vsock_proxy: Perform DNS resolution after the expiration of the TTL #593
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
meerd
force-pushed
the
dns_resolve
branch
3 times, most recently
from
a59972b to
b78b6c4
Compare
Use an enumeration type (IpAddrType) instead of boolean variables to represent different IP address types. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
- Create a new module 'dns.rs' to encapsulate DNS-related operations. - Move existing DNS-related functionality into the new 'dns.rs' module. - Rename 'parse_addr' function to 'resolve' for better semantic clarity. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
Rename starter.rs module to proxy.rs to better reflect its purpose. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
Perform allowlisted hosts' check before creating a Proxy instance and terminate the application if necessary. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
The proxy used to resolve the server hostname only once during its startup. This behavior was creating issues where the DNS addresses changed frequently. This commit changes the behavior to resolve DNS each time after the TTL expires. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
This commit resolves all errors and warnings that surfaced after upgrading from rustc v1.60 to v1.68.2. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
meerd
force-pushed
the
dns_resolve
branch
4 times, most recently
from
6161520 to
ae2e1e1
Compare
meerd
changed the title
foersleo
reviewed
Apr 10, 2024
foersleo
approved these changes
Apr 10, 2024
mariusknaust
approved these changes
Apr 10, 2024
meerd
force-pushed
the
dns_resolve
branch
2 times, most recently
from
f444244 to
30e7686
Compare
Modify the signature of `dns::resolve` function to return a `DnsResolveResult` struct instead of a plain vector of IP addresses. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
Add tests for the dns module to improve coverage. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
Replace the existing DNS lookup implementation with hickory_resolver. This allows accessing additional information from DNS records, such as TTL values, and enhances the functionality of the dns module. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
Replace DnsResolveResult with DnsResolutionInfo. The new type includes utility methods and provides a better interface for DNS resolution information, encapsulating resolved IP address, TTL value, and last resolution time. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
This commit marks the new release of the vsock_proxy, setting the version to 1.0.0. Signed-off-by: Erdem Meydanli <meydanli@amazon.com>
This was referenced Apr 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes: This PR addresses the wrong assumption that domain names are resolved to fixed static IP addresses. With these changes, vsock-proxy periodically refreshes the resolved IP address of the remote host after the Time-To-Live (TTL) expires, ensuring that the most up-to-date IP address is used.
Relevant issues: #553
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.