func makeDnsTxtRequest(domain string, server string) (string, error) {
var err error
var conn *dns.Conn
if conn, err = dns.Dial("udp", server); err != nil {
return "", err
}
m := new(dns.Msg)
m.SetQuestion(dns.Fqdn(domain), dns.TypeTXT)
m.RecursionDesired = true
if err = conn.WriteMsg(m); err != nil {
return "", err
}
var rm *dns.Msg
if rm, err = conn.ReadMsg(); err != nil {
return "", err
}
if txt, ok := rm.Answer[0].(*dns.TXT); !ok {
return "", fmt.Errorf("No TXT Answer")
} else {
return strings.Join(txt.Txt, ""), nil
}
}
func dnsQuery(conn *dns.Conn) error {
m := &dns.Msg{}
m.SetQuestion("ca.chai.", dns.TypeMX)
conn.WriteMsg(m)
_, err := conn.ReadMsg()
return err
}
// wait for a matching reponse
func wait_for_response(w dns.ResponseWriter, conn *dns.Conn, request *dns.Msg) (response *dns.Msg) {
for {
response, err := conn.ReadMsg()
// some sort of error reading reply
if err != nil {
_D("%s QID:%d error reading message: %s", w.RemoteAddr(), request.Id, err)
SRVFAIL(w, request)
return nil
}
// got a response, life is good
if response.Id == request.Id {
_D("%s QID:%d got reply", w.RemoteAddr(), request.Id)
return response
}
// got a response, but it was for a different QID... ignore
_D("%s QID:%d ignoring reply to wrong QID:%d", w.RemoteAddr(), request.Id, response.Id)
}
}
func dnsQuery(r *dns.Msg) (*dns.Msg, error) {
dnsServers := GConf.LocalDNS.TrustedDNS
var record *dnsCacheRecord
var domain string
useTrustedDNS := true
if len(r.Question) == 1 && dns.IsFqdn(r.Question[0].Name) {
domain = r.Question[0].Name
domain = domain[0 : len(domain)-1]
if nil != dnsCache {
item, exist := dnsCache.Get(domain)
if exist {
record = item.(*dnsCacheRecord)
if time.Now().After(record.expireAt) {
record = nil
dnsCache.Remove(domain)
} else {
if r.Question[0].Qtype == dns.TypeA && nil != record.ipv4Res {
return record.ipv4Res, nil
} else if r.Question[0].Qtype == dns.TypeAAAA && nil != record.ipv6Res {
return record.ipv6Res, nil
}
}
}
}
if nil != mygfwlist {
connReq, _ := http.NewRequest("CONNECT", "https://"+domain, nil)
isBlocked, _ := mygfwlist.FastMatchDoamin(connReq)
if !isBlocked {
dnsServers = GConf.LocalDNS.FastDNS
useTrustedDNS = false
}
}
} else {
log.Printf("###DNS with %v", r.Question)
}
if len(dnsServers) == 0 {
dnsServers = GConf.LocalDNS.TrustedDNS
useTrustedDNS = true
}
if len(dnsServers) == 0 {
log.Printf("At least one DNS server need to be configured in 'FastDNS/TrustedDNS'")
return nil, errNoDNServer
}
server := selectDNSServer(dnsServers)
network := "udp"
if GConf.LocalDNS.TCPConnect && useTrustedDNS {
network = "tcp"
}
log.Printf("DNS query %s to %s", domain, server)
for retry := 0; retry < 3; retry++ {
c, err := netx.DialTimeout(network, server, 1*time.Second)
if nil != err {
return nil, err
}
dnsConn := new(dns.Conn)
if pc, ok := c.(getConnIntf); ok {
c = pc.GetConn()
}
dnsConn.Conn = c
dnsConn.WriteMsg(r)
dnsConn.SetReadDeadline(time.Now().Add(1 * time.Second))
res, err1 := dnsConn.ReadMsg()
if nil == err1 && nil != dnsCache && len(domain) > 0 {
