simulator/encrypted-dns: new encrypted DNS module

DoH and DoT.
TODO: DNSCrypt

Author: kmroz

cmd/run/run.go

@@ -241,6 +241,16 @@ var allModules = []Module{
 		HostMsg: "Simulating DNS tunneling via *.%s",
 		Timeout: 10 * time.Second,
 	},
+	Module{
+		Module:     simulator.NewEncryptedDNS(),
+		Name:       "encrypted-dns",
+		Pipeline:   PipelineDNS,
+		NumOfHosts: 1,
+		// HeaderMsg:  "Preparing DNS tunnel hostnames",
+		HostMsg: "Simulating Encrypted DNS via *.%s",
+		Timeout: 10 * time.Second,
+	},
+
 	Module{
 		Module:     simulator.CreateModule(wisdom.NewWisdomHosts("cryptomining", wisdom.HostTypeIP), simulator.NewStratumMiner()),
 		Name:       "miner",

simulator/encdns/doh/doh.go

@@ -0,0 +1,51 @@
+// Package doh provides general DNS-over-HTTPS functionality.
+package doh
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+// Question section of DoH query.
+type Question struct {
+	Name string `json:"name"`
+	Type int    `json:"type"`
+}
+
+// Answer section of DoH query.
+type Answer struct {
+	Name string `json:"name"`
+	Type int    `json:"type"`
+	TTL  int    `json:"TTL"`
+	Data string `json:"data"`
+}
+
+// Response to a DoH query.
+type Response struct {
+	Status   int        `json:"Status"`
+	TC       bool       `json:"TC"`
+	RD       bool       `json:"RD"`
+	RA       bool       `json:"RA"`
+	AD       bool       `json:"AD"`
+	CD       bool       `json:"CD"`
+	Question []Question `json:"Question"`
+	Answer   []Answer   `json:"Answer"`
+	Comment  string     `json:"Comment"`
+}
+
+// Decode decodes a DoH response, returning a pointer to a Response and an error.
+// NOTE: Currently we don't care about parsing responses, but perhaps in the future.
+func Decode(r *http.Response) (*Response, error) {
+	var resp Response
+	err := json.NewDecoder(r.Body).Decode(&resp)
+	if err != nil {
+		return nil, err
+	}
+	return &resp, nil
+
+}
+
+// IsValidResponse returns a boolean indicating if the the *http.Response r was a 200OK.
+func IsValidResponse(r *http.Response) bool {
+	return r != nil && r.StatusCode == 200
+}

simulator/encdns/doh/providers/cloudflare.go

@@ -0,0 +1,45 @@
+package providers
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/http"
+
+	"github.com/alphasoc/flightsim/simulator/encdns"
+)
+
+type CloudFlare struct {
+	Provider
+}
+
+// NewCloudFlare returns a *CloudFlare wrapping a Provider ready to use for DoH queries.
+func NewCloudFlare(ctx context.Context) *CloudFlare {
+	p := CloudFlare{
+		Provider{
+			addr:     "cloudflare-dns.com:443",
+			queryURL: "https://cloudflare-dns.com/dns-query",
+		},
+	}
+	d := net.Dialer{}
+	tr := &http.Transport{
+		DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+			return d.DialContext(ctx, "tcp", p.addr)
+		},
+	}
+	p.client = &http.Client{Transport: tr}
+	return &p
+}
+
+// QueryTXT performs a DoH TXT lookup on CloudFlare and returns an *encdns.Response and an
+// error.
+func (p *CloudFlare) QueryTXT(ctx context.Context, domain string) (*encdns.Response, error) {
+	reqStr := fmt.Sprintf("%v?name=%v&type=TXT", p.queryURL, domain)
+	req, err := http.NewRequestWithContext(ctx, "GET", reqStr, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("accept", "application/dns-json")
+	clientResp, err := p.client.Do(req)
+	return &encdns.Response{U: clientResp}, err
+}

