2015-12-24 09:51:32 +00:00
|
|
|
package libnetwork
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2016-02-21 15:39:53 +00:00
|
|
|
"math/rand"
|
2015-12-24 09:51:32 +00:00
|
|
|
"net"
|
|
|
|
"strings"
|
2016-01-24 05:47:57 +00:00
|
|
|
"sync"
|
|
|
|
"time"
|
2015-12-24 09:51:32 +00:00
|
|
|
|
2021-04-06 00:24:47 +00:00
|
|
|
"github.com/docker/docker/libnetwork/types"
|
2015-12-24 09:51:32 +00:00
|
|
|
"github.com/miekg/dns"
|
2017-07-26 21:18:31 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2015-12-24 09:51:32 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Resolver represents the embedded DNS server in Docker. It operates
|
|
|
|
// by listening on container's loopback interface for DNS queries.
|
|
|
|
type Resolver interface {
|
|
|
|
// Start starts the name server for the container
|
|
|
|
Start() error
|
2016-01-14 17:56:32 +00:00
|
|
|
// Stop stops the name server for the container. Stopped resolver
|
|
|
|
// can be reused after running the SetupFunc again.
|
2015-12-24 09:51:32 +00:00
|
|
|
Stop()
|
2021-06-09 17:37:10 +00:00
|
|
|
// SetupFunc provides the setup function that should be run
|
2015-12-24 09:51:32 +00:00
|
|
|
// in the container's network namespace.
|
2016-09-19 22:48:06 +00:00
|
|
|
SetupFunc(int) func()
|
2021-06-09 17:37:10 +00:00
|
|
|
// NameServer returns the IP of the DNS resolver for the
|
2015-12-24 09:51:32 +00:00
|
|
|
// containers.
|
|
|
|
NameServer() string
|
2016-03-20 12:00:58 +00:00
|
|
|
// SetExtServers configures the external nameservers the resolver
|
|
|
|
// should use to forward queries
|
2016-12-19 02:27:13 +00:00
|
|
|
SetExtServers([]extDNSEntry)
|
2015-12-24 09:51:32 +00:00
|
|
|
// ResolverOptions returns resolv.conf options that should be set
|
|
|
|
ResolverOptions() []string
|
|
|
|
}
|
|
|
|
|
2016-09-19 22:48:06 +00:00
|
|
|
// DNSBackend represents a backend DNS resolver used for DNS name
|
2017-05-22 02:25:52 +00:00
|
|
|
// resolution. All the queries to the resolver are forwarded to the
|
2016-09-19 22:48:06 +00:00
|
|
|
// backend resolver.
|
|
|
|
type DNSBackend interface {
|
|
|
|
// ResolveName resolves a service name to an IPv4 or IPv6 address by searching
|
|
|
|
// the networks the sandbox is connected to. For IPv6 queries, second return
|
|
|
|
// value will be true if the name exists in docker domain but doesn't have an
|
|
|
|
// IPv6 address. Such queries shouldn't be forwarded to external nameservers.
|
|
|
|
ResolveName(name string, iplen int) ([]net.IP, bool)
|
|
|
|
// ResolveIP returns the service name for the passed in IP. IP is in reverse dotted
|
|
|
|
// notation; the format used for DNS PTR records
|
|
|
|
ResolveIP(name string) string
|
|
|
|
// ResolveService returns all the backend details about the containers or hosts
|
|
|
|
// backing a service. Its purpose is to satisfy an SRV query
|
|
|
|
ResolveService(name string) ([]*net.SRV, []net.IP)
|
|
|
|
// ExecFunc allows a function to be executed in the context of the backend
|
|
|
|
// on behalf of the resolver.
|
|
|
|
ExecFunc(f func()) error
|
2021-06-09 17:37:10 +00:00
|
|
|
// NdotsSet queries the backends ndots dns option settings
|
2016-09-19 22:48:06 +00:00
|
|
|
NdotsSet() bool
|
2016-12-06 22:56:24 +00:00
|
|
|
// HandleQueryResp passes the name & IP from a response to the backend. backend
|
|
|
|
// can use it to maintain any required state about the resolution
|
|
|
|
HandleQueryResp(name string, ip net.IP)
|
2016-09-19 22:48:06 +00:00
|
|
|
}
|
|
|
|
|
2015-12-24 09:51:32 +00:00
|
|
|
const (
|
2016-02-21 15:39:53 +00:00
|
|
|
dnsPort = "53"
|
|
|
|
ptrIPv4domain = ".in-addr.arpa."
|
|
|
|
ptrIPv6domain = ".ip6.arpa."
