reverseproxy: add support for custom DNS resolver (#3479)

* reverse proxy: add support for custom resolver

* reverse proxy: don't pollute the global resolver with bootstrap resolver setup

* Improve documentation of reverseproxy.UpstreamResolver fields

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

* reverse proxy: clarify the name resolution conventions of upstream resolvers and bootstrap resolver

* remove support for bootstraper of resolver

* godoc and code-style changes

Co-authored-by: Matt Holt <mholt@users.noreply.github.com>

1 files changed, 40 insertions, 1 deletions

diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go
index 327cc89..dce7b9e 100644
--- a/modules/caddyhttp/reverseproxy/httptransport.go
+++ b/modules/caddyhttp/reverseproxy/httptransport.go
@@ -21,6 +21,7 @@ import (
 	"encoding/base64"
 	"fmt"
 	"io/ioutil"
+	weakrand "math/rand"
 	"net"
 	"net/http"
 	"reflect"
@@ -43,6 +44,9 @@ type HTTPTransport struct {
 	// able to borrow/use at least some of these config fields; if so,
 	// maybe move them into a type called CommonTransport and embed it?
 
+	// Configures the DNS resolver used to resolve the IP address of upstream hostnames.
+	Resolver *UpstreamResolver `json:"resolver,omitempty"`
+
 	// Configures TLS to the upstream. Setting this to an empty struct
 	// is sufficient to enable TLS with reasonable defaults.
 	TLS *TLSConfig `json:"tls,omitempty"`
@@ -146,7 +150,30 @@ func (h *HTTPTransport) NewTransport(ctx caddy.Context) (*http.Transport, error)
 	dialer := &net.Dialer{
 		Timeout:       time.Duration(h.DialTimeout),
 		FallbackDelay: time.Duration(h.FallbackDelay),
-		// TODO: Resolver
+	}
+
+	if h.Resolver != nil {
+		for _, v := range h.Resolver.Addresses {
+			addr, err := caddy.ParseNetworkAddress(v)
+			if err != nil {
+				return nil, err
+			}
+			if addr.PortRangeSize() != 1 {
+				return nil, fmt.Errorf("resolver address must have exactly one address; cannot call %v", addr)
+			}
+			h.Resolver.netAddrs = append(h.Resolver.netAddrs, addr)
+		}
+		d := &net.Dialer{
+			Timeout:       time.Duration(h.DialTimeout),
+			FallbackDelay: time.Duration(h.FallbackDelay),
+		}
+		dialer.Resolver = &net.Resolver{
+			PreferGo: true,
+			Dial: func(ctx context.Context, _, _ string) (net.Conn, error) {
+				addr := h.Resolver.netAddrs[weakrand.Intn(len(h.Resolver.netAddrs))]
+				return d.DialContext(ctx, addr.Network, addr.JoinHostPort(0))
+			},
+		}
 	}
 
 	rt := &http.Transport{
@@ -359,6 +386,18 @@ func (t TLSConfig) MakeTLSClientConfig(ctx caddy.Context) (*tls.Config, error) {
 	return cfg, nil
 }
 
+// UpstreamResolver holds the set of addresses of DNS resolvers of
+// upstream addresses
+type UpstreamResolver struct {
+	// The addresses of DNS resolvers to use when looking up the addresses of proxy upstreams.
+	// It accepts [network addresses](/docs/conventions#network-addresses)
+	// with port range of only 1. If the host is an IP address, it will be dialed directly to resolve the upstream server.
+	// If the host is not an IP address, the addresses are resolved using the [name resolution convention](https://golang.org/pkg/net/#hdr-Name_Resolution) of the Go standard library.
+	// If the array contains more than 1 resolver address, one is chosen at random.
+	Addresses []string `json:"addresses,omitempty"`
+	netAddrs  []caddy.NetworkAddress
+}
+
 // KeepAlive holds configuration pertaining to HTTP Keep-Alive.
 type KeepAlive struct {
 	// Whether HTTP Keep-Alive is enabled. Default: true