/*
Technitium DNS Server
Copyright (C) 2023 Shreyas Zare (shreyas@technitium.com)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
using DnsServerCore.ApplicationCommon;
using System;
using System.Collections.Generic;
using System.Net;
using System.Net.Sockets;
using System.Text.Json;
using System.Threading.Tasks;
using TechnitiumLibrary;
using TechnitiumLibrary.Net;
using TechnitiumLibrary.Net.Dns;
using TechnitiumLibrary.Net.Dns.ResourceRecords;
namespace Dns64
{
// DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers
// https://www.rfc-editor.org/rfc/rfc6147
public class App : IDnsApplication, IDnsPostProcessor, IDnsAuthoritativeRequestHandler
{
#region variables
IDnsServer _dnsServer;
bool _enableDns64;
IReadOnlyDictionary _networkGroupMap;
IReadOnlyDictionary _groups;
#endregion
#region IDisposable
public void Dispose()
{
//do nothing
}
#endregion
#region public
public Task InitializeAsync(IDnsServer dnsServer, string config)
{
_dnsServer = dnsServer;
using JsonDocument jsonDocument = JsonDocument.Parse(config);
JsonElement jsonConfig = jsonDocument.RootElement;
_enableDns64 = jsonConfig.GetProperty("enableDns64").GetBoolean();
_networkGroupMap = jsonConfig.ReadObjectAsMap("networkGroupMap", delegate (string network, JsonElement group)
{
if (!NetworkAddress.TryParse(network, out NetworkAddress networkAddress))
throw new InvalidOperationException("Network group map contains an invalid network address: " + network);
if (networkAddress.Address.AddressFamily == AddressFamily.InterNetwork)
throw new InvalidOperationException("Network group map can only have IPv6 network addresses: " + network);
return new Tuple(networkAddress, group.GetString());
});
_groups = jsonConfig.ReadArrayAsMap("groups", delegate (JsonElement jsonGroup)
{
Group group = new Group(jsonGroup);
return new Tuple(group.Name, group);
});
return Task.CompletedTask;
}
public async Task PostProcessAsync(DnsDatagram request, IPEndPoint remoteEP, DnsTransportProtocol protocol, DnsDatagram response)
{
if (!_enableDns64)
return response;
if (request.DnssecOk)
return response;
switch (response.RCODE)
{
case DnsResponseCode.NxDomain:
return response;
}
DnsQuestionRecord question = request.Question[0];
if (question.Type != DnsResourceRecordType.AAAA)
return response;
IPAddress remoteIP = remoteEP.Address;
NetworkAddress network = null;
string groupName = null;
foreach (KeyValuePair entry in _networkGroupMap)
{
if (entry.Key.Contains(remoteIP) && ((network is null) || (entry.Key.PrefixLength > network.PrefixLength)))
{
network = entry.Key;
groupName = entry.Value;
}
}
if ((groupName is null) || !_groups.TryGetValue(groupName, out Group group) || !group.EnableDns64)
return response;
List newAnswer = new List(response.Answer.Count);
bool synthesizeAAAA = true;
foreach (DnsResourceRecord answer in response.Answer)
{
if (answer.Type != DnsResourceRecordType.AAAA)
{
newAnswer.Add(answer);
continue;
}
IPAddress ipv6Address = (answer.RDATA as DnsAAAARecordData).Address;
foreach (NetworkAddress excludedIpv6 in group.ExcludedIpv6)
{
if (!excludedIpv6.Contains(ipv6Address))
{
//found non-excluded AAAA record so no need to synthesize AAAA
newAnswer.Add(answer);
synthesizeAAAA = false;
}
}
}
if (!synthesizeAAAA)
return new DnsDatagram(response.Identifier, true, response.OPCODE, response.AuthoritativeAnswer, response.Truncation, response.RecursionDesired, response.RecursionAvailable, response.AuthenticData, response.CheckingDisabled, response.RCODE, response.Question, newAnswer, response.Authority, response.Additional) { Tag = response.Tag };
DnsDatagram newResponse = await _dnsServer.DirectQueryAsync(new DnsQuestionRecord(question.Name, DnsResourceRecordType.A, DnsClass.IN), 2000);
uint soaTtl;
{
DnsResourceRecord soa = response.FindFirstAuthorityRecord();
if ((soa is not null) && (soa.Type == DnsResourceRecordType.SOA))
soaTtl = soa.TTL;
else
soaTtl = 600;
}
foreach (DnsResourceRecord answer in newResponse.Answer)
{
if (answer.Type != DnsResourceRecordType.A)
continue;
IPAddress ipv4Address = (answer.RDATA as DnsARecordData).Address;
NetworkAddress ipv4Network = null;
NetworkAddress dns64Prefix = null;
foreach (KeyValuePair dns64PrefixEntry in group.Dns64PrefixMap)
{
if (dns64PrefixEntry.Key.Contains(ipv4Address) && ((ipv4Network is null) || (dns64PrefixEntry.Key.PrefixLength > ipv4Network.PrefixLength)))