simulator/encdns/doh/providers/google.go

@@ -0,0 +1,44 @@
+package providers
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/http"
+
+	"github.com/alphasoc/flightsim/simulator/encdns"
+)
+
+type Google struct {
+	Provider
+}
+
+// NewGoogle returns a *Google wrapping a Provider ready to use for DoH queries.
+func NewGoogle(ctx context.Context) *Google {
+	p := Google{
+		Provider{
+			addr:     "dns.google:443",
+			queryURL: "https://dns.google/resolve",
+		},
+	}
+	d := net.Dialer{}
+	tr := &http.Transport{
+		DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+			return d.DialContext(ctx, "tcp", p.addr)
+		},
+	}
+	p.client = &http.Client{Transport: tr}
+	return &p
+}
+
+// QueryTXT performs a DoH TXT lookup on Google and returns an *encdns.Response and an
+// error.
+func (p *Google) QueryTXT(ctx context.Context, domain string) (*encdns.Response, error) {
+	reqStr := fmt.Sprintf("%v?name=%v&type=TXT", p.queryURL, domain)
+	req, err := http.NewRequestWithContext(ctx, "GET", reqStr, nil)
+	if err != nil {
+		return nil, err
+	}
+	clientResp, err := p.client.Do(req)
+	return &encdns.Response{U: clientResp}, err
+}

simulator/encdns/doh/providers/opendns.go

@@ -0,0 +1,52 @@
+package providers
+
+import (
+	"context"
+	"encoding/base64"
+	"fmt"
+	"net"
+	"net/http"
+
+	"github.com/alphasoc/flightsim/simulator/encdns"
+	"golang.org/x/net/dns/dnsmessage"
+)
+
+type OpenDNS struct {
+	Provider
+}
+
+// NewOpenDNS returns an *OpenDNS wrapping a Provider ready to use for DoH queries.
+func NewOpenDNS(ctx context.Context) *OpenDNS {
+	p := OpenDNS{
+		Provider{
+			addr:     "doh.opendns.com:443",
+			queryURL: "https://doh.opendns.com/dns-query",
+		},
+	}
+	d := net.Dialer{}
+	tr := &http.Transport{
+		DialContext: func(ctxt context.Context, network, addr string) (net.Conn, error) {
+			return d.DialContext(ctx, "tcp", p.addr)
+		},
+	}
+	p.client = &http.Client{Transport: tr}
+	return &p
+}
+
+// QueryTXT performs a DoH TXT lookup on OpenDNS and returns an *encdns.Response and an
+// error.
+func (p *OpenDNS) QueryTXT(ctx context.Context, domain string) (*encdns.Response, error) {
+	// OpenDNS requires requests to be in DNS wire format.
+	dnsReq, err := encdns.NewUDPRequest(domain, dnsmessage.TypeTXT)
+	if err != nil {
+		return nil, err
+	}
+	reqStr := fmt.Sprintf("%v?dns=%v", p.queryURL, base64.StdEncoding.EncodeToString(dnsReq))
+	req, err := http.NewRequestWithContext(ctx, "GET", reqStr, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add("accept", "application/dns-message")
+	clientResp, err := p.client.Do(req)
+	return &encdns.Response{U: clientResp}, err
+}

simulator/encdns/doh/providers/providers.go

@@ -0,0 +1,43 @@
+// Package providers ...
+package providers
+
+import (
+	"context"
+	"math/rand"
+	"net/http"
+
+	"github.com/alphasoc/flightsim/simulator/encdns"
+)
+
+// Provider represents a DoH provider.  addr is used to dial, queryURL is the base for
+// DoH queries, and client is the HTTP client used in the actual queries.
+type Provider struct {
+	addr     string
+	queryURL string
+	client   *http.Client
+}
+
+// Providers supporting DoH.
+var providers = []encdns.ProviderType{
+	encdns.GoogleProvider,
+	encdns.CloudFlareProvider,
+	encdns.Quad9Provider,
+	encdns.OpenDNSProvider,
+}
+
+// NewRandom returns a 'random' Queryable provider.
+func NewRandom(ctx context.Context) encdns.Queryable {
+	pIdx := encdns.ProviderType(rand.Intn(len(providers)))
+	var p encdns.Queryable
+	switch providers[pIdx] {
+	case encdns.GoogleProvider:
+		p = NewGoogle(ctx)
+	case encdns.CloudFlareProvider:
+		p = NewCloudFlare(ctx)
+	case encdns.Quad9Provider:
+		p = NewQuad9(ctx)
+	case encdns.OpenDNSProvider:
+		p = NewOpenDNS(ctx)
+	}
+	return p
+}

