Switch to miekg/dns v2

Author: jedisct1

dnscrypt-proxy/coldstart.go

@@ -3,12 +3,14 @@ package main
 import (
 	"fmt"
 	"net"
+	"net/netip"
 	"strings"
 	"sync"
 	"time"
 
+	"codeberg.org/miekg/dns"
+	"codeberg.org/miekg/dns/rdata"
 	"github.com/jedisct1/dlog"
-	"github.com/miekg/dns"
 )
 
 type CaptivePortalEntryIPs []net.IP
@@ -25,53 +27,56 @@ func (captivePortalHandler *CaptivePortalHandler) Stop() {
 	captivePortalHandler.wg.Wait()
 }
 
-func (ipsMap *CaptivePortalMap) GetEntry(msg *dns.Msg) (*dns.Question, *CaptivePortalEntryIPs) {
+func (ipsMap *CaptivePortalMap) GetEntry(msg *dns.Msg) (dns.RR, *CaptivePortalEntryIPs) {
 	if len(msg.Question) != 1 {
 		return nil, nil
 	}
-	question := &msg.Question[0]
-	name, err := NormalizeQName(question.Name)
+	question := msg.Question[0]
+	hdr := question.Header()
+	name, err := NormalizeQName(hdr.Name)
 	if err != nil {
 		return nil, nil
 	}
 	ips, ok := (*ipsMap)[name]
 	if !ok {
 		return nil, nil
 	}
-	if question.Qclass != dns.ClassINET {
+	if hdr.Class != dns.ClassINET {
 		return nil, nil
 	}
 	return question, &ips
 }
 
-func HandleCaptivePortalQuery(msg *dns.Msg, question *dns.Question, ips *CaptivePortalEntryIPs) *dns.Msg {
+func HandleCaptivePortalQuery(msg *dns.Msg, question dns.RR, ips *CaptivePortalEntryIPs) *dns.Msg {
 	respMsg := EmptyResponseFromMessage(msg)
 	ttl := uint32(1)
-	if question.Qtype == dns.TypeA {
+	hdr := question.Header()
+	qtype := dns.RRToType(question)
+	if qtype == dns.TypeA {
 		for _, xip := range *ips {
 			if ip := xip.To4(); ip != nil {
 				rr := new(dns.A)
-				rr.Hdr = dns.RR_Header{Name: question.Name, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: ttl}
-				rr.A = ip
+				rr.Hdr = dns.Header{Name: hdr.Name, Class: dns.ClassINET, TTL: ttl}
+				rr.A = rdata.A{Addr: netip.AddrFrom4([4]byte(ip))}
 				respMsg.Answer = append(respMsg.Answer, rr)
 			}
 		}
-	} else if question.Qtype == dns.TypeAAAA {
+	} else if qtype == dns.TypeAAAA {
 		for _, xip := range *ips {
 			if xip.To4() == nil {
 				rr := new(dns.AAAA)
-				rr.Hdr = dns.RR_Header{Name: question.Name, Rrtype: dns.TypeAAAA, Class: dns.ClassINET, Ttl: ttl}
-				rr.AAAA = xip
+				rr.Hdr = dns.Header{Name: hdr.Name, Class: dns.ClassINET, TTL: ttl}
+				rr.AAAA = rdata.AAAA{Addr: netip.AddrFrom16([16]byte(xip.To16()))}
 				respMsg.Answer = append(respMsg.Answer, rr)
 			}
 		}
 	}
 
-	qType, ok := dns.TypeToString[question.Qtype]
+	qTypeStr, ok := dns.TypeToString[qtype]
 	if !ok {
-		qType = fmt.Sprint(question.Qtype)
+		qTypeStr = fmt.Sprint(qtype)
 	}
-	dlog.Infof("Query for captive portal detection: [%v] (%v)", question.Name, qType)
+	dlog.Infof("Query for captive portal detection: [%v] (%v)", hdr.Name, qTypeStr)
 	return respMsg
 }
 
