443 lines
11 KiB
Go
443 lines
11 KiB
Go
package xip
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"os"
|
|
"regexp"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/miekg/dns"
|
|
"local-ip.sh/utils"
|
|
)
|
|
|
|
type Xip struct {
|
|
server dns.Server
|
|
nameServers []*dns.NS
|
|
}
|
|
|
|
type HardcodedRecord struct {
|
|
A []net.IP // => dns.A
|
|
AAAA []net.IP // => dns.AAAA
|
|
TXT []string // => dns.TXT
|
|
MX []*dns.MX
|
|
CNAME []string // => dns.CNAME
|
|
SRV *dns.SRV
|
|
}
|
|
|
|
const (
|
|
zone = "local-ip.sh."
|
|
nameservers = "ns1.local-ip.sh.,ns2.local-ip.sh."
|
|
)
|
|
|
|
var (
|
|
flyRegion = os.Getenv("FLY_REGION")
|
|
dottedIpV4Regex = regexp.MustCompile(`(?:^|(?:[\w\d])+\.)(((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4})($|[.-])`)
|
|
dashedIpV4Regex = regexp.MustCompile(`(?:^|(?:[\w\d])+\.)(((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\-?\b){4})($|[.-])`)
|
|
hardcodedRecords = map[string]HardcodedRecord{
|
|
"ns.local-ip.sh.": {
|
|
// record holding ip addresses of ns1 and ns2
|
|
A: []net.IP{
|
|
net.IPv4(137, 66, 40, 11),
|
|
net.IPv4(137, 66, 40, 12),
|
|
},
|
|
},
|
|
"ns1.local-ip.sh.": {
|
|
A: []net.IP{
|
|
net.IPv4(137, 66, 40, 11), // fly.io edge-only ip address, see https://community.fly.io/t/custom-domains-certificate-is-stuck-on-awaiting-configuration/8329
|
|
},
|
|
},
|
|
"ns2.local-ip.sh.": {
|
|
A: []net.IP{
|
|
net.IPv4(137, 66, 40, 12), // fly.io edge-only ip address #2
|
|
},
|
|
},
|
|
"local-ip.sh.": {
|
|
A: []net.IP{
|
|
net.IPv4(137, 66, 40, 11), // fly.io edge-only ip address
|
|
},
|
|
TXT: []string{"v=spf1 include:capsulecorp.dev ~all"},
|
|
MX: []*dns.MX{
|
|
{Preference: 10, Mx: "email.capsulecorp.dev."},
|
|
},
|
|
},
|
|
"autodiscover.local-ip.sh.": {
|
|
CNAME: []string{
|
|
"email.capsulecorp.dev.",
|
|
},
|
|
},
|
|
"_autodiscover._tcp.local-ip.sh.": {
|
|
SRV: &dns.SRV{
|
|
Priority: 0,
|
|
Weight: 0,
|
|
Port: 443,
|
|
Target: "email.capsulecorp.dev.",
|
|
},
|
|
},
|
|
"autoconfig.local-ip.sh.": {
|
|
CNAME: []string{
|
|
"email.capsulecorp.dev.",
|
|
},
|
|
},
|
|
"_dmarc.local-ip.sh.": {
|
|
TXT: []string{"v=DMARC1; p=none; rua=mailto:postmaster@local-ip.sh; ruf=mailto:admin@local-ip.sh"},
|
|
},
|
|
"dkim._domainkey.local-ip.sh.": {
|
|
TXT: []string{
|
|
"v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMW6NFo34qzKRPbzK41GwbWncB8IDg1i2eA2VWznIVDmTzzsqILaBOGv2xokVpzZm0QRF9wSbeVUmvwEeQ7Z6wkfMjawenDEc3XxsNSvQUVBP6LU/xcm1zsR8wtD8r5J+Jm45pNFaateiM/kb/Eypp2ntdtd8CPsEgCEDpNb62LWdy0yzRdZ/M/fNn51UMN8hVFp4YfZngAt3bQwa6kPtgvTeqEbpNf5xanpDysNJt2S8zfqJMVGvnr8JaJiTv7ZlKMMp94aC5Ndcir1WbMyfmgSnGgemuCTVMWDGPJnXDi+8BQMH1b1hmTpWDiVdVlehyyWx5AfPrsWG9cEuDIfXwIDAQAB",
|
|
},
|
|
},
|
|
"_acme-challenge.local-ip.sh.": {
|
|
// will be filled in later when requesting the wildcard certificate
|
|
TXT: []string{},
|
|
},
|
|
}
|
|
)
|
|
|
|
func (xip *Xip) SetTXTRecord(fqdn string, value string) {
|
|
utils.Logger.Debug().Str("fqdn", fqdn).Str("value", value).Msg("Trying to set TXT record")
|
|
if fqdn != "_acme-challenge.local-ip.sh." {
|
|
utils.Logger.Debug().Msg("Not allowed, abort")
|
|
return
|
|
}
|
|
|
|
