From 5768f07ce51271239b16b4cfda6206366002cefc Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Sun, 7 Apr 2024 17:04:43 -0600
Subject: init

---
 hcdns/server.go | 120 +++++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 93 insertions(+), 27 deletions(-)

(limited to 'hcdns/server.go')

diff --git a/hcdns/server.go b/hcdns/server.go
index ce7894b..e5a8d29 100644
--- a/hcdns/server.go
+++ b/hcdns/server.go
@@ -11,74 +11,139 @@ import (
 
 const MAX_RECURSION = 15
 
-func resolveInternalCNAMEs(dbConn *sql.DB, domain string, qtype uint16, maxDepth int) ([]dns.RR, error) {
-	internalCnames, err := database.FindDNSRecords(dbConn, domain, "CNAME")
+type DnsHandler struct {
+	DnsResolvers []string
+	DbConn       *sql.DB
+}
+
+func (h *DnsHandler) resolveExternal(domain string, qtype uint16) ([]dns.RR, error) {
+	client := &dns.Client{}
+	message := &dns.Msg{}
+	message.SetQuestion(dns.Fqdn(domain), qtype)
+	message.RecursionDesired = true
+
+	if len(h.DnsResolvers) == 0 {
+		return []dns.RR{}, nil
+	}
+
+	i := 0
+	in, _, err := client.Exchange(message, h.DnsResolvers[i])
+	for err != nil && i < len(h.DnsResolvers) {
+		i++
+		in, _, err = client.Exchange(message, h.DnsResolvers[i])
+	}
+
 	if err != nil {
 		return nil, err
 	}
 
+	if len(in.Answer) == 0 {
+		return nil, nil
+	}
+
+	return in.Answer, nil
+}
+
+func resultSetFound(answers []dns.RR, domain string, qtype uint16) bool {
+	for _, answer := range answers {
+		if answer.Header().Name == domain && answer.Header().Rrtype == qtype {
+			return true
+		}
+	}
+	return false
+}
+
+func (h *DnsHandler) recursiveResolve(domain string, qtype uint16, maxDepth int) ([]dns.RR, bool, error) {
+	internalCnames, err := database.FindDNSRecords(h.DbConn, domain, "CNAME")
+	if err != nil {
+		return nil, true, err
+	}
+
+	authoritative := true
 	var answers []dns.RR
 	for _, record := range internalCnames {
 		cname, err := dns.NewRR(fmt.Sprintf("%s %d IN CNAME %s", record.Name, record.TTL, record.Content))
 		if err != nil {
 			log.Println(err)
-			return nil, err
+			return nil, authoritative, err
 		}
 		answers = append(answers, cname)
 
-		cnameRecursive, err := resolveDNS(dbConn, record.Content, qtype, maxDepth-1)
+		cnameRecursive, cnameAuth, err := h.resolveDNS(record.Content, qtype, maxDepth-1)
 		if err != nil {
 			log.Println(err)
-			return nil, err
+			return nil, authoritative, err
 		}
+		authoritative = authoritative && cnameAuth
 		answers = append(answers, cnameRecursive...)
 	}
 
 	qtypeName := dns.TypeToString[qtype]
-	if qtypeName == "" {
-		return nil, fmt.Errorf("invalid query type %d", qtype)
-	}
-
-	typeDnsRecords, err := database.FindDNSRecords(dbConn, domain, qtypeName)
+	records, err := database.FindDNSRecords(h.DbConn, domain, qtypeName)
 	if err != nil {
-		return nil, err
+		return nil, authoritative, err
 	}
-	for _, record := range typeDnsRecords {
+
+	for _, record := range records {
 		answer, err := dns.NewRR(fmt.Sprintf("%s %d IN %s %s", record.Name, record.TTL, qtypeName, record.Content))
 		if err != nil {
-			return nil, err
+			return nil, authoritative, err
 		}
 		answers = append(answers, answer)
 	}
 
-	return answers, nil
+	return answers, authoritative, nil
 }
 
-func resolveDNS(dbConn *sql.DB, domain string, qtype uint16, maxDepth int) ([]dns.RR, error) {
+func (h *DnsHandler) resolveDNS(domain string, qtype uint16, maxDepth int) ([]dns.RR, bool, error) {
+	log.Println("resolving", domain, dns.TypeToString[qtype], maxDepth)
 	if maxDepth == 0 {
-		return nil, fmt.Errorf("too much recursion")
+		return nil, false, fmt.Errorf("too much recursion")
 	}
 
-	answers, err := resolveInternalCNAMEs(dbConn, domain, qtype, maxDepth)
+	answers, authoritative, err := h.recursiveResolve(domain, qtype, maxDepth)
 	if err != nil {
-		return nil, err
+		return nil, false, err
 	}
 
-	return answers, nil
-}
+	if len(answers) > 0 { // base case - we got the answer
+		return answers, authoritative, nil
+	}
 
