5 files changed, 722 insertions, 392 deletions
diff --git a/src/dns/Makefile.am b/src/dns/Makefile.am
index 8a102c414..aca8ea25c 100644
--- a/src/dns/Makefile.am
+++ b/src/dns/Makefile.am
@@ -25,6 +25,7 @@ endif
 lib_LTLIBRARIES = \
  libgnunetdnsparser.la \
+  libgnunetdnsstub.la \
  libgnunetdns.la
 bin_PROGRAMS = \
@@ -70,6 +71,7 @@ gnunet_dns_redirector_DEPENDENCIES = \
 gnunet_service_dns_SOURCES = \
 gnunet-service-dns.c 
 gnunet_service_dns_LDADD = \
+  $(top_builddir)/src/dns/libgnunetdnsstub.la \
  $(top_builddir)/src/tun/libgnunettun.la \
  $(top_builddir)/src/mesh/libgnunetmesh.la \
  $(top_builddir)/src/statistics/libgnunetstatistics.la \
@@ -84,6 +86,14 @@ libgnunetdnsparser_la_LDFLAGS = \
  $(GN_LIB_LDFLAGS) \
  -version-info 0:0:0
+libgnunetdnsstub_la_SOURCES = \
+ dnsstub.c 
+libgnunetdnsstub_la_LIBADD = \
+ $(top_builddir)/src/util/libgnunetutil.la $(XLIB)
+libgnunetdnsstub_la_LDFLAGS = \
+  $(GN_LIB_LDFLAGS) \
+  -version-info 0:0:0
 libgnunetdns_la_SOURCES = \
 dns_api.c dns.h
 libgnunetdns_la_LIBADD = \
diff --git a/src/dns/dnsstub.c b/src/dns/dnsstub.c
new file mode 100644
index 000000000..383b1d699
--- /dev/null
+++ b/src/dns/dnsstub.c
@@ -0,0 +1,520 @@
+/*
+     This file is part of GNUnet.
+     (C) 2012 Christian Grothoff (and other contributing authors)
+     GNUnet is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published
+     by the Free Software Foundation; either version 3, or (at your
+     option) any later version.
+     GNUnet is distributed in the hope that it will be useful, but
+     WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     General Public License for more details.
+     You should have received a copy of the GNU General Public License
+     along with GNUnet; see the file COPYING.  If not, write to the
+     Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+     Boston, MA 02111-1307, USA.
+*/
+/**
+ * @file dns/dnsstub.c
+ * @brief DNS stub resolver which sends DNS requests to an actual resolver
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_dnsstub_lib.h"
+/**
+ * Timeout for an external (Internet-DNS) DNS resolution
+ */
+#define REQUEST_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
+/**
+ * How many DNS sockets do we open at most at the same time?
+ * (technical socket maximum is this number x2 for IPv4+IPv6)
+ */
+#define DNS_SOCKET_MAX 128
+/**
+ * UDP socket we are using for sending DNS requests to the Internet.
+ */
+struct GNUNET_DNSSTUB_RequestSocket
+{
+  
+  /**
+   * UDP socket we use for this request for IPv4
+   */
+  struct GNUNET_NETWORK_Handle *dnsout4;
+  /**
+   * UDP socket we use for this request for IPv6
+   */
+  struct GNUNET_NETWORK_Handle *dnsout6;
+  /**
+   * Function to call with result.
+   */
+  GNUNET_DNSSTUB_ResultCallback rc;
+  /**
+   * Closure for 'rc'.
+   */
+  void *rc_cls;
+  /**
+   * Task for reading from dnsout4 and dnsout6.
+   */
+  GNUNET_SCHEDULER_TaskIdentifier read_task;
+  /**
+   * When should this request time out?
+   */
+  struct GNUNET_TIME_Absolute timeout;
+  /**
+   * Address we sent the DNS request to.
+   */
+  struct sockaddr_storage addr;
+  /**
+   * Number of bytes in 'addr'.
+   */
+  socklen_t addrlen;
+};
+struct GNUNET_DNSSTUB_Context
+{
+  /**
+   * Array of all open sockets for DNS requests. 
+   */
+  struct GNUNET_DNSSTUB_RequestSocket sockets[DNS_SOCKET_MAX];
+  /**
+   * IP address to use for the DNS server if we are a DNS exit service
+   * (for VPN via mesh); otherwise NULL.
+   */
+  char *dns_exit;
+};
+/**
+ * We're done with a GNUNET_DNSSTUB_RequestSocket, close it for now.
