]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/resolver.cc
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
limit compression pointers to 14 bits
[thirdparty/pdns.git] / pdns / resolver.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25 #include "utility.hh"
26 #include "resolver.hh"
27 #include <pthread.h>
28 #include <semaphore.h>
29 #include <iostream>
30 #include <errno.h>
31 #include "misc.hh"
32 #include <algorithm>
33 #include <sstream>
34 #include "dnsrecords.hh"
35 #include <cstring>
36 #include <string>
37 #include <vector>
38 #include <boost/algorithm/string.hpp>
39 #include "dns.hh"
40 #include "qtype.hh"
41
42 #include "pdnsexception.hh"
43 #include "arguments.hh"
44 #include "base64.hh"
45 #include "dnswriter.hh"
46 #include "dnsparser.hh"
47
48
49 #include "dns_random.hh"
50 #include <poll.h>
51 #include "gss_context.hh"
52 #include "namespaces.hh"
53
54 int makeQuerySocket(const ComboAddress& local, bool udpOrTCP, bool nonLocalBind)
55 {
56 ComboAddress ourLocal(local);
57
58 int sock=socket(ourLocal.sin4.sin_family, udpOrTCP ? SOCK_DGRAM : SOCK_STREAM, 0);
59 if(sock < 0) {
60 if(errno == EAFNOSUPPORT && local.sin4.sin_family == AF_INET6) {
61 return -1;
62 }
63 unixDie("Creating local resolver socket for "+ourLocal.toString());
64 }
65
66 setCloseOnExec(sock);
67
68 if(nonLocalBind)
69 Utility::setBindAny(local.sin4.sin_family, sock);
70
71 if(udpOrTCP) {
72 // udp, try hard to bind an unpredictable port
73 int tries=10;
74 while(--tries) {
75 ourLocal.sin4.sin_port = htons(10000+(dns_random(10000)));
76
77 if (::bind(sock, (struct sockaddr *)&ourLocal, ourLocal.getSocklen()) >= 0)
78 break;
79 }
80 // cerr<<"bound udp port "<<ourLocal.sin4.sin_port<<", "<<tries<<" tries left"<<endl;
81
82 if(!tries) {
83 closesocket(sock);
84 throw PDNSException("Resolver binding to local UDP socket on "+ourLocal.toString()+": "+stringerror());
85 }
86 }
87 else {
88 // tcp, let the kernel figure out the port
89 ourLocal.sin4.sin_port = 0;
90 if(::bind(sock, (struct sockaddr *)&ourLocal, ourLocal.getSocklen()) < 0) {
91 closesocket(sock);
92 throw PDNSException("Resolver binding to local TCP socket on "+ourLocal.toString()+": "+stringerror());
93 }
94 }
95 return sock;
96 }
97
98 Resolver::Resolver()
99 {
100 locals["default4"] = -1;
101 locals["default6"] = -1;
102 try {
103 if(!::arg()["query-local-address"].empty())
104 locals["default4"] = makeQuerySocket(ComboAddress(::arg()["query-local-address"]), true, ::arg().mustDo("non-local-bind"));
105 if(!::arg()["query-local-address6"].empty())
106 locals["default6"] = makeQuerySocket(ComboAddress(::arg()["query-local-address6"]), true, ::arg().mustDo("non-local-bind"));
107 }
108 catch(...) {
109 if(locals["default4"]>=0)
110 close(locals["default4"]);
111 if(locals["default6"]>=0)
112 close(locals["default6"]);
113 throw;
114 }
115 }
116
117 Resolver::~Resolver()
118 {
119 for (auto& iter: locals) {
120 if (iter.second >= 0)
121 close(iter.second);
122 }
123 }
124
125 uint16_t Resolver::sendResolve(const ComboAddress& remote, const ComboAddress& local,
126 const DNSName &domain, int type, int *localsock, bool dnssecOK,
127 const DNSName& tsigkeyname, const DNSName& tsigalgorithm,
128 const string& tsigsecret)
129 {
130 uint16_t randomid;
131 vector<uint8_t> packet;
132 DNSPacketWriter pw(packet, domain, type);
133 pw.getHeader()->id = randomid = dns_random(0xffff);
134
135 if(dnssecOK) {
136 pw.addOpt(2800, 0, EDNSOpts::DNSSECOK);
137 pw.commit();
138 }
139
140 if(!tsigkeyname.empty()) {
141 // cerr<<"Adding TSIG to notification, key name: '"<<tsigkeyname<<"', algo: '"<<tsigalgorithm<<"', secret: "<<Base64Encode(tsigsecret)<<endl;
142 TSIGRecordContent trc;
143 if (tsigalgorithm == DNSName("hmac-md5"))
144 trc.d_algoName = tsigalgorithm + DNSName("sig-alg.reg.int");
145 else
146 trc.d_algoName = tsigalgorithm;
147 trc.d_time = time(0);
148 trc.d_fudge = 300;
149 trc.d_origID=ntohs(randomid);
150 trc.d_eRcode=0;
151 addTSIG(pw, trc, tsigkeyname, tsigsecret, "", false);
152 }
153
154 int sock;
155
156 // choose socket based on local
157 if (local.sin4.sin_family == 0) {
158 // up to us.