record = newDNSCacheRecord(record, res)
dnsCache.Add(domain, record)
}
c.Close()
if nil == err1 {
return res, nil
}
}
return nil, errDNSQuryFail
}
func main() {
short = flag.Bool("short", false, "abbreviate long DNSSEC records")
dnssec := flag.Bool("dnssec", false, "request DNSSEC records")
query := flag.Bool("question", false, "show question")
check := flag.Bool("check", false, "check internal DNSSEC consistency")
six := flag.Bool("6", false, "use IPv6 only")
four := flag.Bool("4", false, "use IPv4 only")
anchor := flag.String("anchor", "", "use the DNSKEY in this file as trust anchor")
tsig := flag.String("tsig", "", "request tsig with key: [hmac:]name:key")
port := flag.Int("port", 53, "port number to use")
aa := flag.Bool("aa", false, "set AA flag in query")
ad := flag.Bool("ad", false, "set AD flag in query")
cd := flag.Bool("cd", false, "set CD flag in query")
rd := flag.Bool("rd", true, "set RD flag in query")
fallback := flag.Bool("fallback", false, "fallback to 4096 bytes bufsize and after that TCP")
tcp := flag.Bool("tcp", false, "TCP mode, multiple queries are asked over the same connection")
nsid := flag.Bool("nsid", false, "set edns nsid option")
client := flag.String("client", "", "set edns client-subnet option")
clientdraftcode := flag.Bool("clientdraft", false, "set edns client-subnet option using the draft option code")
opcode := flag.String("opcode", "query", "set opcode to query|update|notify")
rcode := flag.String("rcode", "success", "set rcode to noerror|formerr|nxdomain|servfail|...")
//serial := flag.Int("serial", 0, "perform an IXFR with this serial")
flag.Usage = func() {
fmt.Fprintf(os.Stderr, "Usage: %s [options] [@server] [qtype...] [qclass...] [name ...]\n", os.Args[0])
flag.PrintDefaults()
}
var (
qtype []uint16
qclass []uint16
qname []string
)
flag.Parse()
if *anchor != "" {
f, err := os.Open(*anchor)
if err != nil {
fmt.Fprintf(os.Stderr, "Failure to open %s: %s\n", *anchor, err.Error())
}
r, err := dns.ReadRR(f, *anchor)
if err != nil {
fmt.Fprintf(os.Stderr, "Failure to read an RR from %s: %s\n", *anchor, err.Error())
}
if k, ok := r.(*dns.DNSKEY); !ok {
fmt.Fprintf(os.Stderr, "No DNSKEY read from %s\n", *anchor)
} else {
dnskey = k
}
}
var nameserver string
Flags:
for i := 0; i < flag.NArg(); i++ {
// If it starts with @ it is a nameserver
if flag.Arg(i)[0] == '@' {
nameserver = flag.Arg(i)
continue Flags
}
// First class, then type, to make ANY queries possible
// And if it looks like type, it is a type
if k, ok := dns.StringToType[strings.ToUpper(flag.Arg(i))]; ok {
qtype = append(qtype, k)
continue Flags
}
// If it looks like a class, it is a class
if k, ok := dns.StringToClass[strings.ToUpper(flag.Arg(i))]; ok {
qclass = append(qclass, k)
continue Flags
}
// If it starts with TYPExxx it is unknown rr
if strings.HasPrefix(flag.Arg(i), "TYPE") {
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[4:]))
if e == nil {
qtype = append(qtype, uint16(i))
continue Flags
}
}
// If it starts with CLASSxxx it is unknown class
