Documentation
¶
Overview ¶
Package upstream implements DNS clients for all known DNS encryption protocols
Index ¶
Constants ¶
const NextProtoDQ = "doq-i02"
NextProtoDQ - During connection establishment, DNS/QUIC support is indicated by selecting the ALPN token "dq" in the crypto handshake.
Variables ¶
var CipherSuites []uint16
CipherSuites - custom list of TLSv1.2 ciphers nolint
var RootCAs *x509.CertPool
RootCAs is the CertPool that must be used by all upstreams Redefining RootCAs makes sense on iOS to overcome the 15MB memory limit of the NEPacketTunnelProvider nolint
Functions ¶
func LookupParallel ¶ added in v0.10.0
LookupParallel starts parallel lookup for host ip with many Resolvers First answer without error will be returned Return nil and error if count of errors equals count of resolvers
Types ¶
type ExchangeAllResult ¶ added in v0.24.0
ExchangeAllResult - result of ExchangeAll()
func ExchangeAll ¶ added in v0.24.0
func ExchangeAll(upstreams []Upstream, req *dns.Msg) ([]ExchangeAllResult, error)
ExchangeAll - receive responses from all upstream servers and return the results
type Options ¶ added in v0.11.0
type Options struct {
// Bootstrap is a list of DNS servers to be used to resolve DOH/DOT hostnames (if any)
// You can use plain DNS, DNSCrypt, or DOT/DOH with IP addresses (not hostnames)
Bootstrap []string
// Timeout is the default upstream timeout. Also, it is used as a timeout for bootstrap DNS requests.
// timeout=0 means infinite timeout.
Timeout time.Duration
// List of IP addresses of upstream DNS server
// Bootstrap DNS servers won't be used at all
ServerIPAddrs []net.IP
// InsecureSkipVerify - if true, do not verify the server certificate
InsecureSkipVerify bool
// VerifyServerCertificate will be set to crypto/tls Config.VerifyPeerCertificate for DoH, DoQ, DoT
VerifyServerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
// VerifyDNSCryptCertificate is callback to which the DNSCrypt server certificate will be passed.
// is called in dnsCrypt.exchangeDNSCrypt; if error != nil then Upstream.Exchange() will return it
VerifyDNSCryptCertificate func(cert *dnscrypt.Cert) error
}
Options for AddressToUpstream func
type Resolver ¶ added in v0.10.0
type Resolver struct {
// contains filtered or unexported fields
}
Resolver is wrapper for resolver and it's address
func NewResolver ¶ added in v0.10.0
NewResolver creates an instance of a Resolver structure with defined net.Resolver and it's address resolverAddress -- is address of net.Resolver The host in the address parameter of Dial func will always be a literal IP address (from documentation) options are the upstream customization options, nil means use default options.
type TLSPool ¶
type TLSPool struct {
// contains filtered or unexported fields
}
TLSPool is a connections pool for the DNS-over-TLS Upstream.
Example:
pool := TLSPool{Address: "tls://1.1.1.1:853"}
netConn, err := pool.Get()
if err != nil {panic(err)}
c := dns.Conn{Conn: netConn}
q := dns.Msg{}
q.SetQuestion("google.com.", dns.TypeA)
log.Println(q)
err = c.WriteMsg(&q)
if err != nil {panic(err)}
r, err := c.ReadMsg()
if err != nil {panic(err)}
log.Println(r)
pool.Put(c.Conn)
func (*TLSPool) Create ¶ added in v0.9.10
Create creates a new connection for the pool (but not puts it there)
type Upstream ¶
Upstream is an interface for a DNS resolver
func AddressToUpstream ¶
AddressToUpstream converts the specified address to an Upstream instance * 8.8.8.8:53 -- plain DNS * tcp://8.8.8.8:53 -- plain DNS over TCP * tls://1.1.1.1 -- DNS-over-TLS * https://dns.adguard.com/dns-query -- DNS-over-HTTPS * sdns://... -- DNS stamp (see https://dnscrypt.info/stamps-specifications) options -- Upstream customization options, nil means default options.
func ExchangeParallel ¶ added in v0.10.0
ExchangeParallel function is called to parallel exchange dns request by many upstreams First answer without error will be returned We will return nil and error if count of errors equals count of upstreams
Source Files