|
|
|
|
respTTL = 600
|
2022-07-13 20:30:47 +00:00
|
|
|
maxExtDNS = 3 // max number of external servers to try
|
2016-04-07 14:32:43 +00:00
|
|
|
extIOTimeout = 4 * time.Second
|
2016-02-21 15:39:53 +00:00
|
|
|
defaultRespSize = 512
|
2018-09-04 19:10:42 +00:00
|
|
|
maxConcurrent = 1024
|
2016-03-28 23:23:08 +00:00
|
|
|
logInterval = 2 * time.Second
|
2015-12-24 09:51:32 +00:00
|
|
|
)
|
|
|
|
|
2016-01-24 05:47:57 +00:00
|
|
|
type extDNSEntry struct {
|
2017-01-19 22:25:26 +00:00
|
|
|
IPStr string
|
|
|
|
HostLoopback bool
|
2016-06-14 05:56:59 +00:00
|
|
|
}
|
|
|
|
|
2015-12-24 09:51:32 +00:00
|
|
|
// resolver implements the Resolver interface
|
|
|
|
type resolver struct {
|
2016-09-19 22:48:06 +00:00
|
|
|
backend DNSBackend
|
|
|
|
extDNSList [maxExtDNS]extDNSEntry
|
|
|
|
server *dns.Server
|
|
|
|
conn *net.UDPConn
|
|
|
|
tcpServer *dns.Server
|
|
|
|
tcpListen *net.TCPListener
|
|
|
|
err error
|
|
|
|
count int32
|
|
|
|
tStamp time.Time
|
|
|
|
queryLock sync.Mutex
|
|
|
|
listenAddress string
|
|
|
|
proxyDNS bool
|
|
|
|
resolverKey string
|
2016-11-21 19:08:41 +00:00
|
|
|
startCh chan struct{}
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// NewResolver creates a new instance of the Resolver
|
2016-09-19 22:48:06 +00:00
|
|
|
func NewResolver(address string, proxyDNS bool, resolverKey string, backend DNSBackend) Resolver {
|
2015-12-24 09:51:32 +00:00
|
|
|
return &resolver{
|
2016-09-19 22:48:06 +00:00
|
|
|
backend: backend,
|
|
|
|
proxyDNS: proxyDNS,
|
|
|
|
listenAddress: address,
|
|
|
|
resolverKey: resolverKey,
|
|
|
|
err: fmt.Errorf("setup not done yet"),
|
2016-11-21 19:08:41 +00:00
|
|
|
startCh: make(chan struct{}, 1),
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-09-19 22:48:06 +00:00
|
|
|
func (r *resolver) SetupFunc(port int) func() {
|
2018-05-29 12:39:35 +00:00
|
|
|
return func() {
|
2015-12-24 09:51:32 +00:00
|
|
|
var err error
|
|
|
|
|
2016-01-22 05:23:30 +00:00
|
|
|
// DNS operates primarily on UDP
|
2015-12-24 09:51:32 +00:00
|
|
|
addr := &net.UDPAddr{
|
2016-09-19 22:48:06 +00:00
|
|
|
IP: net.ParseIP(r.listenAddress),
|
|
|
|
Port: port,
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
r.conn, err = net.ListenUDP("udp", addr)
|
|
|
|
if err != nil {
|
|
|
|
r.err = fmt.Errorf("error in opening name server socket %v", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-01-22 05:23:30 +00:00
|
|
|
// Listen on a TCP as well
|
|
|
|
tcpaddr := &net.TCPAddr{
|
2016-09-19 22:48:06 +00:00
|
|
|
IP: net.ParseIP(r.listenAddress),
|
|
|
|
Port: port,
|
2016-01-22 05:23:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
r.tcpListen, err = net.ListenTCP("tcp", tcpaddr)
|
|
|
|
if err != nil {
|
|
|
|
r.err = fmt.Errorf("error in opening name TCP server socket %v", err)
|
|
|
|
return
|
|
|
|
}
|
2015-12-24 09:51:32 +00:00
|
|
|
r.err = nil
|
2018-05-29 12:39:35 +00:00
|
|
|
}
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (r *resolver) Start() error {
|
2016-11-21 19:08:41 +00:00
|
|
|
r.startCh <- struct{}{}
|
|
|
|
defer func() { <-r.startCh }()
|
|
|
|
|
2015-12-24 09:51:32 +00:00
|
|
|
// make sure the resolver has been setup before starting
|
|
|
|
if r.err != nil {
|
|
|
|
return r.err
|
|
|
|
}
|
2016-04-13 08:28:18 +00:00
|
|
|
|
|
|
|
if err := r.setupIPTable(); err != nil {
|
|
|
|
return fmt.Errorf("setting up IP table rules failed: %v", err)
|
|
|
|
}
|
|
|
|
|
2015-12-24 09:51:32 +00:00
|
|
|
s := &dns.Server{Handler: r, PacketConn: r.conn}
|
|
|
|
r.server = s
|
|
|
|
go func() {
|
2021-05-28 00:15:56 +00:00
|
|
|
if err := s.ActivateAndServe(); err != nil {
|
2021-10-13 10:30:51 +00:00
|
|
|
logrus.WithError(err).Error("[resolver] failed to start PacketConn DNS server")
|
2021-05-28 00:15:56 +00:00
