unfinished mess

internal/resolvers/classic.go

@@ -0,0 +1,124 @@
+package resolvers
+
+import (
+	"crypto/tls"
+	"time"
+
+	"github.com/miekg/dns"
+	"github.com/mr-karan/logf"
+)
+
+// ClassicResolver represents the config options for setting up a Resolver.
+type ClassicResolver struct {
+	client          *dns.Client
+	server          string
+	resolverOptions Options
+}
+
+// ClassicResolverOpts holds options for setting up a Classic resolver.
+type ClassicResolverOpts struct {
+	UseTLS bool
+	UseTCP bool
+}
+
+// NewClassicResolver accepts a list of nameservers and configures a DNS resolver.
+func NewClassicResolver(server string, classicOpts ClassicResolverOpts, resolverOpts Options) (Resolver, error) {
+	net := "udp"
+	client := &dns.Client{
+		Timeout: resolverOpts.Timeout,
+		Net:     "udp",
+	}
+
+	if classicOpts.UseTCP {
+		net = "tcp"
+	}
+
+	if resolverOpts.UseIPv4 {
+		net = net + "4"
+	}
+	if resolverOpts.UseIPv6 {
+		net = net + "6"
+	}
+
+	if classicOpts.UseTLS {
+		net = net + "-tls"
+		// Provide extra TLS config for doing/skipping hostname verification.
+		client.TLSConfig = &tls.Config{
+			ServerName:         resolverOpts.TLSHostname,
+			InsecureSkipVerify: resolverOpts.InsecureSkipVerify,
+		}
+	}
+
+	client.Net = net
+
+	return &ClassicResolver{
+		client:          client,
+		server:          server,
+		resolverOptions: resolverOpts,
+	}, nil
+}
+
+// Lookup takes a dns.Question and sends them to DNS Server.
+// It parses the Response from the server in a custom output format.
+func (r *ClassicResolver) Lookup(question dns.Question) (Response, error) {
+	var (
+		rsp      Response
+		messages = prepareMessages(question, r.resolverOptions)
+	)
+	for _, msg := range messages {
+		r.resolverOptions.Logger.WithFields(logf.Fields{
+			"domain":     msg.Question[0].Name,
+			"ndots":      r.resolverOptions.Ndots,
+			"nameserver": r.server,
+		}).Debug("attempting to resolve")
+
+		r.resolverOptions.Logger.Debug("abc")
+
+		// Since the library doesn't include tcp.Dial time,
+		// it's better to not rely on `rtt` provided here and calculate it ourselves.
+		now := time.Now()
+		in, _, err := r.client.Exchange(&msg, r.server)
+		if err != nil {
+			return rsp, err
+		}
+
+		// In case the response size exceeds 512 bytes (can happen with lot of TXT records),
+		// fallback to TCP as with UDP the response is truncated. Fallback mechanism is in-line with `dig`.
+		if in.Truncated {
+			switch r.client.Net {
+			case "udp":
+				r.client.Net = "tcp"
+			case "udp4":
+				r.client.Net = "tcp4"
+			case "udp6":
+				r.client.Net = "tcp6"
+			default:
+				r.client.Net = "tcp"
+			}
+			r.resolverOptions.Logger.WithFields(logf.Fields{"protocol": r.client.Net}).Debug("Response truncated; retrying now")
+			return r.Lookup(question)
+		}
+
+		// Pack questions in output.
+		for _, q := range msg.Question {
+			ques := Question{
+				Name:  q.Name,
+				Class: dns.ClassToString[q.Qclass],
+				Type:  dns.TypeToString[q.Qtype],
+			}
+			rsp.Questions = append(rsp.Questions, ques)
+		}
+		rtt := time.Since(now)
+
+		// Get the authorities and answers.
+		output := parseMessage(in, rtt, r.server)
+		rsp.Authorities = output.Authorities
+		rsp.Answers = output.Answers
+
+		if len(output.Answers) > 0 {
+			// Stop iterating the searchlist.
+			break
+		}
+	}
+	return rsp, nil
+}

