Added basic DoT support
This commit is contained in:
@@ -1,3 +1,145 @@
|
||||
package dot
|
||||
|
||||
// DoT (DNS over TLS) resolver implementation
|
||||
import (
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net"
|
||||
"os"
|
||||
|
||||
"github.com/afonsofrancof/sdns-perf/internal/protocols/do53"
|
||||
"golang.org/x/net/dns/dnsmessage"
|
||||
)
|
||||
|
||||
func Run(domain, queryType, server string, dnssec bool) error {
|
||||
|
||||
DNSMessage, err := do53.MakeDNSMessage(domain, queryType)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
// Step 1 - Establish a TCP Connection
|
||||
tcpConn, err := net.Dial("tcp", server)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to establish TCP connection: %v", err)
|
||||
}
|
||||
defer tcpConn.Close()
|
||||
|
||||
// Step 2 - Upgrade it to a TLS Connection
|
||||
|
||||
// Temporary keylog file to allow traffic inspection
|
||||
keyLogFile, err := os.OpenFile(
|
||||
"tls-key-log.txt",
|
||||
os.O_APPEND|os.O_CREATE|os.O_WRONLY,
|
||||
0600,
|
||||
)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed opening key log file: %v", err)
|
||||
}
|
||||
defer keyLogFile.Close()
|
||||
|
||||
tlsConfig := &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
MinVersion: tls.VersionTLS12,
|
||||
KeyLogWriter: keyLogFile,
|
||||
}
|
||||
|
||||
tlsConn := tls.Client(tcpConn, tlsConfig)
|
||||
err = tlsConn.Handshake()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to execute the TLS handshake: %v", err)
|
||||
}
|
||||
defer tlsConn.Close()
|
||||
|
||||
// Before sending the DNS message over TLS, prepend the 2-byte length field
|
||||
lengthPrefixedMessage := make([]byte, len(DNSMessage)+2)
|
||||
lengthPrefixedMessage[0] = byte(len(DNSMessage) >> 8) // High byte
|
||||
lengthPrefixedMessage[1] = byte(len(DNSMessage) & 0xFF) // Low byte
|
||||
copy(lengthPrefixedMessage[2:], DNSMessage)
|
||||
|
||||
_, err = tlsConn.Write(lengthPrefixedMessage)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed writing TLS request: %v", err)
|
||||
}
|
||||
|
||||
// Read the 2-byte length prefix
|
||||
lengthBuf := make([]byte, 2)
|
||||
_, err = tlsConn.Read(lengthBuf)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed reading response length: %v", err)
|
||||
}
|
||||
|
||||
// Calculate the message length from the 2-byte prefix
|
||||
messageLength := int(lengthBuf[0])<<8 | int(lengthBuf[1])
|
||||
|
||||
responseBuf := make([]byte, messageLength)
|
||||
n, err := tlsConn.Read(responseBuf)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed reading TLS response: %v", err)
|
||||
}
|
||||
|
||||
// Parse the response
|
||||
var parser dnsmessage.Parser
|
||||
header, err := parser.Start(responseBuf[:n])
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to parse DNS response: %v", err)
|
||||
}
|
||||
|
||||
fmt.Printf("DNS Response Header:\n")
|
||||
fmt.Printf(" ID: %d\n", header.ID)
|
||||
fmt.Printf(" Response: %v\n", header.Response)
|
||||
fmt.Printf(" RCode: %v\n", header.RCode)
|
||||
|
||||
// Skip all questions before reading answers
|
||||
err = parser.SkipAllQuestions()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to skip questions: %v", err)
|
||||
}
|
||||
|
||||
// Parse answers
|
||||
fmt.Printf("\nAnswers:\n")
|
||||
answers, err := parser.AllAnswers()
|
||||
|
||||
for i, answer := range answers {
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to parse answer %d: %v", i, err)
|
||||
}
|
||||
|
||||
fmt.Printf(" Answer %d:\n", i+1)
|
||||
fmt.Printf(" Name: %v\n", answer.Header.Name)
|
||||
fmt.Printf(" Type: %v\n", answer.Header.Type)
|
||||
fmt.Printf(" TTL: %v seconds\n", answer.Header.TTL)
|
||||
|
||||
// Handle different record types
|
||||
switch answer.Header.Type {
|
||||
case dnsmessage.TypeA:
|
||||
if r, ok := answer.Body.(*dnsmessage.AResource); ok {
|
||||
fmt.Printf(" IPv4: %d.%d.%d.%d\n", r.A[0], r.A[1], r.A[2], r.A[3])
|
||||
}
|
||||
case dnsmessage.TypeAAAA:
|
||||
if r, ok := answer.Body.(*dnsmessage.AAAAResource); ok {
|
||||
ip := r.AAAA
|
||||
fmt.Printf(" IPv6: %02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n",
|
||||
ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], ip[7],
|
||||
ip[8], ip[9], ip[10], ip[11], ip[12], ip[13], ip[14], ip[15])
|
||||
}
|
||||
case dnsmessage.TypeCNAME:
|
||||
if r, ok := answer.Body.(*dnsmessage.CNAMEResource); ok {
|
||||
fmt.Printf(" CNAME: %v\n", r.CNAME)
|
||||
}
|
||||
case dnsmessage.TypeMX:
|
||||
if r, ok := answer.Body.(*dnsmessage.MXResource); ok {
|
||||
fmt.Printf(" Preference: %v\n", r.Pref)
|
||||
fmt.Printf(" MX: %v\n", r.MX)
|
||||
}
|
||||
case dnsmessage.TypeTXT:
|
||||
if r, ok := answer.Body.(*dnsmessage.TXTResource); ok {
|
||||
fmt.Printf(" TXT: %v\n", r.TXT)
|
||||
}
|
||||
default:
|
||||
fmt.Printf(" [Unsupported record type]\n")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user