Use fabric dns client for dns resolves

Author: edw-defang

src/pkg/cli/client/client.go

@@ -34,6 +34,9 @@ type FabricClient interface {
 	Preview(context.Context, *defangv1.PreviewRequest) (*defangv1.PreviewResponse, error)
 	PutDeployment(context.Context, *defangv1.PutDeploymentRequest) error
 	PutStack(context.Context, *defangv1.PutStackRequest) error
+	ResolveCNAME(context.Context, *defangv1.ResolveCNAMERequest) (*defangv1.ResolveCNAMEResponse, error)
+	ResolveIPAddr(context.Context, *defangv1.ResolveIPAddrRequest) (*defangv1.ResolveIPAddrResponse, error)
+	ResolveNS(context.Context, *defangv1.ResolveNSRequest) (*defangv1.ResolveNSResponse, error)
 	RevokeToken(context.Context) error
 	SetOptions(context.Context, *defangv1.SetOptionsRequest) error
 	Token(context.Context, *defangv1.TokenRequest) (*defangv1.TokenResponse, error)

src/pkg/cli/client/grpc.go

@@ -206,3 +206,15 @@ func (g GrpcClient) GenerateCompose(ctx context.Context, req *defangv1.GenerateC
 func (g GrpcClient) GetDefaultStack(ctx context.Context, req *defangv1.GetDefaultStackRequest) (*defangv1.GetStackResponse, error) {
 	return getMsg(g.client.GetDefaultStack(ctx, connect.NewRequest(req)))
 }
+
+func (g GrpcClient) ResolveIPAddr(ctx context.Context, req *defangv1.ResolveIPAddrRequest) (*defangv1.ResolveIPAddrResponse, error) {
+	return getMsg(g.client.ResolveIPAddr(ctx, connect.NewRequest(req)))
+}
+
+func (g GrpcClient) ResolveCNAME(ctx context.Context, req *defangv1.ResolveCNAMERequest) (*defangv1.ResolveCNAMEResponse, error) {
+	return getMsg(g.client.ResolveCNAME(ctx, connect.NewRequest(req)))
+}
+
+func (g GrpcClient) ResolveNS(ctx context.Context, req *defangv1.ResolveNSRequest) (*defangv1.ResolveNSResponse, error) {
+	return getMsg(g.client.ResolveNS(ctx, connect.NewRequest(req)))
+}

src/pkg/cli/connect.go

@@ -7,6 +7,7 @@ import (
 	"github.com/DefangLabs/defang/src/pkg/cli/client/byoc/aws"
 	"github.com/DefangLabs/defang/src/pkg/cli/client/byoc/do"
 	"github.com/DefangLabs/defang/src/pkg/cli/client/byoc/gcp"
+	"github.com/DefangLabs/defang/src/pkg/dns"
 	"github.com/DefangLabs/defang/src/pkg/term"
 	"github.com/DefangLabs/defang/src/pkg/types"
 )
@@ -17,7 +18,9 @@ func Connect(fabricAddr string, requestedTenant types.TenantNameOrID) *client.Gr
 	term.Debugf("Using tenant %q for cluster %q", requestedTenant, host)
 
 	accessToken := client.GetExistingToken(host)
-	return client.NewGrpcClient(host, accessToken, requestedTenant)
+	grpcClient := client.NewGrpcClient(host, accessToken, requestedTenant)
+	dns.UseFabricResolver(grpcClient)
+	return grpcClient
 }
 
 func ConnectWithTenant(ctx context.Context, fabricAddr string, requestedTenant types.TenantNameOrID) (*client.GrpcClient, error) {

