tailscale/types/dnstype/dnstype.go

// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause

// Package dnstype defines types for working with DNS.
package dnstype

//go:generate go run tailscale.com/cmd/viewer --type=Resolver --clonefunc=true

import (
	"net/netip"
	"slices"
)

// Resolver is the configuration for one DNS resolver.
type Resolver struct {
	// Addr is the address of the DNS resolver, one of:
	//  - A plain IP address for a "classic" UDP+TCP DNS resolver.
	//    This is the common format as sent by the control plane.
	//  - An IP:port, for tests.
	//  - "https://resolver.com/path" for DNS over HTTPS; currently
	//    as of 2022-09-08 only used for certain well-known resolvers
	//    (see the publicdns package) for which the IP addresses to dial DoH are
	//    known ahead of time, so bootstrap DNS resolution is not required.
	//  - "http://node-address:port/path" for DNS over HTTP over WireGuard. This
	//    is implemented in the PeerAPI for exit nodes and app connectors.
	//  - [TODO] "tls://resolver.com" for DNS over TCP+TLS
	Addr string `json:",omitempty"`

	// BootstrapResolution is an optional suggested resolution for the
	// DoT/DoH resolver, if the resolver URL does not reference an IP
	// address directly.
	// BootstrapResolution may be empty, in which case clients should
	// look up the DoT/DoH server using their local "classic" DNS
	// resolver.
	//
	// As of 2022-09-08, BootstrapResolution is not yet used.
	BootstrapResolution []netip.Addr `json:",omitempty"`
}

// IPPort returns r.Addr as an IP address and port if either
// r.Addr is an IP address (the common case) or if r.Addr
// is an IP:port (as done in tests).
func (r *Resolver) IPPort() (ipp netip.AddrPort, ok bool) {
	if r.Addr == "" || r.Addr[0] == 'h' || r.Addr[0] == 't' {
		// Fast path to avoid ParseIP error allocation for obviously not IP
		// cases.
		return
	}
	if ip, err := netip.ParseAddr(r.Addr); err == nil {
		return netip.AddrPortFrom(ip, 53), true
	}
	if ipp, err := netip.ParseAddrPort(r.Addr); err == nil {
		return ipp, true
	}
	return
}

// Equal reports whether r and other are equal.
func (r *Resolver) Equal(other *Resolver) bool {
	if r == nil || other == nil {
		return r == other
	}
	if r == other {
		return true
	}

	return r.Addr == other.Addr && slices.Equal(r.BootstrapResolution, other.BootstrapResolution)
}
all: update copyright and license headers This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com> 2023-01-27 21:37:20 +00:00			`// Copyright (c) Tailscale Inc & AUTHORS`
			`// SPDX-License-Identifier: BSD-3-Clause`
types/dnstype: introduce new package for Resolver So the type can be used in net/dns without introducing a tailcfg dependency. For #2596 Signed-off-by: David Crawshaw <crawshaw@tailscale.com> 2021-08-05 21:05:24 +00:00
			`// Package dnstype defines types for working with DNS.`
			`package dnstype`

