Remove 'dns_resolver' option, replace w/ ZEEK_DNS_RESOLVER env. var.

The later simply doesn't work well in conjunction with hostname
literals.  i.e. "google.com" (without quotes) needs to be resolved
to a set of addresses at parse-time, so if a user wishes to use a
custom resolver, we need that to be configured independently from
the order in which scripts get parsed.  Configuring 'dns_resolver'
via scripting "redef" is clearly dependent on parse order.

Note 'dns_resolver' hasn't been in any release version yet, so
I'm removing it outright, no deprecation.  The ZEEK_DNS_RESOLVER
environment variable now serves the original purpose.

doc

@@ -1 +1 @@
-Subproject commit 073bb08473b8172b8bb175e0702204f15f522392
+Subproject commit 856db2bb4014d15a94cb336d7e5e8ca1d4627b1e

scripts/base/init-bare.zeek

@@ -3743,12 +3743,6 @@ global dns_skip_all_addl = T &redef;
 ## traffic and do not process it.  Set to 0 to turn off this functionality.
 global dns_max_queries = 25 &redef;
 
-## The address of the DNS resolver to use.  If not changed from the
-## unspecified address, ``[::]``, the first nameserver from /etc/resolv.conf
-## gets used (IPv6 is currently only supported if set via this option, not
-## when parsed from the file).
-const dns_resolver = [::] &redef;
-
 ## HTTP session statistics.
 ##
 ## .. zeek:see:: http_stats

src/DNS_Mgr.cc

@@ -388,6 +388,7 @@ DNS_Mgr::DNS_Mgr(DNS_MgrMode arg_mode)
 	num_requests = 0;
 	successful = 0;
 	failed = 0;
+	nb_dns = nullptr;
 	}
 
 DNS_Mgr::~DNS_Mgr()
@@ -399,16 +400,21 @@ DNS_Mgr::~DNS_Mgr()
 	delete [] dir;
 	}
 
-void DNS_Mgr::InitPostScript()
+void DNS_Mgr::Init()
 	{
 	if ( did_init )
 		return;
 
-	auto dns_resolver_id = global_scope()->Lookup("dns_resolver");
+	// Note that Init() may be called by way of LookupHost() during the act of
-	auto dns_resolver_addr = dns_resolver_id->ID_Val()->AsAddr();
+	// parsing a hostname literal (e.g. google.com), so we can't use a
+	// script-layer option to configure the DNS resolver as it may not be
+	// configured to the user's desired address at the time when we need to to
+	// the lookup.
+	auto dns_resolver = getenv("ZEEK_DNS_RESOLVER");
+	auto dns_resolver_addr = dns_resolver ? IPAddr(dns_resolver) : IPAddr();
 	char err[NB_DNS_ERRSIZE];
 
-	if ( dns_resolver_addr == IPAddr("::") )
+	if ( dns_resolver_addr == IPAddr() )
 		nb_dns = nb_dns_init(err);
 	else
 		{
@@ -433,19 +439,11 @@ void DNS_Mgr::InitPostScript()
 	if ( ! nb_dns )
 		reporter->Warning("problem initializing NB-DNS: %s", err);
 
-	const char* cache_dir = dir ? dir : ".";
+	did_init = true;
-
-	if ( mode == DNS_PRIME && ! ensure_dir(cache_dir) )
-		{
-		did_init = 0;
-		return;
 	}
 
-	cache_name = new char[strlen(cache_dir) + 64];
+void DNS_Mgr::InitPostScript()
-	sprintf(cache_name, "%s/%s", cache_dir, ".bro-dns-cache");
+	{
-
-	LoadCache(fopen(cache_name, "r"));
-
 	dns_mapping_valid = internal_handler("dns_mapping_valid");
 	dns_mapping_unverified = internal_handler("dns_mapping_unverified");
 	dns_mapping_new_name = internal_handler("dns_mapping_new_name");
@@ -455,14 +453,18 @@ void DNS_Mgr::InitPostScript()
 
 	dm_rec = internal_type("dns_mapping")->AsRecordType();
 
-	did_init = 1;
+	// Registering will call Init()
-
 	iosource_mgr->Register(this, true);
 
 	// We never set idle to false, having the main loop only calling us from
 	// time to time. If we're issuing more DNS requests than we can handle
 	// in this way, we are having problems anyway ...
 	SetIdle(true);
+
+	const char* cache_dir = dir ? dir : ".";
+	cache_name = new char[strlen(cache_dir) + 64];
+	sprintf(cache_name, "%s/%s", cache_dir, ".bro-dns-cache");
+	LoadCache(fopen(cache_name, "r"));
 	}
 
 static TableVal* fake_name_lookup_result(const char* name)
@@ -497,12 +499,11 @@ TableVal* DNS_Mgr::LookupHost(const char* name)
 	if ( mode == DNS_FAKE