fix and clean dns

dns.py

@@ -1,4 +1,5 @@
 import time
+import socket
 from ipaddress import IPv4Address, IPv4Network
 from dnslib import DNSRecord,RCODE,QTYPE
 from dnslib.server import DNSServer,DNSHandler,BaseResolver,DNSLogger
@@ -16,11 +17,20 @@ class ProxyResolver(BaseResolver):
         address = self.default_address
         port = self.default_port
 
-        subnets = [ (net["local_range"], net["local_translated_range"]) for net in self.config.data["network"].values() ]
+        subnets = [
+                (name, net["local_range"], net["local_translated_range"], net["dns"])
+                for name, net
+                in self.config.data["network"].items()
+        ]
+        
         qname = DNSLabel(request.q.qname)
-        for dns in self.config.dns_servers:
-            if dns["domain"] == str(qname)[-len(dns["domain"])-1:-1]:
-                address = dns["ip"]
+        for (net, sub, trans, dns) in subnets:
+            for serv in dns:
+                if serv["domain"] == str(qname)[-len(serv["domain"])-1:-1]:
+                    if net == self.config.local_network:
+                        address = dns["ip"]
+                    else:
+                        address = translate(serc["ip"], sub, trans) 
         try:
             proxy_r = request.send(address, port, timeout=self.timeout)
             reply = DNSRecord.parse(proxy_r)
@@ -29,8 +39,8 @@ class ProxyResolver(BaseResolver):
             reply.header.rcode = getattr(RCODE, 'NXDOMAIN')
         if address != self.default_address and address not in self.config.data["network"][self.config.local_network]["dns"].values():
             for rr in reply.rr:
-                for (sub, trans) in subnets:
-                    if IPv4Address(rr.rdata) in IPv4Network(sub):
+                for (net, sub, trans, dns) in subnets:
+                    if address in dns.values() and netIPv4Address(rr.rdata) in IPv4Network(sub):
                         rr.rdata.data = IPv4Address(translate(str(rr.rdata), sub, trans)).packed
         reply.set_header_qa()
         return reply

docker/entrypoint.sh

@@ -1,5 +1,3 @@
 #!/bin/sh
 
 poetry run python load.py
-wg-quick up ./wg-pn.conf
-sleep infinity

load.py

@@ -80,7 +80,7 @@ def load_wireguard(config):
             peer["endpoint"] = endpoint
         
 
-        peer["allowed_ips"] = config.data["network"][net]["local_translated_range"]
+        peer["allowed_ips"] = config.data["network"][net]["local_translated_range"] + ", " + config.data["network"][net]["wireguard_address"]
         untranslated_networks = config.data["network"][net].get("untranslated_networks", "")
         if untranslated_networks != "":
             peer["allowed_ips"] += ", " + untranslated_networks
@@ -97,9 +97,10 @@ def load_wireguard(config):
             peers=peers
         ))
 
-config = Config("./config/config.toml")
+config = Config("/config/config.toml")
 load_firewall(config)
 load_wireguard(config)
 
+run("wg-quick up ./wg-pn.conf")
 import dns
 dns.run(config, port=5353)

templates/rules.nft

@@ -26,12 +26,12 @@ table ip filter {
     chain postrouting {
         type nat hook postrouting priority 100; policy accept;
 
-        ip saddr @local_range ip daddr @remote_range snat to ip saddr map @ip_map_snat
+        ip daddr @remote_range snat to ip saddr map @ip_map_snat
     }
 
         chain prerouting {
         type nat hook prerouting priority 100; policy accept;
 
-        ip saddr @remote_range ip daddr @local_translated_range dnat to ip daddr map @ip_map_dnat
+        ip daddr @local_translated_range dnat to ip daddr map @ip_map_dnat
     }
-}
+}