niklas/cool-dns
1
0
Fork 0
Code Issues Pull Requests Projects Releases 4 Wiki Activity

Compare commits

base: niklas:v0.1
Branches Tags
niklas:master niklas:develop
niklas:0.4 niklas:0.3 niklas:v0.2 niklas:v0.1
...
compare: niklas:f0eca13294b9c86311795126ae79fd013293beaf
Branches Tags
niklas:master niklas:develop
niklas:0.4 niklas:0.3 niklas:v0.2 niklas:v0.1

14 Commits
v0.1 ... f0eca13294

Author SHA1 Message Date
Niklas
f0eca13294 moved chdir after config loaded 2021-01-08 21:26:28 +01:00
Niklas
931c065c8f added docker compose 2021-01-08 19:14:08 +01:00
Niklas
859aa34eac added dockerfile 2021-01-08 19:13:57 +01:00
Niklas
c0d5ef7e22 change workdir to config dir 2021-01-08 19:12:58 +01:00
Niklas
fe7c207065 implemented lego HTTP endpoint 2021-01-08 16:08:57 +01:00
Niklas
c7bac27a53 nxdomain if no rr found 2021-01-06 23:06:47 +01:00
Niklas
6d49db2b6b added comments 2021-01-06 15:53:58 +01:00
Niklas
7f40a04638 only one question per query 2020-12-31 14:11:07 +01:00
Niklas
a71b619763 updated README 2020-12-30 22:18:08 +01:00
Niklas
9828429bea added DNS over TLS 2020-12-30 21:59:33 +01:00
Niklas
c0a109466f drone tag gitea release
All checks were successful
continuous-integration/drone/tag Build is passing
Details
2020-12-30 17:15:02 +01:00
Niklas
7b412e404c added blacklist line parser 2020-12-30 14:14:52 +01:00
Niklas
87d9dca1ce removed unused function 2020-12-30 00:24:59 +01:00
Niklas
4ddaa5a4c0 improved blacklist parsing 2020-12-29 22:34:30 +01:00
8 changed files with 339 additions and 72 deletions
Expand all files Collapse all files

2
.drone.yml
View File

@@ -19,7 +19,7 @@ steps:
- md5 - md5
- sha1 - sha1
- sha256 - sha256
title: v0.1 title: ${DRONE_TAG}
prerelease: true prerelease: true
when: when:
event: event:

16
Dockerfile Normal file
View File

@@ -0,0 +1,16 @@
FROM golang:alpine AS build
WORKDIR /build
COPY go.mod .
COPY go.sum .
COPY *.go ./
RUN go build -o cool-dns .
FROM alpine:latest
WORKDIR /app
COPY --from=build /build/cool-dns .
ENTRYPOINT ["/app/cool-dns"]

13
README.md
View File

@@ -23,10 +23,23 @@ acl: # List of ip filter rules
- name: local - name: local
cidr: 127.0.0.1/32 cidr: 127.0.0.1/32
tls:
enable: true # Enable DNS over TLS
address: 0.0.0.0:8853 # What address and port to liste for tls connections
cert: cert.crt # Path to the certificate file
key: private.key # Path to the private key file
forward: forward:
acl: # What IPs are allowed acl: # What IPs are allowed
- vpn - vpn
server: "8.8.8.8:53" # DNS server to forward to server: "8.8.8.8:53" # DNS server to forward to
address: 0.0.0.0:8053 # What address and port to listen on address: 0.0.0.0:8053 # What address and port to listen on
blacklist: # What domains to block when forwarding
# URL of the blacklist
- url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
format: host # Format of the blacklist: Hostfile
- url: https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt
format: line # Format: One domain per line
``` ```

62
blacklist.go
View File

@@ -1,11 +1,13 @@
package main package main
import ( import (
"errors"
"io/ioutil" "io/ioutil"
"log" "log"
"net" "net"
"net/http" "net/http"
"regexp" "regexp"
"strings"
"github.com/miekg/dns" "github.com/miekg/dns"
) )
@@ -26,12 +28,10 @@ func loadBlacklist(config []configBlacklist) map[string]bool {
} }
domains := parseRawBlacklist(element, *raw) domains := parseRawBlacklist(element, *raw)
log.Printf("Added %d blocked domains", len(domains))
list = append(list, domains...) list = append(list, domains...)
