Add Quad9 as supported DoH provider.

sensepost · Oct 26, 2018 · a9e5713 · a9e5713
1 parent 05d4e46
commit a9e5713
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 1 deletion.
diff --git a/cmd/root.go b/cmd/root.go
@@ -54,7 +54,7 @@ func init() {
 	}
 
 	rootCmd.PersistentFlags().StringVarP(&dnsProviderName,
-		"provider", "p", "google", "Preferred DNS provider to use. [possible: google, cloudflare, raw]")
+		"provider", "p", "google", "Preferred DNS provider to use. [possible: google, cloudflare, quad9, raw]")
 	rootCmd.PersistentFlags().BoolVarP(&validateSSL,
 		"validate-certificate", "K", false, "Validate DoH provider SSL certificates")
 }
@@ -83,6 +83,9 @@ func validateDNSProvider() {
 	case "cloudflare":
 		dnsProvider = dnsclient.NewCloudFlareDNS()
 		break
+	case "quad9":
+		dnsProvider = dnsclient.NewQuad9DNS()
+		break
 	case "raw":
 		dnsProvider = dnsclient.NewRawDNS()
 		break

diff --git a/dnsclient/client.go b/dnsclient/client.go
@@ -15,6 +15,12 @@ func NewCloudFlareDNS() *CloudflareDNS {
 	return &CloudflareDNS{BaseURL: "https://cloudflare-dns.com/dns-query"}
 }
 
+// NewQuad9DNS starts a new Quad9 DNS-over-HTTPS resolver Client
+func NewQuad9DNS() *Quad9DNS {
+	// Use the unfiltered URL.
+	return &Quad9DNS{BaseURL: "https://dns10.quad9.net/dns-query"}
+}
+
 // NewRawDNS starts a new client making use of traditional DNS
 func NewRawDNS() *RawDNS {
 	return &RawDNS{}

diff --git a/dnsclient/quad9.go b/dnsclient/quad9.go
@@ -0,0 +1,64 @@
+package dnsclient
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"strconv"
+	"time"
+
+	"github.com/miekg/dns"
+)
+
+// Quad9DNS is a Client instance resolving using Quad9's DNS-over-HTTPS service
+type Quad9DNS struct {
+	BaseURL string
+}
+
+// Lookup performs a DNS lookup using Quad9
+func (c *Quad9DNS) Lookup(name string, rType uint16) Response {
+
+	client := http.Client{
+		Timeout: time.Second * 20,
+	}
+
+	req, err := http.NewRequest("GET", c.BaseURL, nil)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	q := req.URL.Query()
+	q.Add("name", name)
+	q.Add("type", strconv.Itoa(int(rType)))
+	q.Add("cd", "false") // ignore DNSSEC
+	req.URL.RawQuery = q.Encode()
+
+	res, err := client.Do(req)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	body, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	dnsRequestResponse := requestResponse{}
+	err = json.Unmarshal(body, &dnsRequestResponse)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	fout := Response{}
+
+	if len(dnsRequestResponse.Answer) <= 0 {
+		return fout
+	}
+
+	fout.TTL = dnsRequestResponse.Answer[0].TTL
+	fout.Data = dnsRequestResponse.Answer[0].Data
+	fout.Status = dns.RcodeToString[dnsRequestResponse.Status]
+
+	return fout
+}