@@ -97,7 +102,8 @@ func handleColdStartClient(clientPc *net.UDPConn, cancelChannel chan struct{}, i
 	}
 	packet := buffer[:length]
 	msg := &dns.Msg{}
-	if err := msg.Unpack(packet); err != nil {
+	msg.Data = packet
+	if err := msg.Unpack(); err != nil {
 		return false
 	}
 	question, ips := ipsMap.GetEntry(msg)
@@ -108,8 +114,8 @@ func handleColdStartClient(clientPc *net.UDPConn, cancelChannel chan struct{}, i
 	if respMsg == nil {
 		return false
 	}
-	if response, err := respMsg.Pack(); err == nil {
-		clientPc.WriteTo(response, clientAddr)
+	if err := respMsg.Pack(); err == nil {
+		clientPc.WriteTo(respMsg.Data, clientAddr)
 	}
 	return false
 }

dnscrypt-proxy/common.go

@@ -337,3 +337,38 @@ func InitializePluginLogger(logFile, format string, maxSize, maxAge, maxBackups
 	}
 	return nil, ""
 }
+
+// reverseAddr returns the in-addr.arpa. or ip6.arpa. hostname of the IP
+// address suitable for reverse DNS (PTR) record lookups.
+func reverseAddr(addr string) (string, error) {
+	ip := net.ParseIP(addr)
+	if ip == nil {
+		return "", errors.New("unrecognized address: " + addr)
+	}
+	if v4 := ip.To4(); v4 != nil {
+		buf := make([]byte, 0, net.IPv4len*4+len("in-addr.arpa."))
+		for i := len(v4) - 1; i >= 0; i-- {
+			buf = strconv.AppendInt(buf, int64(v4[i]), 10)
+			buf = append(buf, '.')
+		}
+		buf = append(buf, "in-addr.arpa."...)
+		return string(buf), nil
+	}
+	// Must be IPv6
+	const hexDigits = "0123456789abcdef"
+	buf := make([]byte, 0, net.IPv6len*4+len("ip6.arpa."))
+	for i := len(ip) - 1; i >= 0; i-- {
+		v := ip[i]
+		buf = append(buf, hexDigits[v&0xF], '.', hexDigits[v>>4], '.')
+	}
+	buf = append(buf, "ip6.arpa."...)
+	return string(buf), nil
+}
+
+// fqdn returns the fully qualified domain name (with trailing dot)
+func fqdn(name string) string {
+	if len(name) == 0 || name[len(name)-1] == '.' {
+		return name
+	}
+	return name + "."
+}

dnscrypt-proxy/dnscrypt_certs.go

@@ -7,8 +7,8 @@ import (
 	"strings"
 	"time"
 
+	"codeberg.org/miekg/dns"
 	"github.com/jedisct1/dlog"
-	"github.com/miekg/dns"
 	"golang.org/x/crypto/ed25519"
 )
 
@@ -40,8 +40,7 @@ func FetchCurrentDNSCryptCert(
 	if serverName == nil {
 		serverName = &providerName
 	}
-	query := dns.Msg{}
-	query.SetQuestion(providerName, dns.TypeTXT)
+	query := dns.NewMsg(providerName, dns.TypeTXT)
 	if !strings.HasPrefix(providerName, "2.dnscrypt-cert.") {
 		if relay != nil && !proxy.anonDirectCertFallback {
 			dlog.Warnf(
@@ -61,7 +60,7 @@ func FetchCurrentDNSCryptCert(
 	in, rtt, fragmentsBlocked, err := DNSExchange(
 		proxy,
 		proto,
-		&query,
+		query,
 		serverAddress,
 		relay,
 		serverName,
@@ -78,7 +77,7 @@ func FetchCurrentDNSCryptCert(
 	for _, answerRr := range in.Answer {
 		var txt string
 		if t, ok := answerRr.(*dns.TXT); !ok {
-			dlog.Noticef("[%v] Extra record of type [%v] found in certificate", *serverName, answerRr.Header().Rrtype)
+			dlog.Noticef("[%v] Extra record of type [%v] found in certificate", *serverName, dns.RRToType(answerRr))
 			continue
 		} else {
 			txt = strings.Join(t.Txt, "")