} }
// list = removeDuplicates(list)
// sort.Strings(list)
domainMap := make(map[string]bool) domainMap := make(map[string]bool)
for _, e := range list { for _, e := range list {
domainMap[e] = true domainMap[e] = true
@@ -40,38 +40,51 @@ func loadBlacklist(config []configBlacklist) map[string]bool {
return domainMap return domainMap
} }
func removeDuplicates(elements []string) []string { func requestBacklist(blacklist configBlacklist) (*string, error) {
encountered := map[string]bool{} if blacklist.URL != "" {
result := []string{} return getBlacklistFromURL(blacklist.URL)
for v := range elements {
if !encountered[elements[v]] {
encountered[elements[v]] = true
result = append(result, elements[v])
}
} }
return result return nil, errors.New("No blacklist provided")
} }
func requestBacklist(blacklist configBlacklist) (*string, error) { func getBlacklistFromURL(url string) (*string, error) {
// Request list // Request list
resp, err := http.Get(blacklist.URL) resp, err := http.Get(url)
if err != nil { if err != nil {
return nil, err return nil, err
} }
defer resp.Body.Close() defer resp.Body.Close()
if resp.StatusCode != 200 {
log.Printf("Got %d status code. Continueing anyway.", resp.StatusCode)
}
body, err := ioutil.ReadAll(resp.Body) body, err := ioutil.ReadAll(resp.Body)
bodyString := string(body) bodyString := string(body)
log.Printf("Downloaded blacklist %s", blacklist.URL) log.Printf("Downloaded blacklist %s", url)
return &bodyString, err return &bodyString, err
} }
// parseRawBlacklist parse the raw string depending on the given format
func parseRawBlacklist(blacklist configBlacklist, raw string) []string { func parseRawBlacklist(blacklist configBlacklist, raw string) []string {
switch blacklist.Format {
case "host":
return parseHostFormat(raw)
case "line":
return parseLineFormat(raw)
default:
log.Printf("Failed to parse blacklist. Format not supported: %s", blacklist.Format)
log.Println("Supported types are: host, line")
return make([]string, 0)
}
}
// parseHostFormat parse the string in the format of a hostfile
func parseHostFormat(raw string) []string {
finalList := make([]string, 0) finalList := make([]string, 0)
reg := regexp.MustCompile(`(?mi)^\s*(#*)\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+([a-zA-Z0-9\.\- ]+)$`) reg := regexp.MustCompile(`(?mi)^\s*(#*)\s*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+([a-zA-Z0-9\.\- ]+)$`)
matches := reg.FindAllStringSubmatch(raw, -1) matches := reg.FindAllStringSubmatch(raw, -1)
@@ -84,12 +97,26 @@ func parseRawBlacklist(blacklist configBlacklist, raw string) []string {
return finalList return finalList
} }
// parseLineFormat one domain per line, ignore comments
func parseLineFormat(raw string) []string {
list := make([]string, 0)
for _, line := range strings.Split(raw, "\n") {
if !strings.HasPrefix(line, "#") {
list = append(list, line)
}
}
return list
}
func handleBlockedDomain(w dns.ResponseWriter, r *dns.Msg) { func handleBlockedDomain(w dns.ResponseWriter, r *dns.Msg) {
q := r.Question[0] q := r.Question[0]
m := new(dns.Msg) m := new(dns.Msg)
m.SetReply(r) m.SetReply(r)
if q.Qtype == dns.TypeA { if q.Qtype == dns.TypeA {
// Respond with 0.0.0.0
m.Answer = append(m.Answer, &dns.A{ m.Answer = append(m.Answer, &dns.A{
Hdr: dns.RR_Header{ Hdr: dns.RR_Header{
Name: q.Name, Name: q.Name,
@@ -100,6 +127,7 @@ func handleBlockedDomain(w dns.ResponseWriter, r *dns.Msg) {
A: nullIPv4, A: nullIPv4,
}) })
} else if q.Qtype == dns.TypeAAAA { } else if q.Qtype == dns.TypeAAAA {
// Respond with ::/0
m.Answer = append(m.Answer, &dns.AAAA{ m.Answer = append(m.Answer, &dns.AAAA{
Hdr: dns.RR_Header{ Hdr: dns.RR_Header{
Name: q.Name, Name: q.Name,

14
config.yml
View File

@@ -22,6 +22,20 @@ forward:
address: 0.0.0.0:8053 address: 0.0.0.0:8053
tls:
enable: true
address: 0.0.0.0:8853
