Merge pull request #111 from safing/fix/resolver-scoping

Fix/resolver scoping

network/netutils/ip_test.go

@@ -10,6 +10,10 @@ func TestIPClassification(t *testing.T) {
 	testClassification(t, net.IPv4(127, 0, 0, 1), HostLocal)
 	testClassification(t, net.IPv4(127, 255, 255, 1), HostLocal)
 	testClassification(t, net.IPv4(192, 168, 172, 24), SiteLocal)
+	testClassification(t, net.IPv4(172, 15, 1, 1), Global)
+	testClassification(t, net.IPv4(172, 16, 1, 1), SiteLocal)
+	testClassification(t, net.IPv4(172, 31, 1, 1), SiteLocal)
+	testClassification(t, net.IPv4(172, 32, 1, 1), Global)
 }
 
 func testClassification(t *testing.T, ip net.IP, expectedClassification int8) {

resolver/resolver.go

@@ -18,10 +18,10 @@ const (
 	ServerTypeDoH = "doh"
 	ServerTypeEnv = "env"
 
-	ServerSourceConfigured = "config"
-	ServerSourceAssigned   = "dhcp"
-	ServerSourceMDNS       = "mdns"
-	ServerSourceEnv        = "env"
+	ServerSourceConfigured      = "config"
+	ServerSourceOperatingSystem = "system"
+	ServerSourceMDNS            = "mdns"
+	ServerSourceEnv             = "env"
 )
 
 var (

resolver/resolvers.go

@@ -123,6 +123,7 @@ func createResolver(resolverURL, source string) (*Resolver, bool, error) {
 		Server:                 resolverURL,
 		ServerType:             u.Scheme,
 		ServerAddress:          u.Host,
+		ServerIP:               ip,
 		ServerIPScope:          scope,
 		Source:                 source,
 		VerifyDomain:           verifyDomain,
@@ -150,7 +151,7 @@ func configureSearchDomains(resolver *Resolver, searches []string) {
 
 func getConfiguredResolvers(list []string) (resolvers []*Resolver) {
 	for _, server := range list {
-		resolver, skip, err := createResolver(server, "config")
+		resolver, skip, err := createResolver(server, ServerSourceConfigured)
 		if err != nil {
 			// TODO(ppacher): module error
 			log.Errorf("cannot use resolver %s: %s", server, err)
@@ -169,7 +170,7 @@ func getConfiguredResolvers(list []string) (resolvers []*Resolver) {
 func getSystemResolvers() (resolvers []*Resolver) {
 	for _, nameserver := range netenv.Nameservers() {
 		serverURL := fmt.Sprintf("dns://%s", formatIPAndPort(nameserver.IP, 53))
-		resolver, skip, err := createResolver(serverURL, "dhcp") // TODO(ppacher): DHCP can actually be wrong
+		resolver, skip, err := createResolver(serverURL, ServerSourceOperatingSystem)
 		if err != nil {
 			// that shouldn't happen but handle it anyway ...
 			log.Errorf("cannot use system resolver %s: %s", serverURL, err)
@@ -250,6 +251,16 @@ func loadResolvers() {
 		log.Info("resolver: no local resolvers loaded")
 	}
 
+	// log system resolvers
+	if len(systemResolvers) > 0 {
+		log.Trace("resolver: loaded system/network-assigned resolvers:")
+		for _, resolver := range systemResolvers {
+			log.Tracef("resolver: %s", resolver.Server)
+		}
+	} else {
+		log.Info("resolver: no system/network-assigned resolvers loaded")
+	}
+
 	// log scopes
 	if len(localScopes) > 0 {
 		log.Trace("resolver: loaded scopes:")
@@ -281,7 +292,7 @@ func setScopedResolvers(resolvers []*Resolver) {
 			localResolvers = append(localResolvers, resolver)
 		}
 
-		if resolver.Source == "dhcp" {
+		if resolver.Source == ServerSourceOperatingSystem {
 			systemResolvers = append(systemResolvers, resolver)
 		}
 

resolver/scopes.go

@@ -274,7 +274,7 @@ func (resolver *Resolver) checkCompliance(_ context.Context, q *Query) error {
 	}
 
 	if noAssignedNameservers(q.SecurityLevel) {
-		if resolver.Source == ServerSourceAssigned {
+		if resolver.Source == ServerSourceOperatingSystem {
 			return errAssignedServer
 		}
 	}