types/dnstype: use viewer instead of cloner This was missed when I did the initial viewer work. Signed-off-by: Maisem Ali <maisem@tailscale.com> 2022-08-02 16:57:10 +00:00			`//go:generate go run tailscale.com/cmd/viewer --type=Resolver --clonefunc=true`
types/dnstype: introduce new package for Resolver So the type can be used in net/dns without introducing a tailcfg dependency. For #2596 Signed-off-by: David Crawshaw <crawshaw@tailscale.com> 2021-08-05 21:05:24 +00:00
all: use various net/netip parse funcs directly Mechanical change with perl+goimports. Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then goimports -d . Finally, removed the net/netaddr wrappers, to prevent future use. Updates #5162 Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-07-26 03:55:44 +00:00			`import (`
			`"net/netip"`
tailcfg: add DNS address list for IsWireGuardOnly nodes Tailscale exit nodes provide DNS service over the peer API, however IsWireGuardOnly nodes do not have a peer API, and instead need client DNS parameters passed in their node description. For Mullvad nodes this will contain the in network 10.64.0.1 address. Updates #9377 Signed-off-by: James Tucker <james@tailscale.com> 2023-09-14 17:04:31 +00:00			`"slices"`
all: use various net/netip parse funcs directly Mechanical change with perl+goimports. Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then goimports -d . Finally, removed the net/netaddr wrappers, to prevent future use. Updates #5162 Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-07-26 03:55:44 +00:00			`)`
types/dnstype: introduce new package for Resolver So the type can be used in net/dns without introducing a tailcfg dependency. For #2596 Signed-off-by: David Crawshaw <crawshaw@tailscale.com> 2021-08-05 21:05:24 +00:00
			`// Resolver is the configuration for one DNS resolver.`
			`type Resolver struct {`
			`// Addr is the address of the DNS resolver, one of:`
net/dns: schedule DoH upgrade explicitly, fix Resolver.Addr confusion Two changes in one: * make DoH upgrades an explicitly scheduled send earlier, when we come up with the resolvers-and-delay send plan. Previously we were getting e.g. four Google DNS IPs and then spreading them out in time (for back when we only did UDP) but then later we added DoH upgrading at the UDP packet layer, which resulted in sometimes multiple DoH queries to the same provider running (each doing happy eyeballs dialing to 4x IPs themselves) for each of the 4 source IPs. Instead, take those 4 Google/Cloudflare IPs and schedule 5 things: first the DoH query (which can use all 4 IPs), and then each of the 4 IPs as UDP later. * clean up the dnstype.Resolver.Addr confusion; half the code was using it as an IP string (as documented) as half was using it as an IP:port (from some prior type we used), primarily for tests. Instead, document it was being primarily an IP string but also accepting an IP:port for tests, then add an accessor method on it to get the IPPort and use that consistently everywhere. Change-Id: Ifdd72b9e45433a5b9c029194d50db2b9f9217b53 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-04-19 04:58:00 +00:00			`// - A plain IP address for a "classic" UDP+TCP DNS resolver.`
			`// This is the common format as sent by the control plane.`
			`// - An IP:port, for tests.`
net/dns, types/dnstypes: update some comments, tests for DoH Clarify & verify that some DoH URLs can be sent over tailcfg in some limited cases. Updates #2452 Change-Id: Ibb25db77788629c315dc26285a1059a763989e24 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-09-08 22:54:29 +00:00			`// - "https://resolver.com/path" for DNS over HTTPS; currently`
			`// as of 2022-09-08 only used for certain well-known resolvers`
			`// (see the publicdns package) for which the IP addresses to dial DoH are`
			`// known ahead of time, so bootstrap DNS resolution is not required.`
types/dnstype: update the usage documentation on dnstype.Resolver There was pre-existing additional usage for Exit Node DNS resolution via PeerAPI, as well as new usage just introduced for App Connectors. Fixes ENG-2324 Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com> 2023-11-02 00:04:22 +00:00			`// - "http://node-address:port/path" for DNS over HTTP over WireGuard. This`
			`// is implemented in the PeerAPI for exit nodes and app connectors.`
types/dnstype: introduce new package for Resolver So the type can be used in net/dns without introducing a tailcfg dependency. For #2596 Signed-off-by: David Crawshaw <crawshaw@tailscale.com> 2021-08-05 21:05:24 +00:00			`// - [TODO] "tls://resolver.com" for DNS over TCP+TLS`
			Addr string `json:",omitempty"`

