fix: change ordering of operation to have sync cache with dnsmasq and our initial resolution

2025-12-20 04:09:06 +00:00 · 2025-07-30 18:27:30 -06:00
parent b7e70625fd
commit 0c9cbff302
1 changed files with 11 additions and 6 deletions
--- a/network-filter.sh
+++ b/network-filter.sh
@@ -1,5 +1,6 @@
 #!/bin/bash
 set -e
+set -x

 # --- Configuration ---
 setup_env() {
@@ -54,8 +55,7 @@ add_domain_rule() {
        ports_to_allow=(80 443)
    fi

-    PRIMARY_DNS=$(echo "$DNS_SERVERS" | cut -d',' -f1 | xargs)
-    local ipv4_addresses=$(nslookup "$domain" "$PRIMARY_DNS" 2>/dev/null | awk '/^Address:/ && !/'$PRIMARY_DNS'/ { print $2 }' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$')
+    local ipv4_addresses=$(nslookup "$domain" 127.0.0.1 2>/dev/null | awk '/^Address:/ && !/127.0.0.1/ { print $2 }' | grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$')

    for ip in $ipv4_addresses; do
        if [[ -n "$ip" ]]; then
@@ -89,6 +89,8 @@ no-resolv
 no-poll
 log-queries
 filter-AAAA
+min-cache-ttl=$((REFRESH_INTERVAL * 2))
+max-cache-ttl=$((REFRESH_INTERVAL * 2))
 $(if [[ -n "$ALLOWED_DOMAINS" ]]; then
    IFS=',' read -ra DOMAINS <<< "$ALLOWED_DOMAINS"
    for domain in "${DOMAINS[@]}"; do
@@ -127,16 +129,16 @@ run_tests() {
 selftest() {
    setup_env
    setup_iptables
-    apply_domain_rules
    setup_dnsmasq
+    override_dns

    dnsmasq --test

    dnsmasq --no-daemon --log-facility=- &
    DNSMASQ_PID=$!
    sleep 3
+    apply_domain_rules

-    override_dns

    run_tests

@@ -147,14 +149,14 @@ selftest() {
 start() {
    setup_env
    setup_iptables
-    apply_domain_rules
    setup_dnsmasq
+    override_dns

    dnsmasq --no-daemon --log-facility=- &
    DNSMASQ_PID=$!
    sleep 3

-    override_dns
+    apply_domain_rules

    if [[ "$RUN_SELFTEST" == "true" ]]; then
        run_tests
@@ -172,6 +174,9 @@ start() {
            override_dns
        fi

+        # Clear dnsmasq cache before refreshing rules
+        kill -HUP $DNSMASQ_PID 2>/dev/null || true
+
        setup_iptables
        apply_domain_rules
    done