]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/resolver.cc
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5523 from rubenk/fix-typos-in-logmessage
[thirdparty/pdns.git] / pdns / resolver.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25 #include "utility.hh"
26 #include "resolver.hh"
27 #include <pthread.h>
28 #include <semaphore.h>
29 #include <iostream>
30 #include <errno.h>
31 #include "misc.hh"
32 #include <algorithm>
33 #include <sstream>
34 #include "dnsrecords.hh"
35 #include <cstring>
36 #include <string>
37 #include <vector>
38 #include <boost/algorithm/string.hpp>
39 #include "dns.hh"
40 #include "qtype.hh"
41
42 #include "pdnsexception.hh"
43 #include "arguments.hh"
44 #include "base64.hh"
45 #include "dnswriter.hh"
46 #include "dnsparser.hh"
47
48
49 #include "dns_random.hh"
50 #include <poll.h>
51 #include "gss_context.hh"
52 #include "namespaces.hh"
53
54 int makeQuerySocket(const ComboAddress& local, bool udpOrTCP, bool nonLocalBind)
55 {
56 ComboAddress ourLocal(local);
57
58 int sock=socket(ourLocal.sin4.sin_family, udpOrTCP ? SOCK_DGRAM : SOCK_STREAM, 0);
59 if(sock < 0) {
60 if(errno == EAFNOSUPPORT && local.sin4.sin_family == AF_INET6) {
61 return -1;
62 }
63 unixDie("Creating local resolver socket for "+ourLocal.toString());
64 }
65
66 setCloseOnExec(sock);
67
68 if(nonLocalBind)
69 Utility::setBindAny(local.sin4.sin_family, sock);
70
71 if(udpOrTCP) {
72 // udp, try hard to bind an unpredictable port
73 int tries=10;
74 while(--tries) {
75 ourLocal.sin4.sin_port = htons(10000+(dns_random(10000)));
76
77 if (::bind(sock, (struct sockaddr *)&ourLocal, ourLocal.getSocklen()) >= 0)
78 break;
79 }
80 // cerr<<"bound udp port "<<ourLocal.sin4.sin_port<<", "<<tries<<" tries left"<<endl;
81
82 if(!tries) {
83 closesocket(sock);
84 throw PDNSException("Resolver binding to local UDP socket on "+ourLocal.toString()+": "+stringerror());
85 }
86 }
87 else {
88 // tcp, let the kernel figure out the port
89 // cerr<<"letting kernel pick TCP port"<<endl;
90 ourLocal.sin4.sin_port = 0;
91 if(::bind(sock, (struct sockaddr *)&ourLocal, ourLocal.getSocklen()) < 0)
92 throw PDNSException("Resolver binding to local TCP socket on "+ourLocal.toString()+": "+stringerror());
93 }
94 return sock;
95 }
96
97 Resolver::Resolver()
98 {
99 locals["default4"] = -1;
100 locals["default6"] = -1;
101 try {
102 locals["default4"] = makeQuerySocket(ComboAddress(::arg()["query-local-address"]), true, ::arg().mustDo("non-local-bind"));
103 if(!::arg()["query-local-address6"].empty())
104 locals["default6"] = makeQuerySocket(ComboAddress(::arg()["query-local-address6"]), true, ::arg().mustDo("non-local-bind"));
105 }
106 catch(...) {
107 if(locals["default4"]>=0)
108 close(locals["default4"]);
109 throw;
110 }
111 }
112
113 Resolver::~Resolver()
114 {
115 for(std::map<std::string,int>::iterator iter = locals.begin(); iter != locals.end(); iter++) {
116 if (iter->second >= 0)
117 close(iter->second);
118 }
119 }
120
121 uint16_t Resolver::sendResolve(const ComboAddress& remote, const ComboAddress& local,
122 const DNSName &domain, int type, bool dnssecOK,
123 const DNSName& tsigkeyname, const DNSName& tsigalgorithm,
124 const string& tsigsecret)
125 {
126 uint16_t randomid;
127 vector<uint8_t> packet;
128 DNSPacketWriter pw(packet, domain, type);
129 pw.getHeader()->id = randomid = dns_random(0xffff);
130
131 if(dnssecOK) {
132 pw.addOpt(2800, 0, EDNSOpts::DNSSECOK);
133 pw.commit();
134 }
135
136 if(!tsigkeyname.empty()) {
137 // cerr<<"Adding TSIG to notification, key name: '"<<tsigkeyname<<"', algo: '"<<tsigalgorithm<<"', secret: "<<Base64Encode(tsigsecret)<<endl;
138 TSIGRecordContent trc;
139 if (tsigalgorithm == DNSName("hmac-md5"))
140 trc.d_algoName = tsigalgorithm + DNSName("sig-alg.reg.int");
141 else
142 trc.d_algoName = tsigalgorithm;
143 trc.d_time = time(0);
144 trc.d_fudge = 300;
145 trc.d_origID=ntohs(randomid);
146 trc.d_eRcode=0;
147 addTSIG(pw, trc, tsigkeyname, tsigsecret, "", false);
148 }
149
150 int sock;
151
152 // choose socket based on local
153 if (local.sin4.sin_family == 0) {
154 // up to us.
