-
-
Notifications
You must be signed in to change notification settings - Fork 305
/
resolver.go
299 lines (253 loc) Β· 7.11 KB
/
resolver.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
package resolver
import (
"context"
"fmt"
"net"
"sync"
"time"
"github.com/miekg/dns"
"github.com/tevino/abool"
"github.com/safing/portbase/utils"
"github.com/safing/portmaster/netenv"
"github.com/safing/portmaster/network/netutils"
)
// DNS Resolver Attributes.
const (
ServerTypeDNS = "dns"
ServerTypeTCP = "tcp"
ServerTypeDoT = "dot"
ServerTypeDoH = "doh"
ServerTypeMDNS = "mdns"
ServerTypeEnv = "env"
ServerSourceConfigured = "config"
ServerSourceOperatingSystem = "system"
ServerSourceMDNS = "mdns"
ServerSourceEnv = "env"
)
// DNS resolver scheme aliases.
const (
HTTPSProtocol = "https"
TLSProtocol = "tls"
)
// FailThreshold is amount of errors a resolvers must experience in order to be regarded as failed.
var FailThreshold = 20
// Resolver holds information about an active resolver.
type Resolver struct {
// Server config url (and ID)
// Supported parameters:
// - `verify=domain`: verify domain (dot only)
// - `name=name`: human readable name for resolver
// - `blockedif=empty`: how to detect if the dns service blocked something
// - `empty`: NXDomain result, but without any other record in any section
// - `refused`: Request was refused
// - `zeroip`: Answer only contains zeroip
ConfigURL string
// Info holds the parsed configuration.
Info *ResolverInfo
// ServerAddress holds the resolver address for easier use.
ServerAddress string
// UpstreamBlockDetection defines the detection type
// to identifier upstream DNS query blocking.
// Valid values are:
// - zeroip
// - empty
// - refused (default)
// - disabled
UpstreamBlockDetection string
// Special Options
Search []string
SearchOnly bool
Path string
// logic interface
Conn ResolverConn `json:"-"`
}
// ResolverInfo is a subset of resolver attributes that is attached to answers
// from that server in order to use it later for decision making. It must not
// be changed by anyone after creation and initialization is complete.
type ResolverInfo struct { //nolint:golint,maligned // TODO
// Name describes the name given to the resolver. The name is configured in the config URL using the name parameter.
Name string
// Type describes the type of the resolver.
// Possible values include dns, tcp, dot, doh, mdns, env.
Type string
// Source describes where the resolver configuration came from.
// Possible values include config, system, mdns, env.
Source string
// IP is the IP address of the resolver
IP net.IP
// Domain of the dns server if it has one
Domain string
// IPScope is the network scope of the IP address.
IPScope netutils.IPScope
// Port is the udp/tcp port of the resolver.
Port uint16
// id holds a unique ID for this resolver.
id string
idGen sync.Once
}
// ID returns the unique ID of the resolver.
func (info *ResolverInfo) ID() string {
// Generate the ID the first time.
info.idGen.Do(func() {
switch info.Type {
case ServerTypeMDNS:
info.id = ServerTypeMDNS
case ServerTypeEnv:
info.id = ServerTypeEnv
case ServerTypeDoH:
info.id = fmt.Sprintf( //nolint:nosprintfhostport // Not used as URL.
"https://%s:%d#%s",
info.Domain,
info.Port,
info.Source,
)
case ServerTypeDoT:
info.id = fmt.Sprintf( //nolint:nosprintfhostport // Not used as URL.
