caddy-dns01/stub.go

package stub

import (
	"context"
	"net"
	"strings"

	"github.com/caddyserver/caddy/v2"
	"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"
	"github.com/mholt/acmez"
	"github.com/mholt/acmez/acme"
	"github.com/miekg/dns"
	"go.uber.org/zap"
	"go.uber.org/zap/zapcore"
)

// TTL of the challenge TXT record to serve
const challenge_ttl = 600 // (anything is probably fine here)

type StubDNS struct {
	// the address & port on which to serve DNS for the challenge
	Address string `json:"address,omitempty"`

	server *dns.Server // set in Present()
	logger *zap.Logger // set in Provision()
}

// Wrapper for logging (relevant parts of) dns.Msg
type LoggableDNSMsg struct{ *dns.Msg }

func init() {
	caddy.RegisterModule(StubDNS{})
}

// CaddyModule returns the Caddy module information.
func (StubDNS) CaddyModule() caddy.ModuleInfo {
	return caddy.ModuleInfo{
		ID:  "dns.providers.stub_dns",
		New: func() caddy.Module { return &StubDNS{} },
	}
}

// Provision sets up the module. Implements caddy.Provisioner.
func (p *StubDNS) Provision(ctx caddy.Context) error {
	p.logger = ctx.Logger()
	repl := caddy.NewReplacer()
	before := p.Address
	p.Address = repl.ReplaceAll(p.Address, "")
	p.logger.Debug(
		"provisioned",
		zap.String("address", p.Address),
		zap.String("address_before_replace", before),
	)
	return nil
}

// UnmarshalCaddyfile sets up the DNS provider from Caddyfile tokens. Syntax:
//
//	stub_dns [address] {
//	    address <address>
//	}
func (s *StubDNS) UnmarshalCaddyfile(d *caddyfile.Dispenser) error {
	for d.Next() {
		if d.NextArg() {
			s.Address = d.Val()
		}
		if d.NextArg() {
			return d.ArgErr()
		}
		for nesting := d.Nesting(); d.NextBlock(nesting); {
			switch d.Val() {
			case "address":
				if s.Address != "" {
					return d.Err("Address already set")
				}
				if d.NextArg() {
					s.Address = d.Val()
				}
				if d.NextArg() {
					return d.ArgErr()
				}
			default:
				return d.Errf("unrecognized subdirective '%s'", d.Val())
			}
		}
	}
	if s.Address == "" {
		return d.Err("missing Address")
	}
	return nil
}

func (s *StubDNS) Present(ctx context.Context, challenge acme.Challenge) error {
	// get challenge parameters
	fqdn := dns.Fqdn(challenge.DNS01TXTRecordName())
	content := challenge.DNS01KeyAuthorization()

	s.logger.Debug(
		"presenting record",
		zap.String("name", fqdn),
		zap.String("content", content),
		zap.String("address", s.Address),
	)

	// dns.Server.ListenAndServe blocks when it binds successfully,
	// so it has to run in a separate task and can't return errors directly

	if err := try_bind(ctx, s.Address); err != nil {
		s.logger.Error(
			"failed to bind",
			zap.String("address", s.Address),
			zap.Error(err),
		)
		return err
	}

	// spawn the server
	handler := s.make_handler(fqdn, content)
	// could also use fqdn as pattern, but "." allows logging invalid requests
	dns.HandleFunc(".", handler)
	server := &dns.Server{Addr: s.Address, Net: "udp", TsigSecret: nil}
	go s.serve(server)

	// store the server for shutdown later
	s.server = server
	return nil
}

func (p *StubDNS) CleanUp(ctx context.Context, _ acme.Challenge) error {
	if p.server == nil {
		p.logger.Debug("server never started, nothing to clean up")
		return nil
	} else {
		p.logger.Debug(
			"shutting down DNS server",
			zap.String("address", p.Address),
		)
		return p.server.ShutdownContext(ctx)
	}
}

