checker: Ensure DNS is also accessible over TCP

This commit is contained in:
nemunaire 2023-03-18 10:54:50 +01:00
parent 94ed539e01
commit f70743d659
2 changed files with 27 additions and 5 deletions

View File

@ -134,7 +134,7 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
snicheck1_tested := false
// Check DNS
if addr, err := check_dns(std.MyDelegatedDomain(), dnsIP); err == nil {
if addr, err := check_dns_both(std.MyDelegatedDomain(), dnsIP); err == nil {
if addr == nil {
dnsAt := ""
if glueErr != nil {
@ -267,7 +267,7 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
}
}
} else {
if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][DNSDelegation], fmt.Errorf("dig @%s %s: %w", dnsIP, std.MyDelegatedDomain(), err)); errreg != nil {
if errreg := std.RegisterChallengeError(CheckMap[tunnel_version][DNSDelegation], err); errreg != nil {
log.Printf("Unable to register challenge error for %s: %s\n", std.Login, errreg)
}
if verbose {
@ -311,7 +311,7 @@ func studentChecker(std *adlin.Student, also_check_matrix bool, offline bool) {
}
// Check DNS for association
if addr, err := check_dns(std.MyAssociatedDomain(), DEFAULT_RESOLVER); err == nil {
if addr, err := check_dns_udp(std.MyAssociatedDomain(), DEFAULT_RESOLVER); err == nil {
// Check HTTP on delegated domain
if err := check_http(addr.String(), std.MyAssociatedDomain()); err == nil {
if verbose {

View File

@ -237,8 +237,8 @@ func get_GLUE(student *adlin.Student) (aaaa net.IP, err error) {
return
}
func check_dns(domain, ip string) (aaaa net.IP, err error) {
client := dns.Client{Timeout: time.Second * 5}
func check_dns(proto, domain, ip string) (aaaa net.IP, err error) {
client := dns.Client{Net: proto, Timeout: time.Second * 5}
m := new(dns.Msg)
m.SetQuestion(domain, dns.TypeAAAA)
@ -267,6 +267,28 @@ func check_dns(domain, ip string) (aaaa net.IP, err error) {
return
}
func check_dns_both(domain, ip string) (aaaa net.IP, err error) {
if aaaa, err = check_dns_udp(domain, ip); err != nil {
err = fmt.Errorf("dig @%s %s: %w", ip, domain, err)
return
}
if aaaa, err = check_dns_tcp(domain, ip); err != nil {
err = fmt.Errorf("Test over TCP: dig +tcp @%s %s: %w", ip, domain, err)
return
}
return
}
func check_dns_udp(domain, ip string) (net.IP, error) {
return check_dns("", domain, ip)
}
func check_dns_tcp(domain, ip string) (net.IP, error) {
return check_dns("tcp", domain, ip)
}
func check_dnssec(domain, ip string) (err error) {
client := dns.Client{Net: "tcp", Timeout: time.Second * 10}