Release v0.68.0

Added

• The field proxy.Config.PrivateSubnets used to determine if the address of a client or the address requested via PTR is considered private. The netutil.IsLocallyServed is used by default.
• The field proxy.Config.UsePrivateRDNS controls if the requests considered private should be resolved via proxy.Config.PrivateRDNSUpstreamConfig. Such requests answered with NXDOMAIN otherwise.
• The field proxy.DNSContext.IsPrivateClient which determines if the client's address is considered private.
• The field proxy.DNSContext.RequestedPrivateRDNS containing the prefix parsed from a requested ARPA domain, if the request itself is PTR for a private address and came from a private client.
• The proxy.ValidatePrivateConfig function to validate if an proxy.UpstreamConfig may be used for private RDNS.

Changed

• PTR requests for domains containing DNS64 prefixes are now answered with NXDOMAIN if proxy.Config.UseDNS64 is set to true, but proxy.Config.UsePrivateRDNS is not.
• Fallback servers aren't used for the aforementioned requests, as well as for all private RDNS requests.
• All the private RDNS requests coming from external (non-private) client are now answered with NXDOMAIN before proxy.RequestHandler.
• proxy.New now requires proxy.Config.PrivateRDNSUpstreamConfig to be valid as per proxy.ValidatePrivateConfig if proxy.Config.UsePrivateRDNS is set to true.