// quickly check whether it's possible to bind to the address
func try_bind(ctx context.Context, address string) error {
	var lc net.ListenConfig
	conn, err := lc.ListenPacket(ctx, "udp", address)
	if conn != nil {
		return conn.Close()
	}
	return err
}

func (s *StubDNS) serve(server *dns.Server) {
	err := server.ListenAndServe()
	if err != nil {
		s.logger.Error(
			"DNS ListenAndServe returned an error!",
			zap.Error(err),
		)
	} else {
		s.logger.Debug("server terminated successfully")
	}
}

func (s *StubDNS) make_handler(fqdn string, txt string) dns.HandlerFunc {
	logger := s.logger
	handler := func(w dns.ResponseWriter, r *dns.Msg) {
		m := new(dns.Msg)
		m.SetReply(r)

		logger.Debug(
			"received DNS query",
			zap.Stringer("address", w.RemoteAddr()),
			zap.Object("request", LoggableDNSMsg{r}),
		)

		reject_and_log := func(code int, reason string) {
			m.Rcode = code
			m.Answer = []dns.RR{}
			logger.Debug(
				"rejecting query",
				zap.String("reason", reason),
				zap.Object("response", LoggableDNSMsg{m}),
			)
			w.WriteMsg(m)
		}

		if len(r.Question) != 1 {
			reject_and_log(dns.RcodeRefused, "not exactly 1 question")
			return
		}
		q := r.Question[0]
		domain := q.Name

		switch {
		case r.Response:
			reject_and_log(dns.RcodeRefused, "not a query")
		case !(q.Qclass == dns.ClassINET || q.Qclass == dns.ClassANY):
			reject_and_log(dns.RcodeNotImplemented, "invalid class")
		// queries may be wAcKY casE
		// https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00
		case !strings.EqualFold(domain, fqdn):
			reject_and_log(dns.RcodeNameError, "wrong domain")
		case q.Qtype != dns.TypeTXT:
			reject_and_log(dns.RcodeRefused, "invalid type")
		default:
			m.Authoritative = true
			rr := new(dns.TXT)
			rr.Hdr = dns.RR_Header{
				Name:   fqdn, // only question section has to match wAcKY casE
				Rrtype: dns.TypeTXT,
				Class:  dns.ClassINET,
				Ttl:    uint32(challenge_ttl),
			}
			rr.Txt = []string{txt}
			m.Answer = []dns.RR{rr}
			logger.Debug(
				"replying",
				zap.Object("response", LoggableDNSMsg{m}),
			)
			w.WriteMsg(m)
		}
	}

	return handler
}

// MarshalLogObject satisfies the zapcore.ObjectMarshaler interface.
func (m LoggableDNSMsg) MarshalLogObject(enc zapcore.ObjectEncoder) error {
	// adapted version of MsgHdr.String() from github.com/miekg/dns
	enc.AddUint16("id", m.Id)
	enc.AddString("opcode", dns.OpcodeToString[m.Opcode])
	enc.AddString("status", dns.RcodeToString[m.Rcode])

	flag_array := func(arr zapcore.ArrayEncoder) error {
		if m.Response {
			arr.AppendString("qr")
		}
		if m.Authoritative {
			arr.AppendString("aa")
		}
		if m.Truncated {
			arr.AppendString("tc")
		}
		if m.RecursionDesired {
			arr.AppendString("rd")
		}
		if m.RecursionAvailable {
			arr.AppendString("ra")
		}
		if m.Zero {
			arr.AppendString("z")
		}
		if m.AuthenticatedData {
			arr.AppendString("ad")
		}
		if m.CheckingDisabled {
			arr.AppendString("cd")
		}

		return nil
	}
	enc.AddArray("flags", zapcore.ArrayMarshalerFunc(flag_array))

