2 files changed, 38 insertions, 34 deletions

diff --git a/mullvad-daemon/src/lib.rs b/mullvad-daemon/src/lib.rs
index e5f57373a8..d44ce55153 100644
--- a/mullvad-daemon/src/lib.rs
+++ b/mullvad-daemon/src/lib.rs
@@ -35,7 +35,7 @@ use mullvad_types::{
         RelaySettingsUpdate,
     },
     relay_list::{Relay, RelayList},
-    settings::{DnsOptions, Settings},
+    settings::{DnsOptions, DnsState, Settings},
     states::{TargetState, TunnelState},
     version::{AppVersion, AppVersionInfo},
     wireguard::{KeygenEvent, RotationInterval},
@@ -80,6 +80,12 @@ const FIRST_KEY_PUSH_TIMEOUT: Duration = Duration::from_secs(5);
 /// Delay between generating a new WireGuard key and reconnecting
 const WG_RECONNECT_DELAY: Duration = Duration::from_secs(4 * 60);
 
+lazy_static::lazy_static! {
+    static ref DNS_AD_BLOCKING_SERVERS: [IpAddr; 1] = ["100.64.0.1".parse().unwrap()];
+    static ref DNS_TRACKER_BLOCKING_SERVERS: [IpAddr; 1] = ["100.64.0.2".parse().unwrap()];
+    static ref DNS_AD_TRACKER_BLOCKING_SERVERS: [IpAddr; 1] = ["100.64.0.3".parse().unwrap()];
+}
+
 pub type ResponseTx<T, E> = oneshot::Sender<Result<T, E>>;
 
 #[derive(err_derive::Error, Debug)]
@@ -216,7 +222,7 @@ pub enum DaemonCommand {
     SetBridgeState(ResponseTx<(), settings::Error>, BridgeState),
     /// Set if IPv6 should be enabled in the tunnel
     SetEnableIpv6(ResponseTx<(), settings::Error>, bool),
-    /// Set custom DNS servers to use instead of passing requests to the gateway
+    /// Set DNS options or servers to use
     SetDnsOptions(ResponseTx<(), settings::Error>, DnsOptions),
     /// Set MTU for wireguard tunnels
     SetWireguardMtu(ResponseTx<(), settings::Error>, Option<u16>),
@@ -629,7 +635,7 @@ where
         let tunnel_command_tx = tunnel_state_machine::spawn(
             settings.allow_lan,
             settings.block_when_disconnected,
-            Self::get_custom_resolvers(&settings.tunnel_options.dns_options),
+            Self::get_dns_resolvers(&settings.tunnel_options.dns_options),
             initial_api_endpoint,
             tunnel_parameters_generator,
             log_dir,
@@ -694,11 +700,28 @@ where
         Ok(daemon)
     }
 
-    fn get_custom_resolvers(dns_options: &DnsOptions) -> Option<Vec<IpAddr>> {
-        if dns_options.custom && !dns_options.addresses.is_empty() {
-            Some(dns_options.addresses.clone())
-        } else {
-            None
+    fn get_dns_resolvers(options: &DnsOptions) -> Option<Vec<IpAddr>> {
+        match options.state {
+            DnsState::Default => {
+                if options.default_options.block_ads {
+                    if options.default_options.block_trackers {
+                        Some(DNS_AD_TRACKER_BLOCKING_SERVERS.to_vec())
+                    } else {
+                        Some(DNS_AD_BLOCKING_SERVERS.to_vec())
+                    }
+                } else if options.default_options.block_trackers {
+                    Some(DNS_TRACKER_BLOCKING_SERVERS.to_vec())
+                } else {
+                    None
+                }
+            }
+            DnsState::Custom => {
+                if options.custom_options.addresses.is_empty() {
+                    None
+                } else {
+                    Some(options.custom_options.addresses.clone())
+                }
+            }
         }
     }
 
@@ -1854,10 +1877,9 @@ where
                 Self::oneshot_send(tx, Ok(()), "set_dns_options response");
                 if settings_changed {
                     let settings = self.settings.to_settings();
-                    let resolvers =
-                        Self::get_custom_resolvers(&settings.tunnel_options.dns_options);
+                    let resolvers = Self::get_dns_resolvers(&settings.tunnel_options.dns_options);
                     self.event_listener.notify_settings(settings);
-                    self.send_tunnel_command(TunnelCommand::CustomDns(resolvers));
+                    self.send_tunnel_command(TunnelCommand::Dns(resolvers));
                 }
             }
             Err(e) => {
diff --git a/mullvad-daemon/src/management_interface.rs b/mullvad-daemon/src/management_interface.rs
index a9b07a1214..2e1d8cbc82 100644
--- a/mullvad-daemon/src/management_interface.rs
+++ b/mullvad-daemon/src/management_interface.rs
@@ -361,31 +361,13 @@ impl ManagementService for ManagementServiceImpl {
 
     #[cfg(not(target_os = "android"))]
     async fn set_dns_options(&self, request: Request<types::DnsOptions>) -> ServiceResult<()> {
-        let options = request.into_inner();
-        log::debug!(
-            "set_dns_options({}, {:?})",
-            options.custom,
-            options.addresses
-        );
-
-        let mut servers_ip = vec![];
-        for server in options.addresses.into_iter() {
-            if let Ok(addr) = server.parse() {
-                servers_ip.push(addr);
-            } else {
-                let err_msg = format!("failed to parse IP address: {}", server);
-                return Err(Status::invalid_argument(err_msg));
-            }
-        }
+        let options = DnsOptions::try_from(request.into_inner()).map_err(|error| match error {
+            types::FromProtobufTypeError::InvalidArgument(error) => Status::invalid_argument(error),
+        })?;
+        log::debug!("set_dns_options({:?})", options);
 
         let (tx, rx) = oneshot::channel();
-        self.send_command_to_daemon(DaemonCommand::SetDnsOptions(
-            tx,
-            DnsOptions {
-                custom: options.custom,
-                addresses: servers_ip,
-            },
-        ))?;
+        self.send_command_to_daemon(DaemonCommand::SetDnsOptions(tx, options))?;
         self.wait_for_result(rx)
             .await?
             .map(Response::new)