001/* 002 * Copyright 2015-2020 the original author or authors 003 * 004 * This software is licensed under the Apache License, Version 2.0, 005 * the GNU Lesser General Public License version 2 or later ("LGPL") 006 * and the WTFPL. 007 * You may choose either license to govern your use of this software only 008 * upon the condition that you accept all of the terms of either 009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL. 010 */ 011package org.minidns.iterative; 012 013import static org.minidns.constants.DnsRootServer.getIpv4RootServerById; 014import static org.minidns.constants.DnsRootServer.getIpv6RootServerById; 015import static org.minidns.constants.DnsRootServer.getRandomIpv4RootServer; 016import static org.minidns.constants.DnsRootServer.getRandomIpv6RootServer; 017 018import org.minidns.AbstractDnsClient; 019import org.minidns.DnsCache; 020import org.minidns.dnsmessage.DnsMessage; 021import org.minidns.dnsmessage.Question; 022import org.minidns.dnsname.DnsName; 023import org.minidns.dnsqueryresult.DnsQueryResult; 024import org.minidns.iterative.IterativeClientException.LoopDetected; 025import org.minidns.iterative.IterativeClientException.NotAuthoritativeNorGlueRrFound; 026import org.minidns.record.A; 027import org.minidns.record.AAAA; 028import org.minidns.record.RRWithTarget; 029import org.minidns.record.Record; 030import org.minidns.record.Record.TYPE; 031import org.minidns.record.Data; 032import org.minidns.record.InternetAddressRR; 033import org.minidns.record.NS; 034import org.minidns.util.MultipleIoException; 035 036import java.io.IOException; 037import java.net.Inet4Address; 038import java.net.Inet6Address; 039import java.net.InetAddress; 040import java.net.UnknownHostException; 041import java.util.ArrayList; 042import java.util.Collection; 043import java.util.Collections; 044import java.util.Iterator; 045import java.util.LinkedList; 046import java.util.List; 047import java.util.Random; 048import java.util.logging.Level; 049 050public class IterativeDnsClient extends AbstractDnsClient { 051 052 int maxSteps = 128; 053 054 /** 055 * Create a new recursive DNS client using the global default cache. 056 */ 057 public IterativeDnsClient() { 058 super(); 059 } 060 061 /** 062 * Create a new recursive DNS client with the given DNS cache. 063 * 064 * @param cache The backend DNS cache. 065 */ 066 public IterativeDnsClient(DnsCache cache) { 067 super(cache); 068 } 069 070 /** 071 * Recursively query the DNS system for one entry. 072 * 073 * @param queryBuilder The query DNS message builder. 074 * @return The response (or null on timeout/error). 075 * @throws IOException if an IO error occurs. 076 */ 077 @Override 078 protected DnsQueryResult query(DnsMessage.Builder queryBuilder) throws IOException { 079 DnsMessage q = queryBuilder.build(); 080 ResolutionState resolutionState = new ResolutionState(this); 081 DnsQueryResult result = queryRecursive(resolutionState, q); 082 return result; 083 } 084 085 private static InetAddress[] getTargets(Collection<? extends InternetAddressRR<? extends InetAddress>> primaryTargets, 086 Collection<? extends InternetAddressRR<? extends InetAddress>> secondaryTargets) { 087 InetAddress[] res = new InetAddress[2]; 088 089 for (InternetAddressRR<? extends InetAddress> arr : primaryTargets) { 090 if (res[0] == null) { 091 res[0] = arr.getInetAddress(); 092 // If secondaryTargets is empty, then try to get the second target out of the set of primaryTargets. 