|
|
|
}
|
2015-12-24 09:51:32 +00:00
|
|
|
}()
|
2016-01-22 05:23:30 +00:00
|
|
|
|
|
|
|
tcpServer := &dns.Server{Handler: r, Listener: r.tcpListen}
|
|
|
|
r.tcpServer = tcpServer
|
|
|
|
go func() {
|
2021-05-28 00:15:56 +00:00
|
|
|
if err := tcpServer.ActivateAndServe(); err != nil {
|
2021-10-13 10:30:51 +00:00
|
|
|
logrus.WithError(err).Error("[resolver] failed to start TCP DNS server")
|
2021-05-28 00:15:56 +00:00
|
|
|
}
|
2016-01-22 05:23:30 +00:00
|
|
|
}()
|
2015-12-24 09:51:32 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2016-03-20 12:00:58 +00:00
|
|
|
func (r *resolver) Stop() {
|
2016-11-21 19:08:41 +00:00
|
|
|
r.startCh <- struct{}{}
|
|
|
|
defer func() { <-r.startCh }()
|
|
|
|
|
2015-12-24 09:51:32 +00:00
|
|
|
if r.server != nil {
|
2022-07-13 20:30:47 +00:00
|
|
|
r.server.Shutdown() //nolint:errcheck
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
2016-01-22 05:23:30 +00:00
|
|
|
if r.tcpServer != nil {
|
2022-07-13 20:30:47 +00:00
|
|
|
r.tcpServer.Shutdown() //nolint:errcheck
|
2016-01-22 05:23:30 +00:00
|
|
|
}
|
2016-01-14 17:56:32 +00:00
|
|
|
r.conn = nil
|
2016-01-22 05:23:30 +00:00
|
|
|
r.tcpServer = nil
|
2016-01-14 17:56:32 +00:00
|
|
|
r.err = fmt.Errorf("setup not done yet")
|
2016-03-28 23:23:08 +00:00
|
|
|
r.tStamp = time.Time{}
|
|
|
|
r.count = 0
|
|
|
|
r.queryLock = sync.Mutex{}
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
|
2016-12-19 02:27:13 +00:00
|
|
|
func (r *resolver) SetExtServers(extDNS []extDNSEntry) {
|
|
|
|
l := len(extDNS)
|
2016-01-24 05:47:57 +00:00
|
|
|
if l > maxExtDNS {
|
|
|
|
l = maxExtDNS
|
|
|
|
}
|
|
|
|
for i := 0; i < l; i++ {
|
2016-12-19 02:27:13 +00:00
|
|
|
r.extDNSList[i] = extDNS[i]
|
2016-01-24 05:47:57 +00:00
|
|
|
}
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (r *resolver) NameServer() string {
|
2016-09-19 22:48:06 +00:00
|
|
|
return r.listenAddress
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (r *resolver) ResolverOptions() []string {
|
|
|
|
return []string{"ndots:0"}
|
|
|
|
}
|
|
|
|
|
2016-01-23 05:22:58 +00:00
|
|
|
func setCommonFlags(msg *dns.Msg) {
|
|
|
|
msg.RecursionAvailable = true
|
|
|
|
}
|
|
|
|
|
2023-02-03 17:28:13 +00:00
|
|
|
//nolint:gosec // The RNG is not used in a security-sensitive context.
|
|
|
|
var (
|
|
|
|
shuffleRNG = rand.New(rand.NewSource(time.Now().Unix()))
|
|
|
|
shuffleRNGMu sync.Mutex
|
|
|
|
)
|
|
|
|
|
2016-02-21 15:39:53 +00:00
|
|
|
func shuffleAddr(addr []net.IP) []net.IP {
|
2023-02-03 17:28:13 +00:00
|
|
|
shuffleRNGMu.Lock()
|
|
|
|
defer shuffleRNGMu.Unlock()
|
2016-02-21 15:39:53 +00:00
|
|
|
for i := len(addr) - 1; i > 0; i-- {
|
2023-02-03 17:28:13 +00:00
|
|
|
r := shuffleRNG.Intn(i + 1) //nolint:gosec // gosec complains about the use of rand here. It should be fine.
|
2016-02-21 15:39:53 +00:00
|
|
|
addr[i], addr[r] = addr[r], addr[i]
|
|
|
|
}
|
|
|
|
return addr
|
|
|
|
}
|
|
|
|
|
2016-03-19 10:07:08 +00:00
|
|
|
func createRespMsg(query *dns.Msg) *dns.Msg {
|
|
|
|
resp := new(dns.Msg)
|
|
|
|
resp.SetReply(query)
|
|
|
|
setCommonFlags(resp)
|
|
|
|
|
|
|
|
return resp
|
|
|
|
}
|
|
|
|
|
2021-10-13 10:20:02 +00:00
|
|
|
func (r *resolver) handleMXQuery(query *dns.Msg) (*dns.Msg, error) {
|
|
|
|
name := query.Question[0].Name
|
2017-12-20 22:32:47 +00:00
|
|
|
addrv4, _ := r.backend.ResolveName(name, types.IPv4)
|
|
|
|
addrv6, _ := r.backend.ResolveName(name, types.IPv6)
|
|
|
|
|
|
|
|
if addrv4 == nil && addrv6 == nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// We were able to resolve the name. Respond with an empty list with
|
|
|
|
// RcodeSuccess/NOERROR so that email clients can treat it as "implicit MX"
|
|
|
|
// [RFC 5321 Section-5.1] and issue a Type A/AAAA query for the name.
