Implement correct handling of recursive DNS, close AsyncHttpClient#1329

Motivation:

DnsNameResolver does not handle recursive DNS and so fails if you query
a DNS server (for example a ROOT dns server) which provides the correct
redirect for a domain.

Modification:

Add support for redirects (a.k.a. handling of AUTHORITY section').

Result:

Its now possible to use a DNS server that redirects.

Author: slandelle

netty-bp/resolver-dns/src/main/java/io/netty/resolver/dns/DnsNameResolver.java

@@ -134,6 +134,7 @@ public class DnsNameResolver extends InetNameResolver {
      * Cache for {@link #doResolve(String, Promise)} and {@link #doResolveAll(String, Promise)}.
      */
     private final DnsCache resolveCache;
+    private final DnsCache authoritativeDnsServerCache;
 
     private final FastThreadLocal<DnsServerAddressStream> nameServerAddrStream =
             new FastThreadLocal<DnsServerAddressStream>() {
@@ -153,8 +154,8 @@ protected DnsServerAddressStream initialValue() throws Exception {
     private final HostsFileEntriesResolver hostsFileEntriesResolver;
     private final String[] searchDomains;
     private final int ndots;
-    private final boolean cnameFollowARecords;
-    private final boolean cnameFollowAAAARecords;
+    private final boolean supportsAAAARecords;
+    private final boolean supportsARecords;
     private final InternetProtocolFamily2 preferredAddressType;
     private final DnsRecordType[] resolveRecordTypes;
     private final boolean decodeIdn;
@@ -178,9 +179,9 @@ protected DnsServerAddressStream initialValue() throws Exception {
      * @param hostsFileEntriesResolver the {@link HostsFileEntriesResolver} used to check for local aliases
      * @param searchDomains the list of search domain
      * @param ndots the ndots value
-     * @deprecated use {@link #DnsNameResolver(EventLoop, ChannelFactory, DnsServerAddresses, DnsCache, long,
-     *             InternetProtocolFamily2[], boolean, int, boolean, int,
-     *             boolean, HostsFileEntriesResolver, String[], int, boolean)}
+     * @deprecated use {@link DnsNameResolver#DnsNameResolver(EventLoop, ChannelFactory, DnsServerAddresses, DnsCache,
+     *                  DnsCache, long, InternetProtocolFamily2[], boolean, int, boolean, int, boolean,
+     *                  HostsFileEntriesResolver, String[], int, boolean)}
      */
     @Deprecated
     public DnsNameResolver(
@@ -198,11 +199,10 @@ public DnsNameResolver(
             HostsFileEntriesResolver hostsFileEntriesResolver,
             String[] searchDomains,
             int ndots) {
-        this(eventLoop, channelFactory, nameServerAddresses, resolveCache, queryTimeoutMillis, resolvedAddressTypes,
-                recursionDesired, maxQueriesPerResolve, traceEnabled, maxPayloadSize, optResourceEnabled,
-                hostsFileEntriesResolver, searchDomains, ndots, true);
+        this(eventLoop, channelFactory, nameServerAddresses, resolveCache, NoopDnsCache.INSTANCE, queryTimeoutMillis,
+                resolvedAddressTypes, recursionDesired, maxQueriesPerResolve, traceEnabled, maxPayloadSize,
+                optResourceEnabled, hostsFileEntriesResolver, searchDomains, ndots, true);
     }
-
     /**
      * Creates a new DNS-based name resolver that communicates with the specified list of DNS servers.
      *
@@ -212,6 +212,7 @@ public DnsNameResolver(
      *                            this to determine which DNS server should be contacted for the next retry in case
      *                            of failure.
      * @param resolveCache the DNS resolved entries cache
+     * @param authoritativeDnsServerCache the cache used to find the authoritative DNS server for a domain
      * @param queryTimeoutMillis timeout of each DNS query in millis
      * @param resolvedAddressTypes list of the protocol families
      * @param recursionDesired if recursion desired flag must be set
@@ -230,6 +231,7 @@ public DnsNameResolver(
             ChannelFactory<? extends DatagramChannel> channelFactory,
             DnsServerAddresses nameServerAddresses,
             final DnsCache resolveCache,
+            DnsCache authoritativeDnsServerCache,
             long queryTimeoutMillis,
             InternetProtocolFamily2[] resolvedAddressTypes,
             boolean recursionDesired,
@@ -241,7 +243,6 @@ public DnsNameResolver(
             String[] searchDomains,
             int ndots,
             boolean decodeIdn) {
-
         super(eventLoop);
         checkNotNull(channelFactory, "channelFactory");
         this.nameServerAddresses = checkNotNull(nameServerAddresses, "nameServerAddresses");
@@ -254,22 +255,23 @@ public DnsNameResolver(
         this.optResourceEnabled = optResourceEnabled;
         this.hostsFileEntriesResolver = checkNotNull(hostsFileEntriesResolver, "hostsFileEntriesResolver");
         this.resolveCache = checkNotNull(resolveCache, "resolveCache");
+        this.authoritativeDnsServerCache = checkNotNull(authoritativeDnsServerCache, "authoritativeDnsServerCache");
         this.searchDomains = checkNotNull(searchDomains, "searchDomains").clone();
         this.ndots = checkPositiveOrZero(ndots, "ndots");
         this.decodeIdn = decodeIdn;
 