155 sock = remote.sin4.sin_family == AF_INET ? locals["default4"] : locals["default6"];
156 } else {
157 std::string lstr = local.toString();
158 std::map<std::string, int>::iterator lptr;
159 // see if there is a local
160
161 if ((lptr = locals.find(lstr)) != locals.end()) {
162 sock = lptr->second;
163 } else {
164 // try to make socket
165 sock = makeQuerySocket(local, true);
166 if (sock < 0)
167 throw ResolverException("Unable to create socket to "+remote.toStringWithPort()+": "+stringerror());
168 setNonBlocking( sock );
169 locals[lstr] = sock;
170 }
171 }
172
173 if(sendto(sock, &packet[0], packet.size(), 0, (struct sockaddr*)(&remote), remote.getSocklen()) < 0) {
174 throw ResolverException("Unable to ask query of "+remote.toStringWithPort()+": "+stringerror());
175 }
176 return randomid;
177 }
178
179 uint16_t Resolver::sendResolve(const ComboAddress& remote, const DNSName &domain,
180 int type, bool dnssecOK,
181 const DNSName& tsigkeyname, const DNSName& tsigalgorithm,
182 const string& tsigsecret)
183 {
184 ComboAddress local;
185 local.sin4.sin_family = 0;
186 return this->sendResolve(remote, local, domain, type, dnssecOK, tsigkeyname, tsigalgorithm, tsigsecret);
187 }
188
189 static int parseResult(MOADNSParser& mdp, const DNSName& origQname, uint16_t origQtype, uint16_t id, Resolver::res_t* result)
190 {
191 result->clear();
192
193 if(mdp.d_header.rcode)
194 return mdp.d_header.rcode;
195
196 if(origQname.countLabels()) { // not AXFR
197 if(mdp.d_header.id != id)
198 throw ResolverException("Remote nameserver replied with wrong id");
199 if(mdp.d_header.qdcount != 1)
200 throw ResolverException("resolver: received answer with wrong number of questions ("+itoa(mdp.d_header.qdcount)+")");
201 if(mdp.d_qname != origQname)
202 throw ResolverException(string("resolver: received an answer to another question (")+mdp.d_qname.toString()+"!="+ origQname.toString()+".)");
203 }
204
205 vector<DNSResourceRecord> ret;
206 DNSResourceRecord rr;
207 for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i!=mdp.d_answers.end(); ++i) {
208 rr.qname = i->first.d_name;
209 rr.qtype = i->first.d_type;
210 rr.ttl = i->first.d_ttl;
211 rr.content = i->first.d_content->getZoneRepresentation(true);
212 result->push_back(rr);
213 }
214
215 return 0;
216 }
217
218 bool Resolver::tryGetSOASerial(DNSName *domain, uint32_t *theirSerial, uint32_t *theirInception, uint32_t *theirExpire, uint16_t* id)
219 {
220 struct pollfd *fds = new struct pollfd[locals.size()];
221 size_t i = 0, k;
222 int sock;
223
224 for(std::map<string,int>::iterator iter=locals.begin(); iter != locals.end(); iter++, i++) {
225 fds[i].fd = iter->second;
226 fds[i].events = POLLIN;
227 }
228
229 if (poll(fds, i, 250) < 1) { // wait for 0.25s
230 delete [] fds;
231 return false;
232 }
233
234 sock = -1;
235
236 // determine who
237 for(k=0;k<i;k++) {
238 if ((fds[k].revents & POLLIN) == POLLIN) {
239 sock = fds[k].fd;
240 break;
241 }
242 }
243
244 delete [] fds;
245
246 if (sock < 0) return false; // false alarm
247
248 int err;
249 ComboAddress fromaddr;
250 socklen_t addrlen=fromaddr.getSocklen();
251 char buf[3000];
252 err = recvfrom(sock, buf, sizeof(buf), 0,(struct sockaddr*)(&fromaddr), &addrlen);
253 if(err < 0) {
254 if(errno == EAGAIN)
255 return false;
256