+ *
+ * @param rs request socket to clean up
+ */
+static void
+cleanup_rs (struct GNUNET_DNSSTUB_RequestSocket *rs)
+{
+  if (NULL != rs->dnsout4)
+  {
+    GNUNET_NETWORK_socket_close (rs->dnsout4);
+    rs->dnsout4 = NULL;
+  }
+  if (NULL != rs->dnsout6)
+  {
+    GNUNET_NETWORK_socket_close (rs->dnsout6);
+    rs->dnsout6 = NULL;
+  }
+  if (GNUNET_SCHEDULER_NO_TASK != rs->read_task)
+  {
+    GNUNET_SCHEDULER_cancel (rs->read_task);
+    rs->read_task = GNUNET_SCHEDULER_NO_TASK;
+  }
+}
+/**
+ * Open source port for sending DNS requests
+ *
+ * @param af AF_INET or AF_INET6
+ * @return GNUNET_OK on success
+ */ 
+static struct GNUNET_NETWORK_Handle *
+open_socket (int af)
+{
+  struct sockaddr_in a4;
+  struct sockaddr_in6 a6;
+  struct sockaddr *sa;
+  socklen_t alen;
+  struct GNUNET_NETWORK_Handle *ret;
+  ret = GNUNET_NETWORK_socket_create (af, SOCK_DGRAM, 0);
+  if (NULL == ret)
+    return NULL;
+  switch (af)
+  {
+  case AF_INET:
+    memset (&a4, 0, alen = sizeof (struct sockaddr_in));
+    sa = (struct sockaddr *) &a4;
+    break;
+  case AF_INET6:
+    memset (&a6, 0, alen = sizeof (struct sockaddr_in6));
+    sa = (struct sockaddr *) &a6;
+    break;
+  default:
+    GNUNET_break (0);
+    GNUNET_NETWORK_socket_close (ret);
+    return NULL;
+  }
+  sa->sa_family = af;
+  if (GNUNET_OK != GNUNET_NETWORK_socket_bind (ret,
+                                               sa, 
+                                               alen))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 
+                _("Could not bind to any port: %s\n"),
+                STRERROR (errno));
+    GNUNET_NETWORK_socket_close (ret);
+    return NULL;
+  }
+  return ret;
+}
+/**
+ * Read a DNS response from the (unhindered) UDP-Socket
+ *
+ * @param cls socket to read from
+ * @param tc scheduler context (must be shutdown or read ready)
+ */
+static void
+read_response (void *cls,
+               const struct GNUNET_SCHEDULER_TaskContext *tc);
+/**
+ * Get a socket of the specified address family to send out a
+ * UDP DNS request to the Internet.  
+ *
+ * @param af desired address family
+ * @return NULL on error (given AF not "supported")
+ */
+static struct GNUNET_DNSSTUB_RequestSocket *
+get_request_socket (struct GNUNET_DNSSTUB_Context *ctx,
+                    int af)
+{
+  struct GNUNET_DNSSTUB_RequestSocket *rs;
+  struct GNUNET_NETWORK_FDSet *rset;
+  rs = &ctx->sockets[GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, 
+                                               DNS_SOCKET_MAX)];
+  rs->timeout = GNUNET_TIME_relative_to_absolute (REQUEST_TIMEOUT);
+  switch (af)
+  {
+  case AF_INET:
+    if (NULL == rs->dnsout4)
+      rs->dnsout4 = open_socket (AF_INET);
+    break;
+  case AF_INET6:
+    if (NULL == rs->dnsout6)
+      rs->dnsout6 = open_socket (AF_INET6);
+    break;
+  default:
+    return NULL;
+  }  
+  if (GNUNET_SCHEDULER_NO_TASK != rs->read_task)
+  {
+    GNUNET_SCHEDULER_cancel (rs->read_task);
+    rs->read_task = GNUNET_SCHEDULER_NO_TASK;
+  }
+  if ( (NULL == rs->dnsout4) &&
+       (NULL == rs->dnsout6) )
+    return NULL;
+  rset = GNUNET_NETWORK_fdset_create ();
+  if (NULL != rs->dnsout4)
+    GNUNET_NETWORK_fdset_set (rset, rs->dnsout4);
+  if (NULL != rs->dnsout6)
+    GNUNET_NETWORK_fdset_set (rset, rs->dnsout6);
+  rs->read_task = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
+                                               REQUEST_TIMEOUT,
+                                               rset,
+                                               NULL,
+                                               &read_response, rs);
+  GNUNET_NETWORK_fdset_destroy (rset);
+  return rs;
+}
+/**
+ * Perform DNS resolution.
+ *
+ * @param ctx stub resolver to use
+ * @param af address family to use
+ * @param request DNS request to transmit
+ * @param request_len number of bytes in msg
+ * @param rc function to call with result
+ * @param rc_cls closure for 'rc'
+ * @return socket used for the request, NULL on error
+ */
+struct GNUNET_DNSSTUB_RequestSocket *
+GNUNET_DNSSTUB_resolve (struct GNUNET_DNSSTUB_Context *ctx,
+                        const struct sockaddr *sa,
+                        socklen_t sa_len,
+                        const void *request,
+                        size_t request_len,
+                        GNUNET_DNSSTUB_ResultCallback rc,
+                        void *rc_cls)
+{
+  struct GNUNET_DNSSTUB_RequestSocket *rs;
+  struct GNUNET_NETWORK_Handle *ret;
+  int af;
+  af = sa->sa_family;
+  if (NULL == (rs = get_request_socket (ctx, af)))
+    return NULL;
+  if (NULL != rs->dnsout4)
+    ret = rs->dnsout4;
+  else
+    ret = rs->dnsout6;
+  GNUNET_assert (NULL != ret);
+  rs->rc = rc;
+  rs->rc_cls = rc_cls;
+  GNUNET_NETWORK_socket_sendto (ret,
+                                request,
+                                request_len,
+                                sa,
+                                sa_len);
+  return rs;
+}
+/**
+ * Perform DNS resolution using our default IP from init.
