From e3adf6b264ae379c34ef3bc6c06624425689cf95 Mon Sep 17 00:00:00 2001 From: Christian Schneppe Date: Sun, 25 Jun 2017 19:21:19 +0200 Subject: new resolver fall back to normal dns if dnssec verfication fails --- .../java/de/pixart/messenger/utils/Resolver.java | 31 +++++++++++++++------- 1 file changed, 22 insertions(+), 9 deletions(-) (limited to 'src/main/java') diff --git a/src/main/java/de/pixart/messenger/utils/Resolver.java b/src/main/java/de/pixart/messenger/utils/Resolver.java index a5bcad547..d69a828e2 100644 --- a/src/main/java/de/pixart/messenger/utils/Resolver.java +++ b/src/main/java/de/pixart/messenger/utils/Resolver.java @@ -14,7 +14,9 @@ import de.measite.minidns.DNSClient; import de.measite.minidns.DNSName; import de.measite.minidns.Question; import de.measite.minidns.Record; +import de.measite.minidns.dnssec.DNSSECValidationFailedException; import de.measite.minidns.hla.DnssecResolverApi; +import de.measite.minidns.hla.ResolverApi; import de.measite.minidns.hla.ResolverResult; import de.measite.minidns.record.A; import de.measite.minidns.record.AAAA; @@ -36,13 +38,13 @@ public class Resolver { List results = new ArrayList<>(); try { results.addAll(resolveSrv(domain, true)); - } catch (IOException e) { - //ignore + } catch (Throwable t) { + Log.d(Config.LOGTAG, Resolver.class.getSimpleName() + ": " + t.getMessage()); } try { results.addAll(resolveSrv(domain, false)); - } catch (IOException e) { - //ignore + } catch (Throwable t) { + Log.d(Config.LOGTAG, Resolver.class.getSimpleName() + ": " + t.getMessage()); } if (results.size() == 0) { results.add(Result.createDefault(domain)); @@ -53,7 +55,13 @@ public class Resolver { private static List resolveSrv(String domain, final boolean directTls) throws IOException { Question question = new Question((directTls ? DIRECT_TLS_SERVICE : STARTTLS_SERICE) + "._tcp." + domain, Record.TYPE.SRV); - ResolverResult result = DnssecResolverApi.INSTANCE.resolve(question); + ResolverResult result; + try { + result = DnssecResolverApi.INSTANCE.resolve(question); + } catch (DNSSECValidationFailedException e) { + Log.d(Config.LOGTAG, Resolver.class.getSimpleName() + ": error resolving SRV record with DNSSEC. Trying DNS instead " + e.getMessage()); + result = ResolverApi.INSTANCE.resolve(question); + } List results = new ArrayList<>(); for (Data record : result.getAnswersOrEmptySet()) { if (record instanceof SRV) { @@ -73,16 +81,21 @@ public class Resolver { private static List resolveIp(SRV srv, Class type, boolean authenticated, boolean directTls) { List list = new ArrayList<>(); try { - ResolverResult results = DnssecResolverApi.INSTANCE.resolve(srv.name, type); + ResolverResult results; + try { + results = DnssecResolverApi.INSTANCE.resolve(srv.name, type); + } catch (DNSSECValidationFailedException e) { + Log.d(Config.LOGTAG, Resolver.class.getSimpleName() + ": error resolving " + type.getSimpleName() + " with DNSSEC. Trying DNS instead " + e.getMessage()); + results = ResolverApi.INSTANCE.resolve(srv.name, type); + } for (D record : results.getAnswersOrEmptySet()) { Result resolverResult = Result.fromRecord(srv, directTls); resolverResult.authenticated = results.isAuthenticData() && authenticated; resolverResult.ip = record.getInetAddress(); list.add(resolverResult); } - } catch (IOException e) { - Log.d(Config.LOGTAG, e.getMessage()); - //ignore. will add default record later + } catch (Throwable t) { + Log.d(Config.LOGTAG, Resolver.class.getSimpleName() + ": error resolving " + type.getSimpleName() + " " + t.getMessage()); } return list; } -- cgit v1.2.3