257 throw ResolverException("recvfrom error waiting for answer: "+stringerror());
258 }
259
260 MOADNSParser mdp(false, (char*)buf, err);
261 *id=mdp.d_header.id;
262 *domain = mdp.d_qname;
263
264 if(mdp.d_answers.empty())
265 throw ResolverException("Query to '" + fromaddr.toStringWithPort() + "' for SOA of '" + domain->toString() + "' produced no results (RCode: " + RCode::to_s(mdp.d_header.rcode) + ")");
266
267 if(mdp.d_qtype != QType::SOA)
268 throw ResolverException("Query to '" + fromaddr.toStringWithPort() + "' for SOA of '" + domain->toString() + "' returned wrong record type");
269
270 *theirInception = *theirExpire = 0;
271 bool gotSOA=false;
272 for(const MOADNSParser::answers_t::value_type& drc : mdp.d_answers) {
273 if(drc.first.d_type == QType::SOA) {
274 shared_ptr<SOARecordContent> src=getRR<SOARecordContent>(drc.first);
275 if (src) {
276 *theirSerial=src->d_st.serial;
277 gotSOA = true;
278 }
279 }
280 if(drc.first.d_type == QType::RRSIG) {
281 shared_ptr<RRSIGRecordContent> rrc=getRR<RRSIGRecordContent>(drc.first);
282 if(rrc && rrc->d_type == QType::SOA) {
283 *theirInception= std::max(*theirInception, rrc->d_siginception);
284 *theirExpire = std::max(*theirExpire, rrc->d_sigexpire);
285 }
286 }
287 }
288 if(!gotSOA)
289 throw ResolverException("Query to '" + fromaddr.toString() + "' for SOA of '" + domain->toString() + "' did not return a SOA");
290 return true;
291 }
292
293 int Resolver::resolve(const string &ipport, const DNSName &domain, int type, Resolver::res_t* res, const ComboAddress &local)
294 {
295 try {
296 ComboAddress to(ipport, 53);
297
298 int id = sendResolve(to, local, domain, type);
299 int sock;
300
301 // choose socket based on local
302 if (local.sin4.sin_family == 0) {
303 // up to us.
304 sock = to.sin4.sin_family == AF_INET ? locals["default4"] : locals["default6"];
305 } else {
306 std::string lstr = local.toString();
307 std::map<std::string, int>::iterator lptr;
308 // see if there is a local
309
310 if ((lptr = locals.find(lstr)) != locals.end()) sock = lptr->second;
311 else throw ResolverException("sendResolve did not create socket for " + lstr);
312 }
313
314 int err=waitForData(sock, 0, 3000000);
315
316 if(!err) {
317 throw ResolverException("Timeout waiting for answer");
318 }
319 if(err < 0)
320 throw ResolverException("Error waiting for answer: "+stringerror());
321
322 ComboAddress from;
323 socklen_t addrlen = sizeof(from);
324 char buffer[3000];
325 int len;
326
327 if((len=recvfrom(sock, buffer, sizeof(buffer), 0,(struct sockaddr*)(&from), &addrlen)) < 0)
328 throw ResolverException("recvfrom error waiting for answer: "+stringerror());
329
330 MOADNSParser mdp(false, buffer, len);
331 return parseResult(mdp, domain, type, id, res);
332 }
333 catch(ResolverException &re) {
334 throw ResolverException(re.reason+" from "+ipport);
335 }
336 return -1;
337 }
338
339 int Resolver::resolve(const string &ipport, const DNSName &domain, int type, Resolver::res_t* res) {
340 ComboAddress local;
341 local.sin4.sin_family = 0;
342 return resolve(ipport, domain, type, res, local);
343 }
344
345 void Resolver::getSoaSerial(const string &ipport, const DNSName &domain, uint32_t *serial)
346 {
347 vector<DNSResourceRecord> res;
348 int ret = resolve(ipport, domain, QType::SOA, &res);