simulator/encdns/doh/providers/quad9.go

@@ -0,0 +1,44 @@
+package providers
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"net/http"
+
+	"github.com/alphasoc/flightsim/simulator/encdns"
+)
+
+type Quad9 struct {
+	Provider
+}
+
+// NewQuad9 returns a *Quad9 wrapping a Provider ready to use for DoH queries.
+func NewQuad9(ctx context.Context) *Quad9 {
+	p := Quad9{
+		Provider{
+			addr:     "dns.quad9.net:5053",
+			queryURL: "https://dns.quad9.net:5053/dns-query",
+		},
+	}
+	d := net.Dialer{}
+	tr := &http.Transport{
+		DialContext: func(ctxt context.Context, network, addr string) (net.Conn, error) {
+			return d.DialContext(ctx, "tcp", p.addr)
+		},
+	}
+	p.client = &http.Client{Transport: tr}
+	return &p
+}
+
+// QueryTXT performs a DoH TXT lookup on Quad9 and returns an *encdns.Response and
+// an error.
+func (p *Quad9) QueryTXT(ctx context.Context, domain string) (*encdns.Response, error) {
+	reqStr := fmt.Sprintf("%v?name=%v&type=TXT", p.queryURL, domain)
+	req, err := http.NewRequestWithContext(ctx, "GET", reqStr, nil)
+	if err != nil {
+		return nil, err
+	}
+	clientResp, err := p.client.Do(req)
+	return &encdns.Response{U: clientResp}, err
+}

simulator/encdns/dot/dot.go

@@ -0,0 +1,7 @@
+// Package dot provides general DNS-over-TLS functionality.
+package dot
+
+// IsValidResponse returns a boolean indicating if the []string carries a response.
+func IsValidResponse(r []string) bool {
+	return len(r) > 0
+}

simulator/encdns/dot/providers/providers.go

@@ -0,0 +1,69 @@
+// Package providers ...
+package providers
+
+import (
+	"context"
+	"crypto/tls"
+	"math/rand"
+	"net"
+
+	"github.com/alphasoc/flightsim/simulator/encdns"
+)
+
+// Provider represents a DoT provider.  addr and ctx are used to dial.
+type Provider struct {
+	ctx  context.Context
+	addr string
+}
+
+// Providers supporting DoT.
+var providers = []encdns.ProviderType{
+	encdns.GoogleProvider,
+	encdns.CloudFlareProvider,
+	encdns.Quad9Provider,
+	// OpenDNS does not, and does not plan to support DoT.
+}
+
+// NewRandom returns a 'random' Queryable provider.
+func NewRandom(ctx context.Context) encdns.Queryable {
+	pIdx := encdns.ProviderType(rand.Intn(len(providers)))
+	var p encdns.Queryable
+	switch providers[pIdx] {
+	case encdns.GoogleProvider:
+		p = NewGoogle(ctx)
+	case encdns.CloudFlareProvider:
+		p = NewCloudFlare(ctx)
+	case encdns.Quad9Provider:
+		p = NewQuad9(ctx)
+	}
+	return p
+}
+
+// NewGoogle returns a *Provider for Google's DoT service.
+func NewGoogle(ctx context.Context) *Provider {
+	return &Provider{ctx: ctx, addr: "dns.google:853"}
+}
+
+// NewGoogle returns a *Provider tied for CloudFlare's DoT service.
+func NewCloudFlare(ctx context.Context) *Provider {
+	return &Provider{ctx: ctx, addr: "1dot1dot1dot1.cloudflare-dns.com:853"}
+}
+
+// NewGoogle returns a *Provider for Quad9's DoT service.
+func NewQuad9(ctx context.Context) *Provider {
+	return &Provider{ctx: ctx, addr: "dns.quad9.net:853"}
+}
+
+// QueryTXT performs a DoT TXT lookup using Provider p, and returns a *encdns.Response and
+// an error.
+func (p *Provider) QueryTXT(ctx context.Context, domain string) (*encdns.Response, error) {
+	d := tls.Dialer{}
+	r := &net.Resolver{
+		PreferGo: true,
+		Dial: func(ctx context.Context, network, addr string) (net.Conn, error) {
+			return d.DialContext(p.ctx, "tcp", p.addr)
+		},
+	}
+	resp, err := r.LookupTXT(ctx, domain)
+	return &encdns.Response{U: resp}, err
+}