aboutsummaryrefslogtreecommitdiff
path: root/src/common/dns_utils.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/common/dns_utils.cpp')
-rw-r--r--src/common/dns_utils.cpp49
1 files changed, 38 insertions, 11 deletions
diff --git a/src/common/dns_utils.cpp b/src/common/dns_utils.cpp
index 417b5b4ac..a341a8c81 100644
--- a/src/common/dns_utils.cpp
+++ b/src/common/dns_utils.cpp
@@ -1,4 +1,4 @@
-// Copyright (c) 2014-2018, The Monero Project
+// Copyright (c) 2014-2019, The Monero Project
//
// All rights reserved.
//
@@ -232,13 +232,24 @@ public:
char *str;
};
+static void add_anchors(ub_ctx *ctx)
+{
+ const char * const *ds = ::get_builtin_ds();
+ while (*ds)
+ {
+ MINFO("adding trust anchor: " << *ds);
+ ub_ctx_add_ta(ctx, string_copy(*ds++));
+ }
+}
+
DNSResolver::DNSResolver() : m_data(new DNSResolverData())
{
int use_dns_public = 0;
std::vector<std::string> dns_public_addr;
- if (auto res = getenv("DNS_PUBLIC"))
+ const char *DNS_PUBLIC = getenv("DNS_PUBLIC");
+ if (DNS_PUBLIC)
{
- dns_public_addr = tools::dns_utils::parse_dns_public(res);
+ dns_public_addr = tools::dns_utils::parse_dns_public(DNS_PUBLIC);
if (!dns_public_addr.empty())
{
MGINFO("Using public DNS server(s): " << boost::join(dns_public_addr, ", ") << " (TCP)");
@@ -266,11 +277,27 @@ DNSResolver::DNSResolver() : m_data(new DNSResolverData())
ub_ctx_hosts(m_data->m_ub_context, NULL);
}
- const char * const *ds = ::get_builtin_ds();
- while (*ds)
+ add_anchors(m_data->m_ub_context);
+
+ if (!DNS_PUBLIC)
{
- MINFO("adding trust anchor: " << *ds);
- ub_ctx_add_ta(m_data->m_ub_context, string_copy(*ds++));
+ // if no DNS_PUBLIC specified, we try a lookup to what we know
+ // should be a valid DNSSEC record, and switch to known good
+ // DNSSEC resolvers if verification fails
+ bool available, valid;
+ static const char *probe_hostname = "updates.moneropulse.org";
+ auto records = get_txt_record(probe_hostname, available, valid);
+ if (!valid)
+ {
+ MINFO("Failed to verify DNSSEC record from " << probe_hostname << ", falling back to TCP with well known DNSSEC resolvers");
+ ub_ctx_delete(m_data->m_ub_context);
+ m_data->m_ub_context = ub_ctx_create();
+ add_anchors(m_data->m_ub_context);
+ for (const auto &ip: DEFAULT_DNS_PUBLIC_ADDR)
+ ub_ctx_set_fwd(m_data->m_ub_context, string_copy(ip));
+ ub_ctx_set_option(m_data->m_ub_context, string_copy("do-udp:"), string_copy("no"));
+ ub_ctx_set_option(m_data->m_ub_context, string_copy("do-tcp:"), string_copy("yes"));
+ }
}
}
@@ -514,12 +541,12 @@ bool load_txt_records_from_dns(std::vector<std::string> &good_records, const std
if (!avail[cur_index])
{
records[cur_index].clear();
- LOG_PRINT_L2("DNSSEC not available for checkpoint update at URL: " << url << ", skipping.");
+ LOG_PRINT_L2("DNSSEC not available for hostname: " << url << ", skipping.");
}
if (!valid[cur_index])
{
records[cur_index].clear();
- LOG_PRINT_L2("DNSSEC validation failed for checkpoint update at URL: " << url << ", skipping.");
+ LOG_PRINT_L2("DNSSEC validation failed for hostname: " << url << ", skipping.");
}
cur_index++;
@@ -541,7 +568,7 @@ bool load_txt_records_from_dns(std::vector<std::string> &good_records, const std
if (num_valid_records < 2)
{
- LOG_PRINT_L0("WARNING: no two valid MoneroPulse DNS checkpoint records were received");
+ LOG_PRINT_L0("WARNING: no two valid DNS TXT records were received");
return false;
}
@@ -563,7 +590,7 @@ bool load_txt_records_from_dns(std::vector<std::string> &good_records, const std
if (good_records_index < 0)
{
- LOG_PRINT_L0("WARNING: no two MoneroPulse DNS checkpoint records matched");
+ LOG_PRINT_L0("WARNING: no two DNS TXT records matched");
return false;
}