Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ext/node): better dns.lookup compatibility #27936

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

fix(ext/node): better dns.lookup compatibility #27936

wants to merge 12 commits into from

Conversation

kt3k
Copy link
Member

@kt3k kt3k commented Feb 2, 2025
edited
Loading

This PR changes the implementation of dns.lookup (of node compat) to use getaddrinfo (GaiResolver) instead of hickory-dns. This should provide more compatibility for the edge cases like #27670, etc as Node.js also uses getaddrinfo internally.

This fixes #27670
This could possibly have effect to #27642, #27384, and #27803

This PR also fixes the permission requirement for net.connect(hostname) and http.request("http://" + hostname). Currently we require net permission to DNS name servers, and also net permission to resolved IP addresses. However that is very different from net permission requirement for fetch API call (This caused the issue #27634). Now this change requires net permission to hostname at dns.lookup call and that call implicitly gives net permission of resolved IP addresses. With these changes, the permission requirement for http.request(url) is now the same as fetch(url).

This fixes #27634

Remaining:

  • leak of op_getaddrinfo happens in unit_node/http_test in a flaky way
  • add net permission check for 'hostname'
  • skip net permission check for ip addressed if they are returned from dns.lookup result (because they are already granted via net permission check in dns.lookup (getaddrinfo))
  • port large dns response test from fix(ext/net): enable EDNS0 for Deno.resolveDns #27735
  • add check of permission requirement of http(s).request
  • op_tls_start perm issue

@kt3k kt3k added the ci-draft Run the CI on draft PRs. label Feb 2, 2025
@kt3k kt3k force-pushed the fix-node-dns-use-gai-resolver branch 3 times, most recently from c52102f to 99e4206 Compare February 3, 2025 05:01
@kt3k kt3k force-pushed the fix-node-dns-use-gai-resolver branch from 99e4206 to 1d63322 Compare February 3, 2025 05:09
@kt3k kt3k force-pushed the fix-node-dns-use-gai-resolver branch from 9b61e7d to 933b5a4 Compare February 3, 2025 07:15
@kt3k kt3k marked this pull request as ready for review February 4, 2025 14:51
@kt3k kt3k marked this pull request as draft February 5, 2025 08:47
@kt3k
Copy link
Member Author

kt3k commented Feb 5, 2025

I'll also try to implement net permission checks for dns.lookup (op_getaddrinfo) (which checks the net permission with hostnames, not name servers or config files).

@kt3k kt3k force-pushed the fix-node-dns-use-gai-resolver branch from da43e90 to 6480e07 Compare February 7, 2025 02:25
@kt3k kt3k force-pushed the fix-node-dns-use-gai-resolver branch from 6480e07 to d0a4740 Compare February 7, 2025 02:34
@kt3k kt3k force-pushed the fix-node-dns-use-gai-resolver branch from bc43984 to 9cde2d9 Compare February 7, 2025 06:01
@kt3k kt3k mentioned this pull request Feb 7, 2025
Closed
@kt3k kt3k force-pushed the fix-node-dns-use-gai-resolver branch from 12435f9 to 9eb2828 Compare February 7, 2025 08:54
@kt3k kt3k marked this pull request as ready for review February 9, 2025 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartlomieju bartlomieju Awaiting requested review from bartlomieju

@lucacasonato lucacasonato Awaiting requested review from lucacasonato

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
ci-draft Run the CI on draft PRs.
Projects
None yet
Milestone
No milestone
1 participant
@kt3k