if records, ok := hardcodedRecords[fqdn]; ok {
|
|
records.TXT = []string{value}
|
|
hardcodedRecords["_acme-challenge.local-ip.sh."] = records
|
|
}
|
|
}
|
|
|
|
func (xip *Xip) UnsetTXTRecord(fqdn string) {
|
|
utils.Logger.Debug().Str("fqdn", fqdn).Msg("Trying to set TXT record")
|
|
if fqdn != "_acme-challenge.local-ip.sh." {
|
|
utils.Logger.Debug().Msg("Not allowed, abort")
|
|
return
|
|
}
|
|
|
|
if records, ok := hardcodedRecords[fqdn]; ok {
|
|
records.TXT = []string{}
|
|
hardcodedRecords["_acme-challenge.local-ip.sh."] = records
|
|
}
|
|
}
|
|
|
|
func (xip *Xip) fqdnToA(fqdn string) []*dns.A {
|
|
normalizedFqdn := strings.ToLower(fqdn)
|
|
if hardcodedRecords[normalizedFqdn].A != nil {
|
|
var records []*dns.A
|
|
|
|
for _, record := range hardcodedRecords[normalizedFqdn].A {
|
|
records = append(records, &dns.A{
|
|
Hdr: dns.RR_Header{
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Name: fqdn,
|
|
Rrtype: dns.TypeA,
|
|
Class: dns.ClassINET,
|
|
},
|
|
A: record,
|
|
})
|
|
}
|
|
|
|
return records
|
|
}
|
|
|
|
for _, ipV4RE := range []*regexp.Regexp{dashedIpV4Regex, dottedIpV4Regex} {
|
|
if ipV4RE.MatchString(fqdn) {
|
|
match := ipV4RE.FindStringSubmatch(fqdn)[1]
|
|
match = strings.ReplaceAll(match, "-", ".")
|
|
ipV4Address := net.ParseIP(match).To4()
|
|
if ipV4Address == nil {
|
|
return nil
|
|
}
|
|
|
|
return []*dns.A{{
|
|
Hdr: dns.RR_Header{
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Name: fqdn,
|
|
Rrtype: dns.TypeA,
|
|
Class: dns.ClassINET,
|
|
},
|
|
A: ipV4Address,
|
|
}}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (xip *Xip) answerWithAuthority(question dns.Question, message *dns.Msg) {
|
|
message.Ns = append(message.Ns, xip.soaRecord(question))
|
|
}
|
|
|
|
func (xip *Xip) handleA(question dns.Question, message *dns.Msg) {
|
|
fqdn := question.Name
|
|
records := xip.fqdnToA(fqdn)
|
|
|
|
if len(records) == 0 {
|
|
message.Rcode = dns.RcodeNameError
|
|
xip.answerWithAuthority(question, message)
|
|
return
|
|
}
|
|
|
|
for _, record := range records {
|
|
message.Answer = append(message.Answer, record)
|
|
}
|
|
}
|
|
|
|
func (xip *Xip) handleAAAA(question dns.Question, message *dns.Msg) {
|
|
fqdn := question.Name
|
|
normalizedFqdn := strings.ToLower(fqdn)
|
|
if hardcodedRecords[normalizedFqdn].AAAA == nil {
|
|
xip.answerWithAuthority(question, message)
|
|
return
|
|
}
|
|
|
|
for _, record := range hardcodedRecords[normalizedFqdn].AAAA {
|
|
message.Answer = append(message.Answer, &dns.AAAA{
|
|
Hdr: dns.RR_Header{
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Name: fqdn,
|
|
Rrtype: dns.TypeAAAA,
|
|
Class: dns.ClassINET,
|
|
},
|
|
AAAA: record,
|
|
})
|
|
}
|
|
}
|
|
|
|
func (xip *Xip) handleNS(question dns.Question, message *dns.Msg) {
|
|
fqdn := question.Name
|
|
nameServers := []*dns.NS{}
|
|
additionals := []*dns.A{}
|
|
for _, ns := range xip.nameServers {
|
|
nameServers = append(nameServers, &dns.NS{
|
|
Hdr: dns.RR_Header{
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Name: fqdn,
|
|
Rrtype: dns.TypeNS,
|
|
Class: dns.ClassINET,
|
|
},
|
|
Ns: ns.Ns,
|
|
})
|
|
|
|
additionals = append(additionals, xip.fqdnToA(ns.Ns)...)