cert: cert.crt
key: private.key
blacklist: blacklist:
- url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt - url: https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt
format: host format: host
- url: https://blocklistproject.github.io/Lists/alt-version/ads-nl.txt
format: line
lego:
enable: true
address: :8080
username: lego
secret: "133742069ab"

175
coolDns.go
View File

@@ -7,6 +7,7 @@ import (
"net" "net"
"os" "os"
"os/signal" "os/signal"
"path/filepath"
"strings" "strings"
"syscall" "syscall"
@@ -23,12 +24,15 @@ type zoneMap map[string][]zoneView
type rrMap map[uint16]map[string][]dns.RR type rrMap map[uint16]map[string][]dns.RR
// config format of the config file
type config struct { type config struct {
Zones []configZone `yaml:"zones"` Zones []configZone `yaml:"zones"`
ACL []configACL `yaml:"acl"` ACL []configACL `yaml:"acl"`
Forward configForward `yaml:"forward"` Forward configForward `yaml:"forward"`
Address string `yaml:"address"` Address string `yaml:"address"`
Blacklist []configBlacklist `yaml:"blacklist"` Blacklist []configBlacklist `yaml:"blacklist"`
TLS configTLS `yaml:"tls"`
Lego configLego `yaml:"lego"`
} }
type configForward struct { type configForward struct {
@@ -52,6 +56,14 @@ type configBlacklist struct {
Format string `yaml:"format"` Format string `yaml:"format"`
} }
type configTLS struct {
Enable bool `yaml:"enable"`
Address string `yaml:"address"`
Cert string `yaml:"cert"`
Key string `yaml:"key"`
}
// All record types to send when a ANY request is send
var anyRecordTypes = []uint16{ var anyRecordTypes = []uint16{
dns.TypeSOA, dns.TypeSOA,
dns.TypeA, dns.TypeA,
@@ -101,6 +113,7 @@ func loadZones(configZones []configZone) (zoneMap, error) {
return zones, nil return zones, nil
} }
// createRRMap order the rr into a structure that is more easy to use
func createRRMap(rrs []dns.RR) rrMap { func createRRMap(rrs []dns.RR) rrMap {
rrMap := make(rrMap) rrMap := make(rrMap)
for _, rr := range rrs { for _, rr := range rrs {
@@ -139,6 +152,7 @@ func loadZonefile(filepath, origin string) ([]dns.RR, error) {
return rrs, nil return rrs, nil
} }
// createACLList create a map with the CIDR and the name of the rule
func createACLList(config []configACL) (map[string]*net.IPNet, error) { func createACLList(config []configACL) (map[string]*net.IPNet, error) {
acls := make(map[string]*net.IPNet) acls := make(map[string]*net.IPNet)
@@ -155,10 +169,12 @@ func createACLList(config []configACL) (map[string]*net.IPNet, error) {
return acls, nil return acls, nil
} }
func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, blacklist map[string]bool) *dns.ServeMux { // createServer creates a new serve mux. Adds all the logic to handle the request
func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, blacklist map[string]bool, acmeList *legoMap) *dns.ServeMux {
srv := dns.NewServeMux() srv := dns.NewServeMux()
c := new(dns.Client) c := new(dns.Client)
// For all zones set from the config
for zoneName, zones := range zones { for zoneName, zones := range zones {
srv.HandleFunc(zoneName, func(w dns.ResponseWriter, r *dns.Msg) { srv.HandleFunc(zoneName, func(w dns.ResponseWriter, r *dns.Msg) {
@@ -170,6 +186,11 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
return return
} }
// Check if it is a ACME DNS-01 challange
if handleACMERequest(w, r, acmeList) {
return
}
// find out what view to handle the request // find out what view to handle the request
zoneIndex := -1 zoneIndex := -1
@@ -179,6 +200,7 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
} }
} }
// No view found that can handle the request
if zoneIndex == -1 { if zoneIndex == -1 {
rcodeRequest(w, r, dns.RcodeRefused) rcodeRequest(w, r, dns.RcodeRefused)
return return
@@ -188,8 +210,10 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
}) })
} }
