letsencrypt
/
boulder
mirror of https://github.com/letsencrypt/boulder.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

LookupHost cleanups

This commit is contained in:
Roland Shoemaker 2015-07-31 21:42:07 -07:00
parent 778c0daae5
commit 881ce95a5e
2 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
core/dns.go
View File

@ -14,6 +14,7 @@ import (
"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/miekg/dns"
)
// AddrFilter represents a DNS address filter
type AddrFilter int
const (
@ -23,24 +24,34 @@ const (
IPv4OnlyFilter
)
// NameToFilter is used to by config setup to choose the correct address filter
var NameToFilter = map[string]AddrFilter{
"": NoAddrFilter,
"v4": IPv4OnlyFilter,
}
// Private CIDRs to ignore per RFC1918
var (
// 10.0.0.0/8
privateNetworkA = net.IPNet{
IP: []byte{10, 0, 0, 0},
Mask: []byte{255, 0, 0, 0},
}
// 172.16.0.0/12
privateNetworkB = net.IPNet{
IP: []byte{172, 16, 0, 0},
Mask: []byte{255, 240, 0, 0},
}
// 192.168.0.0/16
privateNetworkC = net.IPNet{
IP: []byte{192, 168, 0, 0},
Mask: []byte{255, 255, 0, 0},
}
// fc00::/8 (RFC4193)
privateNetworkD = net.IPNet{
IP: []byte{252, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
Mask: []byte{254, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
}
)
// DNSResolverImpl represents a resolver system
@ -108,10 +119,14 @@ func (dnsResolver *DNSResolverImpl) LookupTXT(hostname string) ([]string, time.D
return txt, rtt, err
}
func isPrivate(ip net.IP) bool {
func isPrivateV4(ip net.IP) bool {
return privateNetworkA.Contains(ip) || privateNetworkB.Contains(ip) || privateNetworkC.Contains(ip)
}
func isPrivateV6(ip net.IP) bool {
return privateNetworkD.Contains(ip)
}
// LookupHost sends a DNS query to find all A/AAAA records associated with
// the provided hostname.
func (dnsResolver *DNSResolverImpl) LookupHost(hostname string, filter AddrFilter) ([]net.IP, time.Duration, time.Duration, error) {
@ -144,11 +159,11 @@ func (dnsResolver *DNSResolverImpl) LookupHost(hostname string, filter AddrFilte
for _, answer := range answers {
if answer.Header().Rrtype == dns.TypeA {
if a, ok := answer.(*dns.A); ok && a.A.To4() != nil && !isPrivate(a.A) {
if a, ok := answer.(*dns.A); ok && a.A.To4() != nil && !isPrivateV4(a.A) {
addrs = append(addrs, a.A)
}
} else if answer.Header().Rrtype == dns.TypeAAAA {
if aaaa, ok := answer.(*dns.AAAA); ok && aaaa.AAAA.To16() != nil && !isPrivate(aaaa.AAAA) && filter != IPv4OnlyFilter {
if aaaa, ok := answer.(*dns.AAAA); ok && filter != IPv4OnlyFilter && !isPrivateV6(aaaa.AAAA) {
addrs = append(addrs, aaaa.AAAA)
}
}

6
core/dns_test.go
View File

@ -48,12 +48,6 @@ func mockDNSQuery(w dns.ResponseWriter, r *dns.Msg) {
record.Minttl = 1
appendAnswer(record)
case dns.TypeAAAA:
if q.Name == "v6.letsencrypt.org." {
record := new(dns.AAAA)
record.Hdr = dns.RR_Header{Name: "v6.letsencrypt.org.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: 0}
record.AAAA = net.ParseIP("::1")
appendAnswer(record)
}
if q.Name == "mixed.letsencrypt.org." {
record := new(dns.AAAA)
record.Hdr = dns.RR_Header{Name: "mixed.letsencrypt.org.", Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: 0}