search

awslabs / aws-crt-python

Python bindings for the AWS Common Runtime
Apache License 2.0
87 stars 42 forks source link

How to provide a custom DNS resolver #470

Open adolfogc opened 1 year ago

adolfogc commented 1 year ago

Describe the issue

The documentation mentions HostResolverBase but doesn't describe its interface. Is it possible to provide our own resolver based on this class?

One that uses DoH, as in the example below:

import dns.message
import dns.resolver
import requests

def resolve(qname, rdtype=dns.rdatatype.A, rdclass=dns.rdataclass.IN, url="https://dns.google/dns-query"):
    query = dns.message.make_query(qname, rdtype, rdclass)
    query_data = query.to_wire()
    headers = {'content-type': 'application/dns-message'}
    response = requests.post(url, data=query_data, headers=headers)
    response_data = response.content
    response = dns.message.from_wire(response_data)
    ips = []
    if response.answer:
        answer = dns.resolver.Answer(qname=qname, rdtype=rdtype, rdclass=rdclass, response=response)
        if answer.rrset.rdtype == dns.rdatatype.A:
            for record in answer.rrset:
                ip = record.to_text()
                ips.append(ip)
    return ips

I don't use the AWS CRT directly, but by using the Mqtt connection builder with AWS IoT SDK V2.

Links

https://awslabs.github.io/aws-crt-python/api/io.html#awscrt.io.HostResolverBase

graebm commented 1 year ago

There's a bit of plumbing to allow a custom DNS resolver, but it's not all there, and would be a non-trivial amount of work.

What behavior did you desire, which is different from the existing behavior?

I know the DefaultHostResolver used to be very aggressive, repeatedly pinging for more IPs for several seconds after the initial lookup. But this very recently changed, and the aggressive pinging no longer happens for IoT addresses, see: https://github.com/awslabs/aws-c-io/pull/559, https://github.com/awslabs/aws-crt-python/pull/465

If you use the latest version of the IoT SDK https://github.com/aws/aws-iot-device-sdk-python-v2/releases/tag/v1.13.0 you should get the better behavior

adolfogc commented 1 year ago

Hi, thank you for your reply. I'm trying that version of the SDK now. For other stuff I want to try, I think is better to use something like dnscrypt-proxy.