diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 8dada3e..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/README.md b/README.md index e9abce8..6c80d8e 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,36 @@ # dns64 -CoreDNS middleware to run a DNS64 server. + +The *dns64* middleware implements the DNS64 IPv6 transition mechanism. From Wikipedia: + +> DNS64 describes a DNS server that when asked for a domain's AAAA records, but only finds +> A records, synthesizes the AAAA records from the A records. + +The synthesis in only performed if the query came in via IPv6. + +## Syntax + +~~~ +dns64 { + upstream ADDRESS... + prefix IPV6 +} +~~~ + +* `upstream` specifies the upstream resolver. +* `prefix` specifies any local IPv6 prefix to use, in addition to the well known + prefix (64:ff9b::/96). + +## Examples + +~~~ +dns64 { + upstream 8.8.8.8:53 +} +~~~ + +Perform dns64 AAAA synthesizing using 8.8.8.8 for resolving any A records. + +## See Also + + and RFC 6147. + diff --git a/dns64.go b/dns64.go new file mode 100644 index 0000000..31013ad --- /dev/null +++ b/dns64.go @@ -0,0 +1,133 @@ +// Package dns64 implements a plugin that performs DNS64. +package dns64 + +import ( + "errors" + "log" + "net" + "time" + + "github.com/coredns/coredns/plugin" + "github.com/coredns/coredns/plugin/pkg/response" + "github.com/coredns/coredns/plugin/proxy" + "github.com/coredns/coredns/request" + + "github.com/miekg/dns" + "golang.org/x/net/context" +) + +// DNS64 performs DNS64. +type DNS64 struct { + Next plugin.Handler + Proxy proxy.Proxy + Prefix *net.IPNet +} + +// ServeDNS implements the plugin.Handler interface. +func (d DNS64) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) { + drr := &ResponseWriter{d, w} + return d.Next.ServeDNS(ctx, drr, r) +} + +// Name implements the Handler interface. +func (d DNS64) Name() string { return "dns64" } + +// ResponseWriter is a response writer that implements DNS64, when an AAAA query returns +// NODATA, it will try and fetch any A records and synthesize the AAAA records on the fly. +type ResponseWriter struct { + DNS64 + dns.ResponseWriter +} + +// WriteMsg implements the dns.ResponseWriter interface. +func (r *ResponseWriter) WriteMsg(res *dns.Msg) error { + // Only respond with this when the request came in over IPv6. + v4 := false + if ip, ok := r.RemoteAddr().(*net.UDPAddr); ok { + v4 = ip.IP.To4() != nil + } + if ip, ok := r.RemoteAddr().(*net.TCPAddr); ok { + v4 = ip.IP.To4() != nil + } + if v4 { // if it came in over v4, don't do anything. + return r.ResponseWriter.WriteMsg(res) + } + + ty, _ := response.Typify(res, time.Now().UTC()) + if ty != response.NoData { + return r.ResponseWriter.WriteMsg(res) + } + + // ONLY ANSWERS FIRST QUERY + state := request.Request{W: r, Req: res} + res2, err := r.Proxy.Lookup(state, state.Name(), dns.TypeA) + if err != nil { + log.Print(err) + return r.ResponseWriter.WriteMsg(res) + } + + // Modify response + res.Answer = res2.Answer + for i := 0; i < len(res.Answer); i++ { + ans := res.Answer[i] + hdr := ans.Header() + if hdr.Rrtype == dns.TypeA { + aaaa, err := To6(r.Prefix, ans.(*dns.A).A) + if err != nil { + log.Print(err) + } + log.Print(aaaa) + res.Answer[i] = &dns.AAAA{ + Hdr: dns.RR_Header{ + Name: hdr.Name, + Rrtype: dns.TypeAAAA, + Class: hdr.Class, + }, + AAAA: aaaa, + } + } + } + + return r.ResponseWriter.WriteMsg(res) +} + +// Write implements the dns.ResponseWriter interface. +func (r *ResponseWriter) Write(buf []byte) (int, error) { + log.Printf("[WARNING] Dns64 called with Write: not performing DNS64") + n, err := r.ResponseWriter.Write(buf) + return n, err +} + +// Hijack implements the dns.ResponseWriter interface. +func (r *ResponseWriter) Hijack() { + r.ResponseWriter.Hijack() + return +} + +// To6 takes a prefix and IPv4 address and returns an IPv6 address according to RFC 6052. +func To6(prefix *net.IPNet, addr net.IP) (net.IP, error) { + addr = addr.To4() + if addr == nil { + return nil, errors.New("Not a valid IPv4 address") + } + + n, _ := prefix.Mask.Size() + // Assumes prefix has been validated during setup + v6 := make([]byte, 16) + i, j := 0, 0 + + for ; i < n/8; i++ { + v6[i] = prefix.IP[i] + } + for ; i < 8; i, j = i+1, j+1 { + v6[i] = addr[j] + } + if i == 8 { + i++ + } + for ; j < 4; i, j = i+1, j+1 { + v6[i] = addr[j] + } + + return v6, nil +} diff --git a/dns64_test.go b/dns64_test.go new file mode 100644 index 0000000..fece712 --- /dev/null +++ b/dns64_test.go @@ -0,0 +1,52 @@ +package dns64 + +import ( + "testing" + + "net" +) + +func WrapperTo6(prefix, address string) (net.IP, error) { + _, pref, _ := net.ParseCIDR(prefix) + addr := net.ParseIP(address) + + v6, err := To6(pref, addr) + + return v6, err +} + +func TestTo6(t *testing.T) { + + v6, err := WrapperTo6("64:ff9b::/96", "64.64.64.64") + if err != nil { + t.Error(err) + } + if v6.String() != "64:ff9b::4040:4040" { + t.Errorf("%d", v6) + } + + v6, err = WrapperTo6("64:ff9b::/64", "64.64.64.64") + if err != nil { + t.Error(err) + } + if v6.String() != "64:ff9b::40:4040:4000:0" { + t.Errorf("%d", v6) + } + + v6, err = WrapperTo6("64:ff9b::/56", "64.64.64.64") + if err != nil { + t.Error(err) + } + if v6.String() != "64:ff9b:0:40:40:4040::" { + t.Errorf("%d", v6) + } + + v6, err = WrapperTo6("64::/32", "64.64.64.64") + if err != nil { + t.Error(err) + } + if v6.String() != "64:0:4040:4040::" { + t.Errorf("%d", v6) + } + +} diff --git a/setup.go b/setup.go new file mode 100644 index 0000000..b9c4a81 --- /dev/null +++ b/setup.go @@ -0,0 +1,81 @@ +package dns64 + +import ( + "net" + + "github.com/coredns/coredns/core/dnsserver" + "github.com/coredns/coredns/plugin" + "github.com/coredns/coredns/plugin/pkg/dnsutil" + "github.com/coredns/coredns/plugin/proxy" + + "github.com/mholt/caddy" +) + +func init() { + caddy.RegisterPlugin("dns64", caddy.Plugin{ + ServerType: "dns", + Action: setup, + }) +} + +func setup(c *caddy.Controller) error { + prxy, pref, err := dns64Parse(c) + if err != nil { + return plugin.Error("dns64", err) + } + + dnsserver.GetConfig(c).AddPlugin(func(next plugin.Handler) plugin.Handler { + return DNS64{Next: next, Proxy: prxy, Prefix: pref} + }) + + return nil +} + +func dns64Parse(c *caddy.Controller) (proxy.Proxy, *net.IPNet, error) { + prxy := proxy.Proxy{} + _, pref, _ := net.ParseCIDR("64:ff9b::/96") + + for c.Next() { + args := c.RemainingArgs() + if len(args) > 0 { + return prxy, pref, c.ArgErr() + } + + for c.NextBlock() { + switch c.Val() { + case "upstream": + args := c.RemainingArgs() + if len(args) == 0 { + return prxy, pref, c.ArgErr() + } + ups, err := dnsutil.ParseHostPortOrFile(args...) + if err != nil { + return prxy, pref, err + } + prxy = proxy.NewLookup(ups) + case "prefix": + if !c.NextArg() { + return prxy, pref, c.ArgErr() + } + _, pref, err := net.ParseCIDR(c.Val()) + + // Test for valid prefix + n, total := pref.Mask.Size() + if total != 128 { + return prxy, pref, c.Errf("'%s' not a valid IPv6 address", pref) + } + if n%8 != 0 || n < 32 || n > 96 { + return prxy, pref, c.Errf("'%s' not a valid prefix length", pref) + } + + if err != nil { + return prxy, pref, err + } + default: + return prxy, pref, c.Errf("unknown property '%s'", c.Val()) + } + } + } + + return prxy, pref, nil +} diff --git a/setup_test.go b/setup_test.go new file mode 100644 index 0000000..b3f5c8d --- /dev/null +++ b/setup_test.go @@ -0,0 +1,99 @@ +package dns64 + +import ( + "testing" + + "github.com/mholt/caddy" +) + +func TestSetupDns64(t *testing.T) { + tests := []struct { + inputUpstreams string + shouldErr bool + }{ + { + `dns64`, + false, + }, + { + `dns64 { + upstream 8.8.8.8 +}`, + false, + }, + { + `dns64 { + prefix 64:ff9b::/96 +}`, + false, + }, + { + `dns64 { + prefix 64:ff9b::/32 +}`, + false, + }, + { + `dns64 { + prefix 64:ff9b::/52 +}`, + true, + }, + { + `dns64 { + prefix 64:ff9b::/104 +}`, + true, + }, + { + `dns64 { + prefix 8.8.8.8/24 +}`, + true, + }, + { + `dns64 { + upstream 8.8.8.8 8.8.4.4 +}`, + false, + }, + { + `dns64 { + upstream some_not_useable_domain +}`, + true, + }, + { + `dns64 { + prefix 64:ff9b::/96 + upstream 8.8.8.8 +}`, + false, + }, + { + `dns64 foobar { + prefix 64:ff9b::/96 + upstream 8.8.8.8 +}`, + true, + }, + { + `dns64 foobar`, + true, + }, + { + `dns64 { + foobar +}`, + true, + }, + } + + for i, test := range tests { + c := caddy.NewTestController("dns", test.inputUpstreams) + _, _, err := dns64Parse(c) + if (err != nil) != test.shouldErr { + t.Errorf("Test %d expected %v error, got %v for %s", i+1, test.shouldErr, err, test.inputUpstreams) + } + } +}