package main import ( "bufio" "fmt" "log" "net" "os" "strconv" "strings" "sync" "time" "github.com/miekg/dns" "errors" "crypto/tls" ) type ResolvError struct { qname, net string nameservers []string } func (e ResolvError) Error() string { errmsg := fmt.Sprintf("%s resolv failed on %s (%s)", e.qname, strings.Join(e.nameservers, "; "), e.net) return errmsg } type RResp struct { msg *dns.Msg nameserver string rtt time.Duration } type Resolver struct { servers []string domain_server *suffixTreeNode config *ResolvSettings tcpClient *dns.Client udpClient *dns.Client httpsClient *dns.Client } func NewResolver(c ResolvSettings) *Resolver { r := &Resolver{ servers: []string{}, domain_server: newSuffixTreeRoot(), config: &c, } if len(c.ServerListFile) > 0 { r.ReadServerListFile(c.ServerListFile) log.Println("Read servers", strings.Join(r.servers, ", ")) } if len(c.ResolvFile) > 0 { clientConfig, err := dns.ClientConfigFromFile(c.ResolvFile) if err != nil { logger.Error(":%s is not a valid resolv.conf file\n", c.ResolvFile) logger.Error("%s", err) panic(err) } for _, server := range clientConfig.Servers { r.servers = append(r.servers, net.JoinHostPort(server, clientConfig.Port)) } } if len(c.DOHServer) > 0 { r.servers = append([]string{c.DOHServer}, r.servers...) } timeout := r.Timeout() r.udpClient = &dns.Client{ Net: "udp", ReadTimeout: timeout, WriteTimeout: timeout, } r.tcpClient = &dns.Client{ Net: "tcp", ReadTimeout: timeout, WriteTimeout: timeout, } r.httpsClient = &dns.Client{ Net: "https", ReadTimeout: timeout, WriteTimeout: timeout, } return r } func (r *Resolver) parseServerListFile(buf *os.File) { scanner := bufio.NewScanner(buf) var line string var idx int for scanner.Scan() { line = strings.TrimSpace(scanner.Text()) if !strings.HasPrefix(line, "server") { continue } idx = strings.Index(line, "=") if idx == -1 { continue } line = strings.TrimSpace(line[idx+1:]) if strings.HasPrefix(line, "https://") { r.servers = append(r.servers, line) continue } tokens := strings.Split(line, "/") switch len(tokens) { case 3: domain := tokens[1] ip := tokens[2] if !isDomain(domain) || !isIP(ip) { continue } r.domain_server.sinsert(strings.Split(domain, "."), ip) case 1: srv_port := strings.Split(line, "#") if len(srv_port) > 2 { continue } ip := "" if ip = srv_port[0]; !isIP(ip) { continue } port := "53" if len(srv_port) == 2 { if _, err := strconv.Atoi(srv_port[1]); err != nil { continue } port = srv_port[1] } r.servers = append(r.servers, net.JoinHostPort(ip, port)) } } } func (r *Resolver) ReadServerListFile(path string) { files := strings.Split(path, ";") for _, file := range files { buf, err := os.Open(file) if err != nil { panic("Can't open " + file) } defer buf.Close() r.parseServerListFile(buf) } } // Lookup will ask each nameserver in top-to-bottom fashion, starting a new request // in every second, and return as early as possbile (have an answer). // It returns an error if no request has succeeded. func (r *Resolver) Lookup(net string, req *dns.Msg) (message *dns.Msg, err error) { if net == "udp" && settings.ResolvConfig.SetEDNS0 { req = req.SetEdns0(65535, true) } qname := req.Question[0].Name res := make(chan *RResp, 1) var wg sync.WaitGroup L := func(resolver *Resolver, nameserver string) { defer wg.Done() c, err := resolver.resolverFor(net, nameserver) if err != nil { logger.Warn("error:%s", err.Error()) return } r, rtt, err := c.Exchange(req, nameserver) if err != nil { logger.Warn("%s socket error on %s", qname, nameserver) logger.Warn("error:%s", err.Error()) return } // If SERVFAIL happen, should return immediately and try another upstream resolver. // However, other Error code like NXDOMAIN is an clear response stating // that it has been verified no such domain existas and ask other resolvers // would make no sense. See more about #20 if r != nil && r.Rcode != dns.RcodeSuccess { logger.Warn("%s failed to get an valid answer on %s", qname, nameserver) if r.Rcode == dns.RcodeServerFailure { return } } re := &RResp{r, nameserver, rtt} select { case res <- re: default: } } ticker := time.NewTicker(time.Duration(settings.ResolvConfig.Interval) * time.Millisecond) defer ticker.Stop() // Start lookup on each nameserver top-down, in every second nameservers := r.Nameservers(qname) for _, nameserver := range nameservers { wg.Add(1) go L(r, nameserver) // but exit early, if we have an answer select { case re := <-res: logger.Debug("%s resolv on %s rtt: %v", UnFqdn(qname), re.nameserver, re.rtt) return re.msg, nil case <-ticker.C: continue } } // wait for all the namservers to finish wg.Wait() select { case re := <-res: logger.Debug("%s resolv on %s rtt: %v", UnFqdn(qname), re.nameserver, re.rtt) return re.msg, nil default: return nil, ResolvError{qname, net, nameservers} } } func (r *Resolver) resolverFor(net, nameserver string) (*dns.Client, error) { if strings.HasPrefix(nameserver, "https") { return r.httpsClient, nil } else if strings.HasSuffix(nameserver, ":853") { // TODO We need to set the server name so we can confirm the TLS connection. This may require a rewrite of storing nameservers. return &dns.Client{ Net: "tcp-tls", ReadTimeout: r.Timeout(), WriteTimeout: r.Timeout(), TLSConfig: &tls.Config{ ServerName: "", }, }, nil } else if net == "udp" { return r.udpClient, nil } else if net == "tcp" { return r.tcpClient, nil } return nil, errors.New("no client for nameserver") } // Namservers return the array of nameservers, with port number appended. // '#' in the name is treated as port separator, as with dnsmasq. func (r *Resolver) Nameservers(qname string) []string { queryKeys := strings.Split(qname, ".") queryKeys = queryKeys[:len(queryKeys)-1] // ignore last '.' ns := []string{} if v, found := r.domain_server.search(queryKeys); found { logger.Debug("%s be found in domain server list, upstream: %v", qname, v) ns = append(ns, net.JoinHostPort(v, "53")) //Ensure query the specific upstream nameserver in async Lookup() function. return ns } for _, nameserver := range r.servers { ns = append(ns, nameserver) } return ns } func (r *Resolver) Timeout() time.Duration { return time.Duration(r.config.Timeout) * time.Second }