seiso.moe / alky
a recursive dns resolver
fork atom

Compare changes

Choose any two refs to compare.

options
unified split
Changed files
+77 -29
docs
alky.toml
go.mod
go.sum
pkg
config
config.go
dns
ratelimit.go
resolve.go
server.go
-7
docs/alky.toml 
···

       
49

       
49

       
 

       
# This uses time.ParseDuration semantics


     

       
50

       
50

       
 

       
retention_period = "720h"


     

       
51

       
51

       
 

       



     

       
52

       

       
-

       
[cache]


     

       
53

       

       
-

       
# The maximum number of items to store in the cache.


     

       
54

       

       
-

       
max_items = 5000


     

       
55

       

       
-

       



     

       
56

       

       
-

       
# How often the cache will evict items.


     

       
57

       

       
-

       
cleanup_interval = "5m"


     

       
58

       

       
-

       



     

       
59

       
52

       
 

       
[advanced]


     

       
60

       
53

       
 

       
# Timeout (in milliseconds) for outgoing queries before being cancelled.


     

       
61

       
54

       
 

       
query_timeout = 100
-1
pkg/config/config.go 
···

       
4

       
4

       
 

       
	"fmt"


     

       
5

       
5

       
 

       
	"os"


     

       
6

       
6

       
 

       
	"slices"


     

       
7

       

       
-

       
	"strings"


     

       
8

       
7

       
 

       
	"time"


     

       
9

       
8

       
 

       



     

       
10

       
9

       
 

       
	"github.com/BurntSushi/toml"
+1 -1
go.mod 
···

       
9

       
9

       
 

       
	github.com/ClickHouse/clickhouse-go/v2 v2.34.0


     

       
10

       
10

       
 

       
	github.com/stretchr/testify v1.10.0


     

       
11

       
11

       
 

       
	golang.org/x/time v0.11.0


     

       
12

       

       
-

       
	tangled.sh/seiso.moe/magna v0.0.1


     

       

       
12

       
+

       
	tangled.sh/seiso.moe/magna v0.0.2


     

       
13

       
13

       
 

       
)


     

       
14

       
14

       
 

       



     

       
15

       
15

       
 

       
require (
+2
go.sum 
···

       
117

       
117

       
 

       
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=


     

       
118

       
118

       
 

       
tangled.sh/seiso.moe/magna v0.0.1 h1:v8GM2y3xEinc0jGVxYf/33xtWJ74ES9EuTaMxXL8zxo=


     

       
119

       
119

       
 

       
tangled.sh/seiso.moe/magna v0.0.1/go.mod h1:bqm+DTo2Pv4ITT0EnR079l++BJgoChBswSB/3KeijUk=


     

       

       
120

       
+

       
tangled.sh/seiso.moe/magna v0.0.2 h1:4VGPlqv/7tVyTtsR4Qkk8ZNypuNbmaeLogWzkpbHrRs=


     

       

       
121

       
+

       
tangled.sh/seiso.moe/magna v0.0.2/go.mod h1:bqm+DTo2Pv4ITT0EnR079l++BJgoChBswSB/3KeijUk=
+7 -7
pkg/dns/ratelimit.go 
···

       
17

       
17

       
 

       
}


     

       
18

       
18

       
 

       



     

       
19

       
19

       
 

       
type rateLimiter struct {


     

       
20

       

       
-

       
	config RateLimitConfig


     

       
21

       

       
-

       
	limiters map[string]*ipRateLimiterEntry


     

       
22

       

       
-

       
	mu     sync.RWMutex


     

       

       
20

       
+

       
	config      RateLimitConfig


     

       

       
21

       
+

       
	limiters    map[string]*ipRateLimiterEntry


     

       

       
22

       
+

       
	mu          sync.RWMutex


     

       
23

       
23

       
 

       
	stopCleanup chan struct{}


     

       
24

       
24

       
 

       
}


     

       
25

       
25

       
 

       



     
···

       
39

       
39

       
 

       



     

       
40

       
40

       
 

       
func newRateLimiter(config RateLimitConfig) *rateLimiter {


     

       
41

       
41

       
 

       
	rl := &rateLimiter{


     

       
42

       

       
-

       
		config: config,


     

       
43

       