			`// BootstrapResolution is an optional suggested resolution for the`
			`// DoT/DoH resolver, if the resolver URL does not reference an IP`
			`// address directly.`
			`// BootstrapResolution may be empty, in which case clients should`
			`// look up the DoT/DoH server using their local "classic" DNS`
			`// resolver.`
net/dns, types/dnstypes: update some comments, tests for DoH Clarify & verify that some DoH URLs can be sent over tailcfg in some limited cases. Updates #2452 Change-Id: Ibb25db77788629c315dc26285a1059a763989e24 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-09-08 22:54:29 +00:00			`//`
			`// As of 2022-09-08, BootstrapResolution is not yet used.`
all: convert more code to use net/netip directly perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.) perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. ) goimports -w . Then delete some stuff from the net/netaddr shim package which is no longer neeed. Updates #5162 Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-07-26 04:14:09 +00:00			BootstrapResolution []netip.Addr `json:",omitempty"`
types/dnstype: introduce new package for Resolver So the type can be used in net/dns without introducing a tailcfg dependency. For #2596 Signed-off-by: David Crawshaw <crawshaw@tailscale.com> 2021-08-05 21:05:24 +00:00			`}`
net/dns: replace resolver IPs with type for DoH We currently plumb full URLs for DNS resolvers from the control server down to the client. But when we pass the values into the net/dns package, we throw away any URL that isn't a bare IP. This commit continues the plumbing, and gets the URL all the way to the built in forwarder. (It stops before plumbing URLs into the OS configurations that can handle them.) For #2596 Signed-off-by: David Crawshaw <crawshaw@tailscale.com> 2021-08-03 13:56:31 +00:00
net/dns: schedule DoH upgrade explicitly, fix Resolver.Addr confusion Two changes in one: * make DoH upgrades an explicitly scheduled send earlier, when we come up with the resolvers-and-delay send plan. Previously we were getting e.g. four Google DNS IPs and then spreading them out in time (for back when we only did UDP) but then later we added DoH upgrading at the UDP packet layer, which resulted in sometimes multiple DoH queries to the same provider running (each doing happy eyeballs dialing to 4x IPs themselves) for each of the 4 source IPs. Instead, take those 4 Google/Cloudflare IPs and schedule 5 things: first the DoH query (which can use all 4 IPs), and then each of the 4 IPs as UDP later. * clean up the dnstype.Resolver.Addr confusion; half the code was using it as an IP string (as documented) as half was using it as an IP:port (from some prior type we used), primarily for tests. Instead, document it was being primarily an IP string but also accepting an IP:port for tests, then add an accessor method on it to get the IPPort and use that consistently everywhere. Change-Id: Ifdd72b9e45433a5b9c029194d50db2b9f9217b53 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-04-19 04:58:00 +00:00			`// IPPort returns r.Addr as an IP address and port if either`
			`// r.Addr is an IP address (the common case) or if r.Addr`
			`// is an IP:port (as done in tests).`
all: convert more code to use net/netip directly perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.) perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. ) goimports -w . Then delete some stuff from the net/netaddr shim package which is no longer neeed. Updates #5162 Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-07-26 04:14:09 +00:00			`func (r *Resolver) IPPort() (ipp netip.AddrPort, ok bool) {`
net/dns: schedule DoH upgrade explicitly, fix Resolver.Addr confusion Two changes in one: * make DoH upgrades an explicitly scheduled send earlier, when we come up with the resolvers-and-delay send plan. Previously we were getting e.g. four Google DNS IPs and then spreading them out in time (for back when we only did UDP) but then later we added DoH upgrading at the UDP packet layer, which resulted in sometimes multiple DoH queries to the same provider running (each doing happy eyeballs dialing to 4x IPs themselves) for each of the 4 source IPs. Instead, take those 4 Google/Cloudflare IPs and schedule 5 things: first the DoH query (which can use all 4 IPs), and then each of the 4 IPs as UDP later. * clean up the dnstype.Resolver.Addr confusion; half the code was using it as an IP string (as documented) as half was using it as an IP:port (from some prior type we used), primarily for tests. Instead, document it was being primarily an IP string but also accepting an IP:port for tests, then add an accessor method on it to get the IPPort and use that consistently everywhere. Change-Id: Ifdd72b9e45433a5b9c029194d50db2b9f9217b53 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-04-19 04:58:00 +00:00			`if r.Addr == "" \|\| r.Addr[0] == 'h' \|\| r.Addr[0] == 't' {`
