mokhtar/local-ip.sh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
abb97cce562fff140a5750b63081f602dd74ecef
local-ip.sh/xip/xip.go
m5r abb97cce56 move hardcodedRecords into Xip struct for instance isolation 
- replace global hardcodedRecords/mutex with instance fields
- add initialRecords() factory for fresh record copies per instance
- rename initHardcodedRecords to initNameServers, pass nameservers explicitly
- add TestInstanceIsolation to verify instances don't share state
- fix unassigned err in certs/persistFiles
2026-01-18 10:51:07 +01:00

496 lines
12 KiB
Go
Raw Blame History

package xip
import (
"fmt"
"net"
"os"
"regexp"
"strings"
"sync"
"time"
"github.com/miekg/dns"
"local-ip.sh/utils"
)
type Xip struct {
server dns.Server
nameServers []string
domain string
email string
dnsPort uint
recordsMu sync.RWMutex
records map[string]hardcodedRecord
}
type Option func(*Xip)
func WithDomain(domain string) Option {
return func(x *Xip) {
x.domain = domain
}
}
func WithEmail(email string) Option {
return func(x *Xip) {
x.email = email
}
}
func WithDnsPort(port uint) Option {
return func(x *Xip) {
x.dnsPort = port
}
}
func WithNameServers(nameServers []string) Option {
return func(x *Xip) {
x.recordsMu.Lock()
defer x.recordsMu.Unlock()
for i, ns := range nameServers {
name := fmt.Sprintf("ns%d.%s.", i+1, x.domain)
ip := net.ParseIP(ns)
entry := x.records[name]
entry.A = append(entry.A, ip)
x.records[name] = entry
x.nameServers = append(x.nameServers, name)
}
}
}
var (
flyRegion = os.Getenv("FLY_REGION")
dottedIpV4Regex = regexp.MustCompile(`(?:^|(?:[\w\d])+\.)(((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4})($|[.-])`)
dashedIpV4Regex = regexp.MustCompile(`(?:^|(?:[\w\d])+\.)(((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\-?\b){4})($|[.-])`)
anyWhitespaceRegex = regexp.MustCompile(`\s`)
)
func (xip *Xip) SetTXTRecord(fqdn string, value string) {
utils.Logger.Trace().Str("fqdn", fqdn).Str("value", value).Msg("Trying to set TXT record")
if fqdn != fmt.Sprintf("_acme-challenge.%s.", xip.domain) {
utils.Logger.Trace().Str("fqdn", fqdn).Msg("Not allowed, abort setting TXT record")
return
}
xip.recordsMu.Lock()
defer xip.recordsMu.Unlock()
if rootRecords, ok := xip.records[fqdn]; ok {
rootRecords.TXT = []string{value}
xip.records[fmt.Sprintf("_acme-challenge.%s.", xip.domain)] = rootRecords
}
}
func (xip *Xip) UnsetTXTRecord(fqdn string) {
utils.Logger.Trace().Str("fqdn", fqdn).Msg("Trying to unset TXT record")
if fqdn != fmt.Sprintf("_acme-challenge.%s.", xip.domain) {
utils.Logger.Trace().Str("fqdn", fqdn).Msg("Not allowed, abort unsetting TXT record")
return
}
xip.recordsMu.Lock()
defer xip.recordsMu.Unlock()
if rootRecords, ok := xip.records[fqdn]; ok {
rootRecords.TXT = []string{}
xip.records[fmt.Sprintf("_acme-challenge.%s.", xip.domain)] = rootRecords
}
}
func (xip *Xip) fqdnToA(fqdn string) []*dns.A {
normalizedFqdn := strings.ToLower(fqdn)
xip.recordsMu.RLock()
records := xip.records[normalizedFqdn].A
xip.recordsMu.RUnlock()
if records != nil {
var aRecords []*dns.A
for _, record := range records {
aRecords = append(aRecords, &dns.A{
Hdr: dns.RR_Header{
Ttl: uint32((time.Minute * 5).Seconds()),
Name: fqdn,
Rrtype: dns.TypeA,
Class: dns.ClassINET,
},
A: record,
})
}
return aRecords
}
for _, ipV4RE := range []*regexp.Regexp{dashedIpV4Regex, dottedIpV4Regex} {
if ipV4RE.MatchString(fqdn) {
match := ipV4RE.FindStringSubmatch(fqdn)[1]
match = strings.ReplaceAll(match, "-", ".")