       
-

       
		limiters: make(map[string]*ipRateLimiterEntry),


     

       

       
42

       
+

       
		config:      config,


     

       

       
43

       
+

       
		limiters:    make(map[string]*ipRateLimiterEntry),


     

       
44

       
44

       
 

       
		stopCleanup: make(chan struct{}),


     

       
45

       
45

       
 

       
	}


     

       
46

       
46

       
 

       



     
···

       
49

       
49

       
 

       
}


     

       
50

       
50

       
 

       



     

       
51

       
51

       
 

       
func (rl *rateLimiter) allow(ip string) bool {


     

       
52

       

       
-

       
	rl.mu.Lock() 


     

       

       
52

       
+

       
	rl.mu.Lock()


     

       
53

       
53

       
 

       
	defer rl.mu.Unlock()


     

       
54

       
54

       
 

       



     

       
55

       
55

       
 

       
	entry, exists := rl.limiters[ip]


     
···

       
58

       
58

       
 

       
	if !exists {


     

       
59

       
59

       
 

       
		limiter := rate.NewLimiter(rate.Limit(rl.config.Rate), rl.config.Burst)


     

       
60

       
60

       
 

       
		entry := &ipRateLimiterEntry{


     

       
61

       

       
-

       
			limiter: limiter,


     

       

       
61

       
+

       
			limiter:    limiter,


     

       
62

       
62

       
 

       
			lastAccess: now,


     

       
63

       
63

       
 

       
		}


     

       
64

       
64
+2 -2
pkg/dns/server.go 
···

       
21

       
21

       
 

       
)


     

       
22

       
22

       
 

       



     

       
23

       
23

       
 

       
var (


     

       
24

       

       
-

       
	serverUDPBufferPool = sync.Pool {


     

       

       
24

       
+

       
	serverUDPBufferPool = sync.Pool{


     

       
25

       
25

       
 

       
		New: func() any {


     

       
26

       
26

       
 

       
			b := make([]byte, maxUDPBufferSize)


     

       
27

       
27

       
 

       
			return &b


     

       
28

       
28

       
 

       
		},


     

       
29

       
29

       
 

       
	}


     

       
30

       
30

       
 

       



     

       
31

       

       
-

       
	resolverUDPBufferPool = sync.Pool {


     

       

       
31

       
+

       
	resolverUDPBufferPool = sync.Pool{


     

       
32

       
32

       
 

       
		New: func() any {


     

       
33

       
33

       
 

       
			b := make([]byte, maxResolverUDPBufferSize)


     

       
34

       
34

       
 

       
			return &b
+65 -11
pkg/dns/resolve.go 
···

       
11

       
11

       
 

       
	"tangled.sh/seiso.moe/magna"


     

       
12

       
12

       
 

       
)


     

       
13

       
13

       
 

       



     

       
14

       

       
-

       
var errNXDOMAIN = fmt.Errorf("nxdomain")


     

       

       
14

       
+

       
var (


     

       

       
15

       
+

       
	errNXDOMAIN            = fmt.Errorf("alky: domain does not exist")


     

       

       
16

       
+

       
	errOnlySOA             = fmt.Errorf("alky: only an soa was reffered")


     

       

       
17

       
+

       
	errNoServers           = fmt.Errorf("alky: no servers responded")


     

       

       
18

       
+

       
	errMaxDepth            = fmt.Errorf("alky: maximum recursion depth exceeded")


     

       

       
19

       
+

       
	errNonMatchingID       = fmt.Errorf("alky: response ID mismatch")


     

       

       
20

       
+

       
	errNonMatchingQuestion = fmt.Errorf("alky: response question mismatch")


     

       

       
21

       
+

       
	errQueryTimeout        = fmt.Errorf("alky: query timeout")


     

       

       
22

       
+

       
)


     

       
15

       
23

       
 

       



     

       
16

       
24

       
 

       
const (


     

       
17

       
25

       
 

       
	depthKey contextKey = "dns_recursion_depth"


     
···

       
20

       
28

       
 

       
func withIncrementedDepth(ctx context.Context, maxDepth int) (context.Context, error) {


     

       
21

       
29

       
 

       
	depth := getDepth(ctx)


     