internal/resolvers/dnscrypt.go

@@ -0,0 +1,83 @@
+package resolvers
+
+import (
+	"time"
+
+	"github.com/ameshkov/dnscrypt/v2"
+	"github.com/miekg/dns"
+	"github.com/mr-karan/logf"
+)
+
+// DNSCryptResolver represents the config options for setting up a Resolver.
+type DNSCryptResolver struct {
+	client          *dnscrypt.Client
+	server          string
+	resolverInfo    *dnscrypt.ResolverInfo
+	resolverOptions Options
+}
+
+// DNSCryptResolverOpts holds options for setting up a DNSCrypt resolver.
+type DNSCryptResolverOpts struct {
+	UseTCP bool
+}
+
+// NewDNSCryptResolver accepts a list of nameservers and configures a DNS resolver.
+func NewDNSCryptResolver(server string, dnscryptOpts DNSCryptResolverOpts, resolverOpts Options) (Resolver, error) {
+	net := "udp"
+	if dnscryptOpts.UseTCP {
+		net = "tcp"
+	}
+
+	client := &dnscrypt.Client{Net: net, Timeout: resolverOpts.Timeout, UDPSize: 4096}
+	resolverInfo, err := client.Dial(server)
+	if err != nil {
+		return nil, err
+	}
+	return &DNSCryptResolver{
+		client:          client,
+		resolverInfo:    resolverInfo,
+		server:          resolverInfo.ServerAddress,
+		resolverOptions: resolverOpts,
+	}, nil
+}
+
+// Lookup takes a dns.Question and sends them to DNS Server.
+// It parses the Response from the server in a custom output format.
+func (r *DNSCryptResolver) Lookup(question dns.Question) (Response, error) {
+	var (
+		rsp      Response
+		messages = prepareMessages(question, r.resolverOptions)
+	)
+	for _, msg := range messages {
+		r.resolverOptions.Logger.WithFields(logf.Fields{
+			"domain":     msg.Question[0].Name,
+			"ndots":      r.resolverOptions.Ndots,
+			"nameserver": r.server,
+		}).Debug("attempting to resolve")
+		now := time.Now()
+		in, err := r.client.Exchange(&msg, r.resolverInfo)
+		if err != nil {
+			return rsp, err
+		}
+		rtt := time.Since(now)
+		// pack questions in output.
+		for _, q := range msg.Question {
+			ques := Question{
+				Name:  q.Name,
+				Class: dns.ClassToString[q.Qclass],
+				Type:  dns.TypeToString[q.Qtype],
+			}
+			rsp.Questions = append(rsp.Questions, ques)
+		}
+		// get the authorities and answers.
+		output := parseMessage(in, rtt, r.server)
+		rsp.Authorities = output.Authorities
+		rsp.Answers = output.Answers
+
+		if len(output.Answers) > 0 {
+			// stop iterating the searchlist.
+			break
+		}
+	}
+	return rsp, nil
+}