// Handle any other request // Handle any other request for forwarding
srv.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) { srv.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) {
// Parse IP
remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String()) remoteIP, _, err := net.SplitHostPort(w.RemoteAddr().String())
ip := net.ParseIP(remoteIP) ip := net.ParseIP(remoteIP)
@@ -198,12 +222,18 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
return return
} }
// Check if it is a ACME DNS-01 challange
if handleACMERequest(w, r, acmeList) {
return
}
// Check ACL rules // Check ACL rules
if !checkACL(config.Forward.ACL, aclList, ip) { if !checkACL(config.Forward.ACL, aclList, ip) {
rcodeRequest(w, r, dns.RcodeRefused) rcodeRequest(w, r, dns.RcodeRefused)
return return
} }
// Check if the domain is bocked
if _, ok := blacklist[r.Question[0].Name]; ok { if _, ok := blacklist[r.Question[0].Name]; ok {
handleBlockedDomain(w, r) handleBlockedDomain(w, r)
} else { } else {
@@ -214,21 +244,23 @@ func createServer(zones zoneMap, config config, aclList map[string]*net.IPNet, b
rcodeRequest(w, r, dns.RcodeServerFailure) rcodeRequest(w, r, dns.RcodeServerFailure)
return return
} }
w.WriteMsg(in) w.WriteMsg(in)
} }
}) })
return srv return srv
} }
func listenAndServer(server *dns.ServeMux, address string) { func listenAndServer(server *dns.ServeMux, address string) {
// Start UDP listner
go func() { go func() {
if err := dns.ListenAndServe(address, "udp", server); err != nil { if err := dns.ListenAndServe(address, "udp", server); err != nil {
log.Fatalf("Failed to set udp listener %s\n", err.Error()) log.Fatalf("Failed to set udp listener %s\n", err.Error())
} }
}() }()
// Start TCP listner
go func() { go func() {
if err := dns.ListenAndServe(address, "tcp", server); err != nil { if err := dns.ListenAndServe(address, "tcp", server); err != nil {
log.Fatalf("Failed to set tcp listener %s\n", err.Error()) log.Fatalf("Failed to set tcp listener %s\n", err.Error())
@@ -236,6 +268,15 @@ func listenAndServer(server *dns.ServeMux, address string) {
}() }()
} }
func listenAndServerTLS(server *dns.ServeMux, address, cert, key string) {
// Start TLS listner
go func() {
if err := dns.ListenAndServeTLS(address, cert, key, server); err != nil {
log.Fatalf("Failed to set DoT listener %s", err.Error())
}
}()
}
func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool { func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool {
if len(alcRules) != 0 { if len(alcRules) != 0 {
passed := false passed := false
@@ -250,6 +291,7 @@ func checkACL(alcRules []string, aclList map[string]*net.IPNet, ip net.IP) bool
return true return true
} }
// rcodeRequest respond to a request with a response code
func rcodeRequest(w dns.ResponseWriter, r *dns.Msg, rcode int) { func rcodeRequest(w dns.ResponseWriter, r *dns.Msg, rcode int) {
m := new(dns.Msg) m := new(dns.Msg)
m.SetReply(r) m.SetReply(r)
@@ -257,74 +299,83 @@ func rcodeRequest(w dns.ResponseWriter, r *dns.Msg, rcode int) {
w.WriteMsg(m) w.WriteMsg(m)
} }
// handleRequest find the right RR(s) in the view and send them back
func handleRequest(w dns.ResponseWriter, r *dns.Msg, zone zoneView) { func handleRequest(w dns.ResponseWriter, r *dns.Msg, zone zoneView) {
m := new(dns.Msg) m := new(dns.Msg)
m.SetReply(r) m.SetReply(r)
m.Authoritative = true m.Authoritative = true
// maybe only support one question per query like most servers do it ??? // Only support one question per query because all the other server also does that
for _, q := range r.Question { if len(r.Question) != 1 {
rrs := zone.rr[q.Qtype] rcodeRequest(w, r, dns.RcodeServerFailure)
}
// Handle ANY q := r.Question[0]
if q.Qtype == dns.TypeANY {
for _, rrType := range anyRecordTypes {
m.Answer = append(m.Answer, zone.rr[rrType][q.Name]...)
