Documentation ¶
Overview ¶
Package dnsmsg contains common constants, functions, and types for inspecting and constructing DNS messages.
TODO(a.garipov): Consider moving all or some of this stuff to module golibs.
Index ¶
- Constants
- func Clone(msg *dns.Msg) (clone *dns.Msg)
- func ECSFromMsg(msg *dns.Msg) (subnet netip.Prefix, scope uint8, err error)
- func FindLowestTTL(msg *dns.Msg) (ttl uint32)
- func IsDO(msg *dns.Msg) (ok bool)
- func SetMinTTL(r *dns.Msg, minTTL uint32)
- type BadECSError
- type BlockingMode
- type BlockingModeCustomIP
- type BlockingModeNXDOMAIN
- type BlockingModeNullIP
- type BlockingModeREFUSED
- type Class
- type Cloner
- type ClonerStat
- type Constructor
- func (c *Constructor) AppendDebugExtra(req, resp *dns.Msg, str string) (err error)
- func (c *Constructor) NewAnswerA(fqdn string, ip netip.Addr) (rr *dns.A, err error)
- func (c *Constructor) NewAnswerAAAA(fqdn string, ip netip.Addr) (rr *dns.AAAA, err error)
- func (c *Constructor) NewAnswerCNAME(req *dns.Msg, target string) (rr *dns.CNAME)
- func (c *Constructor) NewAnswerHTTPS(req *dns.Msg, svcb *rules.DNSSVCB) (ans *dns.HTTPS)
- func (c *Constructor) NewAnswerMX(req *dns.Msg, mx *rules.DNSMX) (rr *dns.MX)
- func (c *Constructor) NewAnswerPTR(req *dns.Msg, ptr string) (rr *dns.PTR)
- func (c *Constructor) NewAnswerSRV(req *dns.Msg, srv *rules.DNSSRV) (rr *dns.SRV)
- func (c *Constructor) NewAnswerSVCB(req *dns.Msg, svcb *rules.DNSSVCB) (ans *dns.SVCB)
- func (c *Constructor) NewAnswerTXT(req *dns.Msg, strs []string) (rr *dns.TXT, err error)
- func (c *Constructor) NewBlockedRespMsg(req *dns.Msg) (msg *dns.Msg, err error)
- func (c *Constructor) NewCNAMEWithIPs(req *dns.Msg, cname string, ips ...netip.Addr) (resp *dns.Msg, err error)
- func (c *Constructor) NewDDRTemplate(proto dnsserver.Protocol, resolverName string, dohPath string, ...) (rr *dns.SVCB)
- func (c *Constructor) NewIPRespMsg(req *dns.Msg, ips ...netip.Addr) (msg *dns.Msg, err error)
- func (c *Constructor) NewMsgFORMERR(req *dns.Msg) (resp *dns.Msg)
- func (c *Constructor) NewMsgNODATA(req *dns.Msg) (resp *dns.Msg)
- func (c *Constructor) NewMsgNXDOMAIN(req *dns.Msg) (resp *dns.Msg)
- func (c *Constructor) NewMsgREFUSED(req *dns.Msg) (resp *dns.Msg)
- func (c *Constructor) NewMsgSERVFAIL(req *dns.Msg) (resp *dns.Msg)
- func (c *Constructor) NewRespMsg(req *dns.Msg) (resp *dns.Msg)
- func (c *Constructor) NewTXTRespMsg(req *dns.Msg, strs ...string) (msg *dns.Msg, err error)
- type EmptyClonerStat
- type RCode
- type RRType
Constants ¶
const DefaultEDNSUDPSize = 4096
DefaultEDNSUDPSize is the default size used for EDNS content.
See https://datatracker.ietf.org/doc/html/rfc6891#section-6.2.5.
const MaxTXTStringLen int = 255
MaxTXTStringLen is the maximum length of a single string within a TXT resource record.
See also https://datatracker.ietf.org/doc/html/rfc6763#section-6.1.
const ServFailMaxCacheTTL = 30
ServFailMaxCacheTTL is the maximum time-to-live value for caching SERVFAIL responses in seconds. It's consistent with the upper constraint of 5 minutes given by RFC 2308.
See https://datatracker.ietf.org/doc/html/rfc2308#section-7.1.
Variables ¶
This section is empty.
Functions ¶
func Clone ¶
Clone returns a new *Msg which is a deep copy of msg. Use this instead of msg.Copy, because the latter does not actually produce a deep copy of msg.
See https://github.com/miekg/dns/issues/1351.
