From 93f3ea7e8743ba0bce3a01c56311263c49421e8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Cruz?= Date: Wed, 17 Jun 2020 12:37:07 +0100 Subject: [PATCH] Add support for DoT to DNS probes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Cruz --- CONFIGURATION.md | 3 +++ config/config.go | 1 + prober/dns.go | 9 +++++++++ 3 files changed, 13 insertions(+) diff --git a/CONFIGURATION.md b/CONFIGURATION.md index f20707fa..2d7fe5fb 100644 --- a/CONFIGURATION.md +++ b/CONFIGURATION.md @@ -153,6 +153,9 @@ tls_config: [ transport_protocol: | default = "udp" ] # udp, tcp +# Whether to use DNS over TLS. This only works with TCP. +[ dns_over_tls: ] + query_name: [ query_type: | default = "ANY" ] diff --git a/config/config.go b/config/config.go index 3fddb3c5..a1346801 100644 --- a/config/config.go +++ b/config/config.go @@ -174,6 +174,7 @@ type ICMPProbe struct { type DNSProbe struct { IPProtocol string `yaml:"preferred_ip_protocol,omitempty"` IPProtocolFallback bool `yaml:"ip_protocol_fallback,omitempty"` + DNSOverTLS bool `yaml:"dns_over_tls,omitempty"` SourceIPAddress string `yaml:"source_ip_address,omitempty"` TransportProtocol string `yaml:"transport_protocol,omitempty"` QueryClass string `yaml:"query_class,omitempty"` // Defaults to IN. diff --git a/prober/dns.go b/prober/dns.go index edb5b282..a69a7812 100644 --- a/prober/dns.go +++ b/prober/dns.go @@ -190,6 +190,15 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry dialProtocol = module.DNS.TransportProtocol + "4" } + if module.DNS.DNSOverTLS { + if module.DNS.TransportProtocol == "tcp" { + dialProtocol += "-tls" + } else { + level.Error(logger).Log("msg", "Configuration error: Expected transport protocol tcp for DoT", "protocol", module.DNS.TransportProtocol) + return false + } + } + client := new(dns.Client) client.Net = dialProtocol