|
|
|
|
|
|
|
|
resp := createRespMsg(query)
|
|
|
|
return resp, nil
|
|
|
|
}
|
|
|
|
|
2021-10-13 10:20:02 +00:00
|
|
|
func (r *resolver) handleIPQuery(query *dns.Msg, ipType int) (*dns.Msg, error) {
|
|
|
|
var (
|
|
|
|
addr []net.IP
|
|
|
|
ipv6Miss bool
|
|
|
|
name = query.Question[0].Name
|
|
|
|
)
|
2016-09-19 22:48:06 +00:00
|
|
|
addr, ipv6Miss = r.backend.ResolveName(name, ipType)
|
|
|
|
|
2016-03-19 10:07:08 +00:00
|
|
|
if addr == nil && ipv6Miss {
|
|
|
|
// Send a reply without any Answer sections
|
2017-08-02 15:57:15 +00:00
|
|
|
logrus.Debugf("[resolver] lookup name %s present without IPv6 address", name)
|
2016-03-19 10:07:08 +00:00
|
|
|
resp := createRespMsg(query)
|
|
|
|
return resp, nil
|
|
|
|
}
|
2015-12-24 09:51:32 +00:00
|
|
|
if addr == nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2017-08-02 15:57:15 +00:00
|
|
|
logrus.Debugf("[resolver] lookup for %s: IP %v", name, addr)
|
2015-12-24 09:51:32 +00:00
|
|
|
|
2016-03-19 10:07:08 +00:00
|
|
|
resp := createRespMsg(query)
|
2016-02-21 15:39:53 +00:00
|
|
|
if len(addr) > 1 {
|
|
|
|
addr = shuffleAddr(addr)
|
|
|
|
}
|
2016-02-26 22:58:11 +00:00
|
|
|
if ipType == types.IPv4 {
|
2016-01-13 04:20:31 +00:00
|
|
|
for _, ip := range addr {
|
|
|
|
rr := new(dns.A)
|
|
|
|
rr.Hdr = dns.RR_Header{Name: name, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: respTTL}
|
|
|
|
rr.A = ip
|
|
|
|
resp.Answer = append(resp.Answer, rr)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
for _, ip := range addr {
|
|
|
|
rr := new(dns.AAAA)
|
|
|
|
rr.Hdr = dns.RR_Header{Name: name, Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: respTTL}
|
|
|
|
rr.AAAA = ip
|
|
|
|
resp.Answer = append(resp.Answer, rr)
|
|
|
|
}
|
2016-02-21 15:39:53 +00:00
|
|
|
}
|
2015-12-24 09:51:32 +00:00
|
|
|
return resp, nil
|
|
|
|
}
|
|
|
|
|
2021-10-13 10:20:02 +00:00
|
|
|
func (r *resolver) handlePTRQuery(query *dns.Msg) (*dns.Msg, error) {
|
|
|
|
var (
|
|
|
|
parts []string
|
|
|
|
ptr = query.Question[0].Name
|
|
|
|
)
|
2015-12-24 09:51:32 +00:00
|
|
|
|
|
|
|
if strings.HasSuffix(ptr, ptrIPv4domain) {
|
|
|
|
parts = strings.Split(ptr, ptrIPv4domain)
|
|
|
|
} else if strings.HasSuffix(ptr, ptrIPv6domain) {
|
|
|
|
parts = strings.Split(ptr, ptrIPv6domain)
|
|
|
|
} else {
|
|
|
|
return nil, fmt.Errorf("invalid PTR query, %v", ptr)
|
|
|
|
}
|
|
|
|
|
2016-09-19 22:48:06 +00:00
|
|
|
host := r.backend.ResolveIP(parts[0])
|
|
|
|
|
2015-12-24 09:51:32 +00:00
|
|
|
if len(host) == 0 {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2017-08-02 15:57:15 +00:00
|
|
|
logrus.Debugf("[resolver] lookup for IP %s: name %s", parts[0], host)
|
2015-12-24 09:51:32 +00:00
|
|
|
fqdn := dns.Fqdn(host)
|
|
|
|
|
|
|
|
resp := new(dns.Msg)
|
|
|
|
resp.SetReply(query)
|
2016-01-23 05:22:58 +00:00
|
|
|
setCommonFlags(resp)
|
2015-12-24 09:51:32 +00:00
|
|
|
|
|
|
|
rr := new(dns.PTR)
|
|
|
|
rr.Hdr = dns.RR_Header{Name: ptr, Rrtype: dns.TypePTR, Class: dns.ClassINET, Ttl: respTTL}
|
|
|
|
rr.Ptr = fqdn
|
|
|
|
resp.Answer = append(resp.Answer, rr)
|
|
|
|
return resp, nil
|
|
|
|
}
|
|
|
|
|
2021-10-13 10:20:02 +00:00
|
|
|
func (r *resolver) handleSRVQuery(query *dns.Msg) (*dns.Msg, error) {
|
|
|
|
svc := query.Question[0].Name
|
2016-09-19 22:48:06 +00:00
|
|
|
srv, ip := r.backend.ResolveService(svc)
|
|
|