internal/resolvers/doh.go

@@ -0,0 +1,121 @@
+package resolvers
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"time"
+
+	"github.com/miekg/dns"
+	"github.com/mr-karan/logf"
+)
+
+// DOHResolver represents the config options for setting up a DOH based resolver.
+type DOHResolver struct {
+	client          *http.Client
+	server          string
+	resolverOptions Options
+}
+
+// NewDOHResolver accepts a nameserver address and configures a DOH based resolver.
+func NewDOHResolver(server string, resolverOpts Options) (Resolver, error) {
+	// do basic validation
+	u, err := url.ParseRequestURI(server)
+	if err != nil {
+		return nil, fmt.Errorf("%s is not a valid HTTPS nameserver", server)
+	}
+	if u.Scheme != "https" {
+		return nil, fmt.Errorf("missing https in %s", server)
+	}
+	httpClient := &http.Client{
+		Timeout: resolverOpts.Timeout,
+	}
+	return &DOHResolver{
+		client:          httpClient,
+		server:          server,
+		resolverOptions: resolverOpts,
+	}, nil
+}
+
+// Lookup takes a dns.Question and sends them to DNS Server.
+// It parses the Response from the server in a custom output format.
+func (r *DOHResolver) Lookup(question dns.Question) (Response, error) {
+	var (
+		rsp      Response
+		messages = prepareMessages(question, r.resolverOptions)
+	)
+
+	for _, msg := range messages {
+		r.resolverOptions.Logger.WithFields(logf.Fields{
+			"domain":     msg.Question[0].Name,
+			"ndots":      r.resolverOptions.Ndots,
+			"nameserver": r.server,
+		}).Debug("attempting to resolve")
+		// get the DNS Message in wire format.
+		b, err := msg.Pack()
+		if err != nil {
+			return rsp, err
+		}
+		now := time.Now()
+		// Make an HTTP POST request to the DNS server with the DNS message as wire format bytes in the body.
+		resp, err := r.client.Post(r.server, "application/dns-message", bytes.NewBuffer(b))
+		if err != nil {
+			return rsp, err
+		}
+		if resp.StatusCode == http.StatusMethodNotAllowed {
+			url, err := url.Parse(r.server)
+			if err != nil {
+				return rsp, err
+			}
+			url.RawQuery = fmt.Sprintf("dns=%v", base64.RawURLEncoding.EncodeToString(b))
+			resp, err = r.client.Get(url.String())
+			if err != nil {
+				return rsp, err
+			}
+		}
+		if resp.StatusCode != http.StatusOK {
+			return rsp, fmt.Errorf("error from nameserver %s", resp.Status)
+		}
+		rtt := time.Since(now)
+
+		// Log the response headers in debug mode.
+		for header, value := range resp.Header {
+			r.resolverOptions.Logger.WithFields(logf.Fields{
+				header: value,
+			}).Debug("DOH response header")
+		}
+
+		// Extract the binary response in DNS Message.
+		body, err := ioutil.ReadAll(resp.Body)
+		if err != nil {
+			return rsp, err
+		}
+
+		err = msg.Unpack(body)
+		if err != nil {
+			return rsp, err
+		}
+		// Pack questions in output.
+		for _, q := range msg.Question {
+			ques := Question{
+				Name:  q.Name,
+				Class: dns.ClassToString[q.Qclass],
+				Type:  dns.TypeToString[q.Qtype],
+			}
+			rsp.Questions = append(rsp.Questions, ques)
+		}
+		// Get the authorities and answers.
+		output := parseMessage(&msg, rtt, r.server)
+		rsp.Authorities = output.Authorities
+		rsp.Answers = output.Answers
+
+		if len(output.Answers) > 0 {
+			// Stop iterating the searchlist.
+			break
+		}
+	}
+	return rsp, nil
+}

