Class FilteringDnsResolver
java.lang.Object
io.confluent.kafka.clients.plugins.auth.oauth.FilteringDnsResolver
- All Implemented Interfaces:
org.apache.hc.client5.http.DnsResolver
A custom DNS resolver which filters out resolved IP addresses based on the following rules (in
order):
- If the IP address is in
allowCidrRanges, allow it - If
filterLocalAddressesis true and the IP address is a local IP, disallow it - If
filterPrivateAddressesis true and the IP address is a private IP, disallow it - If
filterClassEAddressesis true and the IP address is a class E IP, disallow it - If the IP address is in
disallowCidrRanges, disallow it
An exception is thrown if there are 0 IP addresses remaining after filtering. This code is copied from https://github.com/confluentinc/connect-oauth/blob/master/src/main/java/io/confluent/connect/oauth/FilteringDnsResolver.java to do DNS filtering in CCloud to avoid having attackers be able to exploit internal services.
-
Constructor Summary
ConstructorsConstructorDescriptionFilteringDnsResolver(boolean filterLocalAddresses, boolean filterPrivateAddresses, boolean filterClassEAddresses, List<String> disallowCidrRanges, List<String> allowCidrRanges) -
Method Summary
-
Constructor Details
-
FilteringDnsResolver
-
-
Method Details
-
resolve
- Specified by:
resolvein interfaceorg.apache.hc.client5.http.DnsResolver- Throws:
UnknownHostException
-
resolveCanonicalHostname
- Specified by:
resolveCanonicalHostnamein interfaceorg.apache.hc.client5.http.DnsResolver- Throws:
UnknownHostException
-
hasViolatingIpAddress
- Throws:
UnknownHostException
-