ipV4Address := net.ParseIP(match).To4()
if ipV4Address == nil {
return nil
}
return []*dns.A{{
Hdr: dns.RR_Header{
Ttl: uint32((time.Minute * 5).Seconds()),
Name: fqdn,
Rrtype: dns.TypeA,
Class: dns.ClassINET,
},
A: ipV4Address,
}}
}
}
return nil
}
func (xip *Xip) answerWithAuthority(question dns.Question, message *dns.Msg) {
message.Ns = append(message.Ns, xip.soaRecord(question))
}
func (xip *Xip) handleA(question dns.Question, message *dns.Msg) {
fqdn := question.Name
aRecords := xip.fqdnToA(fqdn)
if len(aRecords) == 0 {
message.Rcode = dns.RcodeNameError
xip.answerWithAuthority(question, message)
return
}
for _, record := range aRecords {
message.Answer = append(message.Answer, record)
}
}
func (xip *Xip) handleAAAA(question dns.Question, message *dns.Msg) {
fqdn := question.Name
normalizedFqdn := strings.ToLower(fqdn)
xip.recordsMu.RLock()
records := xip.records[normalizedFqdn].AAAA
xip.recordsMu.RUnlock()
if records == nil {
xip.answerWithAuthority(question, message)
return
}
for _, record := range records {
message.Answer = append(message.Answer, &dns.AAAA{
Hdr: dns.RR_Header{
Ttl: uint32((time.Minute * 5).Seconds()),
Name: fqdn,
Rrtype: dns.TypeAAAA,
Class: dns.ClassINET,
},
AAAA: record,
})
}
}
func (xip *Xip) handleNS(question dns.Question, message *dns.Msg) {
fqdn := question.Name
nameServers := []*dns.NS{}
additionals := []*dns.A{}
for _, ns := range xip.nameServers {
nameServers = append(nameServers, &dns.NS{
Hdr: dns.RR_Header{
Ttl: uint32((time.Minute * 5).Seconds()),
Name: fqdn,
Rrtype: dns.TypeNS,
Class: dns.ClassINET,
},
Ns: ns,
})
additionals = append(additionals, xip.fqdnToA(ns)...)
}
for _, record := range nameServers {
message.Answer = append(message.Answer, record)
}
for _, record := range additionals {
message.Extra = append(message.Extra, record)
}
}
func chunkBy(str string, chunkSize int) (chunks []string) {
for chunkSize < len(str) {
str, chunks = str[chunkSize:], append(chunks, str[0:chunkSize])
}
return append(chunks, str)
}
func (xip *Xip) handleTXT(question dns.Question, message *dns.Msg) {
fqdn := question.Name
normalizedFqdn := strings.ToLower(fqdn)
xip.recordsMu.RLock()
records := xip.records[normalizedFqdn].TXT
xip.recordsMu.RUnlock()
if records == nil {
xip.answerWithAuthority(question, message)
return
}
for _, record := range records {
message.Answer = append(message.Answer, &dns.TXT{
Hdr: dns.RR_Header{
Ttl: uint32((time.Minute * 5).Seconds()),
Name: fqdn,
Rrtype: dns.TypeTXT,
Class: dns.ClassINET,
},
Txt: chunkBy(record, 255),
})
}
}
func (xip *Xip) handleMX(question dns.Question, message *dns.Msg) {
fqdn := question.Name
normalizedFqdn := strings.ToLower(fqdn)
xip.recordsMu.RLock()
records := xip.records[normalizedFqdn].MX
xip.recordsMu.RUnlock()
if records == nil {
xip.answerWithAuthority(question, message)
return
}
for _, record := range records {
message.Answer = append(message.Answer, &dns.MX{
Hdr: dns.RR_Header{
Ttl: uint32((time.Minute * 5).Seconds()),
Name: fqdn,
Rrtype: dns.TypeMX,
Class: dns.ClassINET,
},
Mx: record.Mx,
Preference: record.Preference,
})
}
}
func (xip *Xip) handleCNAME(question dns.Question, message *dns.Msg) {
fqdn := question.Name
normalizedFqdn := strings.ToLower(fqdn)
xip.recordsMu.RLock()
records := xip.records[normalizedFqdn].CNAME
xip.recordsMu.RUnlock()
if records == nil {
xip.answerWithAuthority(question, message)
return
}
for _, record := range records {
message.Answer = append(message.Answer, &dns.CNAME{
Hdr: dns.RR_Header{
Ttl: uint32((time.Minute * 5).Seconds()),
Name: fqdn,
Rrtype: dns.TypeCNAME,
Class: dns.ClassINET,
},
Target: record,
})
}
}
func (xip *Xip) handleSRV(question dns.Question, message *dns.Msg) {
fqdn := question.Name
normalizedFqdn := strings.ToLower(fqdn)
xip.recordsMu.RLock()
record := xip.records[normalizedFqdn].SRV
xip.recordsMu.RUnlock()
if record == nil {
xip.answerWithAuthority(question, message)
return
}
message.Answer = append(message.Answer, &dns.SRV{
Hdr: dns.RR_Header{
Ttl: uint32((time.Minute * 5).Seconds()),
Name: fqdn,
Rrtype: dns.TypeSRV,
Class: dns.ClassINET,
},
Priority: record.Priority,
Weight: record.Weight,
Port: record.Port,
Target: record.Target,
})
}
func (xip *Xip) handleSOA(question dns.Question, message *dns.Msg) {
message.Answer = append(message.Answer, xip.soaRecord(question))
}
func emailToRname(email string) string {
parts := strings.SplitN(email, "@", 2)
localPart := strings.ReplaceAll(parts[0], ".", "\\.")
domain := parts[1]
return localPart + "." + domain + "."