349
350 if(ret || res.empty())
351 throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced no answers");
352
353 if(res[0].qtype.getCode() != QType::SOA)
354 throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced a "+res[0].qtype.getName()+" record");
355
356 vector<string>parts;
357 stringtok(parts, res[0].content);
358 if(parts.size()<3)
359 throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable response");
360
361 try {
362 *serial=pdns_stou(parts[2]);
363 }
364 catch(const std::out_of_range& oor) {
365 throw ResolverException("Query to '" + ipport + "' for SOA of '" + domain.toString() + "' produced an unparseable serial");
366 }
367 }
368
369 AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
370 const DNSName& domain,
371 const TSIGTriplet& tt,
372 const ComboAddress* laddr,
373 size_t maxReceivedBytes)
374 : d_tsigVerifier(tt, remote, d_trc), d_receivedBytes(0), d_maxReceivedBytes(maxReceivedBytes)
375 {
376 ComboAddress local;
377 if (laddr != NULL) {
378 local = (ComboAddress) (*laddr);
379 } else {
380 if(remote.sin4.sin_family == AF_INET)
381 local=ComboAddress(::arg()["query-local-address"]);
382 else if(!::arg()["query-local-address6"].empty())
383 local=ComboAddress(::arg()["query-local-address6"]);
384 else
385 local=ComboAddress("::");
386 }
387 d_sock = -1;
388 try {
389 d_sock = makeQuerySocket(local, false); // make a TCP socket
390 if (d_sock < 0)
391 throw ResolverException("Error creating socket for AXFR request to "+d_remote.toStringWithPort());
392 d_buf = shared_array<char>(new char[65536]);
393 d_remote = remote; // mostly for error reporting
394 this->connect();
395 d_soacount = 0;
396
397 vector<uint8_t> packet;
398 DNSPacketWriter pw(packet, domain, QType::AXFR);
399 pw.getHeader()->id = dns_random(0xffff);
400
401 if(!tt.name.empty()) {
402 if (tt.algo == DNSName("hmac-md5"))
403 d_trc.d_algoName = tt.algo + DNSName("sig-alg.reg.int");
404 else
405 d_trc.d_algoName = tt.algo;
406 d_trc.d_time = time(0);
407 d_trc.d_fudge = 300;
408 d_trc.d_origID=ntohs(pw.getHeader()->id);
409 d_trc.d_eRcode=0;
410 addTSIG(pw, d_trc, tt.name, tt.secret, "", false);
411 }
412
413 uint16_t replen=htons(packet.size());
414 Utility::iovec iov[2];
415 iov[0].iov_base=reinterpret_cast<char*>(&replen);
416 iov[0].iov_len=2;
417 iov[1].iov_base=packet.data();
418 iov[1].iov_len=packet.size();
419
420 int ret=Utility::writev(d_sock, iov, 2);
421 if(ret < 0)
422 throw ResolverException("Error sending question to "+d_remote.toStringWithPort()+": "+stringerror());
423 if(ret != (int)(2+packet.size())) {
424 throw ResolverException("Partial write on AXFR request to "+d_remote.toStringWithPort());
425 }
426
427 int res = waitForData(d_sock, 10, 0);
428
429 if(!res)
430 throw ResolverException("Timeout waiting for answer from "+d_remote.toStringWithPort()+" during AXFR");
431 if(res<0)
432 throw ResolverException("Error waiting for answer from "+d_remote.toStringWithPort()+": "+stringerror());
433 }
434 catch(...) {
435 if(d_sock >= 0)
436 close(d_sock);
437 d_sock = -1;
438 throw;
439 }
440 }
441
442 AXFRRetriever::~AXFRRetriever()
443 {
444 close(d_sock);
445 }
446
447
448
449 int AXFRRetriever::getChunk(Resolver::res_t &res, vector<DNSRecord>* records) // Implementation is making sure RFC2845 4.4 is followed.