TODO(a.garipov): See if we can also decrease allocations for such cases by modifying more of the original code.
func ECSFromMsg ¶
ECSFromMsg returns the EDNS Client Subnet option information from msg, if any. If there is none, it returns netip.Prefix{}. msg must not be nil. err is not nil only if msg contains a malformed EDNS Client Subnet option or the address family is unsupported (that is, neither IPv4 nor IPv6). Any error returned from ECSFromMsg will have the underlying type of BadECSError.
func FindLowestTTL ¶
FindLowestTTL gets the lowest TTL among all DNS message's RRs.
Types ¶
type BadECSError ¶
type BadECSError struct {
Err error
}
BadECSError is returned by functions that work with EDNS Client Subnet option when the data in the option is invalid.
func (BadECSError) Error ¶
func (err BadECSError) Error() (msg string)
Error implements the error interface for BadECSError.
func (BadECSError) IsSentryReportable ¶
func (err BadECSError) IsSentryReportable() (ok bool)
IsSentryReportable implements the [errcoll.SentryReportableError] interface for BadECSError.
func (BadECSError) Unwrap ¶
func (err BadECSError) Unwrap() (unwrapped error)
Unwrap implements the errors.Wrapper interface for BadECSError.
type BlockingMode ¶
type BlockingMode interface {
// contains filtered or unexported methods
}
BlockingMode is a sum type of all possible ways to construct blocked or modified responses. See the following types:
type BlockingModeCustomIP ¶
BlockingModeCustomIP makes the dnsmsg.Constructor return responses with custom IP addresses to A and AAAA requests. For all other types of requests, as well as if one of the addresses isn't set, it returns a response with no answers (aka NODATA).
type BlockingModeNXDOMAIN ¶
type BlockingModeNXDOMAIN struct{}
BlockingModeNXDOMAIN makes the dnsmsg.Constructor return responses with code NXDOMAIN.
type BlockingModeNullIP ¶
type BlockingModeNullIP struct{}
BlockingModeNullIP makes the dnsmsg.Constructor return a null-IP response to A and AAAA requests. For all other types of requests, it returns a response with no answers (aka NODATA).
type BlockingModeREFUSED ¶
type BlockingModeREFUSED struct{}
BlockingModeREFUSED makes the dnsmsg.Constructor return responses with code REFUSED.
type Class ¶
type Class = uint16
Class is a semantic alias for uint16 values when they are used as a DNS class code.
type Cloner ¶
type Cloner struct {
// contains filtered or unexported fields
}
Cloner is a pool that can clone common parts of DNS messages with fewer allocations.
TODO(a.garipov): Use in filtering when cloning a [filter.ResultModified] message.
TODO(a.garipov): Use in Constructor.
func NewCloner ¶
func NewCloner(stat ClonerStat) (c *Cloner)
NewCloner returns a new properly initialized *Cloner.
type ClonerStat ¶
type ClonerStat interface { // OnClone is called on [Cloner.Clone] calls. isFull is true if the clone // was full. OnClone(isFull bool) }
ClonerStat is an interface for entities that collect statistics about a Cloner.
All methods must be safe for concurrent use.
type Constructor ¶
type Constructor struct {
// contains filtered or unexported fields
}
Constructor creates DNS messages for blocked or modified responses.
func NewConstructor ¶
func NewConstructor(cloner *Cloner, bm BlockingMode, respTTL time.Duration) (c *Constructor)
NewConstructor returns a properly initialized constructor with the given options. respTTL is the time-to-live value used for responses created by this message constructor. cloner may be nil. bm is the blocking mode to use in Constructor.NewBlockedRespMsg; it must not be nil.
func (*Constructor) AppendDebugExtra ¶
func (c *Constructor) AppendDebugExtra(req, resp *dns.Msg, str string) (err error)
AppendDebugExtra appends to response message a DNS TXT extra with CHAOS class.
func (*Constructor) NewAnswerA ¶
NewAnswerA returns a new resource record with the given IPv4 address and fqdn. fqdn is the fully-qualified name and must not be empty. ip must be an IPv4 address. If ip is a zero netip.Addr, it is replaced by an unspecified (aka null) IP, 0.0.0.0.
TODO(a.garipov): Use FQDN in all other answer constructors.
func (*Constructor) NewAnswerAAAA ¶
NewAnswerAAAA returns a new resource record with the given IPv6 address and fqdn. fqdn is the fully-qualified name and must not be empty. ip must be an IPv6 address. If ip is a zero netip.Addr, it is replaced by an unspecified (aka null) IP, [::].
func (*Constructor) NewAnswerCNAME ¶
NewAnswerCNAME returns a new resource record of CNAME type.
func (*Constructor) NewAnswerHTTPS ¶
NewAnswerHTTPS returns a properly initialized HTTPS resource record.
