Struct DnsFilter 

pub struct DnsFilter { /* private fields */ }

DNS leak protection filter.

Intercepts DNS queries, checks the blocklist and cache, and decides whether to forward through the tunnel or block.

Implementations

impl DnsFilter

pub fn new(config: DnsConfig) -> Self

Create a new DNS filter with the given config.

pub fn is_dns_packet(data: &[u8]) -> bool

Returns true if a raw UDP payload looks like a DNS packet.

Checks minimum length and QR/opcode field sanity.

pub fn decide(&mut self, domain: &str, query_type: &DnsQueryType) -> DnsAction

Decide what to do with a DNS query for the given domain.

Checks in order: cache → blocklist → split DNS → forward.

pub fn cache_response(&mut self, domain: &str, addr: IpAddr)

Cache a DNS response for a domain.

pub fn is_blocked(&self, domain: &str) -> bool

Returns true if the domain is in the blocklist.

Supports wildcard suffix matching: blocking “ads.com” also blocks “sub.ads.com”.

pub fn is_split_dns(&self, domain: &str) -> bool

Returns true if the domain should use split DNS (bypass tunnel).

pub fn block_domain(&mut self, domain: &str)

Add a domain to the blocklist at runtime.

pub fn add_split_domain(&mut self, domain: &str)

Add a split DNS domain at runtime.

pub fn primary_upstream(&self) -> Option<&str>

Get the first upstream DNS server address.

pub fn evict_expired(&mut self)

Remove expired entries from the cache.

pub fn clear_cache(&mut self)

Clear the entire DNS cache.

pub fn cache_size(&self) -> usize

Returns the number of entries currently in the cache.

pub fn total_intercepted(&self) -> u64

Returns total queries intercepted.

pub fn total_blocked(&self) -> u64

Returns total queries blocked.

pub fn total_cache_hits(&self) -> u64

Returns total cache hits.

pub fn total_forwarded(&self) -> u64

Returns total queries forwarded through tunnel.

pub fn config(&self) -> &DnsConfig

Returns a reference to the config.