internal/resolvers/doq.go

@@ -0,0 +1,130 @@
+package resolvers
+
+import (
+	"crypto/tls"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"time"
+
+	"github.com/lucas-clemente/quic-go"
+	"github.com/miekg/dns"
+	"github.com/mr-karan/logf"
+)
+
+// DOQResolver represents the config options for setting up a DOQ based resolver.
+type DOQResolver struct {
+	tls             *tls.Config
+	server          string
+	resolverOptions Options
+}
+
+// NewDOQResolver accepts a nameserver address and configures a DOQ based resolver.
+func NewDOQResolver(server string, resolverOpts Options) (Resolver, error) {
+	return &DOQResolver{
+		tls: &tls.Config{
+			NextProtos: []string{"doq"},
+		},
+		server:          server,
+		resolverOptions: resolverOpts,
+	}, nil
+}
+
+// Lookup takes a dns.Question and sends them to DNS Server.
+// It parses the Response from the server in a custom output format.
+func (r *DOQResolver) Lookup(question dns.Question) (Response, error) {
+	var (
+		rsp      Response
+		messages = prepareMessages(question, r.resolverOptions)
+	)
+
+	session, err := quic.DialAddr(r.server, r.tls, nil)
+	if err != nil {
+		return rsp, err
+	}
+	defer session.CloseWithError(quic.ApplicationErrorCode(quic.NoError), "")
+
+	for _, msg := range messages {
+		r.resolverOptions.Logger.WithFields(logf.Fields{
+			"domain":     msg.Question[0].Name,
+			"ndots":      r.resolverOptions.Ndots,
+			"nameserver": r.server,
+		}).Debug("attempting to resolve")
+
+		// ref: https://www.rfc-editor.org/rfc/rfc9250.html#name-dns-message-ids
+		msg.Id = 0
+
+		// get the DNS Message in wire format.
+		var b []byte
+		b, err = msg.Pack()
+		if err != nil {
+			return rsp, err
+		}
+		now := time.Now()
+
+		var stream quic.Stream
+		stream, err = session.OpenStream()
+		if err != nil {
+			return rsp, err
+		}
+
+		var msgLen = uint16(len(b))
+		var msgLenBytes = []byte{byte(msgLen >> 8), byte(msgLen & 0xFF)}
+		_, err = stream.Write(msgLenBytes)
+		if err != nil {
+			return rsp, err
+		}
+		// Make a QUIC request to the DNS server with the DNS message as wire format bytes in the body.
+		_, err = stream.Write(b)
+		if err != nil {
+			return rsp, err
+		}
+
+		err = stream.SetDeadline(time.Now().Add(r.resolverOptions.Timeout))
+		if err != nil {
+			return rsp, err
+		}
+
+		var buf []byte
+		buf, err = io.ReadAll(stream)
+		if err != nil {
+			if errors.Is(err, os.ErrDeadlineExceeded) {
+				return rsp, fmt.Errorf("timeout")
+			}
+			return rsp, err
+		}
+		rtt := time.Since(now)
+
+		_ = stream.Close()
+
+		packetLen := binary.BigEndian.Uint16(buf[:2])
+		if packetLen != uint16(len(buf[2:])) {
+			return rsp, fmt.Errorf("packet length mismatch")
+		}
+		err = msg.Unpack(buf[2:])
+		if err != nil {
+			return rsp, err
+		}
+		// pack questions in output.
+		for _, q := range msg.Question {
+			ques := Question{
+				Name:  q.Name,
+				Class: dns.ClassToString[q.Qclass],
+				Type:  dns.TypeToString[q.Qtype],
+			}
+			rsp.Questions = append(rsp.Questions, ques)
+		}
+		// get the authorities and answers.
+		output := parseMessage(&msg, rtt, r.server)
+		rsp.Authorities = output.Authorities
+		rsp.Answers = output.Answers
+
+		if len(output.Answers) > 0 {
+			// stop iterating the searchlist.
+			break
+		}
+	}
+	return rsp, nil
+}