			`// Fast path to avoid ParseIP error allocation for obviously not IP`
			`// cases.`
			`return`
			`}`
all: use various net/netip parse funcs directly Mechanical change with perl+goimports. Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then goimports -d . Finally, removed the net/netaddr wrappers, to prevent future use. Updates #5162 Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-07-26 03:55:44 +00:00			`if ip, err := netip.ParseAddr(r.Addr); err == nil {`
all: convert more code to use net/netip directly perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.) perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. ) goimports -w . Then delete some stuff from the net/netaddr shim package which is no longer neeed. Updates #5162 Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-07-26 04:14:09 +00:00			`return netip.AddrPortFrom(ip, 53), true`
net/dns: schedule DoH upgrade explicitly, fix Resolver.Addr confusion Two changes in one: * make DoH upgrades an explicitly scheduled send earlier, when we come up with the resolvers-and-delay send plan. Previously we were getting e.g. four Google DNS IPs and then spreading them out in time (for back when we only did UDP) but then later we added DoH upgrading at the UDP packet layer, which resulted in sometimes multiple DoH queries to the same provider running (each doing happy eyeballs dialing to 4x IPs themselves) for each of the 4 source IPs. Instead, take those 4 Google/Cloudflare IPs and schedule 5 things: first the DoH query (which can use all 4 IPs), and then each of the 4 IPs as UDP later. * clean up the dnstype.Resolver.Addr confusion; half the code was using it as an IP string (as documented) as half was using it as an IP:port (from some prior type we used), primarily for tests. Instead, document it was being primarily an IP string but also accepting an IP:port for tests, then add an accessor method on it to get the IPPort and use that consistently everywhere. Change-Id: Ifdd72b9e45433a5b9c029194d50db2b9f9217b53 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-04-19 04:58:00 +00:00			`}`
all: use various net/netip parse funcs directly Mechanical change with perl+goimports. Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then goimports -d . Finally, removed the net/netaddr wrappers, to prevent future use. Updates #5162 Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-07-26 03:55:44 +00:00			`if ipp, err := netip.ParseAddrPort(r.Addr); err == nil {`
net/dns: schedule DoH upgrade explicitly, fix Resolver.Addr confusion Two changes in one: * make DoH upgrades an explicitly scheduled send earlier, when we come up with the resolvers-and-delay send plan. Previously we were getting e.g. four Google DNS IPs and then spreading them out in time (for back when we only did UDP) but then later we added DoH upgrading at the UDP packet layer, which resulted in sometimes multiple DoH queries to the same provider running (each doing happy eyeballs dialing to 4x IPs themselves) for each of the 4 source IPs. Instead, take those 4 Google/Cloudflare IPs and schedule 5 things: first the DoH query (which can use all 4 IPs), and then each of the 4 IPs as UDP later. * clean up the dnstype.Resolver.Addr confusion; half the code was using it as an IP string (as documented) as half was using it as an IP:port (from some prior type we used), primarily for tests. Instead, document it was being primarily an IP string but also accepting an IP:port for tests, then add an accessor method on it to get the IPPort and use that consistently everywhere. Change-Id: Ifdd72b9e45433a5b9c029194d50db2b9f9217b53 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 2022-04-19 04:58:00 +00:00			`return ipp, true`
			`}`
			`return`
net/dns: replace resolver IPs with type for DoH We currently plumb full URLs for DNS resolvers from the control server down to the client. But when we pass the values into the net/dns package, we throw away any URL that isn't a bare IP. This commit continues the plumbing, and gets the URL all the way to the built in forwarder. (It stops before plumbing URLs into the OS configurations that can handle them.) For #2596 Signed-off-by: David Crawshaw <crawshaw@tailscale.com> 2021-08-03 13:56:31 +00:00			`}`
tailcfg: add DNS address list for IsWireGuardOnly nodes Tailscale exit nodes provide DNS service over the peer API, however IsWireGuardOnly nodes do not have a peer API, and instead need client DNS parameters passed in their node description. For Mullvad nodes this will contain the in network 10.64.0.1 address. Updates #9377 Signed-off-by: James Tucker <james@tailscale.com> 2023-09-14 17:04:31 +00:00
			`// Equal reports whether r and other are equal.`
			`func (r Resolver) Equal(other Resolver) bool {`
			`if r == nil \|\| other == nil {`
			`return r == other`
			`}`
			`if r == other {`
			`return true`
			`}`

			`return r.Addr == other.Addr && slices.Equal(r.BootstrapResolution, other.BootstrapResolution)`
			`}`