| // Copyright 2013 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| // +build darwin dragonfly freebsd linux netbsd openbsd solaris |
| |
| package net |
| |
| import ( |
| "context" |
| "fmt" |
| "internal/testenv" |
| "io/ioutil" |
| "os" |
| "path" |
| "reflect" |
| "strings" |
| "sync" |
| "testing" |
| "time" |
| ) |
| |
| // Test address from 192.0.2.0/24 block, reserved by RFC 5737 for documentation. |
| const TestAddr uint32 = 0xc0000201 |
| |
| var dnsTransportFallbackTests = []struct { |
| server string |
| name string |
| qtype uint16 |
| timeout int |
| rcode int |
| }{ |
| // Querying "com." with qtype=255 usually makes an answer |
| // which requires more than 512 bytes. |
| {"8.8.8.8:53", "com.", dnsTypeALL, 2, dnsRcodeSuccess}, |
| {"8.8.4.4:53", "com.", dnsTypeALL, 4, dnsRcodeSuccess}, |
| } |
| |
| func TestDNSTransportFallback(t *testing.T) { |
| testenv.MustHaveExternalNetwork(t) |
| |
| for _, tt := range dnsTransportFallbackTests { |
| ctx, cancel := context.WithTimeout(context.Background(), time.Duration(tt.timeout)*time.Second) |
| defer cancel() |
| msg, err := exchange(ctx, tt.server, tt.name, tt.qtype) |
| if err != nil { |
| t.Error(err) |
| continue |
| } |
| switch msg.rcode { |
| case tt.rcode, dnsRcodeServerFailure: |
| default: |
| t.Errorf("got %v from %v; want %v", msg.rcode, tt.server, tt.rcode) |
| continue |
| } |
| } |
| } |
| |
| // See RFC 6761 for further information about the reserved, pseudo |
| // domain names. |
| var specialDomainNameTests = []struct { |
| name string |
| qtype uint16 |
| rcode int |
| }{ |
| // Name resolution APIs and libraries should not recognize the |
| // followings as special. |
| {"1.0.168.192.in-addr.arpa.", dnsTypePTR, dnsRcodeNameError}, |
| {"test.", dnsTypeALL, dnsRcodeNameError}, |
| {"example.com.", dnsTypeALL, dnsRcodeSuccess}, |
| |
| // Name resolution APIs and libraries should recognize the |
| // followings as special and should not send any queries. |
| // Though, we test those names here for verifying negative |
| // answers at DNS query-response interaction level. |
| {"localhost.", dnsTypeALL, dnsRcodeNameError}, |
| {"invalid.", dnsTypeALL, dnsRcodeNameError}, |
| } |
| |
| func TestSpecialDomainName(t *testing.T) { |
| testenv.MustHaveExternalNetwork(t) |
| |
| server := "8.8.8.8:53" |
| for _, tt := range specialDomainNameTests { |
| ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second) |
| defer cancel() |
| msg, err := exchange(ctx, server, tt.name, tt.qtype) |
| if err != nil { |
| t.Error(err) |
| continue |
| } |
| switch msg.rcode { |
| case tt.rcode, dnsRcodeServerFailure: |
| default: |
| t.Errorf("got %v from %v; want %v", msg.rcode, server, tt.rcode) |
| continue |
| } |
| } |
| } |
| |
| // Issue 13705: don't try to resolve onion addresses, etc |
| func TestAvoidDNSName(t *testing.T) { |
| tests := []struct { |
| name string |
| avoid bool |
| }{ |
| {"foo.com", false}, |
| {"foo.com.", false}, |
| |
| {"foo.onion.", true}, |
| {"foo.onion", true}, |
| {"foo.ONION", true}, |
| {"foo.ONION.", true}, |
| |
