Add a resolve option to override DNS for specific hosts#163
Open
marcospassos wants to merge 1 commit into
Open
Add a resolve option to override DNS for specific hosts#163marcospassos wants to merge 1 commit into
marcospassos wants to merge 1 commit into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a
resolveoption tocreateTransportso you can force a hostname to use a specific address instead of relying on system DNS. You can map a host to aniporip:port, or even provide a list of addresses as fallbacks. Under the hood it just useswreq’sClientBuilder::resolve_to_addrs.The main reason I needed this is SSRF protection. I want to resolve the hostname myself, make sure the IP isn’t internal or private, and only then connect. If the client resolves it again on its own, there’s a window where it could end up hitting a different address due to DNS rebinding. With
resolve, I can pass in the exact IP I already checked, so the client only connects there and doesn’t try to look it up again.It’s also useful for things like split horizon DNS or testing against a local server while still using a real hostname.