Merge pull request #2 from taketo1113/doh-h1-net-http

Add DoH client (HTTP/1.1)

Author: taketo1113

README.md

@@ -108,6 +108,17 @@ dot.aaaa
 => ["2001:4860:4860::8844", "2001:4860:4860::8888"]
 ```
 
+- DoH (HTTP/1.1)
+```ruby
+doh = Ddig::Resolver::DohH1.new(hostname: 'dns.google', server: 'dns.google', dohpath: '/dns-query{?dns}').lookup
+=> #<Ddig::Resolver::DohH1:0x00000001023ed020 @a=["8.8.4.4", "8.8.8.8"], @aaaa=["2001:4860:4860::8888", "2001:4860:4860::8844"], @address=nil, @dohpath="/dns-query{?dns}", @hostname="dns.google", @open_timeout=10, @port=443, @server="dns.google">
+
+doh.a
+=> ["8.8.4.4", "8.8.8.8"]
+doh.aaaa
+=> ["2001:4860:4860::8844", "2001:4860:4860::8888"]
+```
+
 ### CLI
 
 - UDP(Do53)
@@ -124,15 +135,28 @@ dns.google	AAAA	2001:4860:4860::8888
 - DoT
 ```sh
 $ ddig --dot --nameserver 8.8.8.8 dns.google
-dns.google	A	8.8.4.4
 dns.google	A	8.8.8.8
-dns.google	AAAA	2001:4860:4860::8844
+dns.google	A	8.8.4.4
 dns.google	AAAA	2001:4860:4860::8888
+dns.google	AAAA	2001:4860:4860::8844
 