if strings.HasPrefix(flag.Arg(i), "CLASS") {
i, e := strconv.Atoi(string([]byte(flag.Arg(i))[5:]))
if e == nil {
qclass = append(qclass, uint16(i))
continue Flags
}
}
// Anything else is a qname
qname = append(qname, flag.Arg(i))
}
if len(qname) == 0 {
qname = []string{"."}
if len(qtype) == 0 {
qtype = append(qtype, dns.TypeNS)
}
}
if len(qtype) == 0 {
qtype = append(qtype, dns.TypeA)
}
if len(qclass) == 0 {
qclass = append(qclass, dns.ClassINET)
}
if len(nameserver) == 0 {
conf, err := dns.ClientConfigFromFile("/etc/resolv.conf")
if err != nil {
fmt.Fprintln(os.Stderr, err)
os.Exit(2)
}
nameserver = "@" + conf.Servers[0]
}
nameserver = string([]byte(nameserver)[1:]) // chop off @
// if the nameserver is from /etc/resolv.conf the [ and ] are already
// added, thereby breaking net.ParseIP. Check for this and don't
// fully qualify such a name
if nameserver[0] == '[' && nameserver[len(nameserver)-1] == ']' {
nameserver = nameserver[1 : len(nameserver)-1]
}
if i := net.ParseIP(nameserver); i != nil {
nameserver = net.JoinHostPort(nameserver, strconv.Itoa(*port))
} else {
nameserver = dns.Fqdn(nameserver) + ":" + strconv.Itoa(*port)
}
c := new(dns.Client)
t := new(dns.Transfer)
c.Net = "udp"
if *four {
c.Net = "udp4"
}
if *six {
c.Net = "udp6"
}
if *tcp {
c.Net = "tcp"
if *four {
c.Net = "tcp4"
}
if *six {
c.Net = "tcp6"
}
}
m := new(dns.Msg)
m.MsgHdr.Authoritative = *aa
m.MsgHdr.AuthenticatedData = *ad
m.MsgHdr.CheckingDisabled = *cd
m.MsgHdr.RecursionDesired = *rd
m.Question = make([]dns.Question, 1)
m.Opcode = dns.OpcodeQuery
if op, ok := dns.StringToOpcode[strings.ToUpper(*opcode)]; ok {
m.Opcode = op
}
m.Rcode = dns.RcodeSuccess
if rc, ok := dns.StringToRcode[strings.ToUpper(*rcode)]; ok {
m.Rcode = rc
}
if *dnssec || *nsid || *client != "" {
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
if *dnssec {
o.SetDo()
o.SetUDPSize(dns.DefaultMsgSize)
}
if *nsid {
e := new(dns.EDNS0_NSID)
e.Code = dns.EDNS0NSID
o.Option = append(o.Option, e)
// NSD will not return nsid when the udp message size is too small
o.SetUDPSize(dns.DefaultMsgSize)
}
if *client != "" {
e := new(dns.EDNS0_SUBNET)
e.Code = dns.EDNS0SUBNET
if *clientdraftcode {
e.DraftOption = true
}
e.SourceScope = 0
e.Address = net.ParseIP(*client)
if e.Address == nil {
fmt.Fprintf(os.Stderr, "Failure to parse IP address: %s\n", *client)
return
}
e.Family = 1 // IP4
e.SourceNetmask = net.IPv4len * 8
if e.Address.To4() == nil {
e.Family = 2 // IP6
e.SourceNetmask = net.IPv6len * 8
}
o.Option = append(o.Option, e)
}
m.Extra = append(m.Extra, o)
}
if *tcp {
co := new(dns.Conn)
tcp := "tcp"
if *six {
tcp = "tcp6"
}
var err error
if co.Conn, err = net.DialTimeout(tcp, nameserver, 2*time.Second); err != nil {
fmt.Fprintf(os.Stderr, "Dialing "+nameserver+" failed: "+err.Error()+"\n")
return
}
defer co.Close()
qt := dns.TypeA
qc := uint16(dns.ClassINET)
for i, v := range qname {
if i < len(qtype) {
qt = qtype[i]
}
if i < len(qclass) {
qc = qclass[i]
}
m.Question[0] = dns.Question{dns.Fqdn(v), qt, qc}
