local-ip.sh/xip/xip.go

408 lines
10 KiB
Go

package xip
import (
"fmt"
"log"
"net"
"os"
"regexp"
"strings"
"time"
"github.com/miekg/dns"
)
type Xip struct {
server dns.Server
zone string
nameServers []*dns.NS
}
type HardcodedRecord struct {
A []*dns.A
AAAA []*dns.AAAA
TXT *dns.TXT
MX []*dns.MX
CNAME []*dns.CNAME
}
var (
flyRegion = os.Getenv("FLY_REGION")
dottedIpV4Regex = regexp.MustCompile(`(?:^|(?:[\w\d])+\.)(((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4})($|[.-])`)
dashedIpV4Regex = regexp.MustCompile(`(?:^|(?:[\w\d])+\.)(((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\-?\b){4})($|[.-])`)
hardcodedRecords = map[string]HardcodedRecord{
"ns.local-ip.sh.": {
// record holding ip addresses of ns1 and ns2
A: []*dns.A{
{A: net.IPv4(137, 66, 25, 53)},
{A: net.IPv4(188, 93, 146, 54)},
},
},
"ns1.local-ip.sh.": {
A: []*dns.A{
{A: net.IPv4(137, 66, 25, 53)}, // fly.io global ip address
},
},
"ns2.local-ip.sh.": {
A: []*dns.A{
{A: net.IPv4(188, 93, 146, 54)}, // fly.io global ip address #2
},
},
"local-ip.sh.": {
A: []*dns.A{
{A: net.IPv4(37, 16, 23, 113)},
},
AAAA: []*dns.AAAA{
{AAAA: net.IP{0x2a, 0x09, 0x82, 0x80, 0, 0x01, 0, 0, 0, 0, 0, 0, 0, 0x1C, 0xC1, 0xC1}},
},
TXT: &dns.TXT{
Txt: []string{
"sl-verification=frudknyqpqlpgzbglkqnsmorfcvxrf",
"v=spf1 include:simplelogin.co ~all",
},
},
MX: []*dns.MX{
{Preference: 10, Mx: "mx1.simplelogin.co."},
{Preference: 20, Mx: "mx2.simplelogin.co."},
},
},
"_dmarc.local-ip.sh.": {
TXT: &dns.TXT{
Txt: []string{"v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s"},
},
},
"dkim._domainkey.local-ip.sh.": {
CNAME: []*dns.CNAME{
{Target: "dkim._domainkey.simplelogin.co."},
},
},
"dkim02._domainkey.local-ip.sh.": {
CNAME: []*dns.CNAME{
{Target: "dkim02._domainkey.simplelogin.co."},
},
},
"dkim03._domainkey.local-ip.sh.": {
CNAME: []*dns.CNAME{
{Target: "dkim03._domainkey.simplelogin.co."},
},
},
"_acme-challenge.local-ip.sh.": {
// if fly
CNAME: []*dns.CNAME{
{Target: "local-ip.sh.zzkxm3.flydns.net."},
},
// if manual
TXT: &dns.TXT{},
},
}
)
func (xip *Xip) SetTXTRecord(fqdn string, value string) {
log.Printf("trying to set TXT record \"%s\" for fqdn \"%s\"", value, fqdn)
if fqdn != "_acme-challenge.local-ip.sh." {
log.Println("not allowed, abort")
return
}
if records, ok := hardcodedRecords[fqdn]; ok {
records.TXT = &dns.TXT{
Txt: []string{value},
}
hardcodedRecords["_acme-challenge.local-ip.sh."] = records
}
}
func (xip *Xip) UnsetTXTRecord(fqdn string) {
log.Printf("trying to unset TXT record for fqdn \"%s\"", fqdn)
if fqdn != "_acme-challenge.local-ip.sh." {
log.Println("not allowed, abort")
return
}
if records, ok := hardcodedRecords[fqdn]; ok {
records.TXT = nil
hardcodedRecords["_acme-challenge.local-ip.sh."] = records
}
}
func (xip *Xip) fqdnToA(fqdn string) []*dns.A {
if hardcodedRecords[strings.ToLower(fqdn)].A != nil {
var records []*dns.A
for _, record := range hardcodedRecords[strings.ToLower(fqdn)].A {
records = append(records, &dns.A{
Hdr: dns.RR_Header{
// Ttl: uint32((time.Hour * 24 * 7).Seconds()),
Ttl: uint32((time.Second * 10).Seconds()),
Name: fqdn,
Rrtype: dns.TypeA,
Class: dns.ClassINET,
},
A: record.A,
})
}
return records
}
for _, ipV4RE := range []*regexp.Regexp{dashedIpV4Regex, dottedIpV4Regex} {
if ipV4RE.MatchString(fqdn) {
match := ipV4RE.FindStringSubmatch(fqdn)[1]
match = strings.ReplaceAll(match, "-", ".")
