consul/internal/dnsutil/dns.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package dnsutil

import (
	"errors"
	"net"
	"regexp"
	"slices"
	"strings"

	"github.com/miekg/dns"
)

type TranslateAddressAccept int

// MaxLabelLength is the maximum length for a name that can be used in DNS.
const (
	MaxLabelLength = 63

	arpaLabel     = "arpa"
	arpaIPV4Label = "in-addr"
	arpaIPV6Label = "ip6"

	TranslateAddressAcceptDomain TranslateAddressAccept = 1 << iota
	TranslateAddressAcceptIPv4
	TranslateAddressAcceptIPv6

	TranslateAddressAcceptAny TranslateAddressAccept = ^0
)

// InvalidNameRe is a regex that matches characters which can not be included in
// a DNS name.
var InvalidNameRe = regexp.MustCompile(`[^A-Za-z0-9\\-]+`)

// matches valid DNS labels according to RFC 1123, should be at most 63
// characters according to the RFC
var validLabel = regexp.MustCompile(`^[a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?$`)

// IsValidLabel returns true if the string given is a valid DNS label (RFC 1123).
// Note: the only difference between RFC 1035 and RFC 1123 labels is that in
// RFC 1123 labels can begin with a number.
func IsValidLabel(name string) bool {
	return validLabel.MatchString(name)
}

// ValidateLabel is similar to IsValidLabel except it returns an error
// instead of false when name is not a valid DNS label. The error will contain
// reference to what constitutes a valid DNS label.
func ValidateLabel(name string) error {
	if !IsValidLabel(name) {
		return errors.New("a valid DNS label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character")
	}
	return nil
}

// IPFromARPA returns the net.IP address from a fully-qualified ARPA PTR domain name.
// If the address is an invalid format, it returns nil.
func IPFromARPA(arpa string) net.IP {
	labels := dns.SplitDomainName(arpa)
	if len(labels) != 6 && len(labels) != 34 {
		return nil
	}

	// The last two labels should be "in-addr" or "ip6" and "arpa"
	if labels[len(labels)-1] != arpaLabel {
		return nil
	}

	var ip net.IP
	switch labels[len(labels)-2] {
	case arpaIPV4Label:
		parts := labels[:len(labels)-2]
		slices.Reverse(parts)
		ip = net.ParseIP(strings.Join(parts, "."))
	case arpaIPV6Label:
		parts := labels[:len(labels)-2]
		slices.Reverse(parts)

		// Condense the different words of the address
		address := strings.Join(parts[0:4], "")
		for i := 4; i <= len(parts)-4; i = i + 4 {
			word := parts[i : i+4]
			address = address + ":" + strings.Join(word, "")
		}
		ip = net.ParseIP(address)
		// default: fallthrough
	}
	return ip
}
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files 2 years ago			`// Copyright (c) HashiCorp, Inc.`
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> 1 year ago			`// SPDX-License-Identifier: BUSL-1.1`
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files 2 years ago
[OSS] feat: add experiments flag for v2 dns and skeleton interfaces (#20115) feat: add experiments flag for v2 dns and skeleton interfaces 11 months ago			`package dnsutil`
lib: add validation package + DNS label validation (#12535) Co-authored-by: Chris S. Kim <ckim@hashicorp.com> 3 years ago
			`import (`
			`"errors"`
feat(v2dns): add PTR query support (#20362) 10 months ago			`"net"`
lib: add validation package + DNS label validation (#12535) Co-authored-by: Chris S. Kim <ckim@hashicorp.com> 3 years ago			`"regexp"`
feat(v2dns): add PTR query support (#20362) 10 months ago			`"slices"`
			`"strings"`

			`"github.com/miekg/dns"`
lib: add validation package + DNS label validation (#12535) Co-authored-by: Chris S. Kim <ckim@hashicorp.com> 3 years ago			`)`

