stop being authoritative for stuff not in internal dns

This commit is contained in:
Elizabeth 2024-04-02 14:49:18 -06:00
parent 1fb45f8c4a
commit d7843d18d0
Signed by: simponic
GPG Key ID: 2909B9A7FF6213EE
3 changed files with 29 additions and 35 deletions

View File

@ -11,4 +11,4 @@ RUN go build -o /app/hatecomputers
EXPOSE 8080 EXPOSE 8080
CMD ["/app/hatecomputers", "--server", "--migrate", "--port", "8080", "--template-path", "/app/templates", "--database-path", "/app/db/hatecomputers.db", "--static-path", "/app/static", "--scheduler", "--dns", "--dns-port", "8053", "--dns-recursion", "1.1.1.1:53,1.0.0.1:53"] CMD ["/app/hatecomputers", "--server", "--migrate", "--port", "8080", "--template-path", "/app/templates", "--database-path", "/app/db/hatecomputers.db", "--static-path", "/app/static", "--scheduler", "--dns", "--dns-port", "8053"]

View File

@ -22,9 +22,8 @@ type Arguments struct {
OauthConfig *oauth2.Config OauthConfig *oauth2.Config
OauthUserInfoURI string OauthUserInfoURI string
Dns bool Dns bool
DnsRecursion []string DnsPort int
DnsPort int
CloudflareToken string CloudflareToken string
CloudflareZone string CloudflareZone string
@ -45,7 +44,6 @@ func GetArgs() (*Arguments, error) {
server := flag.Bool("server", false, "Run the server") server := flag.Bool("server", false, "Run the server")
dns := flag.Bool("dns", false, "Run DNS resolver") dns := flag.Bool("dns", false, "Run DNS resolver")
dnsRecursion := flag.String("dns-recursion", "1.1.1.1:53,1.0.0.1:53", "Comma separated list of DNS resolvers")
dnsPort := flag.Int("dns-port", 8053, "Port to listen on for DNS resolver") dnsPort := flag.Int("dns-port", 8053, "Port to listen on for DNS resolver")
flag.Parse() flag.Parse()
@ -104,7 +102,6 @@ func GetArgs() (*Arguments, error) {
Migrate: *migrate, Migrate: *migrate,
Scheduler: *scheduler, Scheduler: *scheduler,
Dns: *dns, Dns: *dns,
DnsRecursion: strings.Split(*dnsRecursion, ","),
DnsPort: *dnsPort, DnsPort: *dnsPort,
OauthConfig: oauthConfig, OauthConfig: oauthConfig,

View File

@ -11,17 +11,13 @@ import (
const MAX_RECURSION = 10 const MAX_RECURSION = 10
func resolveRecursive(dbConn *sql.DB, dnsResolvers []string, domain string, qtype uint16, maxDepth int) ([]dns.RR, error) { func resolveInternalCNAMEs(dbConn *sql.DB, domain string, qtype uint16, maxDepth int) ([]dns.RR, error) {
if maxDepth == 0 {
return nil, fmt.Errorf("too much recursion")
}
internalCnames, err := database.FindDNSRecords(dbConn, domain, "CNAME") internalCnames, err := database.FindDNSRecords(dbConn, domain, "CNAME")
if err != nil { if err != nil {
return nil, err return nil, err
} }
answers := []dns.RR{} var answers []dns.RR
for _, record := range internalCnames { for _, record := range internalCnames {
cname, err := dns.NewRR(fmt.Sprintf("%s %d IN CNAME %s", record.Name, record.TTL, record.Content)) cname, err := dns.NewRR(fmt.Sprintf("%s %d IN CNAME %s", record.Name, record.TTL, record.Content))
if err != nil { if err != nil {
@ -29,7 +25,10 @@ func resolveRecursive(dbConn *sql.DB, dnsResolvers []string, domain string, qtyp
} }
answers = append(answers, cname) answers = append(answers, cname)
cnameRecursive, _ := resolveRecursive(dbConn, dnsResolvers, record.Content, qtype, maxDepth-1) cnameRecursive, err := resolveDNS(dbConn, record.Content, qtype, maxDepth-1)
if err != nil {
return nil, err
}
answers = append(answers, cnameRecursive...) answers = append(answers, cnameRecursive...)
} }
@ -43,37 +42,31 @@ func resolveRecursive(dbConn *sql.DB, dnsResolvers []string, domain string, qtyp
return nil, err return nil, err
} }
for _, record := range typeDnsRecords { for _, record := range typeDnsRecords {
answer, err := dns.NewRR(fmt.Sprintf("%s %d IN %s %s", record.Name, record.TTL, record.Type, record.Content)) answer, err := dns.NewRR(fmt.Sprintf("%s %d IN %s %s", record.Name, record.TTL, qtypeName, record.Content))
if err != nil { if err != nil {
return nil, err return nil, err
} }
answers = append(answers, answer) answers = append(answers, answer)
} }
return answers, nil
}
func resolveDNS(dbConn *sql.DB, domain string, qtype uint16, maxDepth int) ([]dns.RR, error) {
if maxDepth == 0 {
return nil, fmt.Errorf("too much recursion")
}
answers, err := resolveInternalCNAMEs(dbConn, domain, qtype, maxDepth)
if err != nil {
return nil, err
}
if len(answers) > 0 { if len(answers) > 0 {
// base case; we found the answer
return answers, nil return answers, nil
} }
message := new(dns.Msg) return nil, fmt.Errorf("no records found for %s", domain)
message.SetQuestion(dns.Fqdn(domain), qtype)
message.RecursionDesired = true
client := new(dns.Client)
i := 0
in, _, err := client.Exchange(message, dnsResolvers[i])
for err != nil {
i += 1
if i == len(dnsResolvers) {
log.Println(err)
return nil, err
}
in, _, err = client.Exchange(message, dnsResolvers[i])
}
answers = append(answers, in.Answer...)
return answers, nil
} }
type DnsHandler struct { type DnsHandler struct {
@ -87,7 +80,7 @@ func (h *DnsHandler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
msg.Authoritative = true msg.Authoritative = true
for _, question := range r.Question { for _, question := range r.Question {
answers, err := resolveRecursive(h.DbConn, h.DnsResolvers, question.Name, question.Qtype, MAX_RECURSION) answers, err := resolveDNS(h.DbConn, question.Name, question.Qtype, MAX_RECURSION)
if err != nil { if err != nil {
fmt.Println(err) fmt.Println(err)
continue continue
@ -95,6 +88,10 @@ func (h *DnsHandler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
msg.Answer = append(msg.Answer, answers...) msg.Answer = append(msg.Answer, answers...)
} }
if len(msg.Answer) == 0 {
msg.SetRcode(r, dns.RcodeNameError)
}
log.Println(msg.Answer) log.Println(msg.Answer)
w.WriteMsg(msg) w.WriteMsg(msg)
} }