-type DnsHandler struct {
-	DnsResolvers []string
-	DbConn       *sql.DB
+	externalAnswers, err := h.resolveExternal(domain, qtype)
+	if err != nil {
+		return nil, false, err
+	}
+
+	answers = append(answers, externalAnswers...)
+	if resultSetFound(externalAnswers, domain, qtype) {
+		return answers, false, nil
+	}
+
+	for _, answer := range externalAnswers {
+		cname, ok := answer.(*dns.CNAME)
+		if !ok {
+			continue
+		}
+
+		cnameAnswers, _, err := h.resolveDNS(cname.Target, qtype, maxDepth-1)
+		if err != nil {
+			return nil, false, err
+		}
+		answers = append(answers, cnameAnswers...)
+	}
+
+	return answers, false, nil
 }
 
 func (h *DnsHandler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
-	msg := new(dns.Msg)
+	msg := &dns.Msg{}
 	msg.SetReply(r)
-	msg.Authoritative = true
+	msg.Authoritative = false
 
 	for _, question := range r.Question {
-		answers, err := resolveDNS(h.DbConn, question.Name, question.Qtype, MAX_RECURSION)
+		answers, authoritative, err := h.resolveDNS(question.Name, question.Qtype, MAX_RECURSION)
+		msg.Authoritative = authoritative
 		if err != nil {
 			fmt.Println(err)
 			msg.SetRcode(r, dns.RcodeServerFailure)
@@ -98,7 +163,8 @@ func (h *DnsHandler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 
 func MakeServer(argv *args.Arguments, dbConn *sql.DB) *dns.Server {
 	handler := &DnsHandler{
-		DbConn: dbConn,
+		DbConn:       dbConn,
+		DnsResolvers: argv.DnsResolvers,
 	}
 	addr := fmt.Sprintf(":%d", argv.DnsPort)
 
-- 
cgit v1.2.3-70-g09d2


From e2ce6804a76c771759603e3b3800a013275217a1 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Sun, 7 Apr 2024 19:02:42 -0600
Subject: be authoritative, but only when there's no external queries occuring

---
 hcdns/server.go      |   9 ++-
 hcdns/server_test.go | 160 ++++++++++++++++++++++++++-------------------------
 2 files changed, 89 insertions(+), 80 deletions(-)

(limited to 'hcdns/server.go')

diff --git a/hcdns/server.go b/hcdns/server.go
index e5a8d29..2e110e8 100644
--- a/hcdns/server.go
+++ b/hcdns/server.go
@@ -70,11 +70,12 @@ func (h *DnsHandler) recursiveResolve(domain string, qtype uint16, maxDepth int)
 		answers = append(answers, cname)
 
 		cnameRecursive, cnameAuth, err := h.resolveDNS(record.Content, qtype, maxDepth-1)
+		authoritative = authoritative && cnameAuth
 		if err != nil {
 			log.Println(err)
 			return nil, authoritative, err
 		}
-		authoritative = authoritative && cnameAuth
+
 		answers = append(answers, cnameRecursive...)
 	}
 
@@ -126,14 +127,16 @@ func (h *DnsHandler) resolveDNS(domain string, qtype uint16, maxDepth int) ([]dn
 			continue
 		}
 
-		cnameAnswers, _, err := h.resolveDNS(cname.Target, qtype, maxDepth-1)
+		cnameAnswers, cnameAuth, err := h.resolveDNS(cname.Target, qtype, maxDepth-1)
+		authoritative = authoritative && cnameAuth
 		if err != nil {
 			return nil, false, err
 		}
 		answers = append(answers, cnameAnswers...)
 	}
 
-	return answers, false, nil
+	authoritative = authoritative && len(externalAnswers) == 0
+	return answers, authoritative, nil
 }
 
 func (h *DnsHandler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
diff --git a/hcdns/server_test.go b/hcdns/server_test.go
index 9993bbf..f1b283f 100644
--- a/hcdns/server_test.go
+++ b/hcdns/server_test.go
@@ -58,83 +58,6 @@ func setup(arguments *args.Arguments) (*sql.DB, *dns.Server, string, func()) {
 	}
 }
 