internal/resolvers/resolver.go

@@ -0,0 +1,150 @@
+package resolvers
+
+import (
+	"time"
+
+	"github.com/miekg/dns"
+	"github.com/mr-karan/doggo/pkg/models"
+	"github.com/mr-karan/logf"
+)
+
+// Options represent a set of common options
+// to configure a Resolver.
+type Options struct {
+	Logger *logf.Logger
+
+	Nameservers        []models.Nameserver
+	UseIPv4            bool
+	UseIPv6            bool
+	SearchList         []string
+	Ndots              int
+	Timeout            time.Duration
+	Strategy           string
+	InsecureSkipVerify bool
+	TLSHostname        string
+
+	// DNS Protocol Flags.
+	Authoritative     bool
+	AuthenticatedData bool
+	CheckingDisabled  bool
+	RecursionDesired  bool
+}
+
+// Resolver implements the configuration for a DNS
+// Client. Different types of providers can load
+// a DNS Resolver satisfying this interface.
+type Resolver interface {
+	Lookup(dns.Question) (Response, error)
+}
+
+// Response represents a custom output format
+// for DNS queries. It wraps metadata about the DNS query
+// and the DNS Answer as well.
+type Response struct {
+	Answers     []Answer    `json:"answers"`
+	Authorities []Authority `json:"authorities"`
+	Questions   []Question  `json:"questions"`
+}
+
+type Question struct {
+	Name  string `json:"name"`
+	Type  string `json:"type"`
+	Class string `json:"class"`
+}
+
+type Answer struct {
+	Name       string `json:"name"`
+	Type       string `json:"type"`
+	Class      string `json:"class"`
+	TTL        string `json:"ttl"`
+	Address    string `json:"address"`
+	Status     string `json:"status"`
+	RTT        string `json:"rtt"`
+	Nameserver string `json:"nameserver"`
+}
+
+type Authority struct {
+	Name       string `json:"name"`
+	Type       string `json:"type"`
+	Class      string `json:"class"`
+	TTL        string `json:"ttl"`
+	MName      string `json:"mname"`
+	Status     string `json:"status"`
+	RTT        string `json:"rtt"`
+	Nameserver string `json:"nameserver"`
+}
+
+// LoadResolvers loads differently configured
+// resolvers based on a list of nameserver.
+func LoadResolvers(opts Options) ([]Resolver, error) {
+	// For each nameserver, initialise the correct resolver.
+	rslvrs := make([]Resolver, 0, len(opts.Nameservers))
+
+	for _, ns := range opts.Nameservers {
+		if ns.Type == models.DOHResolver {
+			opts.Logger.Debug("initiating DOH resolver")
+			rslvr, err := NewDOHResolver(ns.Address, opts)
+			if err != nil {
+				return rslvrs, err
+			}
+			rslvrs = append(rslvrs, rslvr)
+		}
+		if ns.Type == models.DOTResolver {
+			opts.Logger.Debug("initiating DOT resolver")
+			rslvr, err := NewClassicResolver(ns.Address,
+				ClassicResolverOpts{
+					UseTLS: true,
+					UseTCP: true,
+				}, opts)
+
+			if err != nil {
+				return rslvrs, err
+			}
+			rslvrs = append(rslvrs, rslvr)
+		}
+		if ns.Type == models.TCPResolver {
+			opts.Logger.Debug("initiating TCP resolver")
+			rslvr, err := NewClassicResolver(ns.Address,
+				ClassicResolverOpts{
+					UseTLS: false,
+					UseTCP: true,
+				}, opts)
+			if err != nil {
+				return rslvrs, err
+			}
+			rslvrs = append(rslvrs, rslvr)
+		}
+		if ns.Type == models.UDPResolver {
+			opts.Logger.Debug("initiating UDP resolver")
+			rslvr, err := NewClassicResolver(ns.Address,
+				ClassicResolverOpts{
+					UseTLS: false,
+					UseTCP: false,
+				}, opts)
+			if err != nil {
+				return rslvrs, err
+			}
+			rslvrs = append(rslvrs, rslvr)
+		}
+		if ns.Type == models.DNSCryptResolver {
+			opts.Logger.Debug("initiating DNSCrypt resolver")
+			rslvr, err := NewDNSCryptResolver(ns.Address,
+				DNSCryptResolverOpts{
+					UseTCP: false,
+				}, opts)
+			if err != nil {
+				return rslvrs, err
+			}
+			rslvrs = append(rslvrs, rslvr)
+		}
+		if ns.Type == models.DOQResolver {
+			opts.Logger.Debug("initiating DOQ resolver")
+			rslvr, err := NewDOQResolver(ns.Address, opts)
+			if err != nil {
+				return rslvrs, err
+			}
+			rslvrs = append(rslvrs, rslvr)
+		}
+	}
+	return rslvrs, nil
+}

