From: André Cruz <andre@cabine.org>
Date: Wed, 17 Jun 2020 13:59:50 +0000 (+0100)
Subject: Add support for DoT to DNS probes (#643)
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=fd9c05c3d8a76f07111d72180096ac402a35838c;p=blackbox_exporter.git

Add support for DoT to DNS probes (#643)

Signed-off-by: André Cruz <acruz@cloudflare.com>
---

diff --git a/CONFIGURATION.md b/CONFIGURATION.md
index f20707f..2d7fe5f 100644
--- a/CONFIGURATION.md
+++ b/CONFIGURATION.md
@@ -153,6 +153,9 @@ tls_config:
 
 [ transport_protocol: <string> | default = "udp" ] # udp, tcp
 
+# Whether to use DNS over TLS. This only works with TCP.
+[ dns_over_tls: <boolean | default = false> ]
+
 query_name: <string>
 
 [ query_type: <string> | default = "ANY" ]
diff --git a/config/config.go b/config/config.go
index 3fddb3c..a134680 100644
--- a/config/config.go
+++ b/config/config.go
@@ -174,6 +174,7 @@ type ICMPProbe struct {
 type DNSProbe struct {
 	IPProtocol         string         `yaml:"preferred_ip_protocol,omitempty"`
 	IPProtocolFallback bool           `yaml:"ip_protocol_fallback,omitempty"`
+	DNSOverTLS         bool           `yaml:"dns_over_tls,omitempty"`
 	SourceIPAddress    string         `yaml:"source_ip_address,omitempty"`
 	TransportProtocol  string         `yaml:"transport_protocol,omitempty"`
 	QueryClass         string         `yaml:"query_class,omitempty"` // Defaults to IN.
diff --git a/prober/dns.go b/prober/dns.go
index edb5b28..a69a781 100644
--- a/prober/dns.go
+++ b/prober/dns.go
@@ -190,6 +190,15 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 		dialProtocol = module.DNS.TransportProtocol + "4"
 	}
 
+	if module.DNS.DNSOverTLS {
+		if module.DNS.TransportProtocol == "tcp" {
+			dialProtocol += "-tls"
+		} else {
+			level.Error(logger).Log("msg", "Configuration error: Expected transport protocol tcp for DoT", "protocol", module.DNS.TransportProtocol)
+			return false
+		}
+	}
+
 	client := new(dns.Client)
 	client.Net = dialProtocol