| // But do resolve *.local address; Issue 16739 |
| {"foo.local.", false}, |
| {"foo.local", false}, |
| {"foo.LOCAL", false}, |
| {"foo.LOCAL.", false}, |
| |
| {"", true}, // will be rejected earlier too |
| |
| // Without stuff before onion/local, they're fine to |
| // use DNS. With a search path, |
| // "onion.vegegtables.com" can use DNS. Without a |
| // search path (or with a trailing dot), the queries |
| // are just kinda useless, but don't reveal anything |
| // private. |
| {"local", false}, |
| {"onion", false}, |
| {"local.", false}, |
| {"onion.", false}, |
| } |
| for _, tt := range tests { |
| got := avoidDNS(tt.name) |
| if got != tt.avoid { |
| t.Errorf("avoidDNS(%q) = %v; want %v", tt.name, got, tt.avoid) |
| } |
| } |
| } |
| |
| // Issue 13705: don't try to resolve onion addresses, etc |
| func TestLookupTorOnion(t *testing.T) { |
| addrs, err := goLookupIP(context.Background(), "foo.onion") |
| if len(addrs) > 0 { |
| t.Errorf("unexpected addresses: %v", addrs) |
| } |
| if err != nil { |
| t.Fatalf("lookup = %v; want nil", err) |
| } |
| } |
| |
| type resolvConfTest struct { |
| dir string |
| path string |
| *resolverConfig |
| } |
| |
| func newResolvConfTest() (*resolvConfTest, error) { |
| dir, err := ioutil.TempDir("", "go-resolvconftest") |
| if err != nil { |
| return nil, err |
| } |
| conf := &resolvConfTest{ |
| dir: dir, |
| path: path.Join(dir, "resolv.conf"), |
| resolverConfig: &resolvConf, |
| } |
| conf.initOnce.Do(conf.init) |
| return conf, nil |
| } |
| |
| func (conf *resolvConfTest) writeAndUpdate(lines []string) error { |
| f, err := os.OpenFile(conf.path, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0600) |
| if err != nil { |
| return err |
| } |
| if _, err := f.WriteString(strings.Join(lines, "\n")); err != nil { |
| f.Close() |
| return err |
| } |
| f.Close() |
| if err := conf.forceUpdate(conf.path, time.Now().Add(time.Hour)); err != nil { |
| return err |
| } |
| return nil |
| } |
| |
| func (conf *resolvConfTest) forceUpdate(name string, lastChecked time.Time) error { |
| dnsConf := dnsReadConfig(name) |
| conf.mu.Lock() |
| conf.dnsConfig = dnsConf |
| conf.mu.Unlock() |
| for i := 0; i < 5; i++ { |
| if conf.tryAcquireSema() { |
| conf.lastChecked = lastChecked |
| conf.releaseSema() |
| return nil |
| } |
| } |
| return fmt.Errorf("tryAcquireSema for %s failed", name) |
| } |
| |
| func (conf *resolvConfTest) servers() []string { |
| conf.mu.RLock() |
| servers := conf.dnsConfig.servers |
| conf.mu.RUnlock() |
| return servers |
| } |
| |
| func (conf *resolvConfTest) teardown() error { |
| err := conf.forceUpdate("/etc/resolv.conf", time.Time{}) |
| os.RemoveAll(conf.dir) |
| return err |
| } |
| |
| var updateResolvConfTests = []struct { |
| name string // query name |
| lines []string // resolver configuration lines |
| servers []string // expected name servers |
| }{ |
| { |
| name: "golang.org", |
| lines: []string{"nameserver 8.8.8.8"}, |
| servers: []string{"8.8.8.8:53"}, |
| }, |
| { |
| name: "", |
| lines: nil, // an empty resolv.conf should use defaultNS as name servers |
