feat(dns): add DNS.OverrideSystem config to apply resolvers globally #11141
+409
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
adds DNS.OverrideSystem flag (enabled by default) that extends DNS.Resolvers to affect all DNS lookups in the daemon process, not just DNSLink and Multiaddr resolution. this ensures AutoTLS ACME DNS-01 challenge verification, HTTP retrieval, and third-party library code all respect DNS.Resolvers config. implementation creates a net.Resolver bridge that intercepts DNS wire protocol queries, parses them with miekg/dns, calls madns.Resolver, and returns properly formatted DNS responses. note: this is an exploration of daemon-wide DNS configuration without refactoring boxo/gateway. a cleaner future approach may create native net.Resolver from config first, then convert to madns only for go-libp2p.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Warning
Parking this for now, something to pick in spare time.
This PR adds DNS.OverrideSystem flag (enabled by default) that extends DNS.Resolvers to affect all DNS lookups in the daemon process, not just DNSLink and Multiaddr resolution.
Approach A: thin adapter that turns Multiaddr resolver back to net.Resolver
Warning
Do Not Merge
This is an exploration of how DNS configuration can be applied daemon-wide without refactoring
boxo/gateway. A future improvement may create a nativenet.Resolverfrom config first, and convert it to Multiaddr DNS resolver only when passing to go-libp2p, which would be a cleaner architecture.this ensures AutoTLS ACME DNS-01 challenge verification, HTTP retrieval, and third-party library code all respect DNS.Resolvers config.
implementation creates a net.Resolver bridge that intercepts DNS wire protocol queries, parses them with miekg/dns, calls madns.Resolver, and returns properly formatted DNS responses.
note: this is an exploration of daemon-wide DNS configuration without refactoring boxo/gateway. a cleaner future approach may create native net.Resolver from config first, then convert to madns only for go-libp2p.
Approach B: cleanup boxo/gateway, extract boxo/dns
Pay off technical debt, use native GO type as first-class citizen for
DNS.Resolvers, and only domaone when passing to go-libp2p. Use native type for everything else, and override globalnet.Resolver