Comments (10)
IIRC a UDP DNS client doesn't bind to a single address (it uses ~one address per query) because otherwise it would be to easy to spoof responses.
Why is it important that UDP messages come from a single address? What's the use case for this?
from hickory-dns.
IIRC a UDP DNS client doesn't bind to a single address (it uses ~one address per query) because otherwise it would be to easy to spoof responses.
Why is it important that UDP messages come from a single address? What's the use case for this?
I am agree with you that most of time, we don't need to bind a specific iface to do dns query. But sometimes we need, when I have more than one ifaces in my machine, which connect different networks.
And also, it is a feature that we can bind a specific iface, that means we can bind a specific iface if we want. For most network library for example tokio, socket2, as you see, they all support this feature.
Thanks.
from hickory-dns.
@bluejekyll maybe bind_addr
should take an IpAddr
instead of a SocketAddr
?
from hickory-dns.
@bluejekyll maybe
bind_addr
should take anIpAddr
instead of aSocketAddr
?
I think it should take a SocketAddr, because most of other library take a SocketAddr. for example, glibc, tokio.
https://www.gnu.org/software/libc/manual/html_node/Setting-Address.html
And more, in hickory dns, we have used SocketAddr for bind_addr, see:
https://github.com/hickory-dns/hickory-dns/blob/main/crates/proto/src/udp/udp_stream.rs#L245
Thanks.
from hickory-dns.
IMO using a SocketAddr
for binding an UDP socket is surprising since, AIUI, our UDP client sockets don't want to stick to one port as I mentioned in a previous comment. In general I feel like the notion of a single bind_addr
is a little confusing since we could potentially bind any number of clients (UDP, TCP, DoT, DoH, DoQ) which can't all bind to the same port.
from hickory-dns.
Most of cases, the users specific the port to 0 which means random port by system.
See: https://github.com/hickory-dns/hickory-dns/blob/main/crates/proto/src/udp/udp_stream.rs#L291
from hickory-dns.
It doesn't feel like you're actually reading my comments, so I'm going to stop engaging with this issue now.
from hickory-dns.
Looking at this more, I think @djc, is making a very good point that for this interface, we want a bind_addr that is just the IP address, and not the port. The port should be randomly chosen based on our logic which works to enforce a random port is always used for each connection. For that reason, I think we want the PR to continue to use the random port logic that we have, but allow for the bind address to be set.
from hickory-dns.
- First and fotmost, IP_BIND_ADDRESS_NO_PORT
SocketAddr
with port 0 which means the port will later be automatically chosen when connect. This behavior has been documented in here https://man7.org/linux/man-pages/man7/ip.7.html. So if the user wants specific IP(for most of cases), he can use port 0. - IP_BIND_ADDRESS_NO_PORT aka SocketAddr with port 0 is widely used,
connect(2)
operating-system function in Linux,let socket = tokio::net::TcpSocket::new_v4().unwrap(); socket.connect(socketaddr)
in rust. For some user at least for me, it is a inertial thinking when I want specific a bind_addr.
from hickory-dns.
Not sure why you wanted to close this? My sense is that allowing the bind address is a good thing. We donโt trust the OS to distribute the port addresses in general, which is why the library has a random function to ensure itโs somewhat randomly distributed across the port space.
I see that you believe we should accept SocketAddr and use the port as an indication of using random selection logic, and I get your reasoning, but in this case we will be issuing multiple requests from this interface. In order to issue multiple requests to the same remote address, those must be on separate ports, otherwise we run afoul of the response spoofing that the random port selection is intended to prevent.
so it leads me to believe that we want to guide people in the proper direction, and only take IpAdrr as the bind address, and always randomize the port. Do you have a particular use case where you want the port to be static and non-zero ever?
from hickory-dns.
Related Issues (20)
- `hickory-dns` responds to `dig A doesnotexist.fqdn.com.` with NOERROR instead of with NXDOMAIN HOT 6
- `hickory-dns` resolver does not honor the DO bit in client's queries HOT 2
- [RFC] DNSSEC validation: configuration syntax HOT 11
- [RFC] re-structure `named.toml` syntax to reject invalid configurations HOT 3
- TCP fallback is not always used and forcing it is not ergonomic HOT 3
- 0.25 Release HOT 10
- Static build support (openssl + cross-compile) HOT 6
- `DnssecDnsHandle` does not appear to validate RRSIG's signature {inception,expiration} fields HOT 1
- malformed query can cause assertion failure at encoder.rs:234 HOT 1
- should `proto::rr::resource::Record.rdata` really be an `Option`? HOT 6
- `just clippy` does not catch warnings produced by `just dnssec-openssl` HOT 5
- DNS Resolver rotate feature HOT 5
- [Featture] Expose Path Parameter for DoH Client HOT 1
- Allow passing in a custom client UDP socket to send data from HOT 5
- `just no-default-features` fails with an ICE using latest nightly HOT 1
- Default dns timeout of 5 seconds is excessive (causes 40s of time being wasted in mongodb) HOT 5
- hickory-resolver retries NXDOMAINs over TCP if using `try_tcp_on_error` HOT 4
- tag/publish a 0.25 pre-release? HOT 4
- What is the reason for NextRandomUdpSocket? HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hickory-dns.