query on dns resolver

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

query on dns resolver

simonkbaby
I was looking at the openssl 1.0.2j code and trying to find how it resolves the dns domain name IP address from name. 

1. Does it use the OS supported utilities like nslookup, gethostip etc? 
2. Do we need a recursive dns server IP address to define in resolv.conf?
3. Can I  know the APIs and files where I can start looking (for the dns resolution).

Thank you for your time.

Regards
Simon
Reply | Threaded
Open this post in threaded view
|

Re: query on dns resolver

Dmitry Belyavsky-3
OpenSSL uses gethostbyname/gethostbyaddr

grep -r gethost . will give you some clues

On Wed, Aug 19, 2020 at 11:51 PM SIMON BABY <[hidden email]> wrote:
I was looking at the openssl 1.0.2j code and trying to find how it resolves the dns domain name IP address from name. 

1. Does it use the OS supported utilities like nslookup, gethostip etc? 
2. Do we need a recursive dns server IP address to define in resolv.conf?
3. Can I  know the APIs and files where I can start looking (for the dns resolution).

Thank you for your time.

Regards
Simon


--
SY, Dmitry Belyavsky
Reply | Threaded
Open this post in threaded view
|

Re: query on dns resolver

Viktor Dukhovni
On Thu, Aug 20, 2020 at 11:59:01AM +0300, Dmitry Belyavsky wrote:

> OpenSSL uses gethostbyname/gethostbyaddr

Also getaddrinfo(3), I hope in preference to the obsolete interfaces.

There is no explicit use of DNS in OpenSSL, and many OpenSSL
applications open their own TCP connections, and then ask OpenSSL
to perform a handshake over an already connected socket, in which
case OpenSSL does no name lookups at all.

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: query on dns resolver

Viktor Dukhovni
On Thu, Aug 20, 2020 at 11:56:45PM +0200, David von Oheimb wrote:

> OpenSSL has one function, namely BIO_lookup_ex(), that uses DNS lookup
> functions.  Since commit 28a0841bf58e3813b2e07ad22f19484308e2f70a of
> 02 Feb 2016 it uses getaddrinfo().

Right, but even this is not "DNS lookup".  It is hostname + service name
resolution via the operating system's mechanisms for resolving hostnames
and service names.  This may, or may not, involve DNS lookups.  There is
no code in OpenSSL that *directly* performs DNS lookups.

--
    Viktor.