container/Sources/DNSServer/Handlers/HostTableResolver.swift at c778d70e14d68d5078e5be509830e1fbd7cedfb2 · jglogan/container · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
//===----------------------------------------------------------------------===//
// Copyright © 2025-2026 Apple Inc. and the container project authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//   https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//===----------------------------------------------------------------------===//

import ContainerizationExtras

/// Handler that uses table lookup to resolve hostnames.
///
/// All keys in `hosts4` must be canonical DNS names — fully-qualified with a
/// trailing dot (e.g. `"example.com."`). This matches the canonical form used
/// by `Question.name` when decoded from the wire.
public struct HostTableResolver: DNSHandler {
    public let hosts4: [String: IPv4Address]
    private let ttl: UInt32

    /// Creates a resolver backed by a static IPv4 host table.
    ///
    /// - Parameter hosts4: A dictionary mapping fully-qualified domain names (with trailing dot)
    ///   to IPv4 addresses. Keys without a trailing dot will not match wire-decoded queries.
    /// - Parameter ttl: The TTL in seconds to set on answer records.
    public init(hosts4: [String: IPv4Address], ttl: UInt32 = 300) {
        self.hosts4 = hosts4
        self.ttl = ttl
    }

    public func answer(query: Message) async throws -> Message? {
        let question = query.questions[0]
        let record: ResourceRecord?
        switch question.type {
        case ResourceRecordType.host:
            record = answerHost(question: question)
        case ResourceRecordType.host6:
            // Return NODATA (noError with empty answers) for AAAA queries ONLY if A record exists.
            // This is required because musl libc has issues when A record exists but AAAA returns NXDOMAIN.
            // musl treats NXDOMAIN on AAAA as "domain doesn't exist" and fails DNS resolution entirely.
            // NODATA correctly indicates "no IPv6 address available, but domain exists".
            if hosts4[question.name] != nil {
                return Message(
                    id: query.id,
                    type: .response,
                    returnCode: .noError,
                    questions: query.questions,
                    answers: []
                )
            }
            // If hostname doesn't exist, return nil which will become NXDOMAIN
            return nil
        default:
            return Message(
                id: query.id,
                type: .response,
                returnCode: .notImplemented,
                questions: query.questions,
                answers: []
            )
        }

        guard let record else {
            return nil
        }

        return Message(
            id: query.id,
            type: .response,
            returnCode: .noError,
            questions: query.questions,
            answers: [record]
        )
    }

    private func answerHost(question: Question) -> ResourceRecord? {
        guard let ip = hosts4[question.name] else {
            return nil
        }

        return HostRecord<IPv4Address>(name: question.name, ttl: ttl, ip: ip)
    }
}