doh

Documentation

Index

• Constants
• func Accept(t Transport, c io.ReadWriteCloser)
• func AddEdnsPadding(rawMsg []byte) ([]byte, error)
• func Servfail(q []byte) ([]byte, error)
• type Atomic
  • func (a *Atomic) Load() Transport
  • func (a *Atomic) Store(t Transport)
• type ClientAuth
• type Listener
• type Summary
• type Token
• type Transport
  • func NewTransport(rawurl string, addrs []string, dialer *net.Dialer, auth ClientAuth, ...) (Transport, error)

Constants

const (
	// Complete : Transaction completed successfully
	Complete = iota
	// SendFailed : Failed to send query
	SendFailed
	// HTTPError : Got a non-200 HTTP status
	HTTPError
	// BadQuery : Malformed input
	BadQuery
	// BadResponse : Response was invalid
	BadResponse
	// InternalError : This should never happen
	InternalError
)

const (
	OptResourcePaddingCode = 12
	PaddingBlockSize       = 128 // RFC8467 recommendation
)

Functions

func Accept

func Accept(t Transport, c io.ReadWriteCloser)

Accept a DNS-over-TCP socket from a stub resolver, and connect the socket to this DNSTransport.

func AddEdnsPadding

func AddEdnsPadding(rawMsg []byte) ([]byte, error)

Add EDNS padding, as defined in RFC7830, to a raw DNS message.

func Servfail

func Servfail(q []byte) ([]byte, error)

Servfail returns a SERVFAIL response to the query q.

Types

type Atomic

type Atomic struct {
	// contains filtered or unexported fields
}

Atomic is atomic.Value, specialized for doh.Transport.

func (*Atomic) Load

func (a *Atomic) Load() Transport

Load the DNSTransport, or nil if it has not been stored.

func (*Atomic) Store

func (a *Atomic) Store(t Transport)

Store a DNSTransport. d must not be nil.

type ClientAuth

type ClientAuth interface {
	// GetClientCertificate returns the client certificate (if any).
	// May block as the first call may cause certificates to load.
	// Returns a DER encoded X.509 client certificate.
	GetClientCertificate() []byte
	// GetIntermediateCertificate returns the chaining certificate (if any).
	// It does not block or cause certificates to load.
	// Returns a DER encoded X.509 certificate.
	GetIntermediateCertificate() []byte
	// Request a signature on a digest.
	Sign(digest []byte) []byte
}

ClientAuth interface for providing TLS certificates and signatures.

type Listener

type Listener interface {
	OnQuery(url string) Token
	OnResponse(Token, *Summary)
}

Listener receives Summaries.

type Summary

type Summary struct {
	Latency    float64 // Response (or failure) latency in seconds
	Query      []byte
	Response   []byte
	Server     string
	Status     int
	HTTPStatus int // Zero unless Status is Complete or HTTPError
}

Summary is a summary of a DNS transaction, reported when it is complete.

type Token

type Token interface{}

A Token is an opaque handle used to match responses to queries.

type Transport

type Transport interface {
	// Given a DNS query (including ID), returns a DNS response with matching
	// ID, or an error if no response was received.  The error may be accompanied
	// by a SERVFAIL response if appropriate.
	Query(q []byte) ([]byte, error)
	// Return the server URL used to initialize this transport.
	GetURL() string
}

Transport represents a DNS query transport. This interface is exported by gobind, so it has to be very simple.

func NewTransport

func NewTransport(rawurl string, addrs []string, dialer *net.Dialer, auth ClientAuth, listener Listener) (Transport, error)

NewTransport returns a DoH DNSTransport, ready for use. This is a POST-only DoH implementation, so the DoH template should be a URL. `rawurl` is the DoH template in string form. `addrs` is a list of domains or IP addresses to use as fallback, if the hostname

lookup fails or returns non-working addresses.

`dialer` is the dialer that the transport will use. The transport will modify the dialer's

timeout but will not mutate it otherwise.

`auth` will provide a client certificate if required by the TLS server. `listener` will receive the status of each DNS query when it is complete.