ipV4Address := net.ParseIP(match).To4()
if ipV4Address == nil {
return nil
}
return []*dns.A{{
Hdr: dns.RR_Header{
// Ttl: uint32((time.Hour * 24 * 7).Seconds()),
Ttl: uint32((time.Second * 10).Seconds()),
Name: fqdn,
Rrtype: dns.TypeA,
Class: dns.ClassINET,
},
A: ipV4Address,
}}
}
}
return nil
}
func (xip *Xip) answerWithAuthority(question dns.Question, message *dns.Msg) {
message.Ns = append(message.Ns, xip.soaRecord(question))
}
func (xip *Xip) handleA(question dns.Question, message *dns.Msg) {
fqdn := question.Name
records := xip.fqdnToA(fqdn)
if len(records) == 0 {
message.Rcode = dns.RcodeNameError
xip.answerWithAuthority(question, message)
return
}
for _, record := range records {
log.Printf("(%s) %s => %s\n", flyRegion, fqdn, record.A)
message.Answer = append(message.Answer, record)
}
}
func (xip *Xip) handleAAAA(question dns.Question, message *dns.Msg) {
fqdn := question.Name
if hardcodedRecords[strings.ToLower(fqdn)].AAAA == nil {
xip.answerWithAuthority(question, message)
return
}
for _, record := range hardcodedRecords[strings.ToLower(fqdn)].AAAA {
message.Answer = append(message.Answer, &dns.AAAA{
Hdr: dns.RR_Header{
// Ttl: uint32((time.Hour * 24 * 7).Seconds()),
Ttl: uint32((time.Second * 10).Seconds()),
Name: fqdn,
Rrtype: dns.TypeAAAA,
Class: dns.ClassINET,
},
AAAA: record.AAAA,
})
}
}
func (xip *Xip) handleNS(question dns.Question, message *dns.Msg) {
fqdn := question.Name
nameServers := []*dns.NS{}
additionals := []*dns.A{}
for _, ns := range xip.nameServers {
nameServers = append(nameServers, &dns.NS{
Hdr: dns.RR_Header{
// Ttl: uint32((time.Hour * 24 * 7).Seconds()),
Ttl: uint32((time.Second * 10).Seconds()),
Name: fqdn,
Rrtype: dns.TypeNS,
Class: dns.ClassINET,
},
Ns: ns.Ns,
})
additionals = append(additionals, xip.fqdnToA(ns.Ns)...)
}
for _, record := range nameServers {
message.Answer = append(message.Answer, record)
}
for _, record := range additionals {
message.Extra = append(message.Extra, record)
}
}
func (xip *Xip) handleTXT(question dns.Question, message *dns.Msg) {
fqdn := question.Name
if hardcodedRecords[strings.ToLower(fqdn)].TXT == nil {
xip.answerWithAuthority(question, message)
return
}
message.Answer = append(message.Answer, &dns.TXT{
Hdr: dns.RR_Header{
// Ttl: uint32((time.Hour * 24 * 7).Seconds()),
Ttl: uint32((time.Second * 120).Seconds()),
Name: fqdn,
Rrtype: dns.TypeTXT,
Class: dns.ClassINET,
},
Txt: hardcodedRecords[strings.ToLower(fqdn)].TXT.Txt,
})
}
func (xip *Xip) handleMX(question dns.Question, message *dns.Msg) {
fqdn := question.Name
if hardcodedRecords[strings.ToLower(fqdn)].MX == nil {
xip.answerWithAuthority(question, message)
return
}
for _, record := range hardcodedRecords[strings.ToLower(fqdn)].MX {
message.Answer = append(message.Answer, &dns.MX{
Hdr: dns.RR_Header{
// Ttl: uint32((time.Hour * 24 * 7).Seconds()),
Ttl: uint32((time.Second * 10).Seconds()),
Name: fqdn,
Rrtype: dns.TypeMX,
Class: dns.ClassINET,
},
Mx: record.Mx,
Preference: record.Preference,
})
}
}
func (xip *Xip) handleCNAME(question dns.Question, message *dns.Msg) {
fqdn := question.Name