|
|
2016-08-12 22:40:39 +00:00
|
|
|
if len(srv) == 0 {
|
|
|
|
return nil, nil
|
|
|
|
}
|
2016-05-08 07:48:04 +00:00
|
|
|
if len(srv) != len(ip) {
|
|
|
|
return nil, fmt.Errorf("invalid reply for SRV query %s", svc)
|
|
|
|
}
|
|
|
|
|
|
|
|
resp := createRespMsg(query)
|
|
|
|
|
|
|
|
for i, r := range srv {
|
|
|
|
rr := new(dns.SRV)
|
|
|
|
rr.Hdr = dns.RR_Header{Name: svc, Rrtype: dns.TypePTR, Class: dns.ClassINET, Ttl: respTTL}
|
|
|
|
rr.Port = r.Port
|
|
|
|
rr.Target = r.Target
|
|
|
|
resp.Answer = append(resp.Answer, rr)
|
|
|
|
|
|
|
|
rr1 := new(dns.A)
|
|
|
|
rr1.Hdr = dns.RR_Header{Name: r.Target, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: respTTL}
|
|
|
|
rr1.A = ip[i]
|
|
|
|
resp.Extra = append(resp.Extra, rr1)
|
|
|
|
}
|
|
|
|
return resp, nil
|
|
|
|
}
|
|
|
|
|
2016-02-21 15:39:53 +00:00
|
|
|
func truncateResp(resp *dns.Msg, maxSize int, isTCP bool) {
|
|
|
|
if !isTCP {
|
|
|
|
resp.Truncated = true
|
|
|
|
}
|
|
|
|
|
2016-05-08 07:48:04 +00:00
|
|
|
srv := resp.Question[0].Qtype == dns.TypeSRV
|
2016-02-21 15:39:53 +00:00
|
|
|
// trim the Answer RRs one by one till the whole message fits
|
|
|
|
// within the reply size
|
|
|
|
for resp.Len() > maxSize {
|
|
|
|
resp.Answer = resp.Answer[:len(resp.Answer)-1]
|
2016-05-08 07:48:04 +00:00
|
|
|
|
|
|
|
if srv && len(resp.Extra) > 0 {
|
|
|
|
resp.Extra = resp.Extra[:len(resp.Extra)-1]
|
|
|
|
}
|
2016-02-21 15:39:53 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-12-24 09:51:32 +00:00
|
|
|
func (r *resolver) ServeDNS(w dns.ResponseWriter, query *dns.Msg) {
|
|
|
|
var (
|
2016-01-24 05:47:57 +00:00
|
|
|
extConn net.Conn
|
|
|
|
resp *dns.Msg
|
|
|
|
err error
|
2015-12-24 09:51:32 +00:00
|
|
|
)
|
|
|
|
|
2016-02-16 06:01:29 +00:00
|
|
|
if query == nil || len(query.Question) == 0 {
|
|
|
|
return
|
|
|
|
}
|
2016-05-08 07:48:04 +00:00
|
|
|
|
2021-10-13 10:20:02 +00:00
|
|
|
queryName := query.Question[0].Name
|
|
|
|
queryType := query.Question[0].Qtype
|
|
|
|
|
|
|
|
switch queryType {
|
2016-05-08 07:48:04 +00:00
|
|
|
case dns.TypeA:
|
2021-10-13 10:20:02 +00:00
|
|
|
resp, err = r.handleIPQuery(query, types.IPv4)
|
2016-05-08 07:48:04 +00:00
|
|
|
case dns.TypeAAAA:
|
2021-10-13 10:20:02 +00:00
|
|
|
resp, err = r.handleIPQuery(query, types.IPv6)
|
2017-12-20 22:32:47 +00:00
|
|
|
case dns.TypeMX:
|
2021-10-13 10:20:02 +00:00
|
|
|
resp, err = r.handleMXQuery(query)
|
2016-05-08 07:48:04 +00:00
|
|
|
case dns.TypePTR:
|
2021-10-13 10:20:02 +00:00
|
|
|
resp, err = r.handlePTRQuery(query)
|
2016-05-08 07:48:04 +00:00
|
|
|
case dns.TypeSRV:
|
2021-10-13 10:20:02 +00:00
|
|
|
resp, err = r.handleSRVQuery(query)
|
2021-05-28 20:59:41 +00:00
|
|
|
default:
|
2021-10-13 10:20:02 +00:00
|
|
|
logrus.Debugf("[resolver] query type %s is not supported by the embedded DNS and will be forwarded to external DNS", dns.TypeToString[queryType])
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if err != nil {
|
2023-02-11 20:14:03 +00:00
|
|
|
logrus.WithError(err).Errorf("[resolver] failed to handle query: %s (%s)", queryName, dns.TypeToString[queryType])
|
2015-12-24 09:51:32 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2016-09-10 04:45:03 +00:00
|
|
|
if resp == nil {
|
2016-09-19 22:48:06 +00:00
|
|
|
// If the backend doesn't support proxying dns request
|
|
|
|