{
ipv4Network = dns64PrefixEntry.Key;
dns64Prefix = dns64PrefixEntry.Value;
}
}
if (dns64Prefix is null)
continue;
IPAddress ipv6Address = ipv4Address.MapToIPv6(dns64Prefix);
newAnswer.Add(new DnsResourceRecord(answer.Name, DnsResourceRecordType.AAAA, answer.Class, Math.Min(answer.TTL, soaTtl), new DnsAAAARecordData(ipv6Address)));
}
return new DnsDatagram(response.Identifier, true, response.OPCODE, response.AuthoritativeAnswer, response.Truncation, response.RecursionDesired, response.RecursionAvailable, response.AuthenticData, response.CheckingDisabled, newResponse.RCODE, response.Question, newAnswer, newResponse.Authority, newResponse.Additional) { Tag = response.Tag };
}
public Task ProcessRequestAsync(DnsDatagram request, IPEndPoint remoteEP, DnsTransportProtocol protocol, bool isRecursionAllowed)
{
if (!_enableDns64)
return Task.FromResult(null);
if (request.DnssecOk)
return Task.FromResult(null);
DnsQuestionRecord question = request.Question[0];
if ((question.Type != DnsResourceRecordType.PTR) || !question.Name.EndsWith(".ip6.arpa", StringComparison.OrdinalIgnoreCase))
return Task.FromResult(null);
IPAddress remoteIP = remoteEP.Address;
NetworkAddress network = null;
string groupName = null;
foreach (KeyValuePair entry in _networkGroupMap)
{
if (entry.Key.Contains(remoteIP) && ((network is null) || (entry.Key.PrefixLength > network.PrefixLength)))
{
network = entry.Key;
groupName = entry.Value;
}
}
if ((groupName is null) || !_groups.TryGetValue(groupName, out Group group) || !group.EnableDns64)
return Task.FromResult(null);
IPAddress ipv6Address = IPAddressExtensions.ParseReverseDomain(question.Name);
if (ipv6Address.AddressFamily != AddressFamily.InterNetworkV6)
return Task.FromResult(null);
NetworkAddress dns64Prefix = null;
foreach (KeyValuePair dns64PrefixEntry in group.Dns64PrefixMap)
{
if ((dns64PrefixEntry.Value is not null) && dns64PrefixEntry.Value.Contains(ipv6Address))
{
dns64Prefix = dns64PrefixEntry.Value;
break;
}
}
if (dns64Prefix is null)
return Task.FromResult(null);
IPAddress ipv4Address = ipv6Address.MapToIPv4(dns64Prefix.PrefixLength);
IReadOnlyList answer = new DnsResourceRecord[] { new DnsResourceRecord(question.Name, DnsResourceRecordType.CNAME, question.Class, 600, new DnsCNAMERecordData(ipv4Address.GetReverseDomain())) };
return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answer));
}
#endregion
#region properties
public string Description
{ get { return "Enables DNS64 function for both authoritative and recursive resolver responses for use by IPv6 only clients."; } }
#endregion
class Group
{
#region variables
readonly string _name;
readonly bool _enableDns64;
readonly IReadOnlyDictionary _dns64PrefixMap;
readonly IReadOnlyCollection _excludedIpv6;
#endregion
#region constructor
public Group(JsonElement jsonGroup)
{
_name = jsonGroup.GetProperty("name").GetString();
_enableDns64 = jsonGroup.GetProperty("enableDns64").GetBoolean();
_dns64PrefixMap = jsonGroup.ReadObjectAsMap("dns64PrefixMap", delegate (string strNetwork, JsonElement jsonDns64Prefix)
{
string strDns64Prefix = jsonDns64Prefix.GetString();
NetworkAddress network = NetworkAddress.Parse(strNetwork);
NetworkAddress dns64Prefix = null;
if (strDns64Prefix is not null)
{
dns64Prefix = NetworkAddress.Parse(strDns64Prefix);
switch (dns64Prefix.PrefixLength)
{
case 32:
case 40:
case 48:
case 56:
case 64:
case 96:
break;
default:
throw new NotSupportedException("DNS64 prefix can have only the following prefixes: 32, 40, 48, 56, 64, or 96.");
}
}
return new Tuple(network, dns64Prefix);
});
_excludedIpv6 = jsonGroup.ReadArray("excludedIpv6", delegate (string strNetworkAddress)
{
NetworkAddress networkAddress = NetworkAddress.Parse(strNetworkAddress);
if (networkAddress.Address.AddressFamily != AddressFamily.InterNetworkV6)
throw new InvalidOperationException("An IPv6 network address is expected for 'excludedIpv6' array.");
return networkAddress;
});
}
#endregion
#region properties
public string Name
{ get { return _name; } }
public bool EnableDns64
{ get { return _enableDns64; } }
public IReadOnlyDictionary Dns64PrefixMap
{ get { return _dns64PrefixMap; } }
public IReadOnlyCollection ExcludedIpv6
{ get { return _excludedIpv6; } }
#endregion
}
}
}