159 sock = remote.sin4.sin_family == AF_INET ? locals["default4"] : locals["default6"];
160 if (sock == -1) {
161 string ipv = remote.sin4.sin_family == AF_INET ? "4" : "6";
162 string qla = remote.sin4.sin_family == AF_INET ? "" : "6";
163 throw ResolverException("No IPv" + ipv + " socket available, is query-local-address" + qla + " unset?");
164 }
165 } else {
166 std::string lstr = local.toString();
167 std::map<std::string, int>::iterator lptr;
168
169 // reuse an existing local socket or make a new one
170 if ((lptr = locals.find(lstr)) != locals.end()) {
171 sock = lptr->second;
172 } else {
173 // try to make socket
174 sock = makeQuerySocket(local, true);
175 if (sock < 0)
176 throw ResolverException("Unable to create local socket on "+lstr+" to "+remote.toStringWithPort()+": "+stringerror());
177 setNonBlocking( sock );
178 locals[lstr] = sock;
179 }
180 }
181
182 if (localsock != nullptr) {
183 *localsock = sock;
184 }
185 if(sendto(sock, &packet[0], packet.size(), 0, (struct sockaddr*)(&remote), remote.getSocklen()) < 0) {
186 throw ResolverException("Unable to ask query of "+remote.toStringWithPort()+": "+stringerror());
187 }
188 return randomid;
189 }
190
191 static int parseResult(MOADNSParser& mdp, const DNSName& origQname, uint16_t origQtype, uint16_t id, Resolver::res_t* result)
192 {
193 result->clear();
194
195 if(mdp.d_header.rcode)
196 return mdp.d_header.rcode;
197
198 if(origQname.countLabels()) { // not AXFR
199 if(mdp.d_header.id != id)
200 throw ResolverException("Remote nameserver replied with wrong id");
201 if(mdp.d_header.qdcount != 1)
202 throw ResolverException("resolver: received answer with wrong number of questions ("+itoa(mdp.d_header.qdcount)+")");
203 if(mdp.d_qname != origQname)
204 throw ResolverException(string("resolver: received an answer to another question (")+mdp.d_qname.toLogString()+"!="+ origQname.toLogString()+".)");
205 }
206
207 vector<DNSResourceRecord> ret;
208 DNSResourceRecord rr;
209 result->reserve(mdp.d_answers.size());
210
211 for (const auto& i: mdp.d_answers) {
212 rr.qname = i.first.d_name;
213 rr.qtype = i.first.d_type;
214 rr.ttl = i.first.d_ttl;
215 rr.content = i.first.d_content->getZoneRepresentation(true);
216 result->push_back(rr);
217 }
218
219 return 0;
220 }
221
222 bool Resolver::tryGetSOASerial(DNSName *domain, ComboAddress* remote, uint32_t *theirSerial, uint32_t *theirInception, uint32_t *theirExpire, uint16_t* id)
223 {
224 auto fds = std::unique_ptr<struct pollfd[]>(new struct pollfd[locals.size()]);
225 size_t i = 0, k;
226 int sock;
227
228 for (const auto& iter: locals) {
229 fds[i].fd = iter.second;
230 fds[i].events = POLLIN;
231 ++i;
232 }
233
234 if (poll(fds.get(), i, 250) < 1) { // wait for 0.25s
235 return false;
236 }
237
238 sock = -1;
239
240 // determine who
241 for(k=0;k<i;k++) {
242 if ((fds[k].revents & POLLIN) == POLLIN) {
243 sock = fds[k].fd;
244 break;
245 }
246 }
247
248 if (sock < 0) return false; // false alarm
249
250 int err;
251 remote->sin6.sin6_family = AF_INET6; // make sure getSocklen() below returns a large enough value
252 socklen_t addrlen=remote->getSocklen();
253 char buf[3000];
254 err = recvfrom(sock, buf, sizeof(buf), 0,(struct sockaddr*)(remote), &addrlen);
255 if(err < 0) {
256 if(errno == EAGAIN)
257 return false;
258
259 throw ResolverException("recvfrom error waiting for answer: "+stringerror());
260 }
261
262 MOADNSParser mdp(false, (char*)buf, err);
263 *id=mdp.d_header.id;