       
22

       
30

       
 

       
	if depth >= maxDepth {


     

       
23

       

       
-

       
		return nil, fmt.Errorf("maximum recursion depth (%d) exceeded", maxDepth)


     

       

       
31

       
+

       
		return nil, errMaxDepth


     

       
24

       
32

       
 

       
	}


     

       
25

       
33

       
 

       
	return context.WithValue(ctx, depthKey, depth+1), nil


     

       
26

       
34

       
 

       
}


     
···

       
65

       
73

       
 

       
		msg.Header.NSCount = uint16(len(records))


     

       
66

       
74

       
 

       
		msg.Header.ANCount = 0


     

       
67

       
75

       
 

       
		msg.Answer = nil


     

       

       
76

       
+

       
	} else if err == errOnlySOA {


     

       

       
77

       
+

       
		msg = msg.SetRCode(magna.NOERROR)


     

       

       
78

       
+

       
		msg.Authority = records


     

       

       
79

       
+

       
		msg.Header.NSCount = uint16(len(records))


     

       

       
80

       
+

       
		msg.Header.ANCount = 0


     

       

       
81

       
+

       
		msg.Header.ARCount = 0


     

       

       
82

       
+

       
		msg.Answer = nil


     

       
68

       
83

       
 

       
	} else if err != nil {


     

       

       
84

       
+

       
		h.Logger.Warn("error", "error", err)


     

       
69

       
85

       
 

       
		msg = msg.SetRCode(magna.SERVFAIL)


     

       
70

       
86

       
 

       
	} else {


     

       
71

       
87

       
 

       
		msg.Answer = records


     
···

       
88

       
104

       
 

       
	for _, s := range servers {


     

       
89

       
105

       
 

       
		msg, err := queryServer(ctx, question, s, h.Timeout)


     

       
90

       
106

       
 

       
		if err != nil {


     

       
91

       

       
-

       
			h.Logger.Warn("unable to resolve question", "server", s)


     

       

       
107

       
+

       
			h.Logger.Warn("unable to resolve question", "server", s, "error", err)


     

       
92

       
108

       
 

       
			continue


     

       
93

       
109

       
 

       
		}


     

       
94

       
110

       
 

       



     

       

       
111

       
+

       
		if msg.Header.RCode == magna.NXDOMAIN {


     

       

       
112

       
+

       
			_, authority := ExtractSOA(msg)


     

       

       
113

       
+

       
			return authority, errNXDOMAIN


     

       

       
114

       
+

       
		}


     

       

       
115

       
+

       



     

       
95

       
116

       
 

       
		if ok, answers := ExtractAnswer(question, msg); ok {


     

       
96

       
117

       
 

       
			if msg.Answer[0].RType == magna.CNAMEType {


     

       
97

       
118

       
 

       
				cnameQuestion := magna.Question{QName: msg.Answer[0].RData.String(), QType: question.QType, QClass: question.QClass}


     
···

       
112

       
133

       
 

       
		if ok, answers := h.HandleReferral(ctx, question, msg); ok {


     

       
113

       
134

       
 

       
			return h.resolveQuestion(ctx, question, answers)


     

       
114

       
135

       
 

       
		}


     

       

       
136

       
+

       



     

       

       
137

       
+

       
		if ok, answers := ExtractSOA(msg); ok {


     

       

       
138

       
+

       
			return answers, errOnlySOA


     

       

       
139

       
+

       
		}


     

       
115

       
140

       
 

       
	}


     

       
116

       
141

       
 

       



     

       
117

       

       
-

       
	return []magna.ResourceRecord{}, nil


     

       

       
142

       
+

       
	return []magna.ResourceRecord{}, errNoServers


     

       
118

       
143

       
 

       
}


     

       
119

       
144

       
 

       



     

       
120

       
145

       
 

       
func queryServer(ctx context.Context, question magna.Question, server string, timeout time.Duration) (magna.Message, error) {


     

       

       
146

       
+

       
	ctx, cancel := context.WithTimeout(ctx, timeout)


     

       

       
147

       
+

       
	defer cancel()


     

       

       
148

       
+

       



     

       
121

       
149

       
 

       
	var d net.Dialer


     

