-
Notifications
You must be signed in to change notification settings - Fork 62
/
dotclient.go
88 lines (73 loc) · 2.29 KB
/
dotclient.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package rdns
import (
"crypto/tls"
"net"
"time"
"github.com/miekg/dns"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
// DoTClient is a DNS-over-TLS resolver.
type DoTClient struct {
id string
endpoint string
pipeline *Pipeline
// Pipeline also provides operation metrics.
}
// DoTClientOptions contains options used by the DNS-over-TLS resolver.
type DoTClientOptions struct {
// Bootstrap address - IP to use for the serivce instead of looking up
// the service's hostname with potentially plain DNS.
BootstrapAddr string
// Local IP to use for outbound connections. If nil, a local address is chosen.
LocalAddr net.IP
TLSConfig *tls.Config
QueryTimeout time.Duration
// Optional dialer, e.g. proxy
Dialer Dialer
}
var _ Resolver = &DoTClient{}
// NewDoTClient instantiates a new DNS-over-TLS resolver.
func NewDoTClient(id, endpoint string, opt DoTClientOptions) (*DoTClient, error) {
if err := validEndpoint(endpoint); err != nil {
return nil, err
}
client := GenericDNSClient{
Net: "tcp-tls",
TLSConfig: opt.TLSConfig,
Dialer: opt.Dialer,
LocalAddr: opt.LocalAddr,
}
// If a bootstrap address was provided, we need to use the IP for the connection but the
// hostname in the TLS handshake. The DNS library doesn't support custom dialers, so
// instead set the ServerName in the TLS config to the name in the endpoint config, and
// replace the name in the endpoint with the bootstrap IP.
if opt.BootstrapAddr != "" {
host, port, err := net.SplitHostPort(endpoint)
if err != nil {
return nil, errors.Wrapf(err, "failed to parse dot endpoint '%s'", endpoint)
}
client.TLSConfig.ServerName = host
endpoint = net.JoinHostPort(opt.BootstrapAddr, port)
}
return &DoTClient{
id: id,
endpoint: endpoint,
pipeline: NewPipeline(id, endpoint, client, opt.QueryTimeout),
}, nil
}
// Resolve a DNS query.
func (d *DoTClient) Resolve(q *dns.Msg, ci ClientInfo) (*dns.Msg, error) {
// Packing a message is not always a read-only operation, make a copy
q = q.Copy()
logger(d.id, q, ci).WithFields(logrus.Fields{
"resolver": d.endpoint,
"protocol": "dot",
}).Debug("querying upstream resolver")
// Add padding to the query before sending over TLS
padQuery(q)
return d.pipeline.Resolve(q)
}
func (d *DoTClient) String() string {
return d.id
}