|
|
}
|
|
|
|
for _, record := range nameServers {
|
|
message.Answer = append(message.Answer, record)
|
|
}
|
|
|
|
for _, record := range additionals {
|
|
message.Extra = append(message.Extra, record)
|
|
}
|
|
}
|
|
|
|
func chunkBy(str string, chunkSize int) (chunks []string) {
|
|
for chunkSize < len(str) {
|
|
str, chunks = str[chunkSize:], append(chunks, str[0:chunkSize])
|
|
}
|
|
return append(chunks, str)
|
|
}
|
|
|
|
func (xip *Xip) handleTXT(question dns.Question, message *dns.Msg) {
|
|
fqdn := question.Name
|
|
normalizedFqdn := strings.ToLower(fqdn)
|
|
if hardcodedRecords[normalizedFqdn].TXT == nil {
|
|
xip.answerWithAuthority(question, message)
|
|
return
|
|
}
|
|
|
|
for _, record := range hardcodedRecords[normalizedFqdn].TXT {
|
|
message.Answer = append(message.Answer, &dns.TXT{
|
|
Hdr: dns.RR_Header{
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Name: fqdn,
|
|
Rrtype: dns.TypeTXT,
|
|
Class: dns.ClassINET,
|
|
},
|
|
Txt: chunkBy(record, 255),
|
|
})
|
|
}
|
|
}
|
|
|
|
func (xip *Xip) handleMX(question dns.Question, message *dns.Msg) {
|
|
fqdn := question.Name
|
|
normalizedFqdn := strings.ToLower(fqdn)
|
|
if hardcodedRecords[normalizedFqdn].MX == nil {
|
|
xip.answerWithAuthority(question, message)
|
|
return
|
|
}
|
|
|
|
for _, record := range hardcodedRecords[normalizedFqdn].MX {
|
|
message.Answer = append(message.Answer, &dns.MX{
|
|
Hdr: dns.RR_Header{
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Name: fqdn,
|
|
Rrtype: dns.TypeMX,
|
|
Class: dns.ClassINET,
|
|
},
|
|
Mx: record.Mx,
|
|
Preference: record.Preference,
|
|
})
|
|
}
|
|
}
|
|
|
|
func (xip *Xip) handleCNAME(question dns.Question, message *dns.Msg) {
|
|
fqdn := question.Name
|
|
normalizedFqdn := strings.ToLower(fqdn)
|
|
if hardcodedRecords[normalizedFqdn].CNAME == nil {
|
|
xip.answerWithAuthority(question, message)
|
|
return
|
|
}
|
|
|
|
for _, record := range hardcodedRecords[normalizedFqdn].CNAME {
|
|
message.Answer = append(message.Answer, &dns.CNAME{
|
|
Hdr: dns.RR_Header{
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Name: fqdn,
|
|
Rrtype: dns.TypeCNAME,
|
|
Class: dns.ClassINET,
|
|
},
|
|
Target: record,
|
|
})
|
|
}
|
|
}
|
|
|
|
func (xip *Xip) handleSRV(question dns.Question, message *dns.Msg) {
|
|
fqdn := question.Name
|
|
normalizedFqdn := strings.ToLower(fqdn)
|
|
if hardcodedRecords[normalizedFqdn].SRV == nil {
|
|
xip.answerWithAuthority(question, message)
|
|
return
|
|
}
|
|
|
|
message.Answer = append(message.Answer, &dns.SRV{
|
|
Hdr: dns.RR_Header{
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Name: fqdn,
|
|
Rrtype: dns.TypeSRV,
|
|
Class: dns.ClassINET,
|
|
},
|
|
Priority: hardcodedRecords[normalizedFqdn].SRV.Priority,
|
|
Weight: hardcodedRecords[normalizedFqdn].SRV.Weight,
|
|
Port: hardcodedRecords[normalizedFqdn].SRV.Port,
|
|
Target: hardcodedRecords[normalizedFqdn].SRV.Target,
|
|
})
|
|
}
|
|
|
|
func (xip *Xip) handleSOA(question dns.Question, message *dns.Msg) {
|
|
message.Answer = append(message.Answer, xip.soaRecord(question))
|
|
}
|
|
|
|
func (xip *Xip) soaRecord(question dns.Question) *dns.SOA {
|
|
soa := new(dns.SOA)
|
|
soa.Hdr = dns.RR_Header{
|
|
Name: question.Name,
|
|
Rrtype: dns.TypeSOA,
|
|
Class: dns.ClassINET,
|
|
Ttl: uint32((time.Minute * 5).Seconds()),
|
|
Rdlength: 0,
|
|
}
|
|
soa.Ns = "ns1.local-ip.sh."
