Update config and add ordering

resolver/config.go

@@ -22,28 +22,28 @@ var (
 		// - Available logging data may not be used against the user, ie. unethically.
 
 		// Sadly, only a few services come close to fulfilling these requirements.
-		// For now, we have settled for two bigger and well known services: Cloudflare and Quad9.
+		// For now, we have settled for two bigger and well known services: Quad9 and Cloudflare.
 		// TODO: monitor situation and re-evaluate when new services become available
 		// TODO: explore other methods of making queries more private
 
 		// We encourage everyone who has the technical abilities to set their own preferred servers.
 
-		// Default 1: Cloudflare
-		"dot://1.1.1.1:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip", // Cloudflare
-		"dot://1.0.0.1:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip", // Cloudflare
-
-		// Default 2: Quad9
+		// Default 1: Quad9
 		"dot://9.9.9.9:853?verify=dns.quad9.net&name=Quad9&blockedif=empty",         // Quad9
 		"dot://149.112.112.112:853?verify=dns.quad9.net&name=Quad9&blockedif=empty", // Quad9
 
-		// Fallback 1: Cloudflare
-		"dns://1.1.1.1:53?name=Cloudflare&blockedif=zeroip", // Cloudflare
-		"dns://1.0.0.1:53?name=Cloudflare&blockedif=zeroip", // Cloudflare
+		// Default 2: Cloudflare
+		"dot://1.1.1.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip", // Cloudflare
+		"dot://1.0.0.2:853?verify=cloudflare-dns.com&name=Cloudflare&blockedif=zeroip", // Cloudflare
 
-		// Fallback 2: Quad9
+		// Fallback 1: Quad9
 		"dns://9.9.9.9:53?name=Quad9&blockedif=empty",         // Quad9
 		"dns://149.112.112.112:53?name=Quad9&blockedif=empty", // Quad9
 
+		// Fallback 2: Cloudflare
+		"dns://1.1.1.2:53?name=Cloudflare&blockedif=zeroip", // Cloudflare
+		"dns://1.0.0.2:53?name=Cloudflare&blockedif=zeroip", // Cloudflare
+
 		// supported parameters
 		// - `verify=domain`: verify domain (dot only)
 		// future parameters:
@@ -55,38 +55,70 @@ var (
 		//	- `zeroip`: Answer only contains zeroip
 	}
 
-	CfgOptionNameServersKey = "dns/nameservers"
-	configuredNameServers   config.StringArrayOption
+	CfgOptionNameServersKey   = "dns/nameservers"
+	configuredNameServers     config.StringArrayOption
+	cfgOptionNameServersOrder = 0
 
-	CfgOptionNameserverRetryRateKey = "dns/nameserverRetryRate"
-	nameserverRetryRate             config.IntOption
+	CfgOptionNoAssignedNameserversKey   = "dns/noAssignedNameservers"
+	noAssignedNameservers               status.SecurityLevelOption
+	cfgOptionNoAssignedNameserversOrder = 1
 
-	CfgOptionNoMulticastDNSKey = "dns/noMulticastDNS"
-	noMulticastDNS             status.SecurityLevelOption
+	CfgOptionNoMulticastDNSKey   = "dns/noMulticastDNS"
+	noMulticastDNS               status.SecurityLevelOption
+	cfgOptionNoMulticastDNSOrder = 2
 
-	CfgOptionNoAssignedNameserversKey = "dns/noAssignedNameservers"
-	noAssignedNameservers             status.SecurityLevelOption
+	CfgOptionNoInsecureProtocolsKey   = "dns/noInsecureProtocols"
+	noInsecureProtocols               status.SecurityLevelOption
+	cfgOptionNoInsecureProtocolsOrder = 3
 
-	CfgOptionNoInsecureProtocolsKey = "dns/noInsecureProtocols"
-	noInsecureProtocols             status.SecurityLevelOption
+	CfgOptionDontResolveSpecialDomainsKey   = "dns/dontResolveSpecialDomains"
+	dontResolveSpecialDomains               status.SecurityLevelOption
+	cfgOptionDontResolveSpecialDomainsOrder = 16
 
-	CfgOptionDontResolveSpecialDomainsKey = "dns/dontResolveSpecialDomains"
-	dontResolveSpecialDomains             status.SecurityLevelOption
+	CfgOptionDontResolveTestDomainsKey   = "dns/dontResolveTestDomains"
+	dontResolveTestDomains               status.SecurityLevelOption
+	cfgOptionDontResolveTestDomainsOrder = 17
 
