From f6cdc70addfe575ab6c86a809b08d55de135402c Mon Sep 17 00:00:00 2001
From: Chris Gianelloni <wolf31o2@blinklabs.io>
Date: Sat, 28 Sep 2024 12:06:01 -0400
Subject: [PATCH] feat: dns over tls listener support

Signed-off-by: Chris Gianelloni <wolf31o2@blinklabs.io>
---
 internal/config/config.go |  8 ++++++++
 internal/dns/dns.go       | 11 +++++++++++
 2 files changed, 19 insertions(+)

diff --git a/internal/config/config.go b/internal/config/config.go
index 52a1c56..a950a29 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -22,6 +22,7 @@ type Config struct {
 	Debug    DebugConfig   `yaml:"debug"`
 	Indexer  IndexerConfig `yaml:"indexer"`
 	State    StateConfig   `yaml:"state"`
+	Tls      TlsConfig     `yaml:"tls"`
 	Profiles []string      `yaml:"profiles" envconfig:"PROFILES"`
 }
 
@@ -33,6 +34,7 @@ type LoggingConfig struct {
 type DnsConfig struct {
 	ListenAddress    string   `yaml:"address"          envconfig:"DNS_LISTEN_ADDRESS"`
 	ListenPort       uint     `yaml:"port"             envconfig:"DNS_LISTEN_PORT"`
+	ListenTlsPort    uint     `yaml:"tlsPort"          envconfig:"DNS_LISTEN_TLS_PORT"`
 	RecursionEnabled bool     `yaml:"recursionEnabled" envconfig:"DNS_RECURSION"`
 	FallbackServers  []string `yaml:"fallbackServers"  envconfig:"DNS_FALLBACK_SERVERS"`
 }
@@ -61,6 +63,11 @@ type StateConfig struct {
 	Directory string `yaml:"dir" envconfig:"STATE_DIR"`
 }
 
+type TlsConfig struct {
+	CertFilePath string `yaml:"certFilePath" envconfig:"TLS_CERT_FILE_PATH"`
+	KeyFilePath  string `yaml:"keyFilePath"  envconfig:"TLS_KEY_FILE_PATH"`
+}
+
 // Singleton config instance with default values
 var globalConfig = &Config{
 	Logging: LoggingConfig{
@@ -69,6 +76,7 @@ var globalConfig = &Config{
 	Dns: DnsConfig{
 		ListenAddress: "",
 		ListenPort:    8053,
+		ListenTlsPort: 8853,
 		// hdns.io
 		FallbackServers: []string{
 			"103.196.38.38",
diff --git a/internal/dns/dns.go b/internal/dns/dns.go
index adc814b..663d8a3 100644
--- a/internal/dns/dns.go
+++ b/internal/dns/dns.go
@@ -60,6 +60,17 @@ func Start() error {
 		ReusePort:  true,
 	}
 	go startListener(serverTcp)
+	// TLS listener
+	if cfg.Tls.CertFilePath != "" && cfg.Tls.KeyFilePath != "" {
+		listenTlsAddr := fmt.Sprintf("%s:%d", cfg.Dns.ListenAddress, cfg.Dns.ListenTlsPort)
+		serverTls := &dns.Server{
+			Addr:       listenTlsAddr,
+			Net:        "tcp-tls",
+			TsigSecret: nil,
+			ReusePort:  false,
+		}
+		go startListener(serverTls)
+	}
 	return nil
 }