src/pkg/dns/fabric_test.go

@@ -0,0 +1,132 @@
+package dns
+
+import (
+	"context"
+	"errors"
+	"testing"
+
+	defangv1 "github.com/DefangLabs/defang/src/protos/io/defang/v1"
+)
+
+type mockFabricClient struct {
+	ipResp    *defangv1.ResolveIPAddrResponse
+	ipErr     error
+	cnameResp *defangv1.ResolveCNAMEResponse
+	cnameErr  error
+	nsResp    *defangv1.ResolveNSResponse
+	nsErr     error
+
+	lastIPReq    *defangv1.ResolveIPAddrRequest
+	lastCNAMEReq *defangv1.ResolveCNAMERequest
+	lastNSReq    *defangv1.ResolveNSRequest
+}
+
+func (m *mockFabricClient) ResolveIPAddr(_ context.Context, req *defangv1.ResolveIPAddrRequest) (*defangv1.ResolveIPAddrResponse, error) {
+	m.lastIPReq = req
+	return m.ipResp, m.ipErr
+}
+
+func (m *mockFabricClient) ResolveCNAME(_ context.Context, req *defangv1.ResolveCNAMERequest) (*defangv1.ResolveCNAMEResponse, error) {
+	m.lastCNAMEReq = req
+	return m.cnameResp, m.cnameErr
+}
+
+func (m *mockFabricClient) ResolveNS(_ context.Context, req *defangv1.ResolveNSRequest) (*defangv1.ResolveNSResponse, error) {
+	m.lastNSReq = req
+	return m.nsResp, m.nsErr
+}
+
+func TestFabricResolverLookupIPAddr(t *testing.T) {
+	t.Run("returns parsed IPs and forwards NSServer", func(t *testing.T) {
+		m := &mockFabricClient{
+			ipResp: &defangv1.ResolveIPAddrResponse{IpAddrs: []string{"1.2.3.4", "::1", "not-an-ip"}},
+		}
+		r := FabricResolver{Client: m, NSServer: "ns.example.com"}
+		ips, err := r.LookupIPAddr(t.Context(), "example.com")
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if len(ips) != 2 {
+			t.Fatalf("expected 2 valid IPs, got %v", ips)
+		}
+		if m.lastIPReq.Domain != "example.com" || m.lastIPReq.NsServer != "ns.example.com" {
+			t.Errorf("request mismatch: %+v", m.lastIPReq)
+		}
+	})
+
+	t.Run("empty IPs returns ErrNoSuchHost", func(t *testing.T) {
+		m := &mockFabricClient{ipResp: &defangv1.ResolveIPAddrResponse{}}
+		r := FabricResolver{Client: m}
+		if _, err := r.LookupIPAddr(t.Context(), "nx.example.com"); !errors.Is(err, ErrNoSuchHost) {
+			t.Errorf("expected ErrNoSuchHost, got %v", err)
+		}
+	})
+
+	t.Run("propagates RPC error", func(t *testing.T) {
+		boom := errors.New("rpc boom")
+		m := &mockFabricClient{ipErr: boom}
+		r := FabricResolver{Client: m}
+		if _, err := r.LookupIPAddr(t.Context(), "example.com"); err != boom {
+			t.Errorf("expected rpc error, got %v", err)
+		}
+	})
+}
+
+func TestFabricResolverLookupCNAME(t *testing.T) {
+	t.Run("returns cname", func(t *testing.T) {
+		m := &mockFabricClient{cnameResp: &defangv1.ResolveCNAMEResponse{Cname: "alb.example.com"}}
+		r := FabricResolver{Client: m}
+		cname, err := r.LookupCNAME(t.Context(), "api.example.com")
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if cname != "alb.example.com" {
+			t.Errorf("got %q", cname)
+		}
+	})
+
+	t.Run("empty cname returns ErrNoSuchHost", func(t *testing.T) {
+		m := &mockFabricClient{cnameResp: &defangv1.ResolveCNAMEResponse{}}
+		r := FabricResolver{Client: m}
+		if _, err := r.LookupCNAME(t.Context(), "api.example.com"); !errors.Is(err, ErrNoSuchHost) {
+			t.Errorf("expected ErrNoSuchHost, got %v", err)
+		}
+	})
+}
+
+func TestFabricResolverLookupNS(t *testing.T) {
+	m := &mockFabricClient{nsResp: &defangv1.ResolveNSResponse{Hosts: []string{"ns1.example.com.", "ns2.example.com."}}}
+	r := FabricResolver{Client: m}
+	ns, err := r.LookupNS(t.Context(), "example.com")
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if len(ns) != 2 || ns[0].Host != "ns1.example.com." {
+		t.Errorf("unexpected NS result: %+v", ns)
+	}
+}
+
+func TestUseFabricResolver(t *testing.T) {
+	t.Cleanup(func() {
+		fabricClient = nil
+		ResolverAt = DirectResolverAt
+	})
+
+	m := &mockFabricClient{ipResp: &defangv1.ResolveIPAddrResponse{IpAddrs: []string{"9.9.9.9"}}}
+	UseFabricResolver(m)
+
+	// RootResolver should now delegate to FabricResolver.
+	ips, err := RootResolver{}.LookupIPAddr(t.Context(), "example.com")
+	if err != nil {
+		t.Fatalf("RootResolver.LookupIPAddr: %v", err)
+	}
+	if len(ips) != 1 || ips[0].IP.String() != "9.9.9.9" {
+		t.Errorf("unexpected IPs: %v", ips)
+	}
+
+	// ResolverAt should return a FabricResolver bound to the NS.
+	r := ResolverAt("ns1.example.com")
+	if fr, ok := r.(FabricResolver); !ok || fr.NSServer != "ns1.example.com" {
+		t.Errorf("ResolverAt did not return FabricResolver: %T %+v", r, r)
+	}
+}

src/pkg/dns/resolver.go

@@ -9,6 +9,7 @@ import (
 	"sort"
 
