feat: enforce internal DNS on client and restore DNS interception on server

- Flutter: Hide 'DNS Server' field and force '10.1.0.1' if connection link contains owndns=true - Flutter: Remove 'Use Provider DNS' toggle to eliminate client-side choice - Server (relay.rs): Intercept DNS queries targeting '10.1.0.1:53' and process them via internal DnsServer if DNS is enabled - Server (api.rs): Continue appending owndns=true to subscription links to enforce internal DNS logic on clients
2026-05-28 13:18:56 +03:00 · 2026-05-28 13:18:56 +03:00 · 54fdd444c9
parent cbdb20402d
commit 54fdd444c9
2 changed files with 34 additions and 1 deletions
--- a/ostp-server/src/lib.rs
+++ b/ostp-server/src/lib.rs
@ -554,6 +554,7 @@ async fn run_server_loop(
                                    stream_tx.clone(),
                                    connect_tx.clone(),
                                    outbound.clone(),
+                                    dns_server.clone(),
                                    debug,
                                ).await?;
                            }
--- a/ostp-server/src/relay.rs
+++ b/ostp-server/src/relay.rs
@ -23,11 +23,43 @@ pub async fn handle_relay_message(
    stream_tx: mpsc::UnboundedSender<(u32, u16, Vec<u8>)>,
    connect_tx: mpsc::UnboundedSender<(u32, u16, String, Result<(tokio::net::tcp::OwnedWriteHalf, mpsc::Sender<()>), String>)>,
    outbound_cfg: Option<OutboundConfig>,
+    dns_server: std::sync::Arc<crate::dns::DnsServer>,
    debug: bool,
 ) -> Result<()> {
    match RelayMessage::decode(&payload)? {
        RelayMessage::Connect(target) => {
-            let _ = ui_event_tx.send(UiEvent::Log(format!("Relay CONNECT start for [{session_id}:{stream_id}] -> {target}")));
+            // Intercept DNS queries directed at the TUN gateway if our internal DNS is enabled
+            let is_internal_dns = {
+                target == "10.1.0.1:53" && dns_server.config.read().await.enabled
+            };
+
+            if is_internal_dns {
+                let client_ip = peer_addr.ip();
+                let dns_srv = dns_server.clone();
+                let stream_tx_dns = stream_tx.clone();
+                let (cancel_tx, _) = mpsc::channel::<()>(1);
+                
+                let (dns_query_tx, mut dns_query_rx) = mpsc::unbounded_channel::<Bytes>();
+
+                tokio::spawn(async move {
+                    if let Some(query_bytes) = dns_query_rx.recv().await {
+                        if let Some(resp_bytes) = dns_srv.resolve(&query_bytes, client_ip).await {
+                            let _ = stream_tx_dns.send((session_id, stream_id, resp_bytes));
+                        }
+                    }
+                    let _ = stream_tx_dns.send((session_id, stream_id, Vec::new()));
+                });
+
+                remotes.insert((session_id, stream_id), RemoteState {
+                    data_tx: dns_query_tx,
+                    cancel_tx,
+                    is_dns: true,
+                });
+
+                send_relay_to_stream(session_id, stream_id, RelayMessage::ConnectOk, dispatcher, socket, ui_event_tx).await?;
+                return Ok(());
+            }
+
            let target_clone = target.clone();
            let connect_tx_clone = connect_tx.clone();
            let stream_tx_clone = stream_tx.clone();