NET-7644/NET-7634 - Implement query lookup for tagged addresses on nodes and services including WAN translation. (#20583) NET-7644 - Implement tagged addresses and wan translation 9 months ago			`type TranslateAddressAccept int`

[OSS] feat: add experiments flag for v2 dns and skeleton interfaces (#20115) feat: add experiments flag for v2 dns and skeleton interfaces 11 months ago			`// MaxLabelLength is the maximum length for a name that can be used in DNS.`
feat(v2dns): add PTR query support (#20362) 10 months ago			`const (`
			`MaxLabelLength = 63`

			`arpaLabel = "arpa"`
			`arpaIPV4Label = "in-addr"`
			`arpaIPV6Label = "ip6"`
NET-7644/NET-7634 - Implement query lookup for tagged addresses on nodes and services including WAN translation. (#20583) NET-7644 - Implement tagged addresses and wan translation 9 months ago
			`TranslateAddressAcceptDomain TranslateAddressAccept = 1 << iota`
			`TranslateAddressAcceptIPv4`
			`TranslateAddressAcceptIPv6`

			`TranslateAddressAcceptAny TranslateAddressAccept = ^0`
feat(v2dns): add PTR query support (#20362) 10 months ago			`)`
[OSS] feat: add experiments flag for v2 dns and skeleton interfaces (#20115) feat: add experiments flag for v2 dns and skeleton interfaces 11 months ago
			`// InvalidNameRe is a regex that matches characters which can not be included in`
			`// a DNS name.`
			var InvalidNameRe = regexp.MustCompile(`[^A-Za-z0-9\\-]+`)

lib: add validation package + DNS label validation (#12535) Co-authored-by: Chris S. Kim <ckim@hashicorp.com> 3 years ago			`// matches valid DNS labels according to RFC 1123, should be at most 63`
			`// characters according to the RFC`
			var validLabel = regexp.MustCompile(`^[a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?$`)

			`// IsValidLabel returns true if the string given is a valid DNS label (RFC 1123).`
			`// Note: the only difference between RFC 1035 and RFC 1123 labels is that in`
			`// RFC 1123 labels can begin with a number.`
			`func IsValidLabel(name string) bool {`
			`return validLabel.MatchString(name)`
			`}`

			`// ValidateLabel is similar to IsValidLabel except it returns an error`
			`// instead of false when name is not a valid DNS label. The error will contain`
			`// reference to what constitutes a valid DNS label.`
			`func ValidateLabel(name string) error {`
			`if !IsValidLabel(name) {`
			`return errors.New("a valid DNS label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character")`
			`}`
			`return nil`
			`}`
feat(v2dns): add PTR query support (#20362) 10 months ago
			`// IPFromARPA returns the net.IP address from a fully-qualified ARPA PTR domain name.`
			`// If the address is an invalid format, it returns nil.`
			`func IPFromARPA(arpa string) net.IP {`
			`labels := dns.SplitDomainName(arpa)`
			`if len(labels) != 6 && len(labels) != 34 {`
			`return nil`
			`}`

			`// The last two labels should be "in-addr" or "ip6" and "arpa"`
			`if labels[len(labels)-1] != arpaLabel {`
			`return nil`
			`}`

			`var ip net.IP`
			`switch labels[len(labels)-2] {`
			`case arpaIPV4Label:`
			`parts := labels[:len(labels)-2]`
			`slices.Reverse(parts)`
			`ip = net.ParseIP(strings.Join(parts, "."))`
			`case arpaIPV6Label:`
			`parts := labels[:len(labels)-2]`
			`slices.Reverse(parts)`

			`// Condense the different words of the address`
			`address := strings.Join(parts[0:4], "")`
			`for i := 4; i <= len(parts)-4; i = i + 4 {`
			`word := parts[i : i+4]`
			`address = address + ":" + strings.Join(word, "")`
			`}`
			`ip = net.ParseIP(address)`
			`// default: fallthrough`
			`}`
			`return ip`
			`}`