       
122

       
150

       
 

       
	conn, err := d.DialContext(ctx, "udp", fmt.Sprintf("%s:53", server))


     

       
123

       
151

       
 

       
	if err != nil {


     
···

       
125

       
153

       
 

       
	}


     

       
126

       
154

       
 

       
	defer conn.Close()


     

       
127

       
155

       
 

       



     

       
128

       

       
-

       
	go func() {


     

       
129

       

       
-

       
			<-ctx.Done()


     

       
130

       

       
-

       
			conn.Close()


     

       
131

       

       
-

       
	}()


     

       
132

       

       
-

       



     

       
133

       
156

       
 

       
	conn.SetDeadline(time.Now().Add(timeout))


     

       
134

       
157

       
 

       



     

       
135

       

       
-

       
	query := magna.CreateRequest(0, false)


     

       

       
158

       
+

       
	query := magna.CreateRequest(magna.QUERY, false)


     

       
136

       
159

       
 

       
	query = query.AddQuestion(question)


     

       
137

       
160

       
 

       
	msg, err := query.Encode()


     

       
138

       
161

       
 

       
	if err != nil {


     
···

       
155

       
178

       
 

       
	}


     

       
156

       
179

       
 

       



     

       
157

       
180

       
 

       
	var response magna.Message


     

       
158

       

       
-

       
	err = response.Decode(p)


     

       

       
181

       
+

       
	if err := response.Decode(p); err != nil {


     

       

       
182

       
+

       
		return magna.Message{}, err


     

       

       
183

       
+

       
	}


     

       

       
184

       
+

       



     

       

       
185

       
+

       
	if err := validateResponse(*query, response, question); err != nil {


     

       

       
186

       
+

       
		return magna.Message{}, err


     

       

       
187

       
+

       
	}


     

       
159

       
188

       
 

       
	return response, err


     

       
160

       
189

       
 

       
}


     

       
161

       
190

       
 

       



     

       

       
191

       
+

       
func validateResponse(query magna.Message, response magna.Message, question magna.Question) error {


     

       

       
192

       
+

       
	if response.Header.ID != query.Header.ID {


     

       

       
193

       
+

       
		return errNonMatchingID


     

       

       
194

       
+

       
	}


     

       

       
195

       
+

       
	if len(response.Question) < 1 || response.Question[0] != question {


     

       

       
196

       
+

       
		return errNonMatchingQuestion


     

       

       
197

       
+

       
	}


     

       

       
198

       
+

       
	return nil


     

       

       
199

       
+

       
}


     

       

       
200

       
+

       



     

       
162

       
201

       
 

       
func ExtractAnswer(q magna.Question, r magna.Message) (bool, []magna.ResourceRecord) {


     

       
163

       
202

       
 

       
	answers := make([]magna.ResourceRecord, 0, r.Header.ANCount)


     

       
164

       
203

       
 

       
	for _, a := range r.Answer {


     
···

       
174

       
213

       
 

       
	return true, answers


     

       
175

       
214

       
 

       
}


     

       
176

       
215

       
 

       



     

       

       
216

       
+

       
func ExtractSOA(r magna.Message) (bool, []magna.ResourceRecord) {


     

       

       
217

       
+

       
	answers := make([]magna.ResourceRecord, 0, r.Header.NSCount)


     

       

       
218

       
+

       
	for _, a := range r.Authority {


     

       

       
219

       
+

       
		if a.RType == magna.SOAType {


     

       

       
220

       
+

       
			answers = append(answers, a)


     

       

       
221

       
+

       
		}


     

       

       
222

       
+

       
	}


     

       

       
223

       
+

       



     

       

       
224

       
+

       
	if len(answers) <= 0 {


     

       

       
225

       
+

       
		return false, []magna.ResourceRecord{}


     

       

       
226

       
+

       
	}


     

       

       
227

       
+

       



     

       

       
228

       
+

       
	return true, answers


     

       

       
229

       
+

       
}


     

       

       
230

       
+

       



     

       
177

       
231

       
 

       
func HandleGlueRecords(q magna.Question, r magna.Message) (bool, []string) {


     

       
178

       
232

       
 

       
	answers := make([]string, 0, r.Header.ARCount)


     

       
179

       
233

       
 

       
	for _, a := range r.Authority {