-        boolean cnameFollowARecords = false;
-        boolean cnameFollowAAAARecords = false;
+        boolean supportsARecords = false;
+        boolean supportsAAAARecords = false;
         // Use LinkedHashSet to maintain correct ordering.
         Set<DnsRecordType> recordTypes = new LinkedHashSet<DnsRecordType>(resolvedAddressTypes.length);
         for (InternetProtocolFamily2 family: resolvedAddressTypes) {
             switch (family) {
                 case IPv4:
-                    cnameFollowARecords = true;
+                    supportsARecords = true;
                     recordTypes.add(DnsRecordType.A);
                     break;
                 case IPv6:
-                    cnameFollowAAAARecords = true;
+                    supportsAAAARecords = true;
                     recordTypes.add(DnsRecordType.AAAA);
                     break;
                 default:
@@ -278,9 +280,9 @@ public DnsNameResolver(
         }
 
         // One of both must be always true.
-        assert cnameFollowARecords || cnameFollowAAAARecords;
-        this.cnameFollowAAAARecords = cnameFollowAAAARecords;
-        this.cnameFollowARecords = cnameFollowARecords;
+        assert supportsARecords || supportsAAAARecords;
+        this.supportsAAAARecords = supportsAAAARecords;
+        this.supportsARecords = supportsARecords;
         resolveRecordTypes = recordTypes.toArray(new DnsRecordType[recordTypes.size()]);
         preferredAddressType = resolvedAddressTypes[0];
 
@@ -308,13 +310,25 @@ public void operationComplete(ChannelFuture future) throws Exception {
         });
     }
 
+    // Only here to override in unit tests.
+    int dnsRedirectPort(@SuppressWarnings("unused") InetAddress server) {
+        return DnsServerAddresses.DNS_PORT;
+    }
+
     /**
      * Returns the resolution cache.
      */
     public DnsCache resolveCache() {
         return resolveCache;
     }
 
+    /**
+     * Returns the cache used for authoritative DNS servers for a domain.
+     */
+    public DnsCache authoritativeDnsServerCache() {
+        return authoritativeDnsServerCache;
+    }
+
     /**
      * Returns the timeout of each DNS query performed by this resolver (in milliseconds).
      * The default value is 5 seconds.
@@ -344,12 +358,12 @@ final int ndots() {
         return ndots;
     }
 
-    final boolean isCnameFollowAAAARecords() {
-        return cnameFollowAAAARecords;
+    final boolean supportsAAAARecords() {
+        return supportsAAAARecords;
     }
 
-    final boolean isCnameFollowARecords() {
-        return cnameFollowARecords;
+    final boolean supportsARecords() {
+        return supportsARecords;
     }
 
     final InternetProtocolFamily2 preferredAddressType() {

netty-bp/resolver-dns/src/main/java/io/netty/resolver/dns/DnsNameResolverBuilder.java

@@ -40,6 +40,7 @@ public final class DnsNameResolverBuilder {
     private ChannelFactory<? extends DatagramChannel> channelFactory;
     private DnsServerAddresses nameServerAddresses = DnsServerAddresses.defaultAddresses();
     private DnsCache resolveCache;
+    private DnsCache authoritativeDnsServerCache;
     private Integer minTtl;
     private Integer maxTtl;
     private Integer negativeTtl;
@@ -109,6 +110,17 @@ public DnsNameResolverBuilder resolveCache(DnsCache resolveCache) {
         return this;
     }
 
+    /**
+     * Sets the cache for authoritive NS servers
+     *
+     * @param authoritativeDnsServerCache the authoritive NS servers cache
+     * @return {@code this}
+     */
+    public DnsNameResolverBuilder authoritativeDnsServerCache(DnsCache authoritativeDnsServerCache) {
+        this.authoritativeDnsServerCache = authoritativeDnsServerCache;
+        return this;
+    }
+
     /**
      * Sets the minimum and maximum TTL of the cached DNS resource records (in seconds). If the TTL of the DNS
      * resource record returned by the DNS server is less than the minimum TTL or greater than the maximum TTL,
@@ -331,6 +343,10 @@ public DnsNameResolverBuilder ndots(int ndots) {
         return this;
     }
 
+    private DnsCache newCache() {
+        return new DefaultDnsCache(intValue(minTtl, 0), intValue(maxTtl, Integer.MAX_VALUE), intValue(negativeTtl, 0));
+    }
+
     /**
      * Set if domain / host names should be decoded to unicode when received.
      * See <a href="https://tools.ietf.org/html/rfc3492">rfc3492</a>.
@@ -349,19 +365,23 @@ public DnsNameResolverBuilder decodeIdn(boolean decodeIdn) {
      * @return a {@link DnsNameResolver}
      */
     public DnsNameResolver build() {
-
         if (resolveCache != null && (minTtl != null || maxTtl != null || negativeTtl != null)) {
             throw new IllegalStateException("resolveCache and TTLs are mutually exclusive");
         }
 
-        DnsCache cache = resolveCache != null ? resolveCache :
-                new DefaultDnsCache(intValue(minTtl, 0), intValue(maxTtl, Integer.MAX_VALUE), intValue(negativeTtl, 0));
+        if (authoritativeDnsServerCache != null && (minTtl != null || maxTtl != null || negativeTtl != null)) {
+            throw new IllegalStateException("authoritativeDnsServerCache and TTLs are mutually exclusive");
+        }
 
+        DnsCache resolveCache = this.resolveCache != null ? this.resolveCache : newCache();
+        DnsCache authoritativeDnsServerCache = this.authoritativeDnsServerCache != null ?
+                this.authoritativeDnsServerCache : newCache();
         return new DnsNameResolver(
                 eventLoop,
                 channelFactory,
                 nameServerAddresses,
-                cache,
+                resolveCache,
+                authoritativeDnsServerCache,
                 queryTimeoutMillis,
                 resolvedAddressTypes,
                 recursionDesired,