264 *domain = mdp.d_qname;
265
266 if(domain->empty())
267 throw ResolverException("SOA query to '" + remote->toStringWithPort() + "' produced response without domain name (RCode: " + RCode::to_s(mdp.d_header.rcode) + ")");
268
269 if(mdp.d_answers.empty())
270 throw ResolverException("Query to '" + remote->toStringWithPort() + "' for SOA of '" + domain->toLogString() + "' produced no results (RCode: " + RCode::to_s(mdp.d_header.rcode) + ")");
271
272 if(mdp.d_qtype != QType::SOA)
273 throw ResolverException("Query to '" + remote->toStringWithPort() + "' for SOA of '" + domain->toLogString() + "' returned wrong record type");
274
275 if(mdp.d_header.rcode != 0)
276 throw ResolverException("Query to '" + remote->toStringWithPort() + "' for SOA of '" + domain->toLogString() + "' returned Rcode " + RCode::to_s(mdp.d_header.rcode));
277
278 *theirInception = *theirExpire = 0;
279 bool gotSOA=false;
280 for(const MOADNSParser::answers_t::value_type& drc : mdp.d_answers) {
281 if(drc.first.d_type == QType::SOA && drc.first.d_name == *domain) {
282 shared_ptr<SOARecordContent> src=getRR<SOARecordContent>(drc.first);
283 if (src) {
284 *theirSerial=src->d_st.serial;
285 gotSOA = true;
286 }
287 }
288 if(drc.first.d_type == QType::RRSIG && drc.first.d_name == *domain) {
289 shared_ptr<RRSIGRecordContent> rrc=getRR<RRSIGRecordContent>(drc.first);
290 if(rrc && rrc->d_type == QType::SOA) {
291 *theirInception= std::max(*theirInception, rrc->d_siginception);
292 *theirExpire = std::max(*theirExpire, rrc->d_sigexpire);
293 }
294 }
295 }
296 if(!gotSOA)
297 throw ResolverException("Query to '" + remote->toString() + "' for SOA of '" + domain->toLogString() + "' did not return a SOA");
298 return true;
299 }
300
301 int Resolver::resolve(const ComboAddress& to, const DNSName &domain, int type, Resolver::res_t* res, const ComboAddress &local)
302 {
303 try {
304 int sock = -1;
305 int id = sendResolve(to, local, domain, type, &sock);
306 int err=waitForData(sock, 0, 3000000);
307
308 if(!err) {
309 throw ResolverException("Timeout waiting for answer");
310 }
311 if(err < 0)
312 throw ResolverException("Error waiting for answer: "+stringerror());
313
314 ComboAddress from;
315 socklen_t addrlen = sizeof(from);
316 char buffer[3000];
317 int len;
318
319 if((len=recvfrom(sock, buffer, sizeof(buffer), 0,(struct sockaddr*)(&from), &addrlen)) < 0)
320 throw ResolverException("recvfrom error waiting for answer: "+stringerror());
321
322 if (from != to) {
323 throw ResolverException("Got answer from the wrong peer while resolving ("+from.toStringWithPort()+" instead of "+to.toStringWithPort()+", discarding");
324 }
325
326 MOADNSParser mdp(false, buffer, len);
327 return parseResult(mdp, domain, type, id, res);
328 }
329 catch(ResolverException &re) {
330 throw ResolverException(re.reason+" from "+to.toLogString());
331 }
332 return -1;
333 }
334
335 int Resolver::resolve(const ComboAddress& ipport, const DNSName &domain, int type, Resolver::res_t* res) {
336 ComboAddress local;
337 local.sin4.sin_family = 0;
338 return resolve(ipport, domain, type, res, local);
339 }
340
341 void Resolver::getSoaSerial(const ComboAddress& ipport, const DNSName &domain, uint32_t *serial)
342 {
343 vector<DNSResourceRecord> res;
344 int ret = resolve(ipport, domain, QType::SOA, &res);
345
346 if(ret || res.empty())
347 throw ResolverException("Query to '" + ipport.toLogString() + "' for SOA of '" + domain.toLogString() + "' produced no answers");
348
