add alternative port for _acme-challenge

2024-07-07 06:47:31 +00:00 · 2024-07-07 06:47:31 +00:00 · 2b23be6f74
commit 2b23be6f74
parent d0fc2ff8e6
1 changed files with 27 additions and 7 deletions
--- a/pkg/meshname/server.go
+++ b/pkg/meshname/server.go
@ -18,13 +18,14 @@ type MeshnameServer struct {
 	networks     	map[string]*net.IPNet
 	meshipNetworks	map[string]*net.IPNet
 	enableMeshIP 	bool
+	acmePort	string

 	startedLock 	sync.RWMutex
 	started     	bool
 }

 // New is a constructor for MeshnameServer
-func New(log *log.Logger, listenAddr string, networks map[string]*net.IPNet, meshipNetworks map[string]*net.IPNet, enableMeshIP bool) *MeshnameServer {
+func New(log *log.Logger, listenAddr string, networks map[string]*net.IPNet, meshipNetworks map[string]*net.IPNet, enableMeshIP bool, acmePort string) *MeshnameServer {
 	dnsClient := new(dns.Client)
 	dnsClient.Timeout = 5000000000 // increased 5 seconds timeout

@ -35,6 +36,7 @@ func New(log *log.Logger, listenAddr string, networks map[string]*net.IPNet, mes
 		meshipNetworks:	meshipNetworks,
 		dnsClient:    	dnsClient,
 		enableMeshIP: 	enableMeshIP,
+		acmePort: 	acmePort,
 	}
 }

@ -143,15 +145,33 @@ func (s *MeshnameServer) handleMeshnameRequest(w dns.ResponseWriter, r *dns.Msg)
 		rm := new(dns.Msg)
 		rm.RecursionDesired = true
 		rm.Question = questions
-		resp, _, err := s.dnsClient.Exchange(rm, "["+remoteServer+"]:53") // no retries
-		if err != nil {
-			s.log.Debugln(err)
-			continue
+		// when specified, we add an alternative port for acme challenge requests
+		portNumbers := []string{"53"}
+		qdomain := rm.Question[0].Name
+		dotIndex := strings.Index(qdomain, ".")
+		qsubdomain := qdomain[:dotIndex]
+		if rm.Question[0].Qtype == 16 && qsubdomain == "_acme-challenge" {
+			s.log.Debugln("Is acme challenge. Trying on port "+s.acmePort+" too.")
+			// add alternative port number
+			portNumbers = append([]string{s.acmePort}, portNumbers...)
 		}
+		// make request
+		err := error(nil)
+		for _, port := range portNumbers {
+			s.log.Debugln("trying port:"+port)
+			resp, _, err := s.dnsClient.Exchange(rm, "["+remoteServer+"]:"+port)
+			// if we had success we don't keep trying other ports
+			if err == nil {
 				s.log.Debugln(resp.String())
 				m.Answer = append(m.Answer, resp.Answer...)
 				m.Ns = append(m.Ns, resp.Ns...)
 				m.Extra = append(m.Extra, resp.Extra...)
+				break
+			}
+		}
+		if err != nil {
+			s.log.Debugln(err)
+		}
 	}

 	if err := w.WriteMsg(m); err != nil {