mirror of https://github.com/c-ares/c-ares.git
Tag:
Branch:
Tree:
02745437e6
coverity_scan
main
v1.23
v1.24
v1.25
v1.26
v1.27
v1.28
v1.29
v1.30
v1.31
v1.32
v1.33
v1.34
c-ares-1_17_0
c-ares-1_2_0
cares-1_10_0
cares-1_11_0
cares-1_11_0-rc1
cares-1_12_0
cares-1_13_0
cares-1_14_0
cares-1_15_0
cares-1_16_0
cares-1_16_1
cares-1_17_1
cares-1_17_2
cares-1_18_0
cares-1_18_1
cares-1_19_0
cares-1_19_1
cares-1_1_0
cares-1_20_0
cares-1_20_1
cares-1_21_0
cares-1_22_0
cares-1_22_1
cares-1_23_0
cares-1_24_0
cares-1_25_0
cares-1_26_0
cares-1_27_0
cares-1_28_0
cares-1_28_1
cares-1_29_0
cares-1_2_1
cares-1_3_1
cares-1_3_2
cares-1_4_0
cares-1_5_0
cares-1_5_1
cares-1_5_2
cares-1_5_3
cares-1_6_0
cares-1_7_0
cares-1_7_1
cares-1_7_2
cares-1_7_3
cares-1_7_4
cares-1_7_5
cares-1_8_0
cares-1_9_0
cares-1_9_1
curl-7_10_8
curl-7_11_0
curl-7_11_1
curl-7_12_0
curl-7_12_1
curl-7_12_2
curl-7_13_0
curl-7_13_1
curl-7_13_2
curl-7_14_0
curl-7_14_1
curl-7_15_0
curl-7_15_1
curl-7_15_3
curl-7_15_4
curl-7_15_5
curl-7_15_6-prepipeline
curl-7_16_0
curl-7_16_1
curl-7_16_2
curl-7_16_3
curl-7_16_4
curl-7_17_0
curl-7_17_1
curl-7_18_0
curl-7_18_1
curl-7_18_2
curl-7_19_0
curl-7_19_2
curl-7_19_3
curl-7_19_4
curl-7_19_5
curl-7_19_6
curl-7_19_7
curl-7_20_0
v1.30.0
v1.31.0
v1.32.0
v1.32.1
v1.32.2
v1.32.3
v1.33.0
v1.33.1
v1.34.0
v1.34.1
v1.34.2
v1.34.3
${ noResults }
1 Commits (02745437e66affc4c1f26dc2899ab184f20250da)
Author | SHA1 | Message | Date |
---|---|---|---|
Brad House |
9dd78e2f23
|
URI parser/writer for ares_set_servers_csv()/ares_get_servers_csv() (#882)
The DNS server format is insufficient for future configurations, such as supporting DNS over TLS (DoT) and DNS over HTTPS (DoH), as well as additional functionality such as domain-specific servers. Already, in the case where different UDP and TCP ports are used, it is impossible to represent in the current format. In order to try to use some standardized format, we are going to define our own URI schemes that should be parse-able by any URI parser. The new scheme will only be used when the configuration cannot otherwise be expressed using the current `ipaddr%iface:port` format, which is the format used as the nameserver configuration in `/etc/resolv.conf`. However, the parser `ares_set_servers_csv()` shall accept the new URI scheme format even when it is not necessary. This PR implements a URI parser and writer and hooks the basic usage into `ares_set_servers_csv()` and `ares_get_servers_csv()` as well as provides updated documentation in the relevant manpages. We will define these URI schemes: * `dns://` - Normal DNS server (UDP + TCP). We need to be careful not to conflict with query params defined in https://datatracker.ietf.org/doc/html/rfc4501 since we'd technically be extending this URI scheme. Port defaults to `53`. * `dns+tls://` - DNS over TLS. Port defaults to `853`. * `dns+https://` - DNS over HTTPS. Port defaults to `443`. We initially will define these query parameters (additional arguments may be required in the future to specify options such as TLS certificate validation rules): * `tcpport` - TCP port to use, only for `dns://` scheme. The `port` specified as part of the `authority` component of the URI will be used for both UDP and TCP by default, this option will override the TCP port. * `ipaddr` - Only for `dns+tls://` and `dns+https://`. If the `authority` component of the URI contains a hostname, this is used to specify the ip address of the hostname. If not specified, will need to use a non-secure server to perform a DNS lookup to retrieve this information. It is always recommended to have both the ip address and fully qualified domain name specified. * `hostname` - Only for `dns+tls://` and `dns+https://`. If the `authority` component of the URI contains an ip address, this is used to specify the fully qualified domain name of the server. If not specified, will need to use a non-secure server to perform a DNS reverse lookup to retrieve this information. It is always recommended to have both the ip address and fully qualified domain name specified. * `domain` - If specified, this server is a domain-specific server. Any queries for this domain will be routed to this server. Multiple servers may be tagged with the same domain. Examples: ``` dns://8.8.8.8 dns://[2001:4860:4860::8888] dns://[fe80::b542:84df:1719:65e3%en0] dns://192.168.1.1:55 dns://192.168.1.1?tcpport=1153 dns://10.0.1.1?domain=myvpn.com dns+tls://8.8.8.8?hostname=dns.google dns+tls://one.one.one.one?ipaddr=1.1.1.1 ``` NOTE: While we are defining the scheme for things like domain-specific servers, DNS over TLS and DNS over HTTPS, the underlying implementations for those features do not yet exist and therefore will result in errors if they are attempted to be used. ### Non-compliance in implementation All these could be easily implemented/fixed if desired, however any such changes would be of no use to the current c-ares usage of URIs: * Does not currently support relative references * Requires use of the authority section, blank is not allowed * The query string is interpreted to be in [application/x-www-form-urlencoded](https://en.wikipedia.org/wiki/Application/x-www-form-urlencoded) format only and will result in parse errors if it is not. This is the most common format used, however technically not valid to mandate this format is used. We could add flags in the future to treat the query string as opaque and leave it to the user to process. Or we could internally have a list of schemes that use this format. * [IDNA](https://en.wikipedia.org/wiki/Internationalized_domain_name) is not supported. * Does not support hex-encoded IPv4 addresses (this is compliant with RFC3986, but not WHATWG) Authored-By: Brad House (@bradh352) |
3 months ago |