From a17908f6e12dcf1dcbcd2b8317402e5307c1be14 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Wed, 3 Jun 2020 01:15:05 -0700
Subject: [PATCH] Only resolve via DoH for specific hostnames

---
 app/build.gradle                              |  1 +
 .../topjohnwu/magisk/di/NetworkingModule.kt   | 39 ++++++++++++-------
 2 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/app/build.gradle b/app/build.gradle
index 0c74f7da7..ecb32a00c 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -54,6 +54,7 @@ android {
         exclude '/org/bouncycastle/**'
         exclude '/kotlin/**'
         exclude '/kotlinx/**'
+        exclude '/okhttp3/**'
     }
 
     kotlinOptions {
diff --git a/app/src/main/java/com/topjohnwu/magisk/di/NetworkingModule.kt b/app/src/main/java/com/topjohnwu/magisk/di/NetworkingModule.kt
index 11e5cecfc..37a255666 100644
--- a/app/src/main/java/com/topjohnwu/magisk/di/NetworkingModule.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/di/NetworkingModule.kt
@@ -12,6 +12,7 @@ import io.noties.markwon.Markwon
 import io.noties.markwon.html.HtmlPlugin
 import io.noties.markwon.image.ImagesPlugin
 import io.noties.markwon.image.network.OkHttpNetworkSchemeHandler
+import okhttp3.Dns
 import okhttp3.HttpUrl
 import okhttp3.OkHttpClient
 import okhttp3.dnsoverhttps.DnsOverHttps
@@ -46,20 +47,30 @@ fun createOkHttpClient(context: Context): OkHttpClient {
         builder.sslSocketFactory(NoSSLv3SocketFactory())
     }
 
-    builder.dns(DnsOverHttps.Builder().client(builder.build())
-            .url(HttpUrl.get("https://cloudflare-dns.com/dns-query"))
-            .bootstrapDnsHosts(listOf(
-                    InetAddress.getByName("162.159.36.1"),
-                    InetAddress.getByName("162.159.46.1"),
-                    InetAddress.getByName("1.1.1.1"),
-                    InetAddress.getByName("1.0.0.1"),
-                    InetAddress.getByName("162.159.132.53"),
-                    InetAddress.getByName("2606:4700:4700::1111"),
-                    InetAddress.getByName("2606:4700:4700::1001"),
-                    InetAddress.getByName("2606:4700:4700::0064"),
-                    InetAddress.getByName("2606:4700:4700::6400")
-            ))
-            .build())
+    val doh = DnsOverHttps.Builder().client(builder.build())
+        .url(HttpUrl.get("https://cloudflare-dns.com/dns-query"))
+        .bootstrapDnsHosts(listOf(
+            InetAddress.getByName("162.159.36.1"),
+            InetAddress.getByName("162.159.46.1"),
+            InetAddress.getByName("1.1.1.1"),
+            InetAddress.getByName("1.0.0.1"),
+            InetAddress.getByName("162.159.132.53"),
+            InetAddress.getByName("2606:4700:4700::1111"),
+            InetAddress.getByName("2606:4700:4700::1001"),
+            InetAddress.getByName("2606:4700:4700::0064"),
+            InetAddress.getByName("2606:4700:4700::6400")
+        ))
+        .resolvePrivateAddresses(true)  /* To make PublicSuffixDatabase never used */
+        .build()
+
+    builder.dns { hostname ->
+        // Only resolve via DoH for known DNS polluted hostnames
+        if (hostname == "raw.githubusercontent.com") {
+            doh.lookup(hostname)
+        } else {
+            Dns.SYSTEM.lookup(hostname)
+        }
+    }
 
     return builder.build()
 }