450 {
451 if(d_soacount > 1)
452 return false;
453
454 // d_sock is connected and is about to spit out a packet
455 int len=getLength();
456 if(len<0)
457 throw ResolverException("EOF trying to read axfr chunk from remote TCP client");
458
459 if (d_maxReceivedBytes > 0 && (d_maxReceivedBytes - d_receivedBytes) < (size_t) len)
460 throw ResolverException("Reached the maximum number of received bytes during AXFR");
461
462 timeoutReadn(len);
463
464 d_receivedBytes += (uint16_t) len;
465
466 MOADNSParser mdp(false, d_buf.get(), len);
467
468 int err;
469 if(!records)
470 err=parseResult(mdp, DNSName(), 0, 0, &res);
471 else {
472 records->clear();
473 for(const auto& r: mdp.d_answers)
474 records->push_back(r.first);
475 err = mdp.d_header.rcode;
476 }
477
478 if(err)
479 throw ResolverException("AXFR chunk error: " + RCode::to_s(err));
480
481 for(const MOADNSParser::answers_t::value_type& answer : mdp.d_answers)
482 if (answer.first.d_type == QType::SOA)
483 d_soacount++;
484
485 try {
486 d_tsigVerifier.check(std::string(d_buf.get(), len), mdp);
487 }
488 catch(const std::runtime_error& re) {
489 throw ResolverException(re.what());
490 }
491
492 return true;
493 }
494
495 void AXFRRetriever::timeoutReadn(uint16_t bytes)
496 {
497 time_t start=time(0);
498 int n=0;
499 int numread;
500 while(n<bytes) {
501 int res=waitForData(d_sock, 10-(time(0)-start));
502 if(res<0)
503 throw ResolverException("Reading data from remote nameserver over TCP: "+stringerror());
504 if(!res)
505 throw ResolverException("Timeout while reading data from remote nameserver over TCP");
506
507 numread=recv(d_sock, d_buf.get()+n, bytes-n, 0);
508 if(numread<0)
509 throw ResolverException("Reading data from remote nameserver over TCP: "+stringerror());
510 if(numread==0)
511 throw ResolverException("Remote nameserver closed TCP connection");
512 n+=numread;
513 }
514 }
515
516 void AXFRRetriever::connect()
517 {
518 setNonBlocking( d_sock );
519
520 int err;
521
522 if((err=::connect(d_sock,(struct sockaddr*)&d_remote, d_remote.getSocklen()))<0 && errno!=EINPROGRESS) {
523 try {
524 closesocket(d_sock);
525 }
526 catch(const PDNSException& e) {
527 d_sock=-1;
528 throw ResolverException("Error closing AXFR socket after connect() failed: "+e.reason);
529 }
530
531 throw ResolverException("connect: "+stringerror());
532 }
533
534 if(!err)
535 goto done;
536
537 err=waitForRWData(d_sock, false, 10, 0); // wait for writeability
538
539 if(!err) {
540 try {
541 closesocket(d_sock); // timeout
542 }
543 catch(const PDNSException& e) {
544 d_sock=-1;
545 throw ResolverException("Error closing AXFR socket after timeout: "+e.reason);
546 }
547
548 d_sock=-1;
549 errno=ETIMEDOUT;
550
551 throw ResolverException("Timeout connecting to server");
552 }
553 else if(err < 0) {
554 throw ResolverException("Error connecting: "+string(strerror(err)));
555 }
556 else {
557 Utility::socklen_t len=sizeof(err);
558 if(getsockopt(d_sock, SOL_SOCKET,SO_ERROR,(char *)&err,&len)<0)
559 throw ResolverException("Error connecting: "+stringerror()); // Solaris
560
561 if(err)
562 throw ResolverException("Error connecting: "+string(strerror(err)));
563 }
564
565 done:
566 setBlocking( d_sock );
567 // d_sock now connected
568 }
569
570 int AXFRRetriever::getLength()
571 {
572 timeoutReadn(2);
573 return (unsigned char)d_buf[0]*256+(unsigned char)d_buf[1];
574 }
575
Unnamed repository; edit this file 'description' to name the repository.