Comparison

net/resolvers/basic.lua @ 11414:5a71f14ab77c

net.connect: Add DANE support Disabled DANE by default, since it needs extra steps to be useful. The built-in DNS stub resolver does not support DNSSEC so having DANE enabled by default only leads to an extra wasted DNS request.
author Kim Alvefur <zash@zash.se>
date Tue, 02 Mar 2021 22:41:59 +0100
parent 11008:fd735fe2fc50
child 11420:f768db80aee0
comparison
equal deleted inserted replaced
11413:9fb23779c863 11414:5a71f14ab77c
26 -- FIXME report IDNA error 26 -- FIXME report IDNA error
27 cb(nil); 27 cb(nil);
28 return; 28 return;
29 end 29 end
30 30
31 local secure = true;
32 local tlsa = {};
31 local targets = {}; 33 local targets = {};
32 local n = 2; 34 local n = 3;
33 local function ready() 35 local function ready()
34 n = n - 1; 36 n = n - 1;
35 if n > 0 then return; end 37 if n > 0 then return; end
36 self.targets = targets; 38 self.targets = targets;
39 if self.extra and self.extra.use_dane then
40 if secure then
41 self.extra.tlsa = tlsa;
42 self.extra.dane_hostname = self.hostname;
43 else
44 self.extra.tlsa = nil;
45 self.extra.dane_hostname = nil;
46 end
47 end
37 self:next(cb); 48 self:next(cb);
38 end 49 end
39 50
40 -- Resolve DNS to target list 51 -- Resolve DNS to target list
41 local dns_resolver = adns.resolver(); 52 local dns_resolver = adns.resolver();
42 53
43 if not self.extra or self.extra.use_ipv4 ~= false then 54 if not self.extra or self.extra.use_ipv4 ~= false then
44 dns_resolver:lookup(function (answer) 55 dns_resolver:lookup(function (answer)
45 if answer then 56 if answer then
57 secure = secure and answer.secure;
46 for _, record in ipairs(answer) do 58 for _, record in ipairs(answer) do
47 table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra }); 59 table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra });
48 end 60 end
49 end 61 end
50 ready(); 62 ready();
54 end 66 end
55 67
56 if not self.extra or self.extra.use_ipv6 ~= false then 68 if not self.extra or self.extra.use_ipv6 ~= false then
57 dns_resolver:lookup(function (answer) 69 dns_resolver:lookup(function (answer)
58 if answer then 70 if answer then
71 secure = secure and answer.secure;
59 for _, record in ipairs(answer) do 72 for _, record in ipairs(answer) do
60 table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra }); 73 table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra });
61 end 74 end
62 end 75 end
63 ready(); 76 ready();
64 end, self.hostname, "AAAA", "IN"); 77 end, self.hostname, "AAAA", "IN");
78 end
79
80 if self.extra and self.extra.use_dane == true then
81 dns_resolver:lookup(function (answer)
82 if answer then
83 secure = secure and answer.secure;
84 for _, record in ipairs(answer) do
85 table.insert(tlsa, record.tlsa);
86 end
87 end
88 ready();
89 end, ("_%d._tcp.%s"):format(self.port, self.hostname), "TLSA", "IN");
65 else 90 else
66 ready(); 91 ready();
67 end 92 end
68 end 93 end
69 94