// fail the response
|
|
|
|
if !r.proxyDNS {
|
|
|
|
resp = new(dns.Msg)
|
|
|
|
resp.SetRcode(query, dns.RcodeServerFailure)
|
2021-05-28 00:15:56 +00:00
|
|
|
if err := w.WriteMsg(resp); err != nil {
|
2021-10-13 10:30:51 +00:00
|
|
|
logrus.WithError(err).Error("[resolver] error writing dns response")
|
2021-05-28 00:15:56 +00:00
|
|
|
}
|
2016-09-19 22:48:06 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the user sets ndots > 0 explicitly and the query is
|
|
|
|
// in the root domain don't forward it out. We will return
|
|
|
|
// failure and let the client retry with the search domain
|
|
|
|
// attached
|
2021-10-13 10:20:02 +00:00
|
|
|
switch queryType {
|
|
|
|
case dns.TypeA, dns.TypeAAAA:
|
|
|
|
if r.backend.NdotsSet() && !strings.Contains(strings.TrimSuffix(queryName, "."), ".") {
|
2016-09-10 04:45:03 +00:00
|
|
|
resp = createRespMsg(query)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-24 05:47:57 +00:00
|
|
|
proto := w.LocalAddr().Network()
|
2016-02-21 15:39:53 +00:00
|
|
|
maxSize := 0
|
|
|
|
if proto == "tcp" {
|
|
|
|
maxSize = dns.MaxMsgSize - 1
|
|
|
|
} else if proto == "udp" {
|
|
|
|
optRR := query.IsEdns0()
|
|
|
|
if optRR != nil {
|
|
|
|
maxSize = int(optRR.UDPSize())
|
|
|
|
}
|
|
|
|
if maxSize < defaultRespSize {
|
|
|
|
maxSize = defaultRespSize
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if resp != nil {
|
|
|
|
if resp.Len() > maxSize {
|
|
|
|
truncateResp(resp, maxSize, proto == "tcp")
|
|
|
|
}
|
|
|
|
} else {
|
2016-01-24 05:47:57 +00:00
|
|
|
for i := 0; i < maxExtDNS; i++ {
|
|
|
|
extDNS := &r.extDNSList[i]
|
2017-01-19 22:25:26 +00:00
|
|
|
if extDNS.IPStr == "" {
|
2016-01-24 05:47:57 +00:00
|
|
|
break
|
|
|
|
}
|
|
|
|
extConnect := func() {
|
2017-01-19 22:25:26 +00:00
|
|
|
addr := fmt.Sprintf("%s:%d", extDNS.IPStr, 53)
|
2016-01-24 05:47:57 +00:00
|
|
|
extConn, err = net.DialTimeout(proto, addr, extIOTimeout)
|
|
|
|
}
|
2015-12-24 09:51:32 +00:00
|
|
|
|
2017-01-19 22:25:26 +00:00
|
|
|
if extDNS.HostLoopback {
|
2016-12-19 02:27:13 +00:00
|
|
|
extConnect()
|
|
|
|
} else {
|
|
|
|
execErr := r.backend.ExecFunc(extConnect)
|
|
|
|
if execErr != nil {
|
|
|
|
logrus.Warn(execErr)
|
|
|
|
continue
|
|
|
|
}
|
2016-11-29 18:42:20 +00:00
|
|
|
}
|
|
|
|
if err != nil {
|
2021-05-28 20:59:41 +00:00
|
|
|
logrus.WithField("retries", i).Warnf("[resolver] connect failed: %s", err)
|
2016-03-15 09:05:38 +00:00
|
|
|
continue
|
|
|
|
}
|
2021-10-13 10:20:02 +00:00
|
|
|
logrus.Debugf("[resolver] query %s (%s) from %s, forwarding to %s:%s", queryName, dns.TypeToString[queryType],
|
2017-01-19 22:25:26 +00:00
|
|
|
extConn.LocalAddr().String(), proto, extDNS.IPStr)
|
2016-01-18 12:07:19 +00:00
|
|
|
|
2016-01-24 05:47:57 +00:00
|
|
|
// Timeout has to be set for every IO operation.
|
2021-05-28 00:15:56 +00:00
|
|
|
if err := extConn.SetDeadline(time.Now().Add(extIOTimeout)); err != nil {
|
2021-10-13 10:30:51 +00:00
|
|
|
logrus.WithError(err).Error("[resolver] error setting conn deadline")
|
2021-05-28 00:15:56 +00:00
|
|
|
}
|
2016-08-03 12:29:32 +00:00
|
|
|
co := &dns.Conn{
|
|
|
|
Conn: extConn,
|
|
|
|
UDPSize: uint16(maxSize),
|
|
|
|
}
|
2016-07-23 15:53:32 +00:00
|
|
|
defer co.Close()
|
2016-01-24 05:47:57 +00:00
|
|
|
|
2016-07-23 15:53:32 +00:00
|
|
|
// limits the number of outstanding concurrent queries.