| servers: defaultNS, |
| }, |
| { |
| name: "www.example.com", |
| lines: []string{"nameserver 8.8.4.4"}, |
| servers: []string{"8.8.4.4:53"}, |
| }, |
| } |
| |
| func TestUpdateResolvConf(t *testing.T) { |
| testenv.MustHaveExternalNetwork(t) |
| |
| conf, err := newResolvConfTest() |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer conf.teardown() |
| |
| for i, tt := range updateResolvConfTests { |
| if err := conf.writeAndUpdate(tt.lines); err != nil { |
| t.Error(err) |
| continue |
| } |
| if tt.name != "" { |
| var wg sync.WaitGroup |
| const N = 10 |
| wg.Add(N) |
| for j := 0; j < N; j++ { |
| go func(name string) { |
| defer wg.Done() |
| ips, err := goLookupIP(context.Background(), name) |
| if err != nil { |
| t.Error(err) |
| return |
| } |
| if len(ips) == 0 { |
| t.Errorf("no records for %s", name) |
| return |
| } |
| }(tt.name) |
| } |
| wg.Wait() |
| } |
| servers := conf.servers() |
| if !reflect.DeepEqual(servers, tt.servers) { |
| t.Errorf("#%d: got %v; want %v", i, servers, tt.servers) |
| continue |
| } |
| } |
| } |
| |
| var goLookupIPWithResolverConfigTests = []struct { |
| name string |
| lines []string // resolver configuration lines |
| error |
| a, aaaa bool // whether response contains A, AAAA-record |
| }{ |
| // no records, transport timeout |
| { |
| "jgahvsekduiv9bw4b3qhn4ykdfgj0493iohkrjfhdvhjiu4j", |
| []string{ |
| "options timeout:1 attempts:1", |
| "nameserver 255.255.255.255", // please forgive us for abuse of limited broadcast address |
| }, |
| &DNSError{Name: "jgahvsekduiv9bw4b3qhn4ykdfgj0493iohkrjfhdvhjiu4j", Server: "255.255.255.255:53", IsTimeout: true}, |
| false, false, |
| }, |
| |
| // no records, non-existent domain |
| { |
| "jgahvsekduiv9bw4b3qhn4ykdfgj0493iohkrjfhdvhjiu4j", |
| []string{ |
| "options timeout:3 attempts:1", |
| "nameserver 8.8.8.8", |
| }, |
| &DNSError{Name: "jgahvsekduiv9bw4b3qhn4ykdfgj0493iohkrjfhdvhjiu4j", Server: "8.8.8.8:53", IsTimeout: false}, |
| false, false, |
| }, |
| |
| // a few A records, no AAAA records |
| { |
| "ipv4.google.com.", |
| []string{ |
| "nameserver 8.8.8.8", |
| "nameserver 2001:4860:4860::8888", |
| }, |
| nil, |
| true, false, |
| }, |
| { |
| "ipv4.google.com", |
| []string{ |
| "domain golang.org", |
| "nameserver 2001:4860:4860::8888", |
| "nameserver 8.8.8.8", |
| }, |
| nil, |
| true, false, |
| }, |
| { |
| "ipv4.google.com", |
| []string{ |
| "search x.golang.org y.golang.org", |
| "nameserver 2001:4860:4860::8888", |
| "nameserver 8.8.8.8", |
| }, |
| nil, |
| true, false, |
| }, |
| |
| // no A records, a few AAAA records |
| { |
| "ipv6.google.com.", |
| []string{ |
| "nameserver 2001:4860:4860::8888", |
| "nameserver 8.8.8.8", |
| }, |
| nil, |
| false, true, |
| }, |
| { |
| "ipv6.google.com", |
| []string{ |
| "domain golang.org", |
| "nameserver 8.8.8.8", |
| "nameserver 2001:4860:4860::8888", |
| }, |
| nil, |
| false, true, |
| }, |
| { |
| "ipv6.google.com", |
| []string{ |
| "search x.golang.org y.golang.org", |
| "nameserver 8.8.8.8", |
| "nameserver 2001:4860:4860::8888", |
| }, |
| nil, |
| false, true, |
