dns resolving

[jaytaph]

We must be able to resolve dns queries to responses. There are a few things to consider:

• we can outsource this process to the default resolver of the host.
• we can override with our custom resolver.

If we use the default resolver, a hostname will consist of 0 or more ip addresses (ipv4 and/or ipv6). They all have a ttl from the browser perspective.

We should be able to force flush this dns cache easily

We should be able to simply add our own custom entries:

For instance. Foo.test.com resolves to 127.0.0.1
This could be ipv4, ipv6 and even round robin with multiple ips

Wildcard should be supported: *.localdev resolves to 127.0.0.1

We should be able to use DoH and dns sec

We should allow in-memory storage only when configured. No ip/host caching is flushed to disk and thus must be retrieved on the next startup of the browser

[emwalker]

I bet DNS and other parts of the network stack provide a large surface area for attackers. Much like implementing your own crypto library, probably not something to be done without a good reason.

So perhaps good to start out with a convenience wrapper around the system DNS resolution that doesn't get too clever.

[jaytaph]

that would be the first step

[auronandace]

This project looks pretty impressive: https://github.com/hickory-dns/hickory-dns

[jaytaph]

yes.. i've seen this as well.. seems like a very good candidate to use. I would prefer to have a small layer on top of this so we can (hopefully) easily plugin other systems without too much overhead.

[jaytaph]

dns resolver:

	struct IpAddress {
		Ipv4(u32);
		Ipv6(u32, u32, u32, u32);
	}

	let mut resolver = gosub::DNS::resolve::resolver 
	let ipResult = resolver.resolve("example.org") 
	
	// There can be multiple IP addresses for the same hostname. IP addresses are returned in round robin fashion:
	// if there are 3 address in round robin sense, first call returns A, B, C,  second call, B, C, A,  thrird: C, A, B
	ipResult = Vec<IpAddress>
	
	
	// resolver flow:
	
	incoming hostname
		does hostname already exist in cache
			is hostname TTL > 0
				if hostname roundrobin on multiple IPs?
					return starting from next entry:
				else
					return IP
			else
				reload IP A and AAAA
				return IP
			
		else // not in cache
		
			check domain has local override entry (*.example.org,  foo.example.org..  not.existing.tld) with both A and AAAA
				store in cache
				return IP
			else 
				resolve through hickory
					depending on settings:  
						- resolver
						- DoT
						- DoH
				store in cache
				return IP