	log_questions(enc, &m.Question)
	log_answers(enc, &m.Answer)
	// not logged:
	// - EDNS0 "OPT pseudosection" from m.IsEdns0()
	// - "authority section" in m.Ns
	// - "additional section" in m.Extra

	return nil
}

func log_answers(enc zapcore.ObjectEncoder, answers *[]dns.RR) {
	if len(*answers) > 0 {
		array := func(arr zapcore.ArrayEncoder) error {
			for _, r := range *answers {
				// since we only serve TXT records
				txt, ok := r.(*dns.TXT)
				if ok {
					object := func(obj zapcore.ObjectEncoder) error {
						obj.AddString("name", txt.Hdr.Name)
						obj.AddString("class", dns.ClassToString[txt.Hdr.Class])
						obj.AddString("type", dns.TypeToString[txt.Hdr.Rrtype])
						obj.AddUint32("TTL", txt.Hdr.Ttl)
						rec := func(arr2 zapcore.ArrayEncoder) error {
							for _, t := range txt.Txt {
								arr2.AppendString(t)
							}
							return nil
						}
						obj.AddArray("content", zapcore.ArrayMarshalerFunc(rec))
						return nil
					}
					arr.AppendObject(zapcore.ObjectMarshalerFunc(object))
				} else {
					// fallback for other record types, serialized dig-style
					arr.AppendString(r.String())
				}
			}
			return nil
		}
		enc.AddArray("answer", zapcore.ArrayMarshalerFunc(array))
	}
}

func log_questions(enc zapcore.ObjectEncoder, questions *[]dns.Question) {
	if len(*questions) > 0 {
		array := func(arr zapcore.ArrayEncoder) error {
			for _, q := range *questions {
				object := func(obj zapcore.ObjectEncoder) error {
					obj.AddString("name", q.Name)
					obj.AddString("class", dns.ClassToString[q.Qclass])
					obj.AddString("type", dns.TypeToString[q.Qtype])
					return nil
				}
				arr.AppendObject(zapcore.ObjectMarshalerFunc(object))
			}
			return nil
		}
		enc.AddArray("question", zapcore.ArrayMarshalerFunc(array))
	}
}

// Interface guards
var (
	_ acmez.Solver          = (*StubDNS)(nil)
	_ caddy.Provisioner     = (*StubDNS)(nil)
	_ caddyfile.Unmarshaler = (*StubDNS)(nil)
)
chore: init 2023-02-25 10:21:30 +01:00			`package stub`
feat: define caddy module 2023-02-25 10:30:08 +01:00
			`import (`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`"context"`
feat: add small check for ability to bind to address 2023-02-25 11:09:56 +01:00			`"net"`
feat: switch to case-insensitive compare for domains This also moves the domain check before the type check. Domains need to be compared case-insensitively because resolvers will send sarcastic queries for improved security, see here: https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 strings.EqualFold is maybe not perfectly correct because it does Unicode case-folding and we only need ASCII. 2023-02-27 04:06:37 +01:00			`"strings"`
feat: implement DNS server 2023-02-25 10:49:47 +01:00
style: format with go fmt 2023-02-25 11:21:28 +01:00			`"github.com/caddyserver/caddy/v2"`
			`"github.com/caddyserver/caddy/v2/caddyconfig/caddyfile"`
			`"github.com/mholt/acmez"`
			`"github.com/mholt/acmez/acme"`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`"github.com/miekg/dns"`
feat: add logging 2023-02-25 11:14:18 +01:00			`"go.uber.org/zap"`
feat: log DNS queries & replies 2023-02-25 11:18:42 +01:00			`"go.uber.org/zap/zapcore"`
feat: define caddy module 2023-02-25 10:30:08 +01:00			`)`

feat: implement DNS server 2023-02-25 10:49:47 +01:00			`// TTL of the challenge TXT record to serve`
			`const challenge_ttl = 600 // (anything is probably fine here)`