| }, |
| |
| // both A and AAAA records |
| { |
| "hostname.as112.net", // see RFC 7534 |
| []string{ |
| "domain golang.org", |
| "nameserver 2001:4860:4860::8888", |
| "nameserver 8.8.8.8", |
| }, |
| nil, |
| true, true, |
| }, |
| { |
| "hostname.as112.net", // see RFC 7534 |
| []string{ |
| "search x.golang.org y.golang.org", |
| "nameserver 2001:4860:4860::8888", |
| "nameserver 8.8.8.8", |
| }, |
| nil, |
| true, true, |
| }, |
| } |
| |
| func TestGoLookupIPWithResolverConfig(t *testing.T) { |
| testenv.MustHaveExternalNetwork(t) |
| |
| conf, err := newResolvConfTest() |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer conf.teardown() |
| |
| for _, tt := range goLookupIPWithResolverConfigTests { |
| if err := conf.writeAndUpdate(tt.lines); err != nil { |
| t.Error(err) |
| continue |
| } |
| addrs, err := goLookupIP(context.Background(), tt.name) |
| if err != nil { |
| // This test uses external network connectivity. |
| // We need to take care with errors on both |
| // DNS message exchange layer and DNS |
| // transport layer because goLookupIP may fail |
| // when the IP connectivity on node under test |
| // gets lost during its run. |
| if err, ok := err.(*DNSError); !ok || tt.error != nil && (err.Name != tt.error.(*DNSError).Name || err.Server != tt.error.(*DNSError).Server || err.IsTimeout != tt.error.(*DNSError).IsTimeout) { |
| t.Errorf("got %v; want %v", err, tt.error) |
| } |
| continue |
| } |
| if len(addrs) == 0 { |
| t.Errorf("no records for %s", tt.name) |
| } |
| if !tt.a && !tt.aaaa && len(addrs) > 0 { |
| t.Errorf("unexpected %v for %s", addrs, tt.name) |
| } |
| for _, addr := range addrs { |
| if !tt.a && addr.IP.To4() != nil { |
| t.Errorf("got %v; must not be IPv4 address", addr) |
| } |
| if !tt.aaaa && addr.IP.To16() != nil && addr.IP.To4() == nil { |
| t.Errorf("got %v; must not be IPv6 address", addr) |
| } |
| } |
| } |
| } |
| |
| // Test that goLookupIPOrder falls back to the host file when no DNS servers are available. |
| func TestGoLookupIPOrderFallbackToFile(t *testing.T) { |
| testenv.MustHaveExternalNetwork(t) |
| |
| // Add a config that simulates no dns servers being available. |
| conf, err := newResolvConfTest() |
| if err != nil { |
| t.Fatal(err) |
| } |
| if err := conf.writeAndUpdate([]string{}); err != nil { |
| t.Fatal(err) |
| } |
| // Redirect host file lookups. |
| defer func(orig string) { testHookHostsPath = orig }(testHookHostsPath) |
| testHookHostsPath = "testdata/hosts" |
| |
| for _, order := range []hostLookupOrder{hostLookupFilesDNS, hostLookupDNSFiles} { |
| name := fmt.Sprintf("order %v", order) |
| |
| // First ensure that we get an error when contacting a non-existent host. |
| _, err := goLookupIPOrder(context.Background(), "notarealhost", order) |
| if err == nil { |
| t.Errorf("%s: expected error while looking up name not in hosts file", name) |
| continue |
| } |
| |
| // Now check that we get an address when the name appears in the hosts file. |
| addrs, err := goLookupIPOrder(context.Background(), "thor", order) // entry is in "testdata/hosts" |
