intel

Documentation

Overview

Package intel is responsible for fetching intelligence data, including DNS, on remote entities.

DNS Servers

Internal lists of resolvers to use are built on start and rebuilt on every config or network change. Configured DNS servers are prioritized over servers assigned by dhcp. Domain and search options (here referred to as "search scopes") are being considered.

Security

Usage of DNS Servers can be regulated using the configuration:

DoNotUseAssignedDNS        // Do not use DNS servers assigned by DHCP
DoNotUseMDNS               // Do not use mDNS
DoNotForwardSpecialDomains // Do not forward special domains to local resolvers, except if they have a search scope for it

Note: The DHCP options "domain" and "search" are ignored for servers assigned by DHCP that do not reside within local address space.

Resolving DNS

Various different queries require the resolver to behave in different manner:

Queries for "localhost." are immediately responded with 127.0.0.1 and ::1, for A and AAAA queries and NXDomain for others. Reverse lookups on local address ranges (10/8, 172.16/12, 192.168/16, fe80::/7) will be tried against every local resolver and finally mDNS until a successful, non-NXDomain answer is received. Special domains ("example.", "example.com.", "example.net.", "example.org.", "invalid.", "test.", "onion.") are resolved using search scopes and local resolvers. All other domains are resolved using search scopes and all available resolvers.

Index

• Constants
• func GetIntelAndRRs(domain string, qtype dns.Type, securityLevel uint8) (intel *Intel, rrs *RRCache)
• func ResolveIPAndValidate(ip string, securityLevel uint8) (domain string, err error)
• type IPInfo
  • func GetIPInfo(ip string) (*IPInfo, error)
  • func (ipi *IPInfo) AddDomain(domain string) (added bool)
  • func (ipi *IPInfo) FmtDomains() string
  • func (ipi *IPInfo) Save() error
  • func (ipi *IPInfo) String() string
• type Intel
  • func GetIntel(domain string) (*Intel, error)
  • func GetIntelFromDB(domain string) (*Intel, error)
  • func (intel *Intel) Save() error
• type NameRecord
  • func GetNameRecord(domain string, question string) (*NameRecord, error)
  • func (rec *NameRecord) Save() error
• type RRCache
  • func GetRRCache(domain string, question dns.Type) (*RRCache, error)
  • func Resolve(fqdn string, qtype dns.Type, securityLevel uint8) *RRCache
  • func (m *RRCache) Clean(minExpires uint32)
  • func (m *RRCache) ExportAllARecords() (ips []net.IP)
  • func (m *RRCache) Flags() string
  • func (m *RRCache) IsNXDomain() bool
  • func (m *RRCache) RequestingNew() bool
  • func (m *RRCache) Save() error
  • func (m *RRCache) ServedFromCache() bool
  • func (m *RRCache) ShallowCopy() *RRCache
  • func (m *RRCache) ToNameRecord() *NameRecord
• type Resolver
  • func (r *Resolver) String() string
• type Scope

Constants

const (
	DNSClassMulticast = dns.ClassINET | 1<<15
)

DNS Classes

Functions

func GetIntelAndRRs

func GetIntelAndRRs(domain string, qtype dns.Type, securityLevel uint8) (intel *Intel, rrs *RRCache)

GetIntelAndRRs returns intel and DNS resource records for the given domain.

func ResolveIPAndValidate

func ResolveIPAndValidate(ip string, securityLevel uint8) (domain string, err error)

ResolveIPAndValidate finds (reverse DNS), validates (forward DNS) and returns the domain name assigned to the given IP.

Types

type IPInfo

type IPInfo struct {
	record.Base
	sync.Mutex

	IP      string
	Domains []string
}

IPInfo represents various information about an IP.

func GetIPInfo

func GetIPInfo(ip string) (*IPInfo, error)

GetIPInfo gets an IPInfo record from the database.

func (*IPInfo) AddDomain

func (ipi *IPInfo) AddDomain(domain string) (added bool)

AddDomain adds a domain to the list and reports back if it was added, or was already present.

func (*IPInfo) FmtDomains

func (ipi *IPInfo) FmtDomains() string

FmtDomains returns a string consisting of the domains that have seen to use this IP, joined by " or "

func (*IPInfo) Save

func (ipi *IPInfo) Save() error

Save saves the IPInfo record to the database.