m.Id = dns.Id()
if *tsig != "" {
if algo, name, secret, ok := tsigKeyParse(*tsig); ok {
m.SetTsig(name, algo, 300, time.Now().Unix())
c.TsigSecret = map[string]string{name: secret}
t.TsigSecret = map[string]string{name: secret}
} else {
fmt.Fprintf(os.Stderr, ";; TSIG key data error\n")
continue
}
}
co.SetReadDeadline(time.Now().Add(2 * time.Second))
co.SetWriteDeadline(time.Now().Add(2 * time.Second))
if *query {
fmt.Printf("%s", m.String())
fmt.Printf("\n;; size: %d bytes\n\n", m.Len())
}
then := time.Now()
if e := co.WriteMsg(m); e != nil {
fmt.Fprintf(os.Stderr, ";; %s\n", e.Error())
continue
}
r, e := co.ReadMsg()
if e != nil {
fmt.Fprintf(os.Stderr, ";; %s\n", e.Error())
continue
}
rtt := time.Since(then)
if r.Id != m.Id {
fmt.Fprintf(os.Stderr, "Id mismatch\n")
continue
}
if *check {
sigCheck(r, nameserver, true)
denialCheck(r)
fmt.Println()
}
if *short {
r = shortMsg(r)
}
fmt.Printf("%v", r)
fmt.Printf("\n;; query time: %.3d µs, server: %s(%s), size: %d bytes\n", rtt/1e3, nameserver, tcp, r.Len())
}
return
}
qt := dns.TypeA
qc := uint16(dns.ClassINET)
Query:
for i, v := range qname {
if i < len(qtype) {
qt = qtype[i]
}
if i < len(qclass) {
qc = qclass[i]
}
m.Question[0] = dns.Question{dns.Fqdn(v), qt, qc}
m.Id = dns.Id()
if *tsig != "" {
if algo, name, secret, ok := tsigKeyParse(*tsig); ok {
m.SetTsig(name, algo, 300, time.Now().Unix())
c.TsigSecret = map[string]string{name: secret}
t.TsigSecret = map[string]string{name: secret}
} else {
fmt.Fprintf(os.Stderr, "TSIG key data error\n")
continue
}
}
if *query {
fmt.Printf("%s", m.String())
fmt.Printf("\n;; size: %d bytes\n\n", m.Len())
}
if qt == dns.TypeAXFR || qt == dns.TypeIXFR {
env, err := t.In(m, nameserver)
if err != nil {
fmt.Printf(";; %s\n", err.Error())
continue
}
envelope := 0
record := 0
for e := range env {
if e.Error != nil {
fmt.Printf(";; %s\n", e.Error.Error())
continue Query
}
for _, r := range e.RR {
fmt.Printf("%s\n", r)
}
record += len(e.RR)
envelope++
}
fmt.Printf("\n;; xfr size: %d records (envelopes %d)\n", record, envelope)
continue
}
r, rtt, e := c.Exchange(m, nameserver)
Redo:
if e != nil {
fmt.Printf(";; %s\n", e.Error())
continue
}
if r.Id != m.Id {
fmt.Fprintf(os.Stderr, "Id mismatch\n")
return
}
if r.MsgHdr.Truncated && *fallback {
if !*dnssec {
fmt.Printf(";; Truncated, trying %d bytes bufsize\n", dns.DefaultMsgSize)
o := new(dns.OPT)
o.Hdr.Name = "."
o.Hdr.Rrtype = dns.TypeOPT
o.SetUDPSize(dns.DefaultMsgSize)
m.Extra = append(m.Extra, o)
r, rtt, e = c.Exchange(m, nameserver)
*dnssec = true
goto Redo
} else {
// First EDNS, then TCP
fmt.Printf(";; Truncated, trying TCP\n")
c.Net = "tcp"
r, rtt, e = c.Exchange(m, nameserver)
goto Redo
}
}
if r.MsgHdr.Truncated && !*fallback {
fmt.Printf(";; Truncated\n")
}
if *check {
sigCheck(r, nameserver, *tcp)
denialCheck(r)
fmt.Println()
}
if *short {
r = shortMsg(r)
}
fmt.Printf("%v", r)
fmt.Printf("\n;; query time: %.3d µs, server: %s(%s), size: %d bytes\n", rtt/1e3, nameserver, c.Net, r.Len())
}
}