-	CfgOptionDontResolveTestDomainsKey = "dns/dontResolveTestDomains"
-	dontResolveTestDomains             status.SecurityLevelOption
+	CfgOptionNameserverRetryRateKey   = "dns/nameserverRetryRate"
+	nameserverRetryRate               config.IntOption
+	cfgOptionNameserverRetryRateOrder = 32
 )
 
 func prepConfig() error {
 	err := config.Register(&config.Option{
-		Name:            "DNS Servers",
-		Key:             CfgOptionNameServersKey,
-		Description:     "DNS Servers to use for resolving DNS requests.",
+		Name:        "DNS Servers",
+		Key:         CfgOptionNameServersKey,
+		Description: "DNS Servers to use for resolving DNS requests.",
+		Help: `Format:
+
+DNS Servers are configured in a URL format. This allows you to specify special settings for a resolver. If you just want to use a resolver at IP 10.2.3.4, please enter: dns://10.2.3.4:53
+The format is: protocol://ip:port?parameter=value&parameter=value
+
+Protocols:
+	dot: DNS-over-TLS (recommended)
+	dns: plain old DNS
+	tcp: plain old DNS over TCP
+
+IP:
+	always use the IP address and _not_ the domain name!
+
+Port:
+	always add the port!
+
+Parameters:
+	name: give your DNS Server a name that is used for messages and logs
+	verify: domain name to verify for "dot", required and only valid for "dot"
+	blockedif: detect if the name server blocks a query, options:
+		empty: server replies with NXDomain status, but without any other record in any section
+		refused: server replies with Refused status
+		zeroip: server replies with an IP address, but it is zero
+`,
+		Order:           cfgOptionNameServersOrder,
 		OptType:         config.OptTypeStringArray,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelStable,
 		DefaultValue:    defaultNameServers,
-		ValidationRegex: "^(dns|dot|tls)://.*",
+		ValidationRegex: fmt.Sprintf("^(%s|%s|%s)://.*", ServerTypeDoT, ServerTypeDNS, ServerTypeTCP),
 	})
 	if err != nil {
 		return err
@@ -97,6 +129,7 @@ func prepConfig() error {
 		Name:           "DNS Server Retry Rate",
 		Key:            CfgOptionNameserverRetryRateKey,
 		Description:    "Rate at which to retry failed DNS Servers, in seconds.",
+		Order:          cfgOptionNameserverRetryRateOrder,
 		OptType:        config.OptTypeInt,
 		ExpertiseLevel: config.ExpertiseLevelExpert,
 		ReleaseLevel:   config.ReleaseLevelStable,
@@ -111,6 +144,7 @@ func prepConfig() error {
 		Name:            "Do not use Multicast DNS",
 		Key:             CfgOptionNoMulticastDNSKey,
 		Description:     "Multicast DNS queries other devices in the local network",
+		Order:           cfgOptionNoMulticastDNSOrder,
 		OptType:         config.OptTypeInt,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelStable,
@@ -127,6 +161,7 @@ func prepConfig() error {
 		Name:            "Do not use assigned Nameservers",
 		Key:             CfgOptionNoAssignedNameserversKey,
 		Description:     "that were acquired by the network (dhcp) or system",
+		Order:           cfgOptionNoAssignedNameserversOrder,
 		OptType:         config.OptTypeInt,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelStable,
@@ -143,6 +178,7 @@ func prepConfig() error {
 		Name:            "Do not resolve insecurely",
 		Key:             CfgOptionNoInsecureProtocolsKey,
 		Description:     "Do not resolve domains with insecure protocols, ie. plain DNS",
+		Order:           cfgOptionNoInsecureProtocolsOrder,
 		OptType:         config.OptTypeInt,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelStable,
@@ -159,6 +195,7 @@ func prepConfig() error {
 		Name:            "Do not resolve special domains",
 		Key:             CfgOptionDontResolveSpecialDomainsKey,
 		Description:     fmt.Sprintf("Do not resolve the special top level domains %s", formatScopeList(specialServiceScopes)),
+		Order:           cfgOptionDontResolveSpecialDomainsOrder,
 		OptType:         config.OptTypeInt,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelStable,
@@ -175,6 +212,7 @@ func prepConfig() error {
 		Name:            "Do not resolve test domains",
 		Key:             CfgOptionDontResolveTestDomainsKey,
 		Description:     fmt.Sprintf("Do not resolve the special testing top level domains %s", formatScopeList(localTestScopes)),
+		Order:           cfgOptionDontResolveTestDomainsOrder,
 		OptType:         config.OptTypeInt,
 		ExpertiseLevel:  config.ExpertiseLevelExpert,
 		ReleaseLevel:    config.ReleaseLevelStable,