349 if(res[0].qtype.getCode() != QType::SOA)
350 throw ResolverException("Query to '" + ipport.toLogString() + "' for SOA of '" + domain.toLogString() + "' produced a "+res[0].qtype.getName()+" record");
351
352 vector<string>parts;
353 stringtok(parts, res[0].content);
354 if(parts.size()<3)
355 throw ResolverException("Query to '" + ipport.toLogString() + "' for SOA of '" + domain.toLogString() + "' produced an unparseable response");
356
357 try {
358 *serial=pdns_stou(parts[2]);
359 }
360 catch(const std::out_of_range& oor) {
361 throw ResolverException("Query to '" + ipport.toLogString() + "' for SOA of '" + domain.toLogString() + "' produced an unparseable serial");
362 }
363 }
364
365 AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
366 const DNSName& domain,
367 const TSIGTriplet& tt,
368 const ComboAddress* laddr,
369 size_t maxReceivedBytes,
370 uint16_t timeout)
371 : d_tsigVerifier(tt, remote, d_trc), d_receivedBytes(0), d_maxReceivedBytes(maxReceivedBytes)
372 {
373 ComboAddress local;
374 if (laddr != nullptr) {
375 local = ComboAddress(*laddr);
376 } else {
377 string qlas = remote.sin4.sin_family == AF_INET ? "query-local-address" : "query-local-address6";
378 if (::arg()[qlas].empty()) {
379 throw ResolverException("Unable to determine source address for AXFR request to " + remote.toStringWithPort() + " for " + domain.toLogString() + ". " + qlas + " is unset");
380 }
381 local=ComboAddress(::arg()[qlas]);
382 }
383 d_sock = -1;
384 try {
385 d_sock = makeQuerySocket(local, false); // make a TCP socket
386 if (d_sock < 0)
387 throw ResolverException("Error creating socket for AXFR request to "+d_remote.toStringWithPort());
388 d_buf = shared_array<char>(new char[65536]);
389 d_remote = remote; // mostly for error reporting
390 this->connect(timeout);
391 d_soacount = 0;
392
393 vector<uint8_t> packet;
394 DNSPacketWriter pw(packet, domain, QType::AXFR);
395 pw.getHeader()->id = dns_random(0xffff);
396
397 if(!tt.name.empty()) {
398 if (tt.algo == DNSName("hmac-md5"))
399 d_trc.d_algoName = tt.algo + DNSName("sig-alg.reg.int");
400 else
401 d_trc.d_algoName = tt.algo;
402 d_trc.d_time = time(0);
403 d_trc.d_fudge = 300;
404 d_trc.d_origID=ntohs(pw.getHeader()->id);
405 d_trc.d_eRcode=0;
406 addTSIG(pw, d_trc, tt.name, tt.secret, "", false);
407 }
408
409 uint16_t replen=htons(packet.size());
410 Utility::iovec iov[2];
411 iov[0].iov_base=reinterpret_cast<char*>(&replen);
412 iov[0].iov_len=2;
413 iov[1].iov_base=packet.data();
414 iov[1].iov_len=packet.size();
415
416 int ret=Utility::writev(d_sock, iov, 2);
417 if(ret < 0)
418 throw ResolverException("Error sending question to "+d_remote.toStringWithPort()+": "+stringerror());
419 if(ret != (int)(2+packet.size())) {
420 throw ResolverException("Partial write on AXFR request to "+d_remote.toStringWithPort());
421 }
422
423 int res = waitForData(d_sock, timeout, 0);
424
425 if(!res)
426 throw ResolverException("Timeout waiting for answer from "+d_remote.toStringWithPort()+" during AXFR");
427 if(res<0)
428 throw ResolverException("Error waiting for answer from "+d_remote.toStringWithPort()+": "+stringerror());
429 }
430 catch(...) {
431 if(d_sock >= 0)
432 close(d_sock);
433 d_sock = -1;
434 throw;
435 }
436 }
437
438 AXFRRetriever::~AXFRRetriever()
439 {
440 close(d_sock);
441 }
442
443
444
445 int AXFRRetriever::getChunk(Resolver::res_t &res, vector<DNSRecord>* records, uint16_t timeout) // Implementation is making sure RFC2845 4.4 is followed.