| if err != nil { |
| t.Errorf("%s: expected to successfully lookup host entry", name) |
| continue |
| } |
| if len(addrs) != 1 { |
| t.Errorf("%s: expected exactly one result, but got %v", name, addrs) |
| continue |
| } |
| if got, want := addrs[0].String(), "127.1.1.1"; got != want { |
| t.Errorf("%s: address doesn't match expectation. got %v, want %v", name, got, want) |
| } |
| } |
| defer conf.teardown() |
| } |
| |
| // Issue 12712. |
| // When using search domains, return the error encountered |
| // querying the original name instead of an error encountered |
| // querying a generated name. |
| func TestErrorForOriginalNameWhenSearching(t *testing.T) { |
| const fqdn = "doesnotexist.domain" |
| |
| origTestHookDNSDialer := testHookDNSDialer |
| defer func() { testHookDNSDialer = origTestHookDNSDialer }() |
| |
| conf, err := newResolvConfTest() |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer conf.teardown() |
| |
| if err := conf.writeAndUpdate([]string{"search servfail"}); err != nil { |
| t.Fatal(err) |
| } |
| |
| d := &fakeDNSDialer{} |
| testHookDNSDialer = func() dnsDialer { return d } |
| |
| d.rh = func(s string, q *dnsMsg) (*dnsMsg, error) { |
| r := &dnsMsg{ |
| dnsMsgHdr: dnsMsgHdr{ |
| id: q.id, |
| }, |
| } |
| |
| switch q.question[0].Name { |
| case fqdn + ".servfail.": |
| r.rcode = dnsRcodeServerFailure |
| default: |
| r.rcode = dnsRcodeNameError |
| } |
| |
| return r, nil |
| } |
| |
| _, err = goLookupIP(context.Background(), fqdn) |
| if err == nil { |
| t.Fatal("expected an error") |
| } |
| |
| want := &DNSError{Name: fqdn, Err: errNoSuchHost.Error()} |
| if err, ok := err.(*DNSError); !ok || err.Name != want.Name || err.Err != want.Err { |
| t.Errorf("got %v; want %v", err, want) |
| } |
| } |
| |
| // Issue 15434. If a name server gives a lame referral, continue to the next. |
| func TestIgnoreLameReferrals(t *testing.T) { |
| origTestHookDNSDialer := testHookDNSDialer |
| defer func() { testHookDNSDialer = origTestHookDNSDialer }() |
| |
| conf, err := newResolvConfTest() |
| if err != nil { |
| t.Fatal(err) |
| } |
| defer conf.teardown() |
| |
| if err := conf.writeAndUpdate([]string{"nameserver 192.0.2.1", "nameserver 192.0.2.2"}); err != nil { |
| t.Fatal(err) |
| } |
| |
| d := &fakeDNSDialer{} |
| testHookDNSDialer = func() dnsDialer { return d } |
| |
| d.rh = func(s string, q *dnsMsg) (*dnsMsg, error) { |
| t.Log(s, q) |
| r := &dnsMsg{ |
| dnsMsgHdr: dnsMsgHdr{ |
| id: q.id, |
| response: true, |
| }, |
| question: q.question, |
| } |
| |
| if s == "192.0.2.2:53" { |
| r.recursion_available = true |
| if q.question[0].Qtype == dnsTypeA { |
| r.answer = []dnsRR{ |
| &dnsRR_A{ |
| Hdr: dnsRR_Header{ |
| Name: q.question[0].Name, |
| Rrtype: dnsTypeA, |
| Class: dnsClassINET, |
| Rdlength: 4, |
| }, |
| A: TestAddr, |
| }, |
| } |
| } |
| } |
| |
| return r, nil |
| } |
| |
| addrs, err := goLookupIP(context.Background(), "www.golang.org") |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| if got := len(addrs); got != 1 { |
| t.Fatalf("got %d addresses, want 1", got) |
| } |
| |
| if got, want := addrs[0].String(), "192.0.2.1"; got != want { |
| t.Fatalf("got address %v, want %v", got, want) |
| } |
| } |
| |
| func BenchmarkGoLookupIP(b *testing.B) { |
| testHookUninstaller.Do(uninstallTestHooks) |
| ctx := context.Background() |
| |
| for i := 0; i < b.N; i++ { |
| goLookupIP(ctx, "www.example.com") |
| } |
| } |
| |
| func BenchmarkGoLookupIPNoSuchHost(b *testing.B) { |
| testHookUninstaller.Do(uninstallTestHooks) |
| ctx := context.Background() |
| |
| for i := 0; i < b.N; i++ { |
| goLookupIP(ctx, "some.nonexistent") |
| } |
| } |
| |
| func BenchmarkGoLookupIPWithBrokenNameServer(b *testing.B) { |
| testHookUninstaller.Do(uninstallTestHooks) |
| |
| conf, err := newResolvConfTest() |
| if err != nil { |
| b.Fatal(err) |
| } |
| defer conf.teardown() |
| |
| lines := []string{ |
| "nameserver 203.0.113.254", // use TEST-NET-3 block, see RFC 5737 |
| "nameserver 8.8.8.8", |
| } |
| if err := conf.writeAndUpdate(lines); err != nil { |
| b.Fatal(err) |
| } |
| ctx := context.Background() |
| |
| for i := 0; i < b.N; i++ { |
| goLookupIP(ctx, "www.example.com") |
| } |
| } |
| |
| type fakeDNSDialer struct { |
| // reply handler |
| rh func(s string, q *dnsMsg) (*dnsMsg, error) |
| } |
| |
| func (f *fakeDNSDialer) dialDNS(_ context.Context, n, s string) (dnsConn, error) { |
| return &fakeDNSConn{f.rh, s}, nil |
| } |
| |
| type fakeDNSConn struct { |
| rh func(s string, q *dnsMsg) (*dnsMsg, error) |
| s string |
| } |
| |
| func (f *fakeDNSConn) Close() error { |
| return nil |
| } |
| |
| func (f *fakeDNSConn) SetDeadline(time.Time) error { |
| return nil |
| } |
| |
| func (f *fakeDNSConn) dnsRoundTrip(q *dnsMsg) (*dnsMsg, error) { |
| return f.rh(f.s, q) |
| } |
| |
| // UDP round-tripper algorithm should ignore invalid DNS responses (issue 13281). |
| func TestIgnoreDNSForgeries(t *testing.T) { |
| c, s := Pipe() |
| go func() { |
| b := make([]byte, 512) |
| n, err := s.Read(b) |
| if err != nil { |
| t.Fatal(err) |
| } |
| |
| msg := &dnsMsg{} |
| if !msg.Unpack(b[:n]) { |
| t.Fatal("invalid DNS query") |
| } |
| |
| s.Write([]byte("garbage DNS response packet")) |
| |
| msg.response = true |
| msg.id++ // make invalid ID |
| b, ok := msg.Pack() |
| if !ok { |
| t.Fatal("failed to pack DNS response") |
| } |
| s.Write(b) |
| |
| msg.id-- // restore original ID |
| msg.answer = []dnsRR{ |
| &dnsRR_A{ |
| Hdr: dnsRR_Header{ |
| Name: "www.example.com.", |
| Rrtype: dnsTypeA, |
| Class: dnsClassINET, |
| Rdlength: 4, |
| }, |
| A: TestAddr, |
| }, |
| } |
| |
| b, ok = msg.Pack() |
| if !ok { |
| t.Fatal("failed to pack DNS response") |
| } |
| s.Write(b) |
| }() |
| |
| msg := &dnsMsg{ |
| dnsMsgHdr: dnsMsgHdr{ |
| id: 42, |
| }, |
| question: []dnsQuestion{ |
| { |
| Name: "www.example.com.", |
| Qtype: dnsTypeA, |
| Qclass: dnsClassINET, |
| }, |
| }, |
| } |
| |
| resp, err := dnsRoundTripUDP(c, msg) |
| if err != nil { |
| t.Fatalf("dnsRoundTripUDP failed: %v", err) |
| } |
| |
| if got := resp.answer[0].(*dnsRR_A).A; got != TestAddr { |
| t.Errorf("got address %v, want %v", got, TestAddr) |
| } |
| } |