UNPKG

dohdec

Version:

DNS over HTTPS and DNS over TLS

github.com/hildjj/dohdec

hildjj/dohdec

166 lines (165 loc) 5.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
/** * Options for doing DOT lookups. * * @typedef {import('./dnsUtils.js').LookupOptions} DOT_LookupOptions */ /** * @typedef {import('./dnsUtils.js').Writable} Writable */ /** * @callback pendingResolve * @param {Buffer|object} results The results of the DNS query. */ /** * @callback pendingError * @param {Error} error The error that occurred. */ /** * @typedef {object} Pending * @property {pendingResolve} resolve Callback for success. * @property {pendingError} reject Callback for error. * @property {DOT_LookupOptions} opts The original options for the request. */ /** * A class that manages a connection to a DNS-over-TLS server. The first time * [lookup]{@link DNSoverTLS#lookup} is called, a connection will be created. * If that connection is timed out by the server, a new connection will be * created as needed. * * If you want to do certificate pinning, make sure that the `hash` and * `hashAlg` options are set correctly to a hash of the DER-encoded * certificate that the server will offer. */ export class DNSoverTLS extends DNSutils { /** * Hash a certificate using the given algorithm. * * @param {Buffer|tls.PeerCertificate} cert The cert to hash. * @param {string} [hashAlg="sha256"] The hash algorithm to use. * @returns {string} Hex string. * @throws {Error} Unknown certificate type. */ static hashCert(cert: Buffer | tls.PeerCertificate, hashAlg?: string): string; /** * Construct a new DNSoverTLS. * * @param {object} opts Options. * @param {string} [opts.host='1.1.1.1'] Server to connect to. * @param {number} [opts.port=853] TCP port number for server. * @param {string} [opts.hash] Hex-encoded hash of the DER-encoded cert * expected from the server. If not specified, no pinning checks are * performed. * @param {string} [opts.hashAlg='sha256'] Hash algorithm for cert pinning. * @param {boolean} [opts.rejectUnauthorized=true] Should the server * certificate even be checked using the normal TLS approach? * @param {number} [opts.verbose=0] How verbose do you want your logging? * @param {Writable} [opts.verboseStream=process.stderr] Where to write * verbose output. */ constructor(opts?: { host?: string | undefined; port?: number | undefined; hash?: string | undefined; hashAlg?: string | undefined; rejectUnauthorized?: boolean | undefined; verbose?: number | undefined; verboseStream?: import("./dnsUtils.js").Writable | undefined; }); size: number; /** @type {tls.TLSSocket|undefined} */ socket: tls.TLSSocket | undefined; /** @type {Record<number, Pending>} */ pending: Record<number, Pending>; /** @type {NoFilter|undefined} */ nof: NoFilter | undefined; /** @type {Buffer[]} */ bufs: Buffer[]; opts: { host: string; port: number; hash?: string | undefined; hashAlg: string; rejectUnauthorized: boolean; checkServerIdentity: (host: string, cert: tls.PeerCertificate) => Error | undefined; }; _reset(): void; /** * @returns {Promise<void>} * @private */ private _connect; /** * @param {string} host * @param {tls.PeerCertificate} cert * @returns {Error | undefined} * @private */ private _checkServerIdentity; /** * Server socket was disconnected. Clean up any pending requests. * * @private */ private _disconnected; /** * Parse data if enough is available. * * @param {Buffer} b Data read from socket. * @private */ private _data; /** * Generate a currently-unused random ID. * * @returns {Promise<number>} A random 2-byte ID number. * @private */ private _id; /** * Look up a name in the DNS, over TLS. * * @param {DOT_LookupOptions|string} name The DNS name to look up, or opts * if this is an object. * @param {DOT_LookupOptions|string} [opts={}] Options for the * request. If a string is given, it will be used as the rrtype. * @returns {Promise<Buffer|packet.Packet>} Response. */ lookup(name: DOT_LookupOptions | string, opts?: DOT_LookupOptions | string): Promise<Buffer | packet.Packet>; /** * Close the socket. * * @returns {Promise<void>} Resolved on socket close. */ close(): Promise<void>; } export namespace DNSoverTLS { export { DEFAULT_SERVER as server }; } export default DNSoverTLS; /** * Options for doing DOT lookups. */ export type DOT_LookupOptions = import("./dnsUtils.js").LookupOptions; export type Writable = import("./dnsUtils.js").Writable; export type pendingResolve = (results: Buffer | object) => any; export type pendingError = (error: Error) => any; export type Pending = { /** * Callback for success. */ resolve: pendingResolve; /** * Callback for error. */ reject: pendingError; /** * The original options for the request. */ opts: DOT_LookupOptions; }; import { default as DNSutils } from './dnsUtils.js'; import * as tls from 'node:tls'; import { NoFilter } from 'nofilter'; import { Buffer } from 'node:buffer'; import * as packet from 'dns-packet'; declare const DEFAULT_SERVER: "1.1.1.1";