"dot://%s:%d#%s",
info.Domain,
info.Port,
info.Source,
)
default:
info.id = fmt.Sprintf(
"%s://%s:%d#%s",
info.Type,
info.IP,
info.Port,
info.Source,
)
}
})
return info.id
}
// DescriptiveName returns a human readable, but also detailed representation
// of the resolver.
func (info *ResolverInfo) DescriptiveName() string {
switch {
case info.Type == ServerTypeMDNS:
return "MDNS"
case info.Type == ServerTypeEnv:
return "Portmaster Environment"
case info.Name != "":
return fmt.Sprintf(
"%s (%s)",
info.Name,
info.ID(),
)
case info.Domain != "":
return fmt.Sprintf(
"%s (%s)",
info.Domain,
info.ID(),
)
default:
return fmt.Sprintf(
"%s (%s)",
info.IP.String(),
info.ID(),
)
}
}
// Copy returns a full copy of the ResolverInfo.
func (info *ResolverInfo) Copy() *ResolverInfo {
// Force idGen to run before we copy.
_ = info.ID()
// Copy manually in order to not copy the mutex.
cp := &ResolverInfo{
Name: info.Name,
Type: info.Type,
Source: info.Source,
IP: info.IP,
Domain: info.Domain,
IPScope: info.IPScope,
Port: info.Port,
id: info.id,
}
// Trigger idGen.Do(), as the ID is already generated.
cp.idGen.Do(func() {})
return cp
}
// IsBlockedUpstream returns true if the request has been blocked
// upstream.
func (resolver *Resolver) IsBlockedUpstream(answer *dns.Msg) bool {
return isBlockedUpstream(resolver, answer)
}
// String returns the URL representation of the resolver.
func (resolver *Resolver) String() string {
return resolver.Info.DescriptiveName()
}
// ResolverConn is an interface to implement different types of query backends.
type ResolverConn interface { //nolint:golint // TODO
Query(ctx context.Context, q *Query) (*RRCache, error)
ReportFailure()
IsFailing() bool
ResetFailure()
ForceReconnect(ctx context.Context)
}
// BasicResolverConn implements ResolverConn for standard dns clients.
type BasicResolverConn struct {
sync.Mutex // Also used by inheriting structs.
resolver *Resolver
failing *abool.AtomicBool
failingUntil time.Time
fails int
failLock sync.Mutex
networkChangedFlag *utils.Flag
}
// init initializes the basic resolver connection.
func (brc *BasicResolverConn) init() {
brc.failing = abool.New()
brc.networkChangedFlag = netenv.GetNetworkChangedFlag()
}
// ReportFailure reports that an error occurred with this resolver.
func (brc *BasicResolverConn) ReportFailure() {
// Don't mark resolver as failed if we are offline.
if !netenv.Online() {
return
}
brc.failLock.Lock()
defer brc.failLock.Unlock()
brc.fails++
if brc.fails > FailThreshold {
brc.failing.Set()
brc.failingUntil = time.Now().Add(time.Duration(nameserverRetryRate()) * time.Second)
brc.fails = 0
// Refresh the network changed flag in order to only regard changes after
// the fail.
brc.networkChangedFlag.Refresh()
}
// Report to netenv that a configured server failed.
if brc.resolver.Info.Source == ServerSourceConfigured {
netenv.ConnectedToDNS.UnSet()
}
}
// IsFailing returns if this resolver is currently failing.
func (brc *BasicResolverConn) IsFailing() bool {
// Check if not failing.
if !brc.failing.IsSet() {
return false
}
brc.failLock.Lock()
defer brc.failLock.Unlock()
// Reset failure status if the network changed since the last query.
if brc.networkChangedFlag.IsSet() {
brc.networkChangedFlag.Refresh()
brc.fails = 0
brc.failing.UnSet()
return false
}
// Check if we are still
return time.Now().Before(brc.failingUntil)
}
// ResetFailure resets the failure status.
func (brc *BasicResolverConn) ResetFailure() {
if brc.failing.SetToIf(true, false) {
brc.failLock.Lock()
defer brc.failLock.Unlock()
brc.fails = 0
}
// Report to netenv that a configured server succeeded.
if brc.resolver.Info.Source == ServerSourceConfigured {
netenv.ConnectedToDNS.Set()
}
}