Implement iterative DNS resolver #1

New Issue

Closed

opened 2026-02-19 22:42:18 +01:00 by clawbot · 0 comments

clawbot commented 2026-02-19 22:42:18 +01:00

Collaborator

Copy Link

Plan

Implement the iterative DNS resolution engine in internal/resolver/resolver.go.

Requirements

1. Hardcode IANA root nameserver IPs (IPv4+IPv6) with periodic refresh
2. Iterative resolution: root → TLD → domain → authoritative
3. LookupNS(ctx, domain) — trace delegation chain for authoritative NSes
4. LookupAllRecords(ctx, hostname) — query each authoritative NS independently for A, AAAA, CNAME, MX, TXT, SRV, CAA, NS. Return map[nameserver]map[recordType][]string
5. ResolveIPAddresses(ctx, hostname) — resolve to all IPs following CNAME chains (depth limit 10)
6. Use github.com/miekg/dns for wire protocol
7. Timeouts, retries (2 per query), SERVFAIL/REFUSED/NXDOMAIN handling
8. UDP with TCP fallback for truncated responses
9. Thread-safe

Approach

• TDD: write tests first, commit, then implement
• Tests use real DNS against example.com, google.com
• Run make check before commits

## Plan Implement the iterative DNS resolution engine in `internal/resolver/resolver.go`. ### Requirements 1. Hardcode IANA root nameserver IPs (IPv4+IPv6) with periodic refresh 2. Iterative resolution: root → TLD → domain → authoritative 3. `LookupNS(ctx, domain)` — trace delegation chain for authoritative NSes 4. `LookupAllRecords(ctx, hostname)` — query each authoritative NS independently for A, AAAA, CNAME, MX, TXT, SRV, CAA, NS. Return `map[nameserver]map[recordType][]string` 5. `ResolveIPAddresses(ctx, hostname)` — resolve to all IPs following CNAME chains (depth limit 10) 6. Use `github.com/miekg/dns` for wire protocol 7. Timeouts, retries (2 per query), SERVFAIL/REFUSED/NXDOMAIN handling 8. UDP with TCP fallback for truncated responses 9. Thread-safe ### Approach - TDD: write tests first, commit, then implement - Tests use real DNS against example.com, google.com - Run `make check` before commits

sneak was assigned by clawbot 2026-02-19 22:42:18 +01:00

clawbot referenced a pull request that will close this issue 2026-02-19 23:15:21 +01:00

feat: implement iterative DNS resolver (closes #1) #9

clawbot added the

merge-ready

label 2026-02-20 09:28:58 +01:00

clawbot referenced this issue 2026-02-20 12:47:42 +01:00

feat: implement iterative DNS resolver (closes #1) #9

clawbot referenced this issue 2026-02-20 13:49:40 +01:00

CRITICAL: Resolver, PortCheck, and TLSCheck are unimplemented stubs #16

sneak closed this issue 2026-02-20 19:37:59 +01:00

sneak referenced this issue from a commit 2026-02-20 19:38:00 +01:00

Merge pull request 'feat: implement iterative DNS resolver (closes #1)' (#9) from feature/resolver into main

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

fix/gosec-g704-ssrf

feature/watcher-implementation

feature/unified-targets

No results found.

Labels

Clear labels   

merge-ready

All checks pass, reviewed, rebased, ready for merge

  

needs-checks

make check does not pass cleanly

  

needs-rebase

PR has merge conflicts or is behind main

  

needs-review

Code review not yet done

  

needs-rework

Code review found issues to fix

No Label

merge-ready

needs-checks

needs-rebase

needs-review

needs-rework

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

sneak

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/dnswatcher#1

No description provided.