 # SERVER(Address): 8.8.8.8
 # PORT: 853
 ```
 
+- DoH (HTTP/1.1)
+```sh
+$ ddig --doh-h1 --nameserver dns.google --doh-path /dns-query{?dns} dns.google
+dns.google	A	8.8.8.8
+dns.google	A	8.8.4.4
+dns.google	AAAA	2001:4860:4860::8888
+dns.google	AAAA	2001:4860:4860::8844
+
+# SERVER(Hostname): dns.google
+# SERVER(Path): /dns-query{?dns}
+# PORT: 443
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

ddig.gemspec

@@ -31,4 +31,5 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "resolv", "~> 0.3.0"
+  spec.add_dependency "base64" if RUBY_VERSION >= '3.3'
 end

lib/ddig.rb

@@ -4,6 +4,7 @@
 require_relative "ddig/nameserver"
 require_relative "ddig/resolver/do53"
 require_relative "ddig/resolver/dot"
+require_relative "ddig/resolver/doh_h1"
 require_relative "ddig/ddr"
 
 module Ddig

lib/ddig/cli.rb

@@ -26,7 +26,9 @@ def parse_options
         opts.on("-t", "--type={all|do53|dot}", "resolve type (default: all)") { |v| @options[:type] = v }
         opts.on("--udp", "use resolve type of udp(do53)") { |v| @options[:type] = 'do53' }
         opts.on("--dot", "use resolve type of dot") { |v| @options[:type] = 'dot' }
-        opts.on("-@", "--nameserver=ipaddress", "nameserver") { |v| @options[:nameserver] = v }
+        opts.on("--doh-h1", "use resolve type of doh (http/1.1)") { |v| @options[:type] = 'doh_h1' }
+        opts.on("--doh-path=doh-path", "doh service path") { |v| @options[:doh_path] = v }
+        opts.on("-@", "--nameserver=ipaddress|doh-hostname", "nameserver") { |v| @options[:nameserver] = v }
         opts.on("-p", "--port=port", "port") { |v| @options[:port] = v }
         opts.on("--format={text|json}", "output format (default: text)") { |v| @options[:format] = v }
 
@@ -50,6 +52,8 @@ def exec
         resolve_do53
       when "dot"
         resolve_dot
+      when "doh_h1"
+        resolve_doh_h1
       end
     end
 
@@ -97,5 +101,28 @@ def resolve_dot
       #puts "# SERVER(Hostname): #{dot.server_name}"
       puts "# PORT: #{dot.port}"
     end
+
+    def resolve_doh_h1
+      if @options[:nameserver].nil? || @options[:doh_path].nil?
+        puts 'ddig: doh needs option of --doh-path=doh-path'
+        exit
+      end
+
+      doh = Ddig::Resolver::DohH1.new(hostname: @hostname, server: @options[:nameserver], dohpath: @options[:doh_path], port: @options[:port]).lookup
+
+      doh.a.each do |address|
+        rr_type = 'A'
+        puts "#{@hostname}\t#{rr_type}\t#{address}"
+      end
+      doh.aaaa.each do |address|
+        rr_type = 'AAAA'
+        puts "#{@hostname}\t#{rr_type}\t#{address}"
+      end
+
+      puts
+      puts "# SERVER(Hostname): #{doh.server}"
+      puts "# SERVER(Path): #{doh.dohpath}"
+      puts "# PORT: #{doh.port}"
+    end
   end
 end

lib/ddig/resolver/dns_message.rb

@@ -0,0 +1,40 @@
+require 'resolv'
+
+module Ddig
+  module Resolver
+    class DnsMessage
+      def self.encode(hostname, typeclass)
+        if hostname.nil?
+          return nil
+        end
+        if typeclass.nil?
+          return nil
+        end
+
+        message = Resolv::DNS::Message.new
+        message.rd = 1 # recursive query
+        message.add_question(hostname, typeclass)
+
+        message.encode
+      end
+
+      def self.decode(payload)
+        if payload.nil?
+          return nil
+        end
+
+        Resolv::DNS::Message.decode(payload)
+      end
+
+      def self.getresources(payload)
+        if payload.nil?
+          return []
+        end
+
+        response = self.decode(payload)
+
+        return response.answer.map { |name, ttl, resource| resource }
+      end
+    end
+  end
+end

lib/ddig/resolver/doh_h1.rb

@@ -0,0 +1,61 @@
+require 'net/http'
+require 'resolv'
+require 'base64'
+
+require_relative 'dns_message'
+
+module Ddig
+  module Resolver
+    # DNS over HTTPS (HTTP/1.1)
+    class DohH1
+      attr_reader :hostname, :server, :address, :dohpath, :port
+      attr_reader :a, :aaaa
+
+      def initialize(hostname:, server:, address: nil, dohpath:, port: 443)
+        @hostname = hostname
+        @server = server
+        @address = address
+        @dohpath = dohpath
+        @port = port || 443
+
+        @open_timeout = 10
+      end
+
+      def lookup
+        if @server.nil?
+          return nil
+        end
+
+        @a = get_resources(@hostname, Resolv::DNS::Resource::IN::A).map { |resource| resource.address.to_s if resource.is_a?(Resolv::DNS::Resource::IN::A) }.compact
+
+        @aaaa = get_resources(@hostname, Resolv::DNS::Resource::IN::AAAA).map { |resource| resource.address.to_s if resource.is_a?(Resolv::DNS::Resource::IN::AAAA) }.compact
+
+        self
+      end
+
+      def get_resources(hostname, typeclass)
+        # send query
+        payload = DnsMessage.encode(hostname, typeclass)
+