feat: define caddy module 2023-02-25 10:30:08 +01:00			`type StubDNS struct {`
			`// the address & port on which to serve DNS for the challenge`
			Address string `json:"address,omitempty"`

feat: implement DNS server 2023-02-25 10:49:47 +01:00			`server *dns.Server // set in Present()`
feat: add logging 2023-02-25 11:14:18 +01:00			`logger *zap.Logger // set in Provision()`
feat: define caddy module 2023-02-25 10:30:08 +01:00			`}`

feat: log DNS queries & replies 2023-02-25 11:18:42 +01:00			`// Wrapper for logging (relevant parts of) dns.Msg`
style: format with go fmt 2023-02-25 11:21:28 +01:00			`type LoggableDNSMsg struct{ *dns.Msg }`
feat: define caddy module 2023-02-25 10:30:08 +01:00
			`func init() {`
			`caddy.RegisterModule(StubDNS{})`
			`}`

			`// CaddyModule returns the Caddy module information.`
			`func (StubDNS) CaddyModule() caddy.ModuleInfo {`
			`return caddy.ModuleInfo{`
			`ID: "dns.providers.stub_dns",`
style: format with go fmt 2023-02-25 11:21:28 +01:00			`New: func() caddy.Module { return &StubDNS{} },`
feat: define caddy module 2023-02-25 10:30:08 +01:00			`}`
			`}`
feat: support Caddyfile 2023-02-25 10:33:21 +01:00
			`// Provision sets up the module. Implements caddy.Provisioner.`
			`func (p *StubDNS) Provision(ctx caddy.Context) error {`
feat: add logging 2023-02-25 11:14:18 +01:00			`p.logger = ctx.Logger()`
feat: support Caddyfile 2023-02-25 10:33:21 +01:00			`repl := caddy.NewReplacer()`
feat: add logging 2023-02-25 11:14:18 +01:00			`before := p.Address`
feat: support Caddyfile 2023-02-25 10:33:21 +01:00			`p.Address = repl.ReplaceAll(p.Address, "")`
feat: add logging 2023-02-25 11:14:18 +01:00			`p.logger.Debug(`
			`"provisioned",`
			`zap.String("address", p.Address),`
			`zap.String("address_before_replace", before),`
			`)`
feat: support Caddyfile 2023-02-25 10:33:21 +01:00			`return nil`
			`}`

			`// UnmarshalCaddyfile sets up the DNS provider from Caddyfile tokens. Syntax:`
			`//`
style: format with go fmt 2023-02-25 11:21:28 +01:00			`// stub_dns [address] {`
			`// address <address>`
			`// }`
feat: support Caddyfile 2023-02-25 10:33:21 +01:00			`func (s StubDNS) UnmarshalCaddyfile(d caddyfile.Dispenser) error {`
			`for d.Next() {`
			`if d.NextArg() {`
			`s.Address = d.Val()`
			`}`
			`if d.NextArg() {`
			`return d.ArgErr()`
			`}`
			`for nesting := d.Nesting(); d.NextBlock(nesting); {`
			`switch d.Val() {`
			`case "address":`
			`if s.Address != "" {`
			`return d.Err("Address already set")`
			`}`
			`if d.NextArg() {`
			`s.Address = d.Val()`
			`}`
			`if d.NextArg() {`
			`return d.ArgErr()`
			`}`
			`default:`
			`return d.Errf("unrecognized subdirective '%s'", d.Val())`
			`}`
			`}`
			`}`
			`if s.Address == "" {`
			`return d.Err("missing Address")`
			`}`
			`return nil`
			`}`

feat: implement DNS server 2023-02-25 10:49:47 +01:00			`func (s *StubDNS) Present(ctx context.Context, challenge acme.Challenge) error {`
			`// get challenge parameters`
			`fqdn := dns.Fqdn(challenge.DNS01TXTRecordName())`
			`content := challenge.DNS01KeyAuthorization()`
feat: add small check for ability to bind to address 2023-02-25 11:09:56 +01:00
feat: add logging 2023-02-25 11:14:18 +01:00			`s.logger.Debug(`
			`"presenting record",`
			`zap.String("name", fqdn),`
			`zap.String("content", content),`
			`zap.String("address", s.Address),`
			`)`

feat: add small check for ability to bind to address 2023-02-25 11:09:56 +01:00			`// dns.Server.ListenAndServe blocks when it binds successfully,`
			`// so it has to run in a separate task and can't return errors directly`

			`if err := try_bind(ctx, s.Address); err != nil {`
feat: add logging 2023-02-25 11:14:18 +01:00			`s.logger.Error(`
			`"failed to bind",`
			`zap.String("address", s.Address),`
			`zap.Error(err),`
			`)`
feat: add small check for ability to bind to address 2023-02-25 11:09:56 +01:00			`return err`
			`}`

feat: implement DNS server 2023-02-25 10:49:47 +01:00			`// spawn the server`
			`handler := s.make_handler(fqdn, content)`
feat: add logging 2023-02-25 11:14:18 +01:00			`// could also use fqdn as pattern, but "." allows logging invalid requests`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`dns.HandleFunc(".", handler)`
style: format with go fmt 2023-02-25 11:21:28 +01:00			`server := &dns.Server{Addr: s.Address, Net: "udp", TsigSecret: nil}`
feat: add logging 2023-02-25 11:14:18 +01:00			`go s.serve(server)`
feat: implement DNS server 2023-02-25 10:49:47 +01:00
			`// store the server for shutdown later`
			`s.server = server`
			`return nil`
			`}`

			`func (p *StubDNS) CleanUp(ctx context.Context, _ acme.Challenge) error {`
			`if p.server == nil {`
feat: add logging 2023-02-25 11:14:18 +01:00			`p.logger.Debug("server never started, nothing to clean up")`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`return nil`
			`} else {`
feat: add logging 2023-02-25 11:14:18 +01:00			`p.logger.Debug(`
			`"shutting down DNS server",`
			`zap.String("address", p.Address),`
			`)`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`return p.server.ShutdownContext(ctx)`
			`}`
			`}`

feat: add small check for ability to bind to address 2023-02-25 11:09:56 +01:00			`// quickly check whether it's possible to bind to the address`
			`func try_bind(ctx context.Context, address string) error {`
			`var lc net.ListenConfig`
			`conn, err := lc.ListenPacket(ctx, "udp", address)`
			`if conn != nil {`
			`return conn.Close()`
			`}`
			`return err`
			`}`

feat: add logging 2023-02-25 11:14:18 +01:00			`func (s StubDNS) serve(server dns.Server) {`
			`err := server.ListenAndServe()`
			`if err != nil {`
			`s.logger.Error(`
			`"DNS ListenAndServe returned an error!",`
			`zap.Error(err),`
			`)`
			`} else {`
			`s.logger.Debug("server terminated successfully")`
			`}`
			`}`

feat: implement DNS server 2023-02-25 10:49:47 +01:00			`func (s *StubDNS) make_handler(fqdn string, txt string) dns.HandlerFunc {`
feat: add logging 2023-02-25 11:14:18 +01:00			`logger := s.logger`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`handler := func(w dns.ResponseWriter, r *dns.Msg) {`
			`m := new(dns.Msg)`
			`m.SetReply(r)`
feat: add logging 2023-02-25 11:14:18 +01:00
			`logger.Debug(`
			`"received DNS query",`
			`zap.Stringer("address", w.RemoteAddr()),`
feat: log DNS queries & replies 2023-02-25 11:18:42 +01:00			`zap.Object("request", LoggableDNSMsg{r}),`
feat: add logging 2023-02-25 11:14:18 +01:00			`)`
feat: log DNS queries & replies 2023-02-25 11:18:42 +01:00
style: rework query handling 2023-02-27 03:10:47 +01:00			`reject_and_log := func(code int, reason string) {`
			`m.Rcode = code`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`m.Answer = []dns.RR{}`
style: rework query handling 2023-02-27 03:10:47 +01:00			`logger.Debug(`
			`"rejecting query",`
			`zap.String("reason", reason),`
			`zap.Object("response", LoggableDNSMsg{m}),`
			`)`
			`w.WriteMsg(m)`
			`}`

style: simplify query handling some more 2023-02-27 04:22:04 +01:00			`if len(r.Question) != 1 {`
			`reject_and_log(dns.RcodeRefused, "not exactly 1 question")`
			`return`
			`}`
			`q := r.Question[0]`
			`domain := q.Name`

style: rework query handling 2023-02-27 03:10:47 +01:00			`switch {`
			`case r.Response:`
			`reject_and_log(dns.RcodeRefused, "not a query")`
			`case !(q.Qclass == dns.ClassINET \|\| q.Qclass == dns.ClassANY):`
			`reject_and_log(dns.RcodeNotImplemented, "invalid class")`
feat: switch to case-insensitive compare for domains This also moves the domain check before the type check. Domains need to be compared case-insensitively because resolvers will send sarcastic queries for improved security, see here: https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 strings.EqualFold is maybe not perfectly correct because it does Unicode case-folding and we only need ASCII. 2023-02-27 04:06:37 +01:00			`// queries may be wAcKY casE`
			`// https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00`
			`case !strings.EqualFold(domain, fqdn):`
			`reject_and_log(dns.RcodeNameError, "wrong domain")`
style: rework query handling 2023-02-27 03:10:47 +01:00			`case q.Qtype != dns.TypeTXT:`
feat: refuse non-TXT records instead of sending NOTIMPL 2023-02-27 03:13:10 +01:00			`reject_and_log(dns.RcodeRefused, "invalid type")`
style: rework query handling 2023-02-27 03:10:47 +01:00			`default:`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`m.Authoritative = true`
			`rr := new(dns.TXT)`
			`rr.Hdr = dns.RR_Header{`
feat: switch to case-insensitive compare for domains This also moves the domain check before the type check. Domains need to be compared case-insensitively because resolvers will send sarcastic queries for improved security, see here: https://datatracker.ietf.org/doc/html/draft-vixie-dnsext-dns0x20-00 strings.EqualFold is maybe not perfectly correct because it does Unicode case-folding and we only need ASCII. 2023-02-27 04:06:37 +01:00			`Name: fqdn, // only question section has to match wAcKY casE`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`Rrtype: dns.TypeTXT,`
style: format with go fmt 2023-02-25 11:21:28 +01:00			`Class: dns.ClassINET,`
			`Ttl: uint32(challenge_ttl),`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`}`
			`rr.Txt = []string{txt}`
			`m.Answer = []dns.RR{rr}`
style: rework query handling 2023-02-27 03:10:47 +01:00			`logger.Debug(`
			`"replying",`
			`zap.Object("response", LoggableDNSMsg{m}),`
			`)`
			`w.WriteMsg(m)`
feat: implement DNS server 2023-02-25 10:49:47 +01:00			`}`
			`}`

			`return handler`
			`}`

feat: log DNS queries & replies 2023-02-25 11:18:42 +01:00			`// MarshalLogObject satisfies the zapcore.ObjectMarshaler interface.`
			`func (m LoggableDNSMsg) MarshalLogObject(enc zapcore.ObjectEncoder) error {`
			`// adapted version of MsgHdr.String() from github.com/miekg/dns`
			`enc.AddUint16("id", m.Id)`
			`enc.AddString("opcode", dns.OpcodeToString[m.Opcode])`
			`enc.AddString("status", dns.RcodeToString[m.Rcode])`

			`flag_array := func(arr zapcore.ArrayEncoder) error {`
style: format with go fmt 2023-02-25 11:21:28 +01:00			`if m.Response {`
			`arr.AppendString("qr")`
			`}`
			`if m.Authoritative {`
			`arr.AppendString("aa")`
			`}`
			`if m.Truncated {`
			`arr.AppendString("tc")`
			`}`
			`if m.RecursionDesired {`
			`arr.AppendString("rd")`
			`}`
			`if m.RecursionAvailable {`
			`arr.AppendString("ra")`
			`}`
			`if m.Zero {`
			`arr.AppendString("z")`
			`}`
			`if m.AuthenticatedData {`
			`arr.AppendString("ad")`
			`}`
			`if m.CheckingDisabled {`
			`arr.AppendString("cd")`
			`}`
feat: log DNS queries & replies 2023-02-25 11:18:42 +01:00
			`return nil`
			`}`
			`enc.AddArray("flags", zapcore.ArrayMarshalerFunc(flag_array))`

			`log_questions(enc, &m.Question)`
			`log_answers(enc, &m.Answer)`
			`// not logged:`
			`// - EDNS0 "OPT pseudosection" from m.IsEdns0()`
			`// - "authority section" in m.Ns`
			`// - "additional section" in m.Extra`

			`return nil`
			`}`

			`func log_answers(enc zapcore.ObjectEncoder, answers *[]dns.RR) {`
			`if len(*answers) > 0 {`
			`array := func(arr zapcore.ArrayEncoder) error {`
			`for _, r := range *answers {`
			`// since we only serve TXT records`
			`txt, ok := r.(*dns.TXT)`
			`if ok {`
			`object := func(obj zapcore.ObjectEncoder) error {`
			`obj.AddString("name", txt.Hdr.Name)`
			`obj.AddString("class", dns.ClassToString[txt.Hdr.Class])`
			`obj.AddString("type", dns.TypeToString[txt.Hdr.Rrtype])`
			`obj.AddUint32("TTL", txt.Hdr.Ttl)`
			`rec := func(arr2 zapcore.ArrayEncoder) error {`
			`for _, t := range txt.Txt {`
			`arr2.AppendString(t)`
			`}`
			`return nil`
			`}`
			`obj.AddArray("content", zapcore.ArrayMarshalerFunc(rec))`
			`return nil`
			`}`
			`arr.AppendObject(zapcore.ObjectMarshalerFunc(object))`
			`} else {`
			`// fallback for other record types, serialized dig-style`
			`arr.AppendString(r.String())`
			`}`
			`}`
			`return nil`
			`}`
			`enc.AddArray("answer", zapcore.ArrayMarshalerFunc(array))`
			`}`
			`}`

			`func log_questions(enc zapcore.ObjectEncoder, questions *[]dns.Question) {`
			`if len(*questions) > 0 {`
			`array := func(arr zapcore.ArrayEncoder) error {`
			`for _, q := range *questions {`
			`object := func(obj zapcore.ObjectEncoder) error {`
			`obj.AddString("name", q.Name)`
			`obj.AddString("class", dns.ClassToString[q.Qclass])`
			`obj.AddString("type", dns.TypeToString[q.Qtype])`
			`return nil`
			`}`
			`arr.AppendObject(zapcore.ObjectMarshalerFunc(object))`
			`}`
			`return nil`
			`}`
			`enc.AddArray("question", zapcore.ArrayMarshalerFunc(array))`
			`}`
			`}`

feat: support Caddyfile 2023-02-25 10:33:21 +01:00			`// Interface guards`
			`var (`
style: format with go fmt 2023-02-25 11:21:28 +01:00			`_ acmez.Solver = (*StubDNS)(nil)`
			`_ caddy.Provisioner = (*StubDNS)(nil)`
feat: support Caddyfile 2023-02-25 10:33:21 +01:00			`_ caddyfile.Unmarshaler = (*StubDNS)(nil)`
			`)`