}
func (xip *Xip) soaRecord(question dns.Question) *dns.SOA {
soa := new(dns.SOA)
soa.Hdr = dns.RR_Header{
Name: question.Name,
Rrtype: dns.TypeSOA,
Class: dns.ClassINET,
Ttl: uint32((time.Minute * 5).Seconds()),
Rdlength: 0,
}
soa.Ns = xip.nameServers[0]
soa.Mbox = emailToRname(xip.email)
soa.Serial = 2024072600
soa.Refresh = uint32((time.Minute * 15).Seconds())
soa.Retry = uint32((time.Minute * 15).Seconds())
soa.Expire = uint32((time.Minute * 30).Seconds())
soa.Minttl = uint32((time.Minute * 5).Seconds())
return soa
}
func (xip *Xip) handleQuery(message *dns.Msg) {
if len(message.Question) != 1 {
// see https://serverfault.com/a/742788
utils.Logger.Error().Any("questions", message.Question).Msg("Received an incorrect amount of questions")
message.MsgHdr.Rcode = dns.RcodeFormatError
return
}
question := message.Question[0]
switch question.Qtype {
case dns.TypeA:
xip.handleA(question, message)
case dns.TypeAAAA:
xip.handleAAAA(question, message)
case dns.TypeNS:
xip.handleNS(question, message)
case dns.TypeTXT:
xip.handleTXT(question, message)
case dns.TypeMX:
xip.handleMX(question, message)
case dns.TypeCNAME:
xip.handleCNAME(question, message)
case dns.TypeSRV:
xip.handleSRV(question, message)
case dns.TypeSOA:
xip.handleSOA(question, message)
default:
xip.handleSOA(question, message)
}
}
func (xip *Xip) handleDnsRequest(response dns.ResponseWriter, request *dns.Msg) {
go func() {
message := new(dns.Msg)
message.SetReply(request)
message.Compress = true
message.Authoritative = true
message.RecursionAvailable = false
switch request.Opcode {
case dns.OpcodeQuery:
xip.handleQuery(message)
default:
message.MsgHdr.Rcode = dns.RcodeRefused
}
question := anyWhitespaceRegex.ReplaceAllString(request.Question[0].String(), " ")
logEvent := utils.Logger.Debug().Str("question", question)
if flyRegion != "" {
logEvent.Str("FLY_REGION", flyRegion)
}
for i, answer := range message.Answer {
key := fmt.Sprintf("answers[%d]", i)
value := anyWhitespaceRegex.ReplaceAllString(answer.String(), " ")
logEvent.Str(key, value)
}
logEvent.Msg("resolved")
error := response.WriteMsg(message)
if error != nil {
utils.Logger.Debug().Msg(message.String())
utils.Logger.Error().Err(error).Str("message", message.String()).Msg("Error responding to query")
}
}()
}
func (xip *Xip) StartServer() {
if _, exists := os.LookupEnv("FLY_APP_NAME"); exists {
// we're probably running on fly, bind to fly-global-services
xip.server.Addr = "fly-global-services" + xip.server.Addr
}
err := xip.server.ListenAndServe()
defer xip.server.Shutdown()
if err != nil {
utils.Logger.Error().Err(err).Msg("Failed to start DNS server")
if strings.Contains(err.Error(), "fly-global-services: no such host") {
// we're not running on fly, bind to 0.0.0.0 instead
port := strings.Split(xip.server.Addr, ":")[1]
xip.server = dns.Server{
Addr: fmt.Sprintf(":%s", port),
Net: "udp",
}
xip.StartServer()
return
}
utils.Logger.Fatal().Err(err).Msg("Failed to start DNS server")
}
utils.Logger.Info().Str("dns_address", xip.server.Addr).Msg("Starting up DNS server")
}
func (xip *Xip) initNameServers(nameServers []string) {
rootDomainARecords := []net.IP{}
xip.recordsMu.Lock()
defer xip.recordsMu.Unlock()
for i, ns := range nameServers {
name := fmt.Sprintf("ns%d.%s.", i+1, xip.domain)
ip := net.ParseIP(ns)
rootDomainARecords = append(rootDomainARecords, ip)
entry := xip.records[name]
entry.A = append(xip.records[name].A, ip)
xip.records[name] = entry
xip.nameServers = append(xip.nameServers, name)
}
xip.records[fmt.Sprintf("%s.", xip.domain)] = hardcodedRecord{A: rootDomainARecords}
xip.records[fmt.Sprintf("_acme-challenge.%s.", xip.domain)] = hardcodedRecord{TXT: []string{}}
}
func NewXip(opts ...Option) (xip *Xip) {
config := utils.GetConfig()
xip = &Xip{
domain: config.Domain,
email: config.Email,
dnsPort: config.DnsPort,
records: initialRecords(),
}
for _, opt := range opts {
opt(xip)
}
if len(xip.nameServers) == 0 {
xip.initNameServers(config.NameServers)
}
xip.server = dns.Server{
Addr: fmt.Sprintf(":%d", xip.dnsPort),
Net: "udp",
}
zone := fmt.Sprintf("%s.", xip.domain)
dns.HandleFunc(zone, xip.handleDnsRequest)
return xip
}
Reference in New Issue View Git Blame Copy Permalink