internal/resolvers/utils.go

@@ -0,0 +1,134 @@
+package resolvers
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/miekg/dns"
+)
+
+// prepareMessages takes a  DNS Question and returns the
+// corresponding DNS messages for the same.
+func prepareMessages(q dns.Question, opts Options) []dns.Msg {
+	var (
+		possibleQNames = constructPossibleQuestions(q.Name, opts.Ndots, opts.SearchList)
+		messages       = make([]dns.Msg, 0, len(possibleQNames))
+	)
+
+	for _, qName := range possibleQNames {
+		msg := dns.Msg{
+			MsgHdr: dns.MsgHdr{
+				Id:                dns.Id(),
+				Authoritative:     opts.Authoritative,
+				AuthenticatedData: opts.AuthenticatedData,
+				CheckingDisabled:  opts.CheckingDisabled,
+				RecursionDesired:  true,
+			},
+		}
+		// It's recommended to only send 1 question for 1 DNS message.
+		msg.Question = []dns.Question{{
+			Name:   qName,
+			Qtype:  q.Qtype,
+			Qclass: q.Qclass,
+		}}
+		messages = append(messages, msg)
+	}
+
+	return messages
+}
+
+// NameList returns all of the names that should be queried based on the
+// config. It is based off of go's net/dns name building, but it does not
+// check the length of the resulting names.
+// NOTE: It is taken from `miekg/dns/clientconfig.go: func (c *ClientConfig) NameList`
+// and slightly modified.
+func constructPossibleQuestions(name string, ndots int, searchList []string) []string {
+	// if this domain is already fully qualified, no append needed.
+	if dns.IsFqdn(name) {
+		return []string{name}
+	}
+
+	// Check to see if the name has more labels than Ndots. Do this before making
+	// the domain fully qualified.
+	hasNdots := dns.CountLabel(name) > ndots
+	// Make the domain fully qualified.
+	name = dns.Fqdn(name)
+
+	// Make a list of names based off search.
+	names := []string{}
+
+	// If name has enough dots, try that first.
+	if hasNdots {
+		names = append(names, name)
+	}
+	for _, s := range searchList {
+		names = append(names, dns.Fqdn(name+s))
+	}
+	// If we didn't have enough dots, try after suffixes.
+	if !hasNdots {
+		names = append(names, name)
+	}
+	return names
+}
+
+// parseMessage takes a `dns.Message` and returns a custom
+// Response data struct.
+func parseMessage(msg *dns.Msg, rtt time.Duration, server string) Response {
+	var resp Response
+	timeTaken := fmt.Sprintf("%dms", rtt.Milliseconds())
+
+	// Parse Authorities section.
+	for _, ns := range msg.Ns {
+		// check for SOA record
+		soa, ok := ns.(*dns.SOA)
+		if !ok {
+			// Currently we only check for SOA in Authority.
+			// If it's not SOA, skip this message.
+			continue
+		}
+		mname := soa.Ns + " " + soa.Mbox +
+			" " + strconv.FormatInt(int64(soa.Serial), 10) +
+			" " + strconv.FormatInt(int64(soa.Refresh), 10) +
+			" " + strconv.FormatInt(int64(soa.Retry), 10) +
+			" " + strconv.FormatInt(int64(soa.Expire), 10) +
+			" " + strconv.FormatInt(int64(soa.Minttl), 10)
+		h := ns.Header()
+		name := h.Name
+		qclass := dns.Class(h.Class).String()
+		ttl := strconv.FormatInt(int64(h.Ttl), 10) + "s"
+		qtype := dns.Type(h.Rrtype).String()
+		auth := Authority{
+			Name:       name,
+			Type:       qtype,
+			TTL:        ttl,
+			Class:      qclass,
+			MName:      mname,
+			Nameserver: server,
+			RTT:        timeTaken,
+			Status:     dns.RcodeToString[msg.Rcode],
+		}
+		resp.Authorities = append(resp.Authorities, auth)
+	}
+	// Parse Answers section.
+	for _, a := range msg.Answer {
+		var (
+			h = a.Header()
+			// Source https://github.com/jvns/dns-lookup/blob/main/dns.go#L121.
+			parts = strings.Split(a.String(), "\t")
+			ans   = Answer{
+				Name:       h.Name,
+				Type:       dns.Type(h.Rrtype).String(),
+				TTL:        strconv.FormatInt(int64(h.Ttl), 10) + "s",
+				Class:      dns.Class(h.Class).String(),
+				Address:    parts[len(parts)-1],
+				RTT:        timeTaken,
+				Nameserver: server,
+			}
+		)
+
+		resp.Answers = append(resp.Answers, ans)
+	}
+	return resp
+}