}
} else {
// Handle any other type
m.Answer = append(m.Answer, rrs[q.Name]...)
// Check for wildcard rrs := zone.rr[q.Qtype]
if len(m.Answer) == 0 {
parts := dns.SplitDomainName(q.Name)[1:] // Handle ANY
searchDomain := "*." + dns.Fqdn(strings.Join(parts, ".")) if q.Qtype == dns.TypeANY {
foundDomain := rrs[searchDomain] for _, rrType := range anyRecordTypes {
for _, rr := range foundDomain { m.Answer = append(m.Answer, zone.rr[rrType][q.Name]...)
newRR := rr }
newRR.Header().Name = q.Name } else {
m.Answer = append(m.Answer, newRR) // Handle any other type
} m.Answer = append(m.Answer, rrs[q.Name]...)
// Check for wildcard
if len(m.Answer) == 0 {
parts := dns.SplitDomainName(q.Name)[1:]
searchDomain := "*." + dns.Fqdn(strings.Join(parts, "."))
foundDomain := rrs[searchDomain]
for _, rr := range foundDomain {
newRR := rr
newRR.Header().Name = q.Name
m.Answer = append(m.Answer, newRR)
} }
} }
}
// Handle extras // Handle extras
switch q.Qtype { switch q.Qtype {
// Dont handle extra stuff when answering ANY request // Dont handle extra stuff when answering ANY request
// case dns.TypeANY: // case dns.TypeANY:
// fallthrough // fallthrough
case dns.TypeMX: case dns.TypeMX:
// Resolve MX domains // Resolve MX domains
for _, mxRR := range m.Answer { for _, mxRR := range m.Answer {
if t, ok := mxRR.(*dns.MX); ok { if t, ok := mxRR.(*dns.MX); ok {
m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Mx]...) m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Mx]...)
m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Mx]...) m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Mx]...)
}
} }
case dns.TypeA, dns.TypeAAAA: }
if len(m.Answer) == 0 { case dns.TypeA, dns.TypeAAAA:
// no A or AAAA found. Look for CNAME if len(m.Answer) == 0 {
m.Answer = append(m.Answer, zone.rr[dns.TypeCNAME][q.Name]...) // no A or AAAA found. Look for CNAME
if len(m.Answer) != 0 { m.Answer = append(m.Answer, zone.rr[dns.TypeCNAME][q.Name]...)
// Resolve CNAME if len(m.Answer) != 0 {
for _, nameRR := range m.Answer { // Resolve CNAME
if t, ok := nameRR.(*dns.CNAME); ok { for _, nameRR := range m.Answer {
m.Answer = append(m.Answer, zone.rr[q.Qtype][t.Target]...) if t, ok := nameRR.(*dns.CNAME); ok {
} m.Answer = append(m.Answer, zone.rr[q.Qtype][t.Target]...)
} }
} }
} }
case dns.TypeNS: }
// Resove NS records case dns.TypeNS:
for _, nsRR := range m.Answer { // Resove NS records
if t, ok := nsRR.(*dns.NS); ok { for _, nsRR := range m.Answer {
m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Ns]...) if t, ok := nsRR.(*dns.NS); ok {
m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Ns]...) m.Extra = append(m.Extra, zone.rr[dns.TypeA][t.Ns]...)
} m.Extra = append(m.Extra, zone.rr[dns.TypeAAAA][t.Ns]...)