func (*IPInfo) String

func (ipi *IPInfo) String() string

FmtDomains returns a string consisting of the domains that have seen to use this IP, joined by " or "

type Intel

type Intel struct {
	record.Base
	sync.Mutex

	Domain string
}

Intel holds intelligence data for a domain.

func GetIntel

func GetIntel(domain string) (*Intel, error)

GetIntel fetches intelligence data for the given domain.

func GetIntelFromDB

func GetIntelFromDB(domain string) (*Intel, error)

GetIntelFromDB gets an Intel record from the database.

func (*Intel) Save

func (intel *Intel) Save() error

Save saves the Intel record to the database.

type NameRecord

type NameRecord struct {
	record.Base
	sync.Mutex

	Domain   string
	Question string
	Answer   []string
	Ns       []string
	Extra    []string
	TTL      int64

	Server      string
	ServerScope int8
}

NameRecord is helper struct to RRCache to better save data to the database.

func GetNameRecord

func GetNameRecord(domain string, question string) (*NameRecord, error)

GetNameRecord gets a NameRecord from the database.

func (*NameRecord) Save

func (rec *NameRecord) Save() error

Save saves the NameRecord to the database.

type RRCache

type RRCache struct {
	Domain   string
	Question dns.Type

	Answer []dns.RR
	Ns     []dns.RR
	Extra  []dns.RR
	TTL    int64

	Server      string
	ServerScope int8

	Filtered        bool
	FilteredEntries []string
	// contains filtered or unexported fields
}

RRCache is used to cache DNS data

func GetRRCache

func GetRRCache(domain string, question dns.Type) (*RRCache, error)

GetRRCache tries to load the corresponding NameRecord from the database and convert it.

func Resolve

func Resolve(fqdn string, qtype dns.Type, securityLevel uint8) *RRCache

Resolve resolves the given query for a domain and type and returns a RRCache object or nil, if the query failed.

func (*RRCache) Clean

func (m *RRCache) Clean(minExpires uint32)

Clean sets all TTLs to 17 and sets cache expiry with specified minimum.

func (*RRCache) ExportAllARecords

func (m *RRCache) ExportAllARecords() (ips []net.IP)

ExportAllARecords return of a list of all A and AAAA IP addresses.

func (*RRCache) Flags

func (m *RRCache) Flags() string

Flags formats ServedFromCache and RequestingNew to a condensed, flag-like format.

func (*RRCache) IsNXDomain

func (m *RRCache) IsNXDomain() bool

IsNXDomain returnes whether the result is nxdomain.

func (*RRCache) RequestingNew

func (m *RRCache) RequestingNew() bool

RequestingNew informs that it has expired and new RRs are being fetched.

func (*RRCache) Save

func (m *RRCache) Save() error

Save saves the RRCache to the database as a NameRecord.

func (*RRCache) ServedFromCache

func (m *RRCache) ServedFromCache() bool

ServedFromCache marks the RRCache as served from cache.

func (*RRCache) ShallowCopy

func (m *RRCache) ShallowCopy() *RRCache

ShallowCopy returns a shallow copy of the cache. slices are not copied, but referenced.

func (*RRCache) ToNameRecord

func (m *RRCache) ToNameRecord() *NameRecord

ToNameRecord converts the RRCache to a NameRecord for cleaner persistence.

type Resolver

type Resolver struct {
	// static
	Server        string
	ServerType    string
	ServerAddress string
	ServerIP      net.IP
	ServerIPScope int8
	ServerPort    uint16
	VerifyDomain  string
	Source        string

	Search               *[]string
	AllowedSecurityLevel uint8
	SkipFqdnBeforeInit   string

	// atomic
	Initialized *abool.AtomicBool
	InitLock    sync.Mutex
	LastFail    *int64
	Expires     *int64

	// must be locked
	LockReason sync.Mutex
	FailReason string
	// contains filtered or unexported fields
}

Resolver holds information about an active resolver.

func (*Resolver) String

func (r *Resolver) String() string

type Scope

type Scope struct {
	Domain    string
	Resolvers []*Resolver
}

Scope defines a domain scope and which resolvers can resolve it.