-func TestWhenExternalDomain(t *testing.T) {
-	externalDb, _, externalAddr, externalCleanup := setup(nil)
-	internalDb, _, internalAddr, internalCleanup := setup(&args.Arguments{
-		DnsPort:      randomPort(),
-		DnsResolvers: []string{externalAddr},
-	})
-	defer internalCleanup()
-	defer externalCleanup()
-
-	authoritativeRecords := []database.DNSRecord{
-		{
-			ID:      "1",
-			UserID:  "test",
-			Name:    "external.example.com.",
-			Type:    "CNAME",
-			Content: "external.internal.example.com.",
-		},
-	}
-	internalRecords := []database.DNSRecord{
-		{
-			ID:      "1",
-			UserID:  "test",
-			Name:    "external.internal.example.com.",
-			Type:    "A",
-			Content: "127.0.0.1",
-		},
-		{
-			ID:      "2",
-			UserID:  "test",
-			Name:    "test.internal.example.com.",
-			Type:    "CNAME",
-			Content: "external.example.com.",
-		},
-	}
-
-	for _, record := range authoritativeRecords {
-		database.SaveDNSRecord(externalDb, &record)
-	}
-	for _, record := range internalRecords {
-		database.SaveDNSRecord(internalDb, &record)
-	}
-
-	// ensure that if the record doesn't exist in the internal database, it will
-	// go and query the external dns resolvers, then loop back to the internal
-
-	qtype := dns.TypeA
-	domain := dns.Fqdn("test.internal.example.com.")
-	client := &dns.Client{}
-	message := &dns.Msg{}
-	message.SetQuestion(domain, qtype)
-
-	in, _, err := client.Exchange(message, internalAddr)
-
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if len(in.Answer) != 3 {
-		t.Fatalf("expected 3 answers, got %d", len(in.Answer))
-	}
-
-	aRecord := in.Answer[2]
-	if aRecord.Header().Name != internalRecords[0].Name {
-		t.Fatalf("expected %s, got %s", domain, aRecord.Header().Name)
-	}
-	if aRecord.Header().Rrtype != dns.TypeA {
-		t.Fatalf("expected %s, got %s", dns.TypeToString[aRecord.Header().Rrtype], internalRecords[1].Type)
-	}
-	if aRecord.(*dns.A).A.String() != internalRecords[0].Content {
-		t.Fatalf("expected %s, got %s", internalRecords[0].Content, aRecord.(*dns.A).A.String())
-	}
-
-	if in.Authoritative {
-		t.Fatalf("expected non-authoritative response")
-	}
-}
-
 func TestWhenCNAMEIsResolved(t *testing.T) {
 	testDb, _, addr, cleanup := setup(nil)
 	defer cleanup()
@@ -322,3 +245,86 @@ func TestWhenUnresolvingCNAMEWithMaxDepth(t *testing.T) {
 		t.Fatalf("expected SERVFAIL, got %d", in.Rcode)
 	}
 }
+
+func TestWhenExternalDomain(t *testing.T) {
+	externalDb, _, externalAddr, externalCleanup := setup(nil)
+	internalDb, _, internalAddr, internalCleanup := setup(&args.Arguments{
+		DnsPort:      randomPort(),
+		DnsResolvers: []string{externalAddr},
+	})
+	defer internalCleanup()
+	defer externalCleanup()
+
+	authoritativeRecords := []database.DNSRecord{
+		{
+			ID:      "1",
+			UserID:  "test",
+			Name:    "external.example.com.",
+			Type:    "CNAME",
+			Content: "external.internal.example.com.",
+		},
+		{
+			ID:      "2",
+			UserID:  "test",
+			Name:    "final.example.com.",
+			Type:    "A",
+			Content: "127.0.0.1",
+		},
+	}
+	internalRecords := []database.DNSRecord{
+		{
+			ID:      "1",
+			UserID:  "test",
+			Name:    "external.internal.example.com.",
+			Type:    "CNAME",
+			Content: "final.example.com",
+		},
+		{
+			ID:      "2",
+			UserID:  "test",
+			Name:    "test.internal.example.com.",
+			Type:    "CNAME",
+			Content: "external.example.com.",
+		},
+	}
+
+	for _, record := range authoritativeRecords {
+		database.SaveDNSRecord(externalDb, &record)
+	}
+	for _, record := range internalRecords {
+		database.SaveDNSRecord(internalDb, &record)
+	}
+
+	// ensure that if the record doesn't exist in the internal database, it will
+	// go and query the external dns resolvers, then loop back to the internal
+
+	qtype := dns.TypeA
+	domain := dns.Fqdn("test.internal.example.com.")
+	client := &dns.Client{}
+	message := &dns.Msg{}
+	message.SetQuestion(domain, qtype)
+
+	in, _, err := client.Exchange(message, internalAddr)
+
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(in.Answer) != 4 {
+		t.Fatalf("expected 4 answers, got %d", len(in.Answer))
+	}
+
+	aRecord := in.Answer[3]
+	if aRecord.Header().Name != authoritativeRecords[1].Name {
+		t.Fatalf("expected %s, got %s", domain, aRecord.Header().Name)
+	}
+	if aRecord.Header().Rrtype != dns.TypeA {
+		t.Fatalf("expected %s, got %s", dns.TypeToString[aRecord.Header().Rrtype], internalRecords[1].Type)
+	}
+	if aRecord.(*dns.A).A.String() != authoritativeRecords[1].Content {
+		t.Fatalf("expected %s, got %s", authoritativeRecords[1].Content, aRecord.(*dns.A).A.String())
+	}
+	if in.Authoritative {
+		t.Fatalf("expected non-authoritative response")
+	}
+}
-- 
cgit v1.2.3-70-g09d2