 	"github.com/DefangLabs/defang/src/pkg"
+	defangv1 "github.com/DefangLabs/defang/src/protos/io/defang/v1"
 	"github.com/miekg/dns"
 )
 
@@ -18,6 +19,84 @@ type Resolver interface {
 	LookupNS(ctx context.Context, domain string) ([]*net.NS, error)
 }
 
+// FabricResolverClient is the subset of the fabric gRPC API used to resolve DNS
+// records remotely.
+type FabricResolverClient interface {
+	ResolveIPAddr(context.Context, *defangv1.ResolveIPAddrRequest) (*defangv1.ResolveIPAddrResponse, error)
+	ResolveCNAME(context.Context, *defangv1.ResolveCNAMERequest) (*defangv1.ResolveCNAMEResponse, error)
+	ResolveNS(context.Context, *defangv1.ResolveNSRequest) (*defangv1.ResolveNSResponse, error)
+}
+
+// fabricClient is set by UseFabricResolver. When non-nil, RootResolver and
+// ResolverAt route DNS lookups through the fabric gRPC API.
+var fabricClient FabricResolverClient
+
+// UseFabricResolver wires DNS lookups through the fabric gRPC API. After it is
+// called, RootResolver{} and ResolverAt(nsServer) both issue remote RPCs
+// instead of performing direct UDP DNS queries.
+func UseFabricResolver(c FabricResolverClient) {
+	fabricClient = c
+	ResolverAt = func(nsServer string) Resolver {
+		return FabricResolver{Client: c, NSServer: nsServer}
+	}
+}
+
+// FabricResolver performs DNS lookups via the fabric gRPC API. An empty
+// NSServer lets the server perform recursive resolution from the root.
+type FabricResolver struct {
+	Client   FabricResolverClient
+	NSServer string
+}
+
+func (r FabricResolver) LookupIPAddr(ctx context.Context, domain string) ([]net.IPAddr, error) {
+	resp, err := r.Client.ResolveIPAddr(ctx, &defangv1.ResolveIPAddrRequest{
+		Domain:   domain,
+		NsServer: r.NSServer,
+	})
+	if err != nil {
+		return nil, err
+	}
+	ips := make([]net.IPAddr, 0, len(resp.IpAddrs))
+	for _, s := range resp.IpAddrs {
+		if ip := net.ParseIP(s); ip != nil {
+			ips = append(ips, net.IPAddr{IP: ip})
+		}
+	}
+	if len(ips) == 0 {
+		return nil, ErrNoSuchHost
+	}
+	return ips, nil
+}
+
+func (r FabricResolver) LookupCNAME(ctx context.Context, domain string) (string, error) {
+	resp, err := r.Client.ResolveCNAME(ctx, &defangv1.ResolveCNAMERequest{
+		Domain:   domain,
+		NsServer: r.NSServer,
+	})
+	if err != nil {
+		return "", err
+	}
+	if resp.Cname == "" {
+		return "", ErrNoSuchHost
+	}
+	return resp.Cname, nil
+}
+
+func (r FabricResolver) LookupNS(ctx context.Context, domain string) ([]*net.NS, error) {
+	resp, err := r.Client.ResolveNS(ctx, &defangv1.ResolveNSRequest{
+		Domain:   domain,
+		NsServer: r.NSServer,
+	})
+	if err != nil {
+		return nil, err
+	}
+	nss := make([]*net.NS, 0, len(resp.Hosts))
+	for _, h := range resp.Hosts {
+		nss = append(nss, &net.NS{Host: h})
+	}
+	return nss, nil
+}
+
 type RootResolver struct{}
 
 // https://en.wikipedia.org/wiki/Root_name_server
@@ -38,6 +117,9 @@ var rootServers = []*net.NS{
 }
 
 func (r RootResolver) LookupIPAddr(ctx context.Context, domain string) ([]net.IPAddr, error) {
+	if fabricClient != nil {
+		return FabricResolver{Client: fabricClient}.LookupIPAddr(ctx, domain)
+	}
 	for range 10 {
 		ips, err := r.getResolver(ctx, domain).LookupIPAddr(ctx, domain)
 		if err != nil {
@@ -54,10 +136,16 @@ func (r RootResolver) LookupIPAddr(ctx context.Context, domain string) ([]net.IP
 }
 
 func (r RootResolver) LookupCNAME(ctx context.Context, domain string) (string, error) {
+	if fabricClient != nil {
+		return FabricResolver{Client: fabricClient}.LookupCNAME(ctx, domain)
+	}
 	return r.getResolver(ctx, domain).LookupCNAME(ctx, domain)
 }
 
 func (r RootResolver) LookupNS(ctx context.Context, domain string) ([]*net.NS, error) {
+	if fabricClient != nil {
+		return FabricResolver{Client: fabricClient}.LookupNS(ctx, domain)
+	}
 	return r.getResolver(ctx, domain).LookupNS(ctx, domain)
 }