|
|
soa.Mbox = "admin.local-ip.sh."
|
|
soa.Serial = 2022102800
|
|
soa.Refresh = uint32((time.Minute * 15).Seconds())
|
|
soa.Retry = uint32((time.Minute * 15).Seconds())
|
|
soa.Expire = uint32((time.Minute * 30).Seconds())
|
|
soa.Minttl = uint32((time.Minute * 5).Seconds())
|
|
|
|
return soa
|
|
}
|
|
|
|
func (xip *Xip) handleQuery(message *dns.Msg) {
|
|
for _, question := range message.Question {
|
|
switch question.Qtype {
|
|
case dns.TypeA:
|
|
xip.handleA(question, message)
|
|
case dns.TypeAAAA:
|
|
xip.handleAAAA(question, message)
|
|
case dns.TypeNS:
|
|
xip.handleNS(question, message)
|
|
case dns.TypeTXT:
|
|
xip.handleTXT(question, message)
|
|
case dns.TypeMX:
|
|
xip.handleMX(question, message)
|
|
case dns.TypeCNAME:
|
|
xip.handleCNAME(question, message)
|
|
case dns.TypeSRV:
|
|
xip.handleSRV(question, message)
|
|
case dns.TypeSOA:
|
|
xip.handleSOA(question, message)
|
|
default:
|
|
xip.handleSOA(question, message)
|
|
}
|
|
}
|
|
}
|
|
|
|
func (xip *Xip) handleDnsRequest(response dns.ResponseWriter, request *dns.Msg) {
|
|
go func() {
|
|
message := new(dns.Msg)
|
|
message.SetReply(request)
|
|
message.Compress = true
|
|
message.Authoritative = true
|
|
message.RecursionAvailable = false
|
|
|
|
switch request.Opcode {
|
|
case dns.OpcodeQuery:
|
|
xip.handleQuery(message)
|
|
default:
|
|
message.MsgHdr.Rcode = dns.RcodeRefused
|
|
}
|
|
|
|
utils.Logger.Debug().Str("FLY_REGION", flyRegion).Any("question", request.Question).Any("answer", message.Answer).Msg("resolved")
|
|
|
|
error := response.WriteMsg(message)
|
|
if error != nil {
|
|
utils.Logger.Error().Err(error).Str("message", message.String()).Msg("Error responding to query")
|
|
}
|
|
}()
|
|
}
|
|
|
|
func (xip *Xip) StartServer() {
|
|
if _, exists := os.LookupEnv("FLY_APP_NAME"); exists {
|
|
// we're probably running on fly, bind to fly-global-services
|
|
xip.server.Addr = "fly-global-services" + xip.server.Addr
|
|
}
|
|
|
|
err := xip.server.ListenAndServe()
|
|
defer xip.server.Shutdown()
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "fly-global-services: no such host") {
|
|
// we're not running on fly, bind to 0.0.0.0 instead
|
|
port := strings.Split(xip.server.Addr, ":")[1]
|
|
xip.server = dns.Server{
|
|
Addr: fmt.Sprintf(":%s", port),
|
|
Net: "udp",
|
|
}
|
|
|
|
xip.StartServer()
|
|
return
|
|
}
|
|
|
|
utils.Logger.Fatal().Err(err).Msg("Failed to start DNS server")
|
|
}
|
|
utils.Logger.Info().Str("dns_address", xip.server.Addr).Msg("DNS server listening")
|
|
}
|
|
|
|
func NewXip(port int) (xip *Xip) {
|
|
xip = &Xip{}
|
|
|
|
for _, ns := range strings.Split(nameservers, ",") {
|
|
xip.nameServers = append(xip.nameServers, &dns.NS{Ns: ns})
|
|
}
|
|
|
|
xip.server = dns.Server{
|
|
Addr: fmt.Sprintf(":%d", port),
|
|
Net: "udp",
|
|
}
|
|
|
|
dns.HandleFunc(zone, xip.handleDnsRequest)
|
|
|
|
return xip
|
|
}
|