+        path_with_query = @dohpath.gsub('{?dns}', '?dns=' + Base64.urlsafe_encode64(payload, padding: false))
+
+        http_response = Net::HTTP.start(@server, @port, use_ssl: true, ipaddr: @address) do |http|
+          header = {}
+          header['Accept'] = 'application/dns-message'
+          #http.open_timeout = @open_timeout
+
+          http.get(path_with_query, header)
+        end
+
+        case http_response
+        when Net::HTTPSuccess
+          # recive answer
+          return DnsMessage.getresources(http_response.body)
+        else
+          http_response.value
+          return []
+        end
+      end
+    end
+  end
+end

lib/ddig/resolver/dot.rb

@@ -1,6 +1,8 @@
 require 'openssl'
 require 'resolv'
 
+require_relative 'dns_message'
+
 module Ddig
   module Resolver
     # DNS over TLS/TCP
@@ -33,16 +35,14 @@ def get_resources(hostname, typeclass)
         ssl_socket = get_socket
 
         # send query
-        message = dns_message(hostname, typeclass)
+        payload = DnsMessage.encode(hostname, typeclass)
+        request = [payload.length].pack('n') + payload
 
-        request = [message.encode.length].pack('n') + message.encode
         ssl_socket.write(request)
 
         # recive answer
         len = ssl_socket.read(2).unpack1('n')
-        response = Resolv::DNS::Message.decode(ssl_socket.read(len))
-
-        resources = response.answer.map { |name, ttl, resource| resource }
+        resources = DnsMessage.getresources(ssl_socket.read(len))
 
         resources
       end
@@ -74,21 +74,6 @@ def get_socket
           ssl_socket
         end
       end
-
-      def dns_message(hostname, typeclass)
-        if hostname.nil?
-          return nil
-        end
-        if typeclass.nil?
-          return nil
-        end
-
-        message = Resolv::DNS::Message.new
-        message.rd = 1 # recursive query
-        message.add_question(hostname, typeclass)
-
-        message
-      end
     end
   end
 end

spec/ddig/resolver/doh_h1_spec.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+
+RSpec.describe Ddig::Resolver::DohH1 do
+  context "#lookup" do
+    before(:each) do
+      @doh = Ddig::Resolver::DohH1.new(hostname: 'dns.google', server: 'dns.google', dohpath: '/dns-query{?dns}')
+      @doh.lookup
+    end
+
+    it "a/aaaa return values" do
+      # a
+      expect(@doh.a).to include "8.8.8.8"
+      expect(@doh.a).to include "8.8.4.4"
+
+      # aaaa
+      expect(@doh.aaaa).to include "2001:4860:4860::8844"
+      expect(@doh.aaaa).to include "2001:4860:4860::8888"
+    end
+  end
+
+  context "#lookup: with server (ipv4) / address" do
+    before(:each) do
+      @doh = Ddig::Resolver::DohH1.new(hostname: 'dns.google', server: 'dns.google', address: '8.8.8.8', dohpath: '/dns-query{?dns}')
+      @doh.lookup
+    end
+
+    it "a/aaaa return values" do
+      # a
+      expect(@doh.a).to include "8.8.8.8"
+      expect(@doh.a).to include "8.8.4.4"
+
+      # aaaa
+      expect(@doh.aaaa).to include "2001:4860:4860::8844"
+      expect(@doh.aaaa).to include "2001:4860:4860::8888"
+    end
+  end
+
+  context "#lookup: with server (ipv6) / address" do
+    before(:each) do
+      skip 'IPv6 is not available' unless enable_ipv6?
+
+      @doh = Ddig::Resolver::DohH1.new(hostname: 'dns.google', server: 'dns.google', address: '2001:4860:4860::8888', dohpath: '/dns-query{?dns}')
+      @doh.lookup
+    end
+
+    it "a/aaaa return values" do
+      # a
+      expect(@doh.a).to include "8.8.8.8"
+      expect(@doh.a).to include "8.8.4.4"
+
+      # aaaa
+      expect(@doh.aaaa).to include "2001:4860:4860::8844"
+      expect(@doh.aaaa).to include "2001:4860:4860::8888"
+    end
+  end
+
+  context "#lookup: with invalid address" do
+    before(:each) do
+      @doh = Ddig::Resolver::DohH1.new(hostname: 'dns.google', server: 'example.com', address: '8.8.8.8', dohpath: '/dns-query{?dns}')
+    end
+
+    it "raise Error" do
+      expect {
+        @doh.lookup
+      }.to raise_error(StandardError)
+      # ruby2.7+: OpenSSL::SSL::SSLError: certificate verify failed (hostname mismatch)
+      # ruby2.6: Net::HTTPServerException: 404 "Not Found"
+    end
+  end
+
+  context "set port attribute" do
+    it "return default port without port" do
+      @doh = Ddig::Resolver::DohH1.new(hostname: 'dns.google', server: 'dns.google', dohpath: '/dns-query{?dns}')
+
+      expect(@doh.port).to eq 443
+    end
+
+    it "return default port wit nil value of port" do
+      @doh = Ddig::Resolver::DohH1.new(hostname: 'dns.google', server: 'dns.google', dohpath: '/dns-query{?dns}', port: nil)
+
+      expect(@doh.port).to eq 443
+    end
+
+    it "return port with port value" do
+      @doh = Ddig::Resolver::DohH1.new(hostname: 'dns.google', server: 'dns.google', dohpath: '/dns-query{?dns}', port: 8443)
+
+      expect(@doh.port).to eq 8443
+    end
+  end
+end