mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-28 02:18:50 +00:00
3978661fbc
To support resolving SRV and TXT records for DNS-resources, we host a DNS server on UDP/53535 and TCP/53535 on the IPv4 and IPv6 IP of the Gateway's TUN device. This will later be used by connlib to send DNS queries of particular types (concretely SRV and TXT) to the Gateway itself. With this PR, this DNS server is already functional and reachable but it will answer all queries with SERVFAIL. Actual handling of these queries is left to a future PR. We listen on port 53535 because: - Port 53 may be taken by another DNS server running on the customer's machine where they deploy the Gateway - Port 5353 is the standard port for mDNS - I could not find anything on the Internet about it being used by a specific application In theory, we could also bind to a random port but then we'd have to communicate this port somehow to the client. This could be done using a control protocol message but it just makes things more complicated. For example, there would be additional buffering needed on the Client side for the time-period where we've established a connection to the Gateway already but haven't received the control protocol message yet, at which port the Gateway is hosting the DNS server. If one knows the Gateway's IP (and has a connection to it already), this DNS server will be usable by users with standard DNS tools such as `dig`: ```sh dig @100.76.212.99 -p 53535 example.com ``` Related: #8221