See the comment on NewAnswerSVCB for a list of current restrictions on parameter values.
func (*Constructor) NewAnswerMX ¶
NewAnswerMX returns a new resource record of MX type.
func (*Constructor) NewAnswerPTR ¶
NewAnswerPTR returns a new resource record of PTR type.
func (*Constructor) NewAnswerSRV ¶
NewAnswerSRV returns a new resource record of SRV type.
func (*Constructor) NewAnswerSVCB ¶
NewAnswerSVCB returns a properly initialized SVCB resource record.
Currently, there are several restrictions on how the parameters are parsed. Firstly, the parsing of non-contiguous values isn't supported. Secondly, the parsing of value-lists is not supported either.
ipv4hint=127.0.0.1 // Supported. ipv4hint="127.0.0.1" // Unsupported. ipv4hint=127.0.0.1,127.0.0.2 // Unsupported. ipv4hint="127.0.0.1,127.0.0.2" // Unsupported.
TODO(a.garipov): Support all of these.
func (*Constructor) NewAnswerTXT ¶
NewAnswerTXT returns a new resource record of TXT type.
func (*Constructor) NewBlockedRespMsg ¶
NewBlockedRespMsg returns a blocked DNS response message based on the constructor's blocking mode.
func (*Constructor) NewCNAMEWithIPs ¶
func (c *Constructor) NewCNAMEWithIPs( req *dns.Msg, cname string, ips ...netip.Addr, ) (resp *dns.Msg, err error)
NewCNAMEWithIPs generates a filtered response to req with CNAME record and provided ips. cname is the fully-qualified name and must not be empty, ips must be of the same family.
func (*Constructor) NewDDRTemplate ¶
func (c *Constructor) NewDDRTemplate( proto dnsserver.Protocol, resolverName string, dohPath string, ipv4Hints []netip.Addr, ipv6Hints []netip.Addr, port uint16, prio uint16, ) (rr *dns.SVCB)
NewDDRTemplate returns a single Discovery of Designated Resolvers response resource record template specific for a resolver. The returned resource record doesn't specify a name in its header since it may differ between requests, so it's not a valid record as is.
If the IP address arguments aren't empty, their elements will be added into the appropriate hints. Those arguments are assumed to be of the correct protocol version.
proto must be a standard encrypted protocol, as defined by dnsserver.Protocol.IsStdEncrypted.
TODO(a.garipov): Remove the dependency on package dnsserver.
func (*Constructor) NewIPRespMsg ¶
NewIPRespMsg returns a DNS A or AAAA response message with the given IP addresses. If any IP address is nil, it is replaced by an unspecified (aka null) IP. The TTL is also set to c.FilteredResponseTTL.
func (*Constructor) NewMsgFORMERR ¶
func (c *Constructor) NewMsgFORMERR(req *dns.Msg) (resp *dns.Msg)
NewMsgFORMERR returns a properly initialized FORMERR response.
func (*Constructor) NewMsgNODATA ¶
func (c *Constructor) NewMsgNODATA(req *dns.Msg) (resp *dns.Msg)
NewMsgNODATA returns a properly initialized NODATA response.
func (*Constructor) NewMsgNXDOMAIN ¶
func (c *Constructor) NewMsgNXDOMAIN(req *dns.Msg) (resp *dns.Msg)
NewMsgNXDOMAIN returns a properly initialized NXDOMAIN response.
func (*Constructor) NewMsgREFUSED ¶
func (c *Constructor) NewMsgREFUSED(req *dns.Msg) (resp *dns.Msg)
NewMsgREFUSED returns a properly initialized REFUSED response.
func (*Constructor) NewMsgSERVFAIL ¶
func (c *Constructor) NewMsgSERVFAIL(req *dns.Msg) (resp *dns.Msg)
NewMsgSERVFAIL returns a properly initialized SERVFAIL response.
func (*Constructor) NewRespMsg ¶
func (c *Constructor) NewRespMsg(req *dns.Msg) (resp *dns.Msg)
NewRespMsg creates a DNS response for req and sets all necessary flags and fields. It also guarantees that req.Question will be not empty.
func (*Constructor) NewTXTRespMsg ¶
NewTXTRespMsg returns a DNS TXT response message with the given strings as content. The TTL is also set to c.FilteredResponseTTL.
type EmptyClonerStat ¶
type EmptyClonerStat struct{}
EmptyClonerStat is a ClonerStat implementation that does nothing.
func (EmptyClonerStat) OnClone ¶
func (EmptyClonerStat) OnClone(_ bool)
OnClone implements the ClonerStat interface for EmptyClonerStat.