446 {
447 if(d_soacount > 1)
448 return false;
449
450 // d_sock is connected and is about to spit out a packet
451 int len=getLength(timeout);
452 if(len<0)
453 throw ResolverException("EOF trying to read axfr chunk from remote TCP client");
454
455 if (d_maxReceivedBytes > 0 && (d_maxReceivedBytes - d_receivedBytes) < (size_t) len)
456 throw ResolverException("Reached the maximum number of received bytes during AXFR");
457
458 timeoutReadn(len, timeout);
459
460 d_receivedBytes += (uint16_t) len;
461
462 MOADNSParser mdp(false, d_buf.get(), len);
463
464 int err = mdp.d_header.rcode;
465
466 if(err) {
467 throw ResolverException("AXFR chunk error: " + RCode::to_s(err));
468 }
469
470 try {
471 d_tsigVerifier.check(std::string(d_buf.get(), len), mdp);
472 }
473 catch(const std::runtime_error& re) {
474 throw ResolverException(re.what());
475 }
476
477 if(!records) {
478 err = parseResult(mdp, DNSName(), 0, 0, &res);
479
480 if (!err) {
481 for(const auto& answer : mdp.d_answers)
482 if (answer.first.d_type == QType::SOA)
483 d_soacount++;
484 }
485 }
486 else {
487 records->clear();
488 records->reserve(mdp.d_answers.size());
489
490 for(auto& r: mdp.d_answers) {
491 if (r.first.d_type == QType::SOA) {
492 d_soacount++;
493 }
494
495 records->push_back(std::move(r.first));
496 }
497 }
498
499 return true;
500 }
501
502 void AXFRRetriever::timeoutReadn(uint16_t bytes, uint16_t timeoutsec)
503 {
504 time_t start=time(nullptr);
505 int n=0;
506 int numread;
507 while(n<bytes) {
508 int res=waitForData(d_sock, timeoutsec-(time(nullptr)-start));
509 if(res<0)
510 throw ResolverException("Reading data from remote nameserver over TCP: "+stringerror());
511 if(!res)
512 throw ResolverException("Timeout while reading data from remote nameserver over TCP");
513
514 numread=recv(d_sock, d_buf.get()+n, bytes-n, 0);
515 if(numread<0)
516 throw ResolverException("Reading data from remote nameserver over TCP: "+stringerror());
517 if(numread==0)
518 throw ResolverException("Remote nameserver closed TCP connection");
519 n+=numread;
520 }
521 }
522
523 void AXFRRetriever::connect(uint16_t timeout)
524 {
525 setNonBlocking( d_sock );
526
527 int err;
528
529 if((err=::connect(d_sock,(struct sockaddr*)&d_remote, d_remote.getSocklen()))<0 && errno!=EINPROGRESS) {
530 try {
531 closesocket(d_sock);
532 }
533 catch(const PDNSException& e) {
534 d_sock=-1;
535 throw ResolverException("Error closing AXFR socket after connect() failed: "+e.reason);
536 }
537
538 throw ResolverException("connect: "+stringerror());
539 }
540
541 if(!err)
542 goto done;
543
544 err=waitForRWData(d_sock, false, timeout, 0); // wait for writeability
545
546 if(!err) {
547 try {
548 closesocket(d_sock); // timeout
549 }
550 catch(const PDNSException& e) {
551 d_sock=-1;
552 throw ResolverException("Error closing AXFR socket after timeout: "+e.reason);
553 }
554
555 d_sock=-1;
556 errno=ETIMEDOUT;
557
558 throw ResolverException("Timeout connecting to server");
559 }
560 else if(err < 0) {
561 throw ResolverException("Error connecting: "+string(strerror(errno)));
562 }
563 else {
564 Utility::socklen_t len=sizeof(err);
565 if(getsockopt(d_sock, SOL_SOCKET,SO_ERROR,(char *)&err,&len)<0)
566 throw ResolverException("Error connecting: "+stringerror()); // Solaris
567
568 if(err)
569 throw ResolverException("Error connecting: "+string(strerror(err)));
570 }
571
572 done:
573 setBlocking( d_sock );
574 // d_sock now connected
575 }
576
577 int AXFRRetriever::getLength(uint16_t timeout)
578 {
579 timeoutReadn(2, timeout);
580 return (unsigned char)d_buf[0]*256+(unsigned char)d_buf[1];
581 }
582
Unnamed repository; edit this file 'description' to name the repository.