} }
} }
} }
if len(m.Answer) == 0 {
m.SetRcode(m, dns.RcodeNameError)
}
w.WriteMsg(m) w.WriteMsg(m)
} }
@@ -338,6 +389,11 @@ func main() {
log.Fatalf("Failed to load config: %s\n", err.Error()) log.Fatalf("Failed to load config: %s\n", err.Error())
} }
err = os.Chdir(filepath.Dir(*configPath))
if err != nil {
log.Fatalf("Failed to goto config dir: %s", err.Error())
}
zones, err := loadZones(config.Zones) zones, err := loadZones(config.Zones)
if err != nil { if err != nil {
log.Fatalf("Failed to load zones: %s\n", err.Error()) log.Fatalf("Failed to load zones: %s\n", err.Error())
@@ -350,10 +406,21 @@ func main() {
blacklist := loadBlacklist(config.Blacklist) blacklist := loadBlacklist(config.Blacklist)
server := createServer(zones, *config, aclList, blacklist) var acmeMap *legoMap
if config.Lego.Enable {
acmeMap = startLEGOWebSever(config.Lego)
}
server := createServer(zones, *config, aclList, blacklist, acmeMap)
listenAndServer(server, config.Address) listenAndServer(server, config.Address)
if config.TLS.Enable {
listenAndServerTLS(server, config.TLS.Address, config.TLS.Cert, config.TLS.Key)
log.Printf("Start listening on tcp %s for tls", config.TLS.Address)
}
log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address) log.Printf("Start listening on udp %s and tcp %s\n", config.Address, config.Address)
sig := make(chan os.Signal) sig := make(chan os.Signal)

11
docker-compose.yml Normal file
View File

@@ -0,0 +1,11 @@
version: "3"
services:
cool-dns:
build: .
ports:
- "53:53"
- "53:53/udp"
- "853:853"
- "80:80"
volumes:
- ./docker:/etc/cool-dns/

118
lego.go Normal file
View File

@@ -0,0 +1,118 @@
package main
import (
"encoding/json"
"log"
"net/http"
"github.com/miekg/dns"
)
// See https://go-acme.github.io/lego/dns/httpreq/
type configLego struct {
Enable bool `yaml:"enable"`
Address string `yaml:"address"`
Username string `yaml:"username"`
Secret string `yaml:"secret"`
}
type legoPresent struct {
Fqdn string `json:"fqdn"`
Value string `json:"value"`
}
type legoMap map[string]string
func startLEGOWebSever(config configLego) *legoMap {
mux := http.NewServeMux()
acmeMap := make(legoMap)
mux.HandleFunc("/present", func(rw http.ResponseWriter, r *http.Request) {
if !checkBasicAuth(r, config) {
rw.WriteHeader(http.StatusUnauthorized)
return
}
var presentData legoPresent
err := json.NewDecoder(r.Body).Decode(&presentData)
defer r.Body.Close()
if err != nil {
log.Printf("Failed to parse request for ACME: %s", err.Error())
}
acmeMap[presentData.Fqdn] = presentData.Value
rw.WriteHeader(http.StatusOK)
})
mux.HandleFunc("/cleanup", func(rw http.ResponseWriter, r *http.Request) {
if !checkBasicAuth(r, config) {
rw.WriteHeader(http.StatusUnauthorized)
return
}
for k := range acmeMap {
delete(acmeMap, k)
}
rw.WriteHeader(http.StatusOK)
})
go func() {
if err := http.ListenAndServe(config.Address, mux); err != nil {
log.Fatalf("Failed to start Webserver for LEGO: %s\n", err.Error())
}
}()
log.Printf("Startet webserver on %s", config.Address)
return &acmeMap
}
func checkBasicAuth(r *http.Request, config configLego) bool {
if config.Username != "" && config.Secret != "" {
u, p, ok := r.BasicAuth()
if !ok {
return false
}
if u == config.Username && p == config.Secret {
return true
}
log.Printf("Failed lego authentication")
return false
}
return true
}
func handleACMERequest(w dns.ResponseWriter, r *dns.Msg, acmeMap *legoMap) bool {
if len(r.Question) == 1 {
if r.Question[0].Qtype == dns.TypeTXT && r.Question[0].Qclass == dns.ClassINET {
if value, ok := (*acmeMap)[r.Question[0].Name]; ok {
m := new(dns.Msg)
m.SetReply(r)
m.Answer = append(m.Answer, &dns.TXT{
Hdr: dns.RR_Header{
Name: r.Question[0].Name,
Rrtype: dns.TypeTXT,
Class: dns.ClassINET,
Ttl: 0,
},
Txt: []string{value},
})
w.WriteMsg(m)
return true
}
}
}
return false
}