resolver, s.Net, s.Params, s.ProxyAdapter, s.ProxyName)
 		}

 		c = warpClientWithEdns0Subnet(c, s.Params)