093 if (secondaryTargets.isEmpty()) { 094 continue; 095 } 096 } 097 if (res[1] == null) { 098 res[1] = arr.getInetAddress(); 099 } 100 break; 101 } 102 103 for (InternetAddressRR<? extends InetAddress> arr : secondaryTargets) { 104 if (res[0] == null) { 105 res[0] = arr.getInetAddress(); 106 continue; 107 } 108 if (res[1] == null) { 109 res[1] = arr.getInetAddress(); 110 } 111 break; 112 } 113 114 return res; 115 } 116 117 private DnsQueryResult queryRecursive(ResolutionState resolutionState, DnsMessage q) throws IOException { 118 InetAddress primaryTarget = null, secondaryTarget = null; 119 120 Question question = q.getQuestion(); 121 DnsName parent = question.name.getParent(); 122 123 switch (ipVersionSetting) { 124 case v4only: 125 for (A a : getCachedIPv4NameserverAddressesFor(parent)) { 126 if (primaryTarget == null) { 127 primaryTarget = a.getInetAddress(); 128 continue; 129 } 130 secondaryTarget = a.getInetAddress(); 131 break; 132 } 133 break; 134 case v6only: 135 for (AAAA aaaa : getCachedIPv6NameserverAddressesFor(parent)) { 136 if (primaryTarget == null) { 137 primaryTarget = aaaa.getInetAddress(); 138 continue; 139 } 140 secondaryTarget = aaaa.getInetAddress(); 141 break; 142 } 143 break; 144 case v4v6: 145 InetAddress[] v4v6targets = getTargets(getCachedIPv4NameserverAddressesFor(parent), getCachedIPv6NameserverAddressesFor(parent)); 146 primaryTarget = v4v6targets[0]; 147 secondaryTarget = v4v6targets[1]; 148 break; 149 case v6v4: 150 InetAddress[] v6v4targets = getTargets(getCachedIPv6NameserverAddressesFor(parent), getCachedIPv4NameserverAddressesFor(parent)); 151 primaryTarget = v6v4targets[0]; 152 secondaryTarget = v6v4targets[1]; 153 break; 154 default: 155 throw new AssertionError(); 156 } 157 158 DnsName authoritativeZone = parent; 159 if (primaryTarget == null) { 160 authoritativeZone = DnsName.ROOT; 161 switch (ipVersionSetting) { 162 case v4only: 163 primaryTarget = getRandomIpv4RootServer(insecureRandom); 164 break; 165 case v6only: 166 primaryTarget = getRandomIpv6RootServer(insecureRandom); 167 break; 168 case v4v6: 169 primaryTarget = getRandomIpv4RootServer(insecureRandom); 170 secondaryTarget = getRandomIpv6RootServer(insecureRandom); 171 break; 172 case v6v4: 173 primaryTarget = getRandomIpv6RootServer(insecureRandom); 174 secondaryTarget = getRandomIpv4RootServer(insecureRandom); 175 break; 176 } 177 } 178 179 List<IOException> ioExceptions = new LinkedList<>(); 180 181 try { 182 return queryRecursive(resolutionState, q, primaryTarget, authoritativeZone); 183 } catch (IOException ioException) { 184 abortIfFatal(ioException); 185 ioExceptions.add(ioException); 186 } 187 188 if (secondaryTarget != null) { 189 try { 190 return queryRecursive(resolutionState, q, secondaryTarget, authoritativeZone); 191 } catch (IOException ioException) { 192 ioExceptions.add(ioException); 193 } 194 } 195 196 MultipleIoException.throwIfRequired(ioExceptions); 197 return null; 198 } 199 200 private DnsQueryResult queryRecursive(ResolutionState resolutionState, DnsMessage q, InetAddress address, DnsName authoritativeZone) throws IOException { 201 resolutionState.recurse(address, q); 202 203 DnsQueryResult dnsQueryResult = query(q, address); 204 205 DnsMessage resMessage = dnsQueryResult.response; 206 if (resMessage.authoritativeAnswer) { 207 return dnsQueryResult; 208 } 209 210 if (cache != null) { 211 cache.offer(q, dnsQueryResult, authoritativeZone); 212 } 213 214 List<Record<? extends Data>> authorities = resMessage.copyAuthority(); 215 216 List<IOException> ioExceptions = new LinkedList<>(); 217 218 // Glued NS first 219 for (Iterator<Record<? extends Data>> iterator = authorities.iterator(); iterator.hasNext(); ) { 220 Record<NS> record = iterator.next().ifPossibleAs(NS.class); 221 if (record == null) { 222 iterator.remove(); 223 continue; 224 } 225 DnsName name = record.payloadData.target; 226 IpResultSet gluedNs = searchAdditional(resMessage, name); 227 for (Iterator<InetAddress> addressIterator = gluedNs.addresses.iterator(); addressIterator.hasNext(); ) { 228 InetAddress target = addressIterator.next(); 229 DnsQueryResult recursive = null; 230 try { 231 recursive = queryRecursive(resolutionState, q, target, record.name); 232 } catch (IOException e) { 233 abortIfFatal(e); 234 LOGGER.log(Level.FINER, "Exception while recursing", e); 235 resolutionState.decrementSteps(); 236 ioExceptions.add(e); 237 if (!addressIterator.hasNext()) { 238 iterator.remove(); 239 } 240 continue; 241 } 242 return recursive; 243 } 244 } 245 246 // Try non-glued NS 247 for (Record<? extends Data> record : authorities) { 248 final Question question = q.getQuestion(); 249 DnsName name = ((NS) record.payloadData).target; 250 251 // Loop prevention: If this non-glued NS equals the name we question for and if the question is about a A or 252 // AAAA RR, then we should not continue here as it would result in an endless loop. 253 if (question.name.equals(name) && (question.type == TYPE.A || question.type == TYPE.AAAA)) 254 continue; 255 256 IpResultSet res = null; 257 try { 258 res = resolveIpRecursive(resolutionState, name); 259 } catch (IOException e) { 260 resolutionState.decrementSteps(); 261 ioExceptions.add(e); 262 } 263 if (res == null) { 264 continue; 265 } 266 267 for (InetAddress target : res.addresses) { 268 DnsQueryResult recursive = null; 269 try { 270 recursive = queryRecursive(resolutionState, q, target, record.name); 271 } catch (IOException e) { 272 resolutionState.decrementSteps(); 273 ioExceptions.add(e); 274 continue; 275 } 276 return recursive; 277 } 278 } 279 280 MultipleIoException.throwIfRequired(ioExceptions); 281 282 // Reaching this point means we did not receive an authoritative answer, nor 283 // where we able to find glue records or the IPs of the next nameservers. 284 throw new NotAuthoritativeNorGlueRrFound(q, dnsQueryResult, authoritativeZone); 285 } 286 287 private IpResultSet resolveIpRecursive(ResolutionState resolutionState, DnsName name) throws IOException { 288 IpResultSet.Builder res = newIpResultSetBuilder(); 289 290 if (ipVersionSetting.v4) { 291 // TODO Try to retrieve A records for name out from cache. 292 Question question = new Question(name, TYPE.A); 293 final DnsMessage query = getQueryFor(question); 294 DnsQueryResult aDnsQueryResult = queryRecursive(resolutionState, query); 295 // TODO: queryRecurisve() should probably never return null. Verify that and then remove the follwing null check. 296 DnsMessage aMessage = aDnsQueryResult != null ? aDnsQueryResult.response : null; 297 if (aMessage != null) { 298 for (Record<? extends Data> answer : aMessage.answerSection) { 299 if (answer.isAnswer(question)) { 300 InetAddress inetAddress = inetAddressFromRecord(name.ace, (A) answer.payloadData); 301 res.ipv4Addresses.add(inetAddress); 302 } else if (answer.type == TYPE.CNAME && answer.name.equals(name)) { 303 return resolveIpRecursive(resolutionState, ((RRWithTarget) answer.payloadData).target); 304 } 305 } 306 } 307 } 308 309 if (ipVersionSetting.v6) { 310 // TODO Try to retrieve AAAA records for name out from cache. 311 Question question = new Question(name, TYPE.AAAA); 312 final DnsMessage query = getQueryFor(question); 313 DnsQueryResult aDnsQueryResult = queryRecursive(resolutionState, query); 314 // TODO: queryRecurisve() should probably never return null. Verify that and then remove the follwing null check. 315 DnsMessage aMessage = aDnsQueryResult != null ? aDnsQueryResult.response : null; 316 if (aMessage != null) { 317 for (Record<? extends Data> answer : aMessage.answerSection) { 318 if (answer.isAnswer(question)) { 319 InetAddress inetAddress = inetAddressFromRecord(name.ace, (AAAA) answer.payloadData); 320 res.ipv6Addresses.add(inetAddress); 321 } else if (answer.type == TYPE.CNAME && answer.name.equals(name)) { 322 return resolveIpRecursive(resolutionState, ((RRWithTarget) answer.payloadData).target); 323 } 324 } 325 } 326 } 327 328 return res.build(); 329 } 330 331 @SuppressWarnings("incomplete-switch") 332 private IpResultSet searchAdditional(DnsMessage message, DnsName name) { 333 IpResultSet.Builder res = newIpResultSetBuilder(); 334 for (Record<? extends Data> record : message.additionalSection) { 335 if (!record.name.equals(name)) { 336 continue; 337 } 338 switch (record.type) { 339 case A: 340 res.ipv4Addresses.add(inetAddressFromRecord(name.ace, (A) record.payloadData)); 341 break; 342 case AAAA: 343 res.ipv6Addresses.add(inetAddressFromRecord(name.ace, (AAAA) record.payloadData)); 344 break; 345 default: 346 break; 347 } 348 } 349 return res.build(); 350 } 351 352 private static InetAddress inetAddressFromRecord(String name, A recordPayload) { 353 try { 354 return InetAddress.getByAddress(name, recordPayload.getIp()); 355 } catch (UnknownHostException e) { 356 // This will never happen 357 throw new RuntimeException(e); 358 } 359 } 360 361 private static InetAddress inetAddressFromRecord(String name, AAAA recordPayload) { 362 try { 363 return InetAddress.getByAddress(name, recordPayload.getIp()); 364 } catch (UnknownHostException e) { 365 // This will never happen 366 throw new RuntimeException(e); 367 } 368 } 369 370 public static List<InetAddress> getRootServer(char rootServerId) { 371 return getRootServer(rootServerId, DEFAULT_IP_VERSION_SETTING); 372 } 373 374 public static List<InetAddress> getRootServer(char rootServerId, IpVersionSetting setting) { 375 Inet4Address ipv4Root = getIpv4RootServerById(rootServerId); 376 Inet6Address ipv6Root = getIpv6RootServerById(rootServerId); 377 List<InetAddress> res = new ArrayList<>(2); 378 switch (setting) { 379 case v4only: 380 if (ipv4Root != null) { 381 res.add(ipv4Root); 382 } 383 break; 384 case v6only: 385 if (ipv6Root != null) { 386 res.add(ipv6Root); 387 } 388 break; 389 case v4v6: 390 if (ipv4Root != null) { 391 res.add(ipv4Root); 392 } 393 if (ipv6Root != null) { 394 res.add(ipv6Root); 395 } 396 break; 397 case v6v4: 398 if (ipv6Root != null) { 399 res.add(ipv6Root); 400 } 401 if (ipv4Root != null) { 402 res.add(ipv4Root); 403 } 404 break; 405 } 406 return res; 407 } 408 409 @Override 410 protected boolean isResponseCacheable(Question q, DnsQueryResult result) { 411 return result.response.authoritativeAnswer; 412 } 413 414 @Override 415 protected DnsMessage.Builder newQuestion(DnsMessage.Builder message) { 416 message.setRecursionDesired(false); 417 message.getEdnsBuilder().setUdpPayloadSize(dataSource.getUdpPayloadSize()); 418 return message; 419 } 420 421 private IpResultSet.Builder newIpResultSetBuilder() { 422 return new IpResultSet.Builder(this.insecureRandom); 423 } 424 425 private static final class IpResultSet { 426 427 final List<InetAddress> addresses; 428 429 private IpResultSet(List<InetAddress> ipv4Addresses, List<InetAddress> ipv6Addresses, Random random) { 430 int size; 431 switch (DEFAULT_IP_VERSION_SETTING) { 432 case v4only: 433 size = ipv4Addresses.size(); 434 break; 435 case v6only: 436 size = ipv6Addresses.size(); 437 break; 438 case v4v6: 439 case v6v4: 440 default: 441 size = ipv4Addresses.size() + ipv6Addresses.size(); 442 break; 443 } 444 445 if (size == 0) { 446 // Fast-path in case there were no addresses, which could happen e.g., if the NS records where not 447 // glued. 448 addresses = Collections.emptyList(); 449 } else { 450 // Shuffle the addresses first, so that the load is better balanced. 451 if (DEFAULT_IP_VERSION_SETTING.v4) { 452 Collections.shuffle(ipv4Addresses, random); 453 } 454 if (DEFAULT_IP_VERSION_SETTING.v6) { 455 Collections.shuffle(ipv6Addresses, random); 456 } 457 458 List<InetAddress> addresses = new ArrayList<>(size); 459 460 // Now add the shuffled addresses to the result list. 461 switch (DEFAULT_IP_VERSION_SETTING) { 462 case v4only: 463 addresses.addAll(ipv4Addresses); 464 break; 465 case v6only: 466 addresses.addAll(ipv6Addresses); 467 break; 468 case v4v6: 469 addresses.addAll(ipv4Addresses); 470 addresses.addAll(ipv6Addresses); 471 break; 472 case v6v4: 473 addresses.addAll(ipv6Addresses); 474 addresses.addAll(ipv4Addresses); 475 break; 476 } 477 478 this.addresses = Collections.unmodifiableList(addresses); 479 } 480 } 481 482 private static final class Builder { 483 private final Random random; 484 private final List<InetAddress> ipv4Addresses = new ArrayList<>(8); 485 private final List<InetAddress> ipv6Addresses = new ArrayList<>(8); 486 487 private Builder(Random random) { 488 this.random = random; 489 } 490 491 public IpResultSet build() { 492 return new IpResultSet(ipv4Addresses, ipv6Addresses, random); 493 } 494 } 495 } 496 497 protected static void abortIfFatal(IOException ioException) throws IOException { 498 if (ioException instanceof LoopDetected) { 499 throw ioException; 500 } 501 } 502 503}