From 201ac73cf0321b5cde094cd5853969c6efbfbafb Mon Sep 17 00:00:00 2001
From: Eugene Burkov <e.burkov@adguard.com>
Date: Mon, 15 Apr 2024 19:31:04 +0300
Subject: [PATCH] Pull request 2205: AGDNS-1982 Fix RDNS HTTP

Squashed commit of the following:

commit a7d5023390ce607d7f356edd79fe023348f84740
Merge: 0be18b91a df7f19eb8
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Apr 15 15:11:51 2024 +0300

    Merge branch 'master' into AGDNS-1982-fix-rdns-http

commit 0be18b91ac410cf43aa72b6eaed5c86dfdb93863
Merge: 54c1017a8 36986a8be
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Apr 15 15:04:42 2024 +0300

    Merge branch 'master' into AGDNS-1982-fix-rdns-http

commit 54c1017a8ee8986123596de89708a13a2a2f992d
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Apr 15 14:00:14 2024 +0300

    all: log changes

commit 851a1a3ac18debc46c8c3ff60576e2c067657564
Author: Eugene Burkov <E.Burkov@AdGuard.COM>
Date:   Mon Apr 15 13:44:13 2024 +0300

    dnsforward: fix http private rdns
---
 CHANGELOG.md                |  2 ++
 internal/dnsforward/http.go | 35 ++++++++++++++++++++++++++++-------
 2 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4a686982..a0cf3821 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,8 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 ### Fixed
 
+- The ability to apply an invalid configuration for private RDNS, which led to
+  server inoperability.
 - Ignoring query log for clients with ClientID set ([#5812]).
 - Subdomains of `in-addr.arpa` and `ip6.arpa` containing zero-length prefix
   incorrectly considered invalid when specified for private RDNS upstream
diff --git a/internal/dnsforward/http.go b/internal/dnsforward/http.go
index 1a1a7b31..01fe6720 100644
--- a/internal/dnsforward/http.go
+++ b/internal/dnsforward/http.go
@@ -1,6 +1,7 @@
 package dnsforward
 
 import (
+	"cmp"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -332,6 +333,28 @@ func (req *jsonDNSConfig) checkBootstrap() (err error) {
 	return nil
 }
 
+// checkPrivateRDNS returns an error if the configuration of the private RDNS is
+// not valid.
+func (req *jsonDNSConfig) checkPrivateRDNS(
+	ownAddrs addrPortSet,
+	sysResolvers SystemResolvers,
+	privateNets netutil.SubnetSet,
+) (err error) {
+	if (req.UsePrivateRDNS == nil || !*req.UsePrivateRDNS) && req.LocalPTRUpstreams == nil {
+		return nil
+	}
+
+	addrs := cmp.Or(req.LocalPTRUpstreams, &[]string{})
+
+	uc, err := newPrivateConfig(*addrs, ownAddrs, sysResolvers, privateNets, &upstream.Options{})
+	err = errors.WithDeferred(err, uc.Close())
+	if err != nil {
+		return fmt.Errorf("private upstream servers: %w", err)
+	}
+
+	return nil
+}
+
 // validateUpstreamDNSServers returns an error if any field of req is invalid.
 func (req *jsonDNSConfig) validateUpstreamDNSServers(
 	ownAddrs addrPortSet,
@@ -349,12 +372,10 @@ func (req *jsonDNSConfig) validateUpstreamDNSServers(
 		}
 	}
 
-	if addrs := req.LocalPTRUpstreams; addrs != nil {
-		uc, err = newPrivateConfig(*addrs, ownAddrs, sysResolvers, privateNets, opts)
-		err = errors.WithDeferred(err, uc.Close())
-		if err != nil {
-			return fmt.Errorf("private upstream servers: %w", err)
-		}
+	err = req.checkPrivateRDNS(ownAddrs, sysResolvers, privateNets)
+	if err != nil {
+		// Don't wrap the error since it's informative enough as is.
+		return err
 	}
 
 	err = req.checkBootstrap()
@@ -440,7 +461,7 @@ func (s *Server) handleSetConfig(w http.ResponseWriter, r *http.Request) {
 	// TODO(e.burkov):  Consider prebuilding this set on startup.
 	ourAddrs, err := s.conf.ourAddrsSet()
 	if err != nil {
-		// TODO(e.burkov):  !! Put into openapi
+		// TODO(e.burkov):  Put into openapi
 		aghhttp.Error(r, w, http.StatusInternalServerError, "getting our addresses: %s", err)
 
 		return