|
2017-07-06 16:42:38 +00:00
|
|
|
if !r.forwardQueryStart() {
|
2016-03-28 23:23:08 +00:00
|
|
|
old := r.tStamp
|
|
|
|
r.tStamp = time.Now()
|
|
|
|
if r.tStamp.Sub(old) > logInterval {
|
2017-08-02 15:57:15 +00:00
|
|
|
logrus.Errorf("[resolver] more than %v concurrent queries from %s", maxConcurrent, extConn.LocalAddr().String())
|
2016-03-28 23:23:08 +00:00
|
|
|
}
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
2016-01-24 05:47:57 +00:00
|
|
|
err = co.WriteMsg(query)
|
|
|
|
if err != nil {
|
2016-07-23 15:53:32 +00:00
|
|
|
r.forwardQueryEnd()
|
2017-08-02 15:57:15 +00:00
|
|
|
logrus.Debugf("[resolver] send to DNS server failed, %s", err)
|
2016-01-24 05:47:57 +00:00
|
|
|
continue
|
2016-01-18 12:07:19 +00:00
|
|
|
}
|
2016-01-24 05:47:57 +00:00
|
|
|
|
2016-07-23 15:53:32 +00:00
|
|
|
resp, err = co.ReadMsg()
|
|
|
|
// Truncated DNS replies should be sent to the client so that the
|
|
|
|
// client can retry over TCP
|
Resolver: fix error handling if we didn't receive a response
Commit 2a480d515e9c44533922f453649a866048a40a75 updated the DNS library
and updated the error handling.
Due to changes in the library, we now had to check the response itself
to check if the response was truncated (Truncated DNS replies should
be sent to the client so that the client can retry over TCP).
However, 1e02aae252fdd8878daf59baefddb0526a5410b1 added an incorrect
`nil` check to fix a panic, which ignored situations where
an error was returned, but no response (for example, if we failed
to connect to the DNS server).
In that situation, the error would be ignored, and further down we
would consider the connection to have been succesfull, but the DNS
server not returning a result.
After a "successful" lookup (but no results), we break the loop,
and don't attempt lookups in other DNS servers.
Versions before 1e02aae252fdd8878daf59baefddb0526a5410b1 would produce:
Name To resolve: bbc.co.uk.
[resolver] query bbc.co.uk. (A) from 172.21.0.2:36181, forwarding to udp:192.168.5.1
[resolver] read from DNS server failed, read udp 172.21.0.2:36181->192.168.5.1:53: i/o timeout
[resolver] query bbc.co.uk. (A) from 172.21.0.2:38582, forwarding to udp:8.8.8.8
[resolver] received A record "151.101.0.81" for "bbc.co.uk." from udp:8.8.8.8
[resolver] received A record "151.101.192.81" for "bbc.co.uk." from udp:8.8.8.8
[resolver] received A record "151.101.64.81" for "bbc.co.uk." from udp:8.8.8.8
[resolver] received A record "151.101.128.81" for "bbc.co.uk." from udp:8.8.8.8
Versions after that commit would ignore the error, and stop further lookups:
Name To resolve: bbc.co.uk.
[resolver] query bbc.co.uk. (A) from 172.21.0.2:59870, forwarding to udp:192.168.5.1
[resolver] external DNS udp:192.168.5.1 returned empty response for "bbc.co.uk."
This patch updates the logic to handle the error to log the error (and continue with the next DNS):
- if an error is returned, and no response was received
- if an error is returned, but it was not related to a truncated response
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Tibor Vass <tibor@docker.com>
2020-05-20 13:11:34 +00:00
|
|
|
if err != nil && (resp == nil || !resp.Truncated) {
|
2016-07-23 15:53:32 +00:00
|
|
|
r.forwardQueryEnd()
|
2022-12-18 05:41:17 +00:00
|
|
|
logrus.WithError(err).Warnf("[resolver] failed to read from DNS server: %s, query: %s", extConn.RemoteAddr().String(), query.Question[0].String())
|
2016-04-01 16:45:37 +00:00
|
|
|
continue
|
|
|
|
}
|
2016-07-23 15:53:32 +00:00
|
|
|
r.forwardQueryEnd()
|
2018-05-29 12:39:35 +00:00
|
|
|
|
|
|
|
if resp == nil {
|
2021-10-13 10:20:02 +00:00
|
|
|
logrus.Debugf("[resolver] external DNS %s:%s returned empty response for %q", proto, extDNS.IPStr, queryName)
|
2018-05-29 12:39:35 +00:00
|
|
|
break
|
|
|
|
}
|
2018-05-29 14:14:45 +00:00
|
|
|
switch resp.Rcode {
|
|
