Create a transport that use root resolver instead of normal resolver (#661)

edwardrf · edw-defang · web-flow · commit d6da2475779e · 2024-09-06T15:37:30.000-07:00
* Create a transport that use root resolver instead of normal resolver

* Use root resolver for tls https connection test

* Only return cname when no IP are found when querying IP addr

---------

Co-authored-by: Edward J &lt;edw@defang.io&gt;
diff --git a/src/pkg/cli/cert.go b/src/pkg/cli/cert.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math/rand"
 	"net"
 	"net/http"
 	"slices"
@@ -23,8 +24,33 @@ type HTTPClient interface {
 	Do(req *http.Request) (*http.Response, error)
 }
 
-var resolver dns.Resolver = dns.RootResolver{}
-var httpClient HTTPClient = http.DefaultClient
+var (
+	resolver   dns.Resolver = dns.RootResolver{}
+	httpClient HTTPClient   = &http.Client{
+		// Based on the default transport: https://pkg.go.dev/net/http#RoundTripper
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+				host, port, err := net.SplitHostPort(addr)
+				if err != nil {
+					return nil, err
+				}
+				ips, err := resolver.LookupIPAddr(ctx, host)
+				if err != nil {
+					return nil, err
+				}
+				dialer := &net.Dialer{}
+				rootAddr := net.JoinHostPort(ips[rand.Intn(len(ips))].String(), port)
+				return dialer.DialContext(ctx, network, rootAddr)
+			},
+			ForceAttemptHTTP2:     true,
+			MaxIdleConns:          100,
+			IdleConnTimeout:       90 * time.Second,
+			TLSHandshakeTimeout:   10 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+		},
+	}
+)
 
 func GenerateLetsEncryptCert(ctx context.Context, client cliClient.Client) error {
 	projectName, err := client.LoadProjectName(ctx)
@@ -252,7 +278,17 @@ func checkDomainDNSReady(ctx context.Context, domain string, validCNAMEs []strin
 }
 
 func checkTLSCert(ctx context.Context, domain string) error {
-	return getWithRetries(ctx, fmt.Sprintf("https://%v", domain), 3)
+	url := fmt.Sprintf("https://%v", domain)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
+	if err != nil {
+		return err
+	}
+	resp, err := httpClient.Do(req) // http non 200 errors are not considered as errors
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	return nil
 }
 
 func getWithRetries(ctx context.Context, url string, tries int) error {
@@ -267,7 +303,6 @@ func getWithRetries(ctx context.Context, url string, tries int) error {
 			defer resp.Body.Close()
 			var msg []byte
 			msg, err = io.ReadAll(resp.Body)
-			term.Debugf("Response from %v: %v", url, string(msg))
 			if resp.StatusCode == http.StatusOK {
 				return nil
 			}
diff --git a/src/pkg/dns/resolver.go b/src/pkg/dns/resolver.go
@@ -2,6 +2,7 @@ package dns
 
 import (
 	"context"
+	"fmt"
 	"math/rand"
 	"net"
 	"slices"
@@ -36,7 +37,15 @@ var rootServers = []*net.NS{
 }
 
 func (r RootResolver) LookupIPAddr(ctx context.Context, domain string) ([]net.IPAddr, error) {
-	return r.getResolver(ctx, domain).LookupIPAddr(ctx, domain)
+	ips, err := r.getResolver(ctx, domain).LookupIPAddr(ctx, domain)
+	if err != nil {
+		if err, ok := err.(ErrCNAMEFound); ok {
+			return r.getResolver(ctx, err.CNAME()).LookupIPAddr(ctx, err.CNAME())
+		} else {
+			return nil, err
+		}
+	}
+	return ips, nil
 }
 
 func (r RootResolver) LookupCNAME(ctx context.Context, domain string) (string, error) {
@@ -83,6 +92,16 @@ var ResolverAt = DirectResolverAt
 
 var ErrNoSuchHost = &net.DNSError{Err: "no such host", IsNotFound: true}
 
+type ErrCNAMEFound string
+
+func (e ErrCNAMEFound) Error() string {
+	return fmt.Sprintf("CNAME found: %v", string(e))
+}
+
+func (e ErrCNAMEFound) CNAME() string {
+	return string(e)
+}
+
 type DirectResolver struct {
 	NSServer string
 }
@@ -100,9 +119,15 @@ func (r DirectResolver) LookupIPAddr(ctx context.Context, domain string) ([]net.
 	}
 
 	var result []net.IPAddr
+	var cname string
+	var ansErr error
 	for _, rr := range res.Answer {
 		if ns, ok := rr.(*dns.A); ok {
 			result = append(result, net.IPAddr{IP: ns.A})
+		} else if cn, ok := rr.(*dns.CNAME); ok {
+			cname = cn.Target
+		} else {
+			ansErr = fmt.Errorf("unexpected type %T [%v]", rr, rr)
 		}
 	}
 
@@ -114,9 +139,18 @@ func (r DirectResolver) LookupIPAddr(ctx context.Context, domain string) ([]net.
 	for _, rr := range res.Answer {
 		if ns, ok := rr.(*dns.AAAA); ok {
 			result = append(result, net.IPAddr{IP: ns.AAAA})
+		} else if cn, ok := rr.(*dns.CNAME); ok {
+			cname = cn.Target
+		} else {
+			ansErr = fmt.Errorf("unexpected type %T [%v]", rr, rr)
 		}
 	}
 	if len(result) == 0 {
+		if cname != "" {
+			return nil, ErrCNAMEFound(cname)
+		} else if ansErr != nil {
+			return nil, ansErr
+		}
 		return nil, ErrNoSuchHost
 	}
 	return result, nil
