We are removing the TLS atributte from Client type. Now if you want to enable
DNS over TLS you should use the value "tcp-tls", "tcp4-tls" or "tcp6-tls" in
Net attribute.
See #297
After some thoughts, I realized that the fallback should be made by who is
using the client, as it will need to change the port (from 853 to 53). This
would also remove from the library the complexity of storing the recursive
nameservers that aren't working well with TLS (draft-ietf-dprive-dns-over-tls,
section 3.1).
See #297
As tlc.Conn is just a TCP connection after the handshake, we will modify the
TCP functions to work with an io.Reader/io.Writer parameter instead of a
net.TCPConn so we can reuse them.
See #297
When starting a TLS connection in some environments, we usually disabled some
certificates checks to allow tests with self-signed certificates. To disable
this checks we need to change some TLS parameters when starting a connection,
and for that we need to inject this parameters in the API.
Now the Client will also have an attribute for the TLS configuration
parameters. For future refactories, we could change the TLS attribute from bool
to a struct that would store the "Enable" flag and the configuration.
See #297
We should allow the client to send requests to a recursive DNS server using a
encrypted connection. This is proposed on the document
draft-ietf-dprive-dns-over-tls [1].
For now we didn't allow the API user to change the TLS configuration (using
defaults). We also need to add the intelligence to fallback to normal DNS when
the TLS connection fails (as described in the draft).
See #297
[1] http://tools.ietf.org/html/draft-ietf-dprive-dns-over-tls-02
The current code sets the read deadline at the same time as the write
deadline. If the write nearly times out but doesn't, the read timeout
can fire before the read happens within the specified deadline.
Make Client's exchange function easier to read by moving timeout logic
into separate functions.
Start the timers closer to where they're used so that time from other
logic doesn't impact the deadlines.
Reduce some code duplication by making Exchange() use Client.Exchange().
When performing an Exchange if the query ID does not match the answer ID
return an error. Also add a test for this condition.
In client.Exchange we *did* check for this size, to the same in the
function Exchange(). This bug surfaced in issue #184, this sort of
fixes it.
Closes#184.
The interface conversion from socket.Conn to net.UDPConn fails, but
since you can use a generic Read(b) in place of ReadFromUDP(b) it makes
sense to git rid of the conversion to net.UDPConn. This change allows
the use of the client library for UDP DNS lookup using the
appengine/socket package's Conn.
For the same reasons the interface conversions for TCP connections were
also removed.
Export lowlevel function and types so that they may be used.
They higher level Exchange function is still there. ExchangeConn
is gone, because it is not needed.
Didn't like it anyway and it made the calling logic a mess. So it is
now removed. Failed queries can be redone, but they should be initiated
from the client, not within the library.
Thanks to a bug report from Vitalie Cherpec which commented that this
didn't work.
The timeout settings we not in the client.attempts loop, so they
were only active for the first attempt. And the loop wasn't broken
out of when the write or read succeeded.
Both these issues are now fixed.
Before the tcp writes were done like NSD does them:
2 bytes length, and the rest of the message.
Now a complete buffer is created with LLMMM...MMM, where
LL is the 2 byte length and MMM...MMM is the message to be send.
This makes the reply faster at the cost of doing a realloc of the
message buffer.
All the relevant functions now return an error instead of
a simple boolean. This greatly approves the feedback to coders.
Spotted some fishy error handling along the way and fix that too.
Nick Galbreath
Rafael Dantas Justo
James Hartig
Tomás Senart
Miek Gieben
Alex Sergeyev
Michael Haro
StalkR
Marek Majkowski
Eric Gavaletz