|
|
case dns.RcodeServerFailure, dns.RcodeRefused:
|
|
|
|
// Server returned FAILURE: continue with the next external DNS server
|
|
|
|
// Server returned REFUSED: this can be a transitional status, so continue with the next external DNS server
|
2021-10-13 10:20:02 +00:00
|
|
|
logrus.Debugf("[resolver] external DNS %s:%s responded with %s for %q", proto, extDNS.IPStr, statusString(resp.Rcode), queryName)
|
2018-05-29 14:14:45 +00:00
|
|
|
continue
|
|
|
|
case dns.RcodeNameError:
|
|
|
|
// Server returned NXDOMAIN. Stop resolution if it's an authoritative answer (see RFC 8020: https://tools.ietf.org/html/rfc8020#section-2)
|
2021-10-13 10:20:02 +00:00
|
|
|
logrus.Debugf("[resolver] external DNS %s:%s responded with %s for %q", proto, extDNS.IPStr, statusString(resp.Rcode), queryName)
|
2018-05-29 14:14:45 +00:00
|
|
|
if resp.Authoritative {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
continue
|
|
|
|
case dns.RcodeSuccess:
|
|
|
|
// All is well
|
|
|
|
default:
|
|
|
|
// Server gave some error. Log the error, and continue with the next external DNS server
|
2021-10-13 10:20:02 +00:00
|
|
|
logrus.Debugf("[resolver] external DNS %s:%s responded with %s (code %d) for %q", proto, extDNS.IPStr, statusString(resp.Rcode), resp.Rcode, queryName)
|
2018-05-29 12:39:35 +00:00
|
|
|
continue
|
|
|
|
}
|
|
|
|
answers := 0
|
|
|
|
for _, rr := range resp.Answer {
|
|
|
|
h := rr.Header()
|
|
|
|
switch h.Rrtype {
|
|
|
|
case dns.TypeA:
|
|
|
|
answers++
|
|
|
|
ip := rr.(*dns.A).A
|
|
|
|
logrus.Debugf("[resolver] received A record %q for %q from %s:%s", ip, h.Name, proto, extDNS.IPStr)
|
|
|
|
r.backend.HandleQueryResp(h.Name, ip)
|
|
|
|
case dns.TypeAAAA:
|
|
|
|
answers++
|
|
|
|
ip := rr.(*dns.AAAA).AAAA
|
|
|
|
logrus.Debugf("[resolver] received AAAA record %q for %q from %s:%s", ip, h.Name, proto, extDNS.IPStr)
|
|
|
|
r.backend.HandleQueryResp(h.Name, ip)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if resp.Answer == nil || answers == 0 {
|
2021-10-13 10:20:02 +00:00
|
|
|
logrus.Debugf("[resolver] external DNS %s:%s did not return any %s records for %q", proto, extDNS.IPStr, dns.TypeToString[queryType], queryName)
|
2016-12-06 22:56:24 +00:00
|
|
|
}
|
2018-05-29 12:39:35 +00:00
|
|
|
resp.Compress = true
|
2016-01-24 05:47:57 +00:00
|
|
|
break
|
2016-01-18 12:07:19 +00:00
|
|
|
}
|
2016-07-23 15:53:32 +00:00
|
|
|
if resp == nil {
|
2015-12-24 09:51:32 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-07-23 15:53:32 +00:00
|
|
|
if err = w.WriteMsg(resp); err != nil {
|
2021-10-13 10:20:02 +00:00
|
|
|
logrus.WithError(err).Errorf("[resolver] failed to write response")
|
2015-12-24 09:51:32 +00:00
|
|
|
}
|
|
|
|
}
|
2016-03-28 23:23:08 +00:00
|
|
|
|
2018-05-29 14:14:45 +00:00
|
|
|
func statusString(responseCode int) string {
|
|
|
|
if s, ok := dns.RcodeToString[responseCode]; ok {
|
|
|
|
return s
|
|
|
|
}
|
|
|
|
return "UNKNOWN"
|
|
|
|
}
|
|
|
|
|
2016-07-23 15:53:32 +00:00
|
|
|
func (r *resolver) forwardQueryStart() bool {
|
2016-03-28 23:23:08 +00:00
|
|
|
r.queryLock.Lock()
|
|
|
|
defer r.queryLock.Unlock()
|
2016-04-01 16:45:37 +00:00
|
|
|
|
2016-03-28 23:23:08 +00:00
|
|
|
if r.count == maxConcurrent {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
r.count++
|
2016-04-01 16:45:37 +00:00
|
|
|
|
2016-03-28 23:23:08 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2016-07-23 15:53:32 +00:00
|
|
|
func (r *resolver) forwardQueryEnd() {
|
2016-03-28 23:23:08 +00:00
|
|
|
r.queryLock.Lock()
|
|
|
|
defer r.queryLock.Unlock()
|
2016-04-01 16:45:37 +00:00
|
|
|
|
2016-03-28 23:23:08 +00:00
|
|
|
if r.count == 0 {
|
2017-08-02 15:57:15 +00:00
|
|
|
logrus.Error("[resolver] invalid concurrent query count")
|
2016-04-01 16:45:37 +00:00
|
|
|
} else {
|
|
|
|
r.count--
|
2016-03-28 23:23:08 +00:00
|
|
|
}
|
|
|
|
}
|