Unverified Commit 528f82c8 authored by Gavin Brown's avatar Gavin Brown
Browse files

add --bootstrap argument to avoid infinite loop when dohp is the system resolver

parent c8b3edda
...@@ -6,6 +6,7 @@ use LWP::UserAgent; ...@@ -6,6 +6,7 @@ use LWP::UserAgent;
use Mozilla::CA; use Mozilla::CA;
use Net::DNS::Nameserver; use Net::DNS::Nameserver;
use Sys::Syslog qw(:standard :macros); use Sys::Syslog qw(:standard :macros);
use URI;
use constant URL_TEMPLATE => 'https://%s/dns-query'; use constant URL_TEMPLATE => 'https://%s/dns-query';
use constant CONTENT_TYPE => 'application/dns-message'; use constant CONTENT_TYPE => 'application/dns-message';
use strict; use strict;
...@@ -21,6 +22,7 @@ my $debug = undef; ...@@ -21,6 +22,7 @@ my $debug = undef;
my $url = undef; my $url = undef;
my $server = undef; my $server = undef;
my $insecure = undef; my $insecure = undef;
my $bootstrap = undef;
GetOptions( GetOptions(
'addr=s' => \$addr, 'addr=s' => \$addr,
...@@ -31,6 +33,7 @@ GetOptions( ...@@ -31,6 +33,7 @@ GetOptions(
'daemon' => \$daemon, 'daemon' => \$daemon,
'help' => \$help, 'help' => \$help,
'insecure' => \$insecure, 'insecure' => \$insecure,
'bootstrap=s' => \$bootstrap,
); );
pod2usage(1) if ($help); pod2usage(1) if ($help);
...@@ -42,12 +45,30 @@ if ($url && $server) { ...@@ -42,12 +45,30 @@ if ($url && $server) {
} elsif ($server) { } elsif ($server) {
$url = sprintf(URL_TEMPLATE, $server); $url = sprintf(URL_TEMPLATE, $server);
} elsif (!$url) { } elsif ($url) {
$server = URI->new($url)->host;
} else {
print STDERR "Missing --server or --url argument\n"; print STDERR "Missing --server or --url argument\n";
exit(1); exit(1);
} }
if ($bootstrap) {
eval q{
use LWP::UserAgent::DNS::Hosts;
LWP::UserAgent::DNS::Hosts->register_host($server => $bootstrap);
LWP::UserAgent::DNS::Hosts->enable_override;
};
if ($@) {
print STDERR $@;
exit(1);
}
}
my %options = ( my %options = (
'agent' => basename(__FILE__), 'agent' => basename(__FILE__),
'timeout' => 3, 'timeout' => 3,
...@@ -180,7 +201,8 @@ and sends the response back to the client. ...@@ -180,7 +201,8 @@ and sends the response back to the client.
=over =over
=item * C<--addr=ADDR> - address to listen on, defaults to C<127.0.0.1>. =item * C<--addr=ADDR> - address to listen on, defaults to
C<127.0.0.1>.
=item * C<--port=PORT> - port to listen on, defaults to C<5353>. =item * C<--port=PORT> - port to listen on, defaults to C<5353>.
...@@ -188,11 +210,17 @@ and sends the response back to the client. ...@@ -188,11 +210,17 @@ and sends the response back to the client.
=item * C<--url=URL> - URL to use instead of a server name. =item * C<--url=URL> - URL to use instead of a server name.
=item * C<--bootstrap=ADDR> - The IP address of the host specified in
C<--server> or C<--url>, avoids circular loops where C<dohp> is
configured as the system's own resolver.
=item * C<--insecure> - Disable SSL certification verification. =item * C<--insecure> - Disable SSL certification verification.
=item * C<--debug> - Enables debug mode for C<HTTP::Daemon> and C<Net::DNS::Resolver>. =item * C<--debug> - Enables debug mode for C<HTTP::Daemon> and
C<Net::DNS::Resolver>.
=item * C<--daemon> - Daemonise, otherwise, C<dohd> stays in the foreground. =item * C<--daemon> - Daemonise, otherwise, C<dohd> stays in the
foreground.
=item * C<--help> - display help. =item * C<--help> - display help.
......
...@@ -14,13 +14,19 @@ and sends the response back to the client. ...@@ -14,13 +14,19 @@ and sends the response back to the client.
# OPTIONS # OPTIONS
- `--addr=ADDR` - address to listen on, defaults to `127.0.0.1`. - `--addr=ADDR` - address to listen on, defaults to
`127.0.0.1`.
- `--port=PORT` - port to listen on, defaults to `5353`. - `--port=PORT` - port to listen on, defaults to `5353`.
- `--server=URL` - Name of the server to send DoH queries to. - `--server=URL` - Name of the server to send DoH queries to.
- `--url=URL` - URL to use instead of a server name. - `--url=URL` - URL to use instead of a server name.
- `--bootstrap=ADDR` - The IP address of the host specified in
`--server` or `--url`, avoids circular loops where `dohp` is
configured as the system's own resolver.
- `--insecure` - Disable SSL certification verification. - `--insecure` - Disable SSL certification verification.
- `--debug` - Enables debug mode for `HTTP::Daemon` and `Net::DNS::Resolver`. - `--debug` - Enables debug mode for `HTTP::Daemon` and
- `--daemon` - Daemonise, otherwise, `dohd` stays in the foreground. `Net::DNS::Resolver`.
- `--daemon` - Daemonise, otherwise, `dohd` stays in the
foreground.
- `--help` - display help. - `--help` - display help.
# COPYRIGHT # COPYRIGHT
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment