Implementation and support of host resolution for the Chrome network stack. Includes client implementations of host resolution protocols (DNS and mDNS), host resolution caching, support for dealing with system host resolution (including reading HOSTS files and tracking system network settings related to host resolution), and various related utilities.
Host resolution is requested using
network::HostResolver::ResolveHost(). There is also a shortcut using
network::NetworkContext::ResolveHost() when a separate passable object is not needed.
Some general utilities are also available in
/net/dns/public/ that are intended for use by any code, inside or outside the network service. Otherwise, code outside the network service should never interact directly with the code in
Tests and stand-alone tools not part of the browser may interact with host resolution directly by creating their own HostResolvers using
Tests with the ability to inject and replace the used
net::HostResolver should replace it with a
net::MockHostResolver, allowing rule-based results.
net::MockCachingHostResolver is the same except it includes basic support for the caching functionality normally done by prod
Some tests may also find
net::HangingHostResolver useful. It will begin host resolution requests, but never complete them until cancellation.
Used by most browser tests (via
content::TestHostResolver installs itself on creation globally into all host resolvers in the process. By default, only allows resolution of the local host and returns
net::ERR_NAME_NOT_RESOLVED for other hostnames. Allows setting rules for other results using a net::RuleBasedHostResolverProc.
content::TestHostResolver only replaces host address resolution to the system and then artificially uses such system resolution for many requests that would normally be handled differently (e.g. using the built-in DNS client). This means a significant amount of normal prod host resolution logic will be bypassed in tests using
Most prod logic for creating HostResolvers will check if any global remappings have been requested. In the browser, this is requested using the “host-resolver-rules” commandline flag.
net::HostMappingRules for details on the format of the rules string. Allows remapping any request hostname to another hostname, an IP address, or a NOTFOUND error.
The main interface for requesting host resolution within the network stack or network service. In prod, generally owned, and retrieved as-needed from
net::URLRequestContexts. Created using
Various implementations are used in prod.
The main prod implementation of
net::HostResolver. Expected to be owned 1:1 by a single
net::ContextHostResolver owns or keeps references to per-URLRequestContext properties used for host resolution, including an owned
On resolution, calls into an underlying
net::HostResolverManager with the per- context properties.
On destruction, silently cancels all host resolution requests made through the
net::ContextHostResolver instance. This prevents the underlying
net::HostResolverManager from continuing to reference the per-context properties that may be destroyed on destruction of the
A wrapping implementation around another
net::HostResolver. Maintains request remapping rules to remap request hostnames to other hostnames or IP addresses.
Used to implement the “host-resolver-rules” commandline flag.
A wrapping implementation around another
net::HostResolver. Returns stale (expired or invalidated by network changes) data from the
net::HostCache when non-stale results take longer than a configurable timeout. Reduces host resolution latency at the expense of accuracy.
Only used and created by Cronet.
Scheduler and controller of host resolution requests. Contains the logic for immediate host resolution from fast local sources (e.g. querying
net::HostCaches, IP address literals, etc). Throttles, schedules, and merges asynchronous jobs for resolution from slower network sources.
On destruction, silently cancels all in-progress host resolution requests.
In prod, a single shared
net::HostResolverManager is generally used for the entire browser. The shared manager is owned and configured by the
net::HostResolver::ResolveHostRequest and overall representation of a single request for resolution from a
RequestImpl object itself primarily acts only as a container of parameters and results for the request, leaving the actual logic to the
Data collected at this layer:
Representation of an asynchronous job for resolution from slower network sources. Contains the logic to determine and query the appropriate source for host resolution results with retry and fallback support to other sources. On completion adds results to relevant
net::HostCaches and invokes request callbacks.
Multiple requests can be merged into a single Job if compatible. This includes merging newly-started Jobs with already-running Jobs.
net::HostResolverManager schedules and throttles running
net::HostResolverManager::Jobs using a
net::PrioritizedDispatcher. The throttling is important to avoid overworking network sources, especially poorly designed home routers that may crash on only a small number of concurrent DNS resolves.
Data collected at this layer:
Various sources are used to query host resolution. The sources to be used by a
net::HostResolverManager::Job are determined in advance of running the Job by
net::HostResolverManager::CreateTaskSequence(), which outputs a list of
net::HostResolverManager::TaskType specifying the order of sources to attempt. By default, this will use internal logic to decide the source to use and will often allow fallback to additional sources.
The sources chosen by default are also affected by the Secure DNS mode, by default determined from
net::DnsConfig::secure_dns_mode but overridable for individual requests using
Specific sources for a request can be specified using
The Job will then use *Task objects that implement the behavior specific to the particular resolution sources.
Usually called the “system resolver” or sometimes the “proc resolver” (because it was historically always implemented using net::HostResolverProc). Results are queried from the system or OS using the
getaddrinfo() OS API call. This source is only capable of address (A and AAAA) resolves but will also query for canonname info if the request includes the
HOST_RESOLVER_CANONNAME flag. The system will query from its own internal cache, HOSTS files, DNS, and sometimes mDNS, depending on the capabilities of the system.
When host resolution requests do not specify a source, the system resolver will always be used for address resolves when any of the following are true:
net::HostResolverSource::DNS is not enabled via
Secure DNS requests cannot be made using the system resolver.
net::HostResolverSystemTask's behavior can be overridden by an asynchronous global override (e.g. in case resolution needs to be brokered out of the current process for sandboxing reasons). Otherwise, it posts a blocking task to a
base::ThreadPool to make blocking resolution requests in-process. On a timeout, additional attempts are made, but previous attempts are not cancelled as there is no cancellation mechanism for
getaddrinfo(). The first attempt to complete is used and any other attempt completions are ignored.
In prod, the blocking task runner always calls
SystemHostResolverCall(), which makes the actual call to
getaddrinfo() using the
net::AddressInfo helper. In tests, the blocking task runner may use a test implementation of
net::HostResolverProc, which itself can be chained.
Data collected specifically for this source:
Usually called the “built-in resolver” or the “async resolver”. Results are queried from DNS using
net::DnsClient, a Chrome network stack implementation of a DNS “stub resolver” or “DNS client”.
When host resolution requests do not specify a source, the built-in resolver will be used when all of the following are true:
net::HostResolverManager::SetInsecureDnsClientEnabled(true) or the Secure DNS mode is not
net::HostResolverManager::DnsTask will create and run a
net::DnsTransaction for each DNS name/type pair to be queried. The task will then process successful results from the returned
When a request requires both A and AAAA results, they are handled via two separate
net::DnsTransactions and the
net::HostResolverManager::DnsTask will request a second slots from the
net::PrioritizedDispatcher used by
net::HostResolverManager. The A transaction is started immediately on starting the
net::HostResolverManager::DnsTask, and the AAAA transaction is started once a second dispatcher slot can be obtained.
net::DnsTransaction internally makes a series of
net::DnsAttempts, each representing an individual DNS request. A single
net::DnsTransaction can run many
net::DnsAttempts due to retry logic, fallback between multiple configured DNS servers, and name permutation due to configured search suffixes.
Data collected specifically for this source (more internally to
net::DnsTransaction implementation not listed here):
Results are queried from mDNS using
When host resolution requests do not specify a source, mDNS is only used for non-address requests when the request hostname ends in “.local”.
net::HostResolverMdnsTask will only ever use a single dispatcher slot, even when both A and AAAA types are queried concurrently.
Some poorly written DNS servers, especially on home routers, are unaware of the existence of IPv6 and will result in bad performance or even crash when sent AAAA DNS queries.
To avoid such issues,
net::HostResolverManager heuristically detects IPv4-only networks by attempting a UDP connection to
2001:4860:4860::8888 (the IPv6 address for Google Public DNS). If the connection fails, Chrome will convert host resolution requests for
net::DnsQueryType::A. This generally results in disallowing AAAA requests.
Exceptions when AAAA requests are always allowed despite a failed connectivity check:
The heuristic for detecting IPv4-only networks is not perfect. E.g., it fails and disallows AAAA requests in private (no global internet access including to Google Public DNS) IPv6-only networks, which could then break most Chrome usage on the network because, being an IPv6-only network, AAAA results are necessary.
Workarounds to allow Chrome to attempt to load IPv6 endpoints when the connectivity check fails:
--host-resolver-rules="MAP the.hostname.com [dead::beef]" where
the.hostname.com is the hostname to allow resolving and
dead::beef is the IPv6 address to resolve it to.
net::MappedHostResolver acts at a level before IPv6 connectivity checks, and if a hostname is remapped to an IP literal, connectivity checks do not apply.
2001:4860:4860::8888. Doesn't have to actually be functional (could just drop requests to it). As long as Chrome can connect a UDP socket to the address, it will pass the heuristic checking IPv6-connectivity.