Copy resolver IPScope to DNS connection IPScope

2025-09-01 18:19:12 +00:00 · 2023-08-04 21:41:37 +02:00 · 2023-08-04 21:41:37 +02:00 · b645e440ad
commit b645e440ad
parent bf6bf0705d
3 changed files with 20 additions and 7 deletions
--- a/intel/entity.go
+++ b/intel/entity.go
@ -60,6 +60,7 @@ type Entity struct { //nolint:maligned
 	IP net.IP

 	// IPScope holds the network scope of the IP.
+	// For DNS requests, this signifies in which scope the DNS request was resolved.
 	IPScope netutils.IPScope

 	// Country holds the country the IP address (ASN) is
--- a/nameserver/nameserver.go
+++ b/nameserver/nameserver.go
@ -22,7 +22,7 @@ import (
 var hostname string

 func handleRequestAsWorker(w dns.ResponseWriter, query *dns.Msg) {
-	err := module.RunWorker("dns request", func(ctx context.Context) error {
+	err := module.RunWorker("handle dns request", func(ctx context.Context) error {
 		return handleRequest(ctx, w, query)
 	})
 	if err != nil {
@ -187,6 +187,13 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
 		if rrCache != nil {
 			conn.DNSContext = rrCache.ToDNSRequestContext()
 			conn.Resolver = rrCache.Resolver
+			conn.Entity.IPScope = rrCache.Resolver.IPScope
+		} else {
+			// Get resolvers for this query to determine the resolving scope.
+			resolvers, _, _ := resolver.GetResolversInScope(ctx, q)
+			if len(resolvers) > 0 {
+				conn.Entity.IPScope = resolvers[0].Info.IPScope
+			}
 		}

 		switch conn.Verdict.Active {
@ -297,11 +304,14 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
 		return reply(nsutil.ServerFailure("internal error: empty reply"))
 	case rrCache.RCode == dns.RcodeNameError:
 		// Try alternatives domain names for unofficial domain spaces.
-		rrCache = checkAlternativeCaches(ctx, q)
-		if rrCache == nil {
+		altRRCache := checkAlternativeCaches(ctx, q)
+		if altRRCache != nil {
+			rrCache = altRRCache
+		} else {
 			// Return now if NXDomain.
 			return reply(nsutil.NxDomain("no answer found (NXDomain)"))
 		}
+
 	}

 	// Check with firewall again after resolving.
--- a/network/connection.go
+++ b/network/connection.go
@ -325,8 +325,9 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, cnames []stri
 		Scope: fqdn,
 		PID:   proc.Pid,
 		Entity: &intel.Entity{
-			Domain: fqdn,
-			CNAME:  cnames,
+			Domain:  fqdn,
+			CNAME:   cnames,
+			IPScope: netutils.Global, // Assign a global IP scope as default.
 		},
 		process:        proc,
 		ProcessContext: getProcessContext(ctx, proc),
@ -367,8 +368,9 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
 		Scope:    fqdn,
 		PID:      process.NetworkHostProcessID,
 		Entity: &intel.Entity{
-			Domain: fqdn,
-			CNAME:  cnames,
+			Domain:  fqdn,
+			CNAME:   cnames,
+			IPScope: netutils.Global, // Assign a global IP scope as default.
 		},
 		process:        remoteHost,
 		ProcessContext: getProcessContext(ctx, remoteHost),