+ *
+ * @param ctx stub resolver to use
+ * @param request DNS request to transmit
+ * @param request_len number of bytes in msg
+ * @param rc function to call with result
+ * @param rc_cls closure for 'rc'
+ * @return socket used for the request, NULL on error
+ */
+struct GNUNET_DNSSTUB_RequestSocket *
+GNUNET_DNSSTUB_resolve2 (struct GNUNET_DNSSTUB_Context *ctx,
+                         const void *request,
+                         size_t request_len,
+                         GNUNET_DNSSTUB_ResultCallback rc,
+                         void *rc_cls)
+{
+  int af;
+  struct sockaddr_in v4;
+  struct sockaddr_in6 v6;
+  struct sockaddr *so;
+  socklen_t salen;
+  struct GNUNET_NETWORK_Handle *dnsout;
+  struct GNUNET_DNSSTUB_RequestSocket *rs;
+  memset (&v4, 0, sizeof (v4));
+  memset (&v6, 0, sizeof (v6));
+  if (1 == inet_pton (AF_INET, ctx->dns_exit, &v4.sin_addr))
+  {
+    salen = sizeof (v4);
+    v4.sin_family = AF_INET;
+    v4.sin_port = htons (53);
+#if HAVE_SOCKADDR_IN_SIN_LEN
+    v4.sin_len = (u_char) salen;
+#endif
+    so = (struct sockaddr *) &v4;
+    af = AF_INET;
+  }
+  else if (1 == inet_pton (AF_INET6, ctx->dns_exit, &v6.sin6_addr))
+  {
+    salen = sizeof (v6);
+    v6.sin6_family = AF_INET6;
+    v6.sin6_port = htons (53);
+#if HAVE_SOCKADDR_IN_SIN_LEN
+    v6.sin6_len = (u_char) salen;
+#endif
+    so = (struct sockaddr *) &v6;
+    af = AF_INET6;
+  }  
+  else
+  {
+    GNUNET_break (0);
+    return NULL;
+  }
+  if (NULL == (rs = get_request_socket (ctx, af)))
+    return NULL;
+  if (NULL != rs->dnsout4)
+    dnsout = rs->dnsout4;
+  else
+    dnsout = rs->dnsout6;
+  if (NULL == dnsout)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                _("Configured DNS exit `%s' is not working / valid.\n"),
+                ctx->dns_exit);
+    return NULL;
+  }
+  memcpy (&rs->addr,
+          so,
+          salen);
+  rs->addrlen = salen;
+  GNUNET_NETWORK_socket_sendto (dnsout,
+                                request,
+                                request_len, so, salen); 
+  rs->timeout = GNUNET_TIME_relative_to_absolute (REQUEST_TIMEOUT);
+  
+  return rs;
+}
+/**
+ * Actually do the reading of a DNS packet from our UDP socket and see
+ * if we have a valid, matching, pending request.
+ *
+ * @param rs request socket with callback details
+ * @param dnsout socket to read from
+ * @return GNUNET_OK on success, GNUNET_NO on drop, GNUNET_SYSERR on IO-errors (closed socket)
+ */
+static int
+do_dns_read (struct GNUNET_DNSSTUB_RequestSocket *rs,
+             struct GNUNET_NETWORK_Handle *dnsout)
+{
+  struct sockaddr_storage addr;
+  socklen_t addrlen;
+  struct GNUNET_TUN_DnsHeader *dns;
+  ssize_t r;
+  int len;
+#ifndef MINGW
+  if (0 != ioctl (GNUNET_NETWORK_get_fd (dnsout), FIONREAD, &len))
+  {
+    /* conservative choice: */
+    len = UINT16_MAX;
+  }
+#else
+  /* port the code above? */
+  len = UINT16_MAX;
+#endif
+  {
+    unsigned char buf[len] GNUNET_ALIGN;
+    addrlen = sizeof (addr);
+    memset (&addr, 0, sizeof (addr));  
+    r = GNUNET_NETWORK_socket_recvfrom (dnsout, 
+                                        buf, sizeof (buf),
+                                        (struct sockaddr*) &addr, &addrlen);
+    if (-1 == r)
+    {
+      GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "recvfrom");
+      GNUNET_NETWORK_socket_close (dnsout);
+      return GNUNET_SYSERR;
+    }
+    if (sizeof (struct GNUNET_TUN_DnsHeader) > r)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 
+                  _("Received DNS response that is too small (%u bytes)"),
+                  r);
+      return GNUNET_NO;
+    }
+    dns = (struct GNUNET_TUN_DnsHeader *) buf;
+    if ( (addrlen != rs->addrlen) ||
+         (0 != memcmp (&rs->addr,
+                       &addr,
+                       addrlen)) ||      
+       (0 == GNUNET_TIME_absolute_get_remaining (rs->timeout).rel_value) )
+      return GNUNET_NO;
+    rs->rc (rs->rc_cls,
+            rs,
+            dns,
+            r);
+  }  
+  return GNUNET_OK;
+}
+/**
+ * Read a DNS response from the (unhindered) UDP-Socket
+ *
+ * @param cls socket to read from
+ * @param tc scheduler context (must be shutdown or read ready)
+ */
+static void
+read_response (void *cls,
+               const struct GNUNET_SCHEDULER_TaskContext *tc)
+{
+  struct GNUNET_DNSSTUB_RequestSocket *rs = cls;
+  struct GNUNET_NETWORK_FDSet *rset;
+  rs->read_task = GNUNET_SCHEDULER_NO_TASK;
+  if (0 == (tc->reason & GNUNET_SCHEDULER_REASON_READ_READY))
+  {
+    /* timeout or shutdown */
+    cleanup_rs (rs);
+    return;
+  }
+  /* read and process ready sockets */
+  if ((NULL != rs->dnsout4) &&
+      (GNUNET_NETWORK_fdset_isset (tc->read_ready, rs->dnsout4)) &&
+      (GNUNET_SYSERR == do_dns_read (rs, rs->dnsout4)))
+    rs->dnsout4 = NULL;
+  if ((NULL != rs->dnsout6) &&
+      (GNUNET_NETWORK_fdset_isset (tc->read_ready, rs->dnsout6)) &&
+      (GNUNET_SYSERR == do_dns_read (rs, rs->dnsout6)))
+    rs->dnsout6 = NULL;
+  /* re-schedule read task */
+  rset = GNUNET_NETWORK_fdset_create ();
+  if (NULL != rs->dnsout4)
+    GNUNET_NETWORK_fdset_set (rset, rs->dnsout4);
+  if (NULL != rs->dnsout6)
+    GNUNET_NETWORK_fdset_set (rset, rs->dnsout6);
+  rs->read_task = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
+                                               GNUNET_TIME_absolute_get_remaining (rs->timeout),
+                                               rset,
+                                               NULL,
+                                               &read_response, rs);
+  GNUNET_NETWORK_fdset_destroy (rset);
+}
+/**
+ * Start a DNS stub resolver.
+ *
+ * @param dns_ip target IP address to use
+ * @return NULL on error
+ */
+struct GNUNET_DNSSTUB_Context *
+GNUNET_DNSSTUB_start (const char *dns_ip)
+{
+  struct GNUNET_DNSSTUB_Context *ctx;
+  
+  ctx = GNUNET_malloc (sizeof (struct GNUNET_DNSSTUB_Context));
+  if (NULL != dns_ip)
+    ctx->dns_exit = GNUNET_strdup (dns_ip);
+  return ctx;
+}
+/**
+ * Cleanup DNSSTUB resolver.
+ *
+ * @param ctx stub resolver to clean up
+ */
+void
+GNUNET_DNSSTUB_stop (struct GNUNET_DNSSTUB_Context *ctx)
+{
+  unsigned int i;
+  for (i=0;i<=UINT16_MAX;i++)
+    cleanup_rs (&ctx->sockets[i]);
+  if (NULL != ctx->dns_exit)
+  {
+    GNUNET_free (ctx->dns_exit);
+    ctx->dns_exit = NULL;
+  }
+  GNUNET_free (ctx);
+}
+/* end of dnsstub.c */
diff --git a/src/dns/gnunet-service-dns.c b/src/dns/gnunet-service-dns.c
index 76ea1390f..b13f156a9 100644
--- a/src/dns/gnunet-service-dns.c
+++ b/src/dns/gnunet-service-dns.c
@@ -45,23 +45,13 @@
 #include "dns.h"
 #include "gnunet_dns_service.h"
 #include "gnunet_dnsparser_lib.h"
+#include "gnunet_dnsstub_lib.h"
 #include "gnunet_mesh_service.h"
 #include "gnunet_statistics_service.h"
 #include "gnunet_tun_lib.h"
 /**
- * Timeout for an external (Internet-DNS) DNS resolution
- */
-#define REQUEST_TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5)
-/**
- * How many DNS sockets do we open at most at the same time?
- * (technical socket maximum is this number x2 for IPv4+IPv6)
- */
-#define DNS_SOCKET_MAX 128
-/**
 * Phases each request goes through.
 */
 enum RequestPhase
@@ -137,34 +127,6 @@ struct ClientRecord
 /**
- * UDP socket we are using for sending DNS requests to the Internet.
- */
-struct RequestSocket
-{
-  
-  /**
-   * UDP socket we use for this request for IPv4
-   */
-  struct GNUNET_NETWORK_Handle *dnsout4;
-  /**
-   * UDP socket we use for this request for IPv6
-   */
-  struct GNUNET_NETWORK_Handle *dnsout6;
-  /**
-   * Task for reading from dnsout4 and dnsout6.
-   */
-  GNUNET_SCHEDULER_TaskIdentifier read_task;
-  /**
-   * When should this socket be closed?
-   */
-  struct GNUNET_TIME_Absolute timeout;
-};
-/**
 * Entry we keep for each active request.
 */ 
 struct RequestRecord
@@ -184,10 +146,9 @@ struct RequestRecord
  /**
   * Socket we are using to transmit this request (must match if we receive
-   * a response).  Must NOT be freed as part of this request record (as it
+   * a response).
-   * might be shared with other requests).
   */
-  struct GNUNET_NETWORK_Handle *dnsout;
+  struct GNUNET_DNSSTUB_RequestSocket *rs;
  /**
   * Source address of the original request (for sending response).
@@ -200,11 +161,6 @@ struct RequestRecord
  struct sockaddr_storage dst_addr;
  /**
-   * When should this request time out?
-   */
-  struct GNUNET_TIME_Absolute timeout;
-  /**
   * ID of this request, also basis for hashing.  Lowest 16 bit will
   * be our message ID when doing a global DNS request and our index
   * into the 'requests' array.
@@ -252,25 +208,9 @@ struct TunnelState
  /**
   * Socket we are using to transmit this request (must match if we receive
-   * a response).  Must NOT be freed as part of this request record (as it
+   * a response).
-   * might be shared with other requests).
-   */
-  struct GNUNET_NETWORK_Handle *dnsout;
-  /**
-   * Address we sent the DNS request to.
-   */
-  struct sockaddr_storage addr;
-  /**
-   * When should this request time out?
   */
-  struct GNUNET_TIME_Absolute timeout;
+  struct GNUNET_DNSSTUB_RequestSocket *rs;
-  /**
-   * Number of bytes in 'addr'.
-   */
-  socklen_t addrlen;
  /**
   * Number of bytes in 'reply'.
@@ -330,19 +270,14 @@ static struct ClientRecord *clients_tail;
 static struct GNUNET_SERVER_NotificationContext *nc;
 /**
- * Array of all open requests.
- */
-static struct RequestRecord requests[UINT16_MAX + 1];
-/**
 * Array of all open requests from tunnels.
 */
 static struct TunnelState *tunnels[UINT16_MAX + 1];
 /**
- * Array of all open sockets for DNS requests. 
+ * Array of all open requests.
 */
-static struct RequestSocket sockets[DNS_SOCKET_MAX];
+static struct RequestRecord requests[UINT16_MAX + 1];
 /**
 * Generator for unique request IDs.
@@ -350,42 +285,15 @@ static struct RequestSocket sockets[DNS_SOCKET_MAX];
 static uint64_t request_id_gen;
 /**
- * IP address to use for the DNS server if we are a DNS exit service
- * (for VPN via mesh); otherwise NULL.
- */
-static char *dns_exit;
-/**
 * Handle to the MESH service (for receiving DNS queries), or NULL 
 * if we are not a DNS exit.
 */
 static struct GNUNET_MESH_Handle *mesh;
 /**
- * We're done with a RequestSocket, close it for now.
+ * Handle to the DNS Stub resolver.
- *
- * @param rs request socket to clean up
 */
-static void
+static struct GNUNET_DNSSTUB_Context *dnsstub;
-cleanup_rs (struct RequestSocket *rs)
-{
-  if (NULL != rs->dnsout4)
-  {
-    GNUNET_NETWORK_socket_close (rs->dnsout4);
-    rs->dnsout4 = NULL;
-  }
-  if (NULL != rs->dnsout6)
-  {
-    GNUNET_NETWORK_socket_close (rs->dnsout6);
-    rs->dnsout6 = NULL;
-  }
-  if (GNUNET_SCHEDULER_NO_TASK != rs->read_task)
-  {
-    GNUNET_SCHEDULER_cancel (rs->read_task);
-    rs->read_task = GNUNET_SCHEDULER_NO_TASK;
-  }
-}
 /**
@@ -430,10 +338,10 @@ cleanup_task (void *cls GNUNET_UNUSED,
    GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
    stats = NULL;
  }
-  if (NULL != dns_exit)
+  if (NULL != dnsstub)
  {
-    GNUNET_free (dns_exit);
+    GNUNET_DNSSTUB_stop (dnsstub);
-    dns_exit = NULL;
+    dnsstub = NULL;
  }
  if (NULL != mesh)
  {
@@ -444,54 +352,6 @@ cleanup_task (void *cls GNUNET_UNUSED,
 /**
- * Open source port for sending DNS requests
- *
- * @param af AF_INET or AF_INET6
- * @return GNUNET_OK on success
- */ 
-static struct GNUNET_NETWORK_Handle *
-open_socket (int af)
-{
-  struct sockaddr_in a4;
-  struct sockaddr_in6 a6;
-  struct sockaddr *sa;
-  socklen_t alen;
-  struct GNUNET_NETWORK_Handle *ret;
-  ret = GNUNET_NETWORK_socket_create (af, SOCK_DGRAM, 0);
-  if (NULL == ret)
-    return NULL;
-  switch (af)
-  {
-  case AF_INET:
-    memset (&a4, 0, alen = sizeof (struct sockaddr_in));
-    sa = (struct sockaddr *) &a4;
-    break;
-  case AF_INET6:
-    memset (&a6, 0, alen = sizeof (struct sockaddr_in6));
-    sa = (struct sockaddr *) &a6;
-    break;
-  default:
-    GNUNET_break (0);
-    GNUNET_NETWORK_socket_close (ret);
-    return NULL;
-  }
-  sa->sa_family = af;
-  if (GNUNET_OK != GNUNET_NETWORK_socket_bind (ret,
-                                               sa, 
-                                               alen))
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 
-                _("Could not bind to any port: %s\n"),
-                STRERROR (errno));
-    GNUNET_NETWORK_socket_close (ret);
-    return NULL;
-  }
-  return ret;
-}
-/**
 * We're done with some request, finish processing.
 *
 * @param rr request send to the network or just clean up.
@@ -677,70 +537,21 @@ send_request_to_client (struct RequestRecord *rr,
 }
-/**
- * Read a DNS response from the (unhindered) UDP-Socket
- *
- * @param cls socket to read from
- * @param tc scheduler context (must be shutdown or read ready)
- */
-static void
-read_response (void *cls,
-               const struct GNUNET_SCHEDULER_TaskContext *tc);
 /**
- * Get a socket of the specified address family to send out a
+ * Callback called from DNSSTUB resolver when a resolution
- * UDP DNS request to the Internet.  
+ * succeeded.
 *
- * @param af desired address family
+ * @param cls NULL
- * @return NULL on error (given AF not "supported")
+ * @param rs the socket that received the response
+ * @param dns the response itself
+ * @param r number of bytes in dns
 */
-static struct GNUNET_NETWORK_Handle *
+static void
-get_request_socket (int af)
+process_dns_result (void *cls,
-{
+                    struct GNUNET_DNSSTUB_RequestSocket *rs,
-  struct RequestSocket *rs;
+                    const struct GNUNET_TUN_DnsHeader *dns,
-  struct GNUNET_NETWORK_FDSet *rset;
+                    size_t r);
-  static struct GNUNET_NETWORK_Handle *ret;
-  rs = &sockets[GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE, 
-                                          DNS_SOCKET_MAX)];
-  rs->timeout = GNUNET_TIME_relative_to_absolute (REQUEST_TIMEOUT);
-  switch (af)
-  {
-  case AF_INET:
-    if (NULL == rs->dnsout4)
-      rs->dnsout4 = open_socket (AF_INET);
-    ret = rs->dnsout4;
-    break;
-  case AF_INET6:
-    if (NULL == rs->dnsout6)
-      rs->dnsout6 = open_socket (AF_INET6);
-    ret = rs->dnsout6;
-    break;
-  default:
-    return NULL;
-  }  
-  if (GNUNET_SCHEDULER_NO_TASK != rs->read_task)
-  {
-    GNUNET_SCHEDULER_cancel (rs->read_task);
-    rs->read_task = GNUNET_SCHEDULER_NO_TASK;
-  }
-  if ( (NULL == rs->dnsout4) &&
-       (NULL == rs->dnsout6) )
-    return NULL;
-  rset = GNUNET_NETWORK_fdset_create ();
-  if (NULL != rs->dnsout4)
-    GNUNET_NETWORK_fdset_set (rset, rs->dnsout4);
-  if (NULL != rs->dnsout6)
-    GNUNET_NETWORK_fdset_set (rset, rs->dnsout6);
-  rs->read_task = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
-                                               REQUEST_TIMEOUT,
-                                               rset,
-                                               NULL,
-                                               &read_response, rs);
-  GNUNET_NETWORK_fdset_destroy (rset);
-  return ret;
-}
 /**
@@ -815,8 +626,14 @@ next_phase (struct RequestRecord *rr)
    }
    rr->phase = RP_INTERNET_DNS;
-    rr->dnsout = get_request_socket (rr->dst_addr.ss_family);
+    rr->rs = GNUNET_DNSSTUB_resolve (dnsstub,
-    if (NULL == rr->dnsout)
+                                     (struct sockaddr*) &rr->dst_addr,
+                                     salen,
+                                     rr->payload,
+                                     rr->payload_length,
+                                     &process_dns_result,
+                                     NULL);
+    if (NULL == rr->rs)
    {
      GNUNET_STATISTICS_update (stats,
                                gettext_noop ("# DNS exit failed (failed to open socket)"),
@@ -824,12 +641,6 @@ next_phase (struct RequestRecord *rr)
      cleanup_rr (rr);
      return;
    }
-    GNUNET_NETWORK_socket_sendto (rr->dnsout,
-                                  rr->payload,
-                                  rr->payload_length,
-                                  (struct sockaddr*) &rr->dst_addr,
-                                  salen);
-    rr->timeout = GNUNET_TIME_relative_to_absolute (REQUEST_TIMEOUT);
    return;
  case RP_INTERNET_DNS:
    rr->phase = RP_MODIFY;
@@ -956,68 +767,32 @@ transmit_reply_to_mesh (void *cls,
 }
 /**
- * Actually do the reading of a DNS packet from our UDP socket and see
+ * Callback called from DNSSTUB resolver when a resolution
- * if we have a valid, matching, pending request.
+ * succeeded.
 *
- * @param dnsout socket to read from
+ * @param cls NULL
- * @return GNUNET_OK on success, GNUNET_NO on drop, GNUNET_SYSERR on IO-errors (closed socket)
+ * @param rs the socket that received the response
+ * @param dns the response itself
+ * @param r number of bytes in dns
 */
-static int
+static void
-do_dns_read (struct GNUNET_NETWORK_Handle *dnsout)
+process_dns_result (void *cls,
+                    struct GNUNET_DNSSTUB_RequestSocket *rs,
+                    const struct GNUNET_TUN_DnsHeader *dns,
+                    size_t r)
 {
-  struct sockaddr_storage addr;
-  socklen_t addrlen;
-  struct GNUNET_TUN_DnsHeader *dns;
  struct RequestRecord *rr;
  struct TunnelState *ts;
-  ssize_t r;
+    
-  int len;
+  GNUNET_assert (NULL == cls);
+  /* Handle case that this is a reply to a request from a MESH DNS tunnel */
-#ifndef MINGW
+  ts = tunnels[dns->id];
-  if (0 != ioctl (GNUNET_NETWORK_get_fd (dnsout), FIONREAD, &len))
+  if ( (NULL == ts) ||
-  {
+       (ts->rs != rs) )
-    /* conservative choice: */
+    ts = NULL; /* DNS responder address missmatch */
-    len = UINT16_MAX;
+  if (NULL != ts)
-  }
-#else
-  /* port the code above? */
-  len = UINT16_MAX;
-#endif
-  {
-    unsigned char buf[len] GNUNET_ALIGN;
-    addrlen = sizeof (addr);
-    memset (&addr, 0, sizeof (addr));  
-    r = GNUNET_NETWORK_socket_recvfrom (dnsout, 
-                                        buf, sizeof (buf),
-                                        (struct sockaddr*) &addr, &addrlen);
-    if (-1 == r)
-    {
-      GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "recvfrom");
-      GNUNET_NETWORK_socket_close (dnsout);
-      return GNUNET_SYSERR;
-    }
-    if (sizeof (struct GNUNET_TUN_DnsHeader) > r)
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 
-                  _("Received DNS response that is too small (%u bytes)"),
-                  r);
-      return GNUNET_NO;
-    }
-    dns = (struct GNUNET_TUN_DnsHeader *) buf;
-    /* Handle case that this is a reply to a request from a MESH DNS tunnel */
-    ts = tunnels[dns->id];
-    if ( (NULL == ts) ||
-         (ts->dnsout != dnsout) ||
-         (addrlen != ts->addrlen) ||
-         (0 != memcmp (&ts->addr,
-                       &addr,
-                       addrlen)) ||      
-         (0 == GNUNET_TIME_absolute_get_remaining (ts->timeout).rel_value) )
-      ts = NULL; /* DNS responder address missmatch */
-    if (NULL != ts)
    {
      tunnels[dns->id] = NULL;
      GNUNET_free_non_null (ts->reply);
@@ -1034,76 +809,25 @@ do_dns_read (struct GNUNET_NETWORK_Handle *dnsout)
                                                  &transmit_reply_to_mesh,
                                                  ts);
    }
-    /* Handle case that this is a reply to a local request (intercepted from TUN interface) */
+  /* Handle case that this is a reply to a local request (intercepted from TUN interface) */
-    rr = &requests[dns->id];
+  rr = &requests[dns->id];
-    if ( (rr->phase != RP_INTERNET_DNS) ||
+  if ( (rr->phase != RP_INTERNET_DNS) ||
-         (rr->dnsout != dnsout) ||
+       (rr->rs != rs) )
-         (0 != memcmp (&rr->dst_addr,
-                       &addr,
-                       addrlen)) ||
-         (0 == GNUNET_TIME_absolute_get_remaining (rr->timeout).rel_value) )
    {
      if (NULL == ts)
-      {
+        {
-        /* unexpected / bogus reply */
+          /* unexpected / bogus reply */
-        GNUNET_STATISTICS_update (stats,
+          GNUNET_STATISTICS_update (stats,
-                                  gettext_noop ("# External DNS response discarded (no matching request)"),
+                                    gettext_noop ("# External DNS response discarded (no matching request)"),
-                                  1, GNUNET_NO);
+                                    1, GNUNET_NO);
-      }
+        }
-      return GNUNET_NO; 
+      return; 
    }
-    GNUNET_free_non_null (rr->payload);
+  GNUNET_free_non_null (rr->payload);
-    rr->payload = GNUNET_malloc (r);
+  rr->payload = GNUNET_malloc (r);
-    memcpy (rr->payload, buf, r);
+  memcpy (rr->payload, dns, r);
-    rr->payload_length = r;
+  rr->payload_length = r;
-    next_phase (rr);
+  next_phase (rr);
-  }  
-  return GNUNET_OK;
-}
-/**
- * Read a DNS response from the (unhindered) UDP-Socket
- *
- * @param cls socket to read from
- * @param tc scheduler context (must be shutdown or read ready)
- */
-static void
-read_response (void *cls,
-               const struct GNUNET_SCHEDULER_TaskContext *tc)
-{
-  struct RequestSocket *rs = cls;
-  struct GNUNET_NETWORK_FDSet *rset;
-  rs->read_task = GNUNET_SCHEDULER_NO_TASK;
-  if (0 == (tc->reason & GNUNET_SCHEDULER_REASON_READ_READY))
-  {
-    /* timeout or shutdown */
-    cleanup_rs (rs);
-    return;
-  }
-  /* read and process ready sockets */
-  if ((NULL != rs->dnsout4) &&
-      (GNUNET_NETWORK_fdset_isset (tc->read_ready, rs->dnsout4)) &&
-      (GNUNET_SYSERR == do_dns_read (rs->dnsout4)))
-    rs->dnsout4 = NULL;
-  if ((NULL != rs->dnsout6) &&
-      (GNUNET_NETWORK_fdset_isset (tc->read_ready, rs->dnsout6)) &&
-      (GNUNET_SYSERR == do_dns_read (rs->dnsout6)))
-    rs->dnsout6 = NULL;
-  /* re-schedule read task */
-  rset = GNUNET_NETWORK_fdset_create ();
-  if (NULL != rs->dnsout4)
-    GNUNET_NETWORK_fdset_set (rset, rs->dnsout4);
-  if (NULL != rs->dnsout6)
-    GNUNET_NETWORK_fdset_set (rset, rs->dnsout6);
-  rs->read_task = GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT,
-                                               GNUNET_TIME_absolute_get_remaining (rs->timeout),
-                                               rset,
-                                               NULL,
-                                               &read_response, rs);
-  GNUNET_NETWORK_fdset_destroy (rset);
 }
@@ -1410,11 +1134,7 @@ receive_dns_request (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
  size_t dlen = mlen - sizeof (struct GNUNET_MessageHeader);
  char buf[dlen] GNUNET_ALIGN;
  struct GNUNET_TUN_DnsHeader *dout;
-  struct sockaddr_in v4;
+ 
-  struct sockaddr_in6 v6;
-  struct sockaddr *so;
-  socklen_t salen;
-  
  if (dlen < sizeof (struct GNUNET_TUN_DnsHeader))
  {
    GNUNET_break_op (0);
@@ -1428,51 +1148,14 @@ receive_dns_request (void *cls GNUNET_UNUSED, struct GNUNET_MESH_Tunnel *tunnel,
                                                   UINT16_MAX + 1);
  tunnels[ts->my_id] = ts;
  memcpy (buf, dns, dlen);
-  dout = (struct GNUNET_TUN_DnsHeader*) buf;
+  dout = (struct GNUNET_TUN_DnsHeader *) buf;
  dout->id = ts->my_id;
-  memset (&v4, 0, sizeof (v4));
+  ts->rs = GNUNET_DNSSTUB_resolve2 (dnsstub,
-  memset (&v6, 0, sizeof (v6));
+                                    buf, dlen,
-  if (1 == inet_pton (AF_INET, dns_exit, &v4.sin_addr))
+                                    &process_dns_result,
-  {
+                                    NULL);
-    salen = sizeof (v4);
+  if (NULL == ts->rs)
-    v4.sin_family = AF_INET;
-    v4.sin_port = htons (53);
-#if HAVE_SOCKADDR_IN_SIN_LEN
-    v4.sin_len = (u_char) salen;
-#endif
-    so = (struct sockaddr *) &v4;
-    ts->dnsout = get_request_socket (AF_INET);
-  }
-  else if (1 == inet_pton (AF_INET6, dns_exit, &v6.sin6_addr))
-  {
-    salen = sizeof (v6);
-    v6.sin6_family = AF_INET6;
-    v6.sin6_port = htons (53);
-#if HAVE_SOCKADDR_IN_SIN_LEN
-    v6.sin6_len = (u_char) salen;
-#endif
-    so = (struct sockaddr *) &v6;
-    ts->dnsout = get_request_socket (AF_INET6);
-  }  
-  else
-  {
-    GNUNET_break (0);
    return GNUNET_SYSERR;
-  }
-  if (NULL == ts->dnsout)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                _("Configured DNS exit `%s' is not working / valid.\n"),
-                dns_exit);
-    return GNUNET_SYSERR;
-  }
-  memcpy (&ts->addr,
-          so,
-          salen);
-  ts->addrlen = salen;
-  GNUNET_NETWORK_socket_sendto (ts->dnsout,
-                                buf, dlen, so, salen); 
-  ts->timeout = GNUNET_TIME_relative_to_absolute (REQUEST_TIMEOUT);
  return GNUNET_OK;
 }
@@ -1552,6 +1235,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
  char *ipv6prefix;
  struct in_addr dns_exit4;
  struct in6_addr dns_exit6;
+  char *dns_exit;
  cfg = cfg_;
  if (GNUNET_YES !=
@@ -1582,7 +1266,7 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
    GNUNET_free_non_null (dns_exit);
    dns_exit = NULL;
  }
+  dnsstub = GNUNET_DNSSTUB_start (dns_exit);
  helper_argv[0] = GNUNET_strdup ("gnunet-dns");
  if (GNUNET_SYSERR ==
      GNUNET_CONFIGURATION_get_value_string (cfg, "dns", "IFNAME", &ifc_name))
diff --git a/src/include/Makefile.am b/src/include/Makefile.am
index 8a326e1bf..4bde4fbbb 100644
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@@ -40,6 +40,7 @@ gnunetinclude_HEADERS = \
  gnunet_dht_service.h \
  gnunet_disk_lib.h \
  gnunet_dnsparser_lib.h \
+  gnunet_dnsstub_lib.h \
  gnunet_dns_service.h \
  gnunet_dv_service.h \
  gnunet_fragmentation_lib.h \
diff --git a/src/include/gnunet_dnsstub_lib.h b/src/include/gnunet_dnsstub_lib.h
new file mode 100644
index 000000000..ffe82dbbe
--- /dev/null
+++ b/src/include/gnunet_dnsstub_lib.h
@@ -0,0 +1,115 @@
+/*
+      This file is part of GNUnet
+      (C) 2012 Christian Grothoff (and other contributing authors)
+      GNUnet is free software; you can redistribute it and/or modify
+      it under the terms of the GNU General Public License as published
+      by the Free Software Foundation; either version 3, or (at your
+      option) any later version.
+      GNUnet is distributed in the hope that it will be useful, but
+      WITHOUT ANY WARRANTY; without even the implied warranty of
+      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+      General Public License for more details.
+      You should have received a copy of the GNU General Public License
+      along with GNUnet; see the file COPYING.  If not, write to the
+      Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+      Boston, MA 02111-1307, USA.
+ */
+/**
+ * @file include/gnunet_dnsstub_lib.h
+ * @brief API for helper library to send DNS requests to DNS resolver
+ * @author Christian Grothoff
+ */
+#ifndef GNUNET_DNSSTUB_LIB_H
+#define GNUNET_DNSSTUB_LIB_H
+#include "gnunet_common.h"
+#include "gnunet_tun_lib.h"
+/**
+ * Opaque handle to the stub resolver.
+ */ 
+struct GNUNET_DNSSTUB_Context;
+/**
+ * Opaque handle to a socket doing UDP requests.
+ */ 
+struct GNUNET_DNSSTUB_RequestSocket;
+/**
+ * Start a DNS stub resolver.
+ *
+ * @param dns_ip target IP address to use
+ * @return NULL on error
+ */
+struct GNUNET_DNSSTUB_Context *
+GNUNET_DNSSTUB_start (const char *dns_ip);
+/**
+ * Cleanup DNSSTUB resolver.
+ *
+ * @param ctx stub resolver to clean up
+ */
+void
+GNUNET_DNSSTUB_stop (struct GNUNET_DNSSTUB_Context *ctx);
+/**
+ * Function called with the result of a DNS resolution.
+ *
+ * @param cls closure
+ * @param rs socket that received the response
+ * @param dns dns response, never NULL
+ * @param dns_len number of bytes in 'dns'
+ */
+typedef void (*GNUNET_DNSSTUB_ResultCallback)(void *cls,
+                                              struct GNUNET_DNSSTUB_RequestSocket *rs,
+                                              const struct GNUNET_TUN_DnsHeader *dns,
+                                              size_t dns_len);
+/**
+ * Perform DNS resolution using given address.
+ *
+ * @param ctx stub resolver to use
+ * @param af address family to use
+ * @param request DNS request to transmit
+ * @param request_len number of bytes in msg
+ * @param rc function to call with result
+ * @param rc_cls closure for 'rc'
+ * @return socket used for the request, NULL on error
+ */
+struct GNUNET_DNSSTUB_RequestSocket *
+GNUNET_DNSSTUB_resolve (struct GNUNET_DNSSTUB_Context *ctx,
+                        const struct sockaddr *sa,
+                        socklen_t sa_len,
+                        const void *request,
+                        size_t request_len,
+                        GNUNET_DNSSTUB_ResultCallback rc,
+                        void *rc_cls);
+/**
+ * Perform DNS resolution using our default IP from init.
+ *
+ * @param ctx stub resolver to use
+ * @param request DNS request to transmit
+ * @param request_len number of bytes in msg
+ * @param rc function to call with result
+ * @param rc_cls closure for 'rc'
+ * @return socket used for the request, NULL on error
+ */
+struct GNUNET_DNSSTUB_RequestSocket *
+GNUNET_DNSSTUB_resolve2 (struct GNUNET_DNSSTUB_Context *ctx,
+                         const void *request,
+                         size_t request_len,
+                         GNUNET_DNSSTUB_ResultCallback rc,
+                         void *rc_cls);
+#endif