if hardcodedRecords[strings.ToLower(fqdn)].CNAME == nil {
xip.answerWithAuthority(question, message)
return
}
for _, record := range hardcodedRecords[strings.ToLower(fqdn)].CNAME {
message.Answer = append(message.Answer, &dns.CNAME{
Hdr: dns.RR_Header{
// Ttl: uint32((time.Hour * 24 * 7).Seconds()),
Ttl: uint32((time.Second * 10).Seconds()),
Name: fqdn,
Rrtype: dns.TypeCNAME,
Class: dns.ClassINET,
},
Target: record.Target,
})
}
}
func (xip *Xip) handleSOA(question dns.Question, message *dns.Msg) {
message.Answer = append(message.Answer, xip.soaRecord(question))
}
func (xip *Xip) soaRecord(question dns.Question) *dns.SOA {
soa := new(dns.SOA)
soa.Hdr = dns.RR_Header{
Name: question.Name,
Rrtype: dns.TypeSOA,
Class: dns.ClassINET,
// Ttl: uint32((time.Hour * 24 * 7).Seconds()),
Ttl: uint32((time.Second * 10).Seconds()),
Rdlength: 0,
}
soa.Ns = "ns1.local-ip.sh."
soa.Mbox = "admin.local-ip.sh."
soa.Serial = 2022102800
// soa.Refresh = uint32((time.Minute * 15).Seconds())
soa.Refresh = uint32((time.Second * 10).Seconds())
// soa.Retry = uint32((time.Minute * 15).Seconds())
soa.Retry = uint32((time.Second * 10).Seconds())
// soa.Expire = uint32((time.Minute * 30).Seconds())
soa.Expire = uint32((time.Second * 10).Seconds())
// soa.Minttl = uint32((time.Minute * 5).Seconds())
soa.Minttl = uint32((time.Second * 10).Seconds())
return soa
}
func (xip *Xip) handleQuery(message *dns.Msg) {
for _, question := range message.Question {
// log.Printf("name: %s\n", question.Name)
// log.Printf("class: %d\n", question.Qclass)
// log.Printf("type: %d\n", question.Qtype)
/* if strings.HasPrefix(strings.ToLower(question.Name), "_acme-challenge.") {
message.Authoritative = false
} */
switch question.Qtype {
case dns.TypeA:
xip.handleA(question, message)
case dns.TypeAAAA:
xip.handleAAAA(question, message)
case dns.TypeNS:
xip.handleNS(question, message)
case dns.TypeTXT:
xip.handleTXT(question, message)
case dns.TypeMX:
xip.handleMX(question, message)
case dns.TypeCNAME:
xip.handleCNAME(question, message)
case dns.TypeSOA:
xip.handleSOA(question, message)
default:
xip.handleSOA(question, message)
}
}
}
func (xip *Xip) handleDnsRequest(response dns.ResponseWriter, request *dns.Msg) {
go func() {
message := new(dns.Msg)
message.SetReply(request)
message.Compress = true
message.Authoritative = true
message.RecursionAvailable = false
switch request.Opcode {
case dns.OpcodeQuery:
xip.handleQuery(message)
default:
message.MsgHdr.Rcode = dns.RcodeRefused
}
response.WriteMsg(message)
}()
}
func (xip *Xip) StartServer() {
log.Printf("Listening on %s\n", xip.server.Addr)
err := xip.server.ListenAndServe()
defer xip.server.Shutdown()
if err != nil {
log.Fatalf("Failed to start server: %s\n ", err.Error())
}
}
func NewXip(zone string, nameservers []string, port int) (xip *Xip) {
xip = &Xip{}
for _, ns := range nameservers {
xip.nameServers = append(xip.nameServers, &dns.NS{Ns: ns})
}
xip.server = dns.Server{
Addr: fmt.Sprintf("fly-global-services:%d", port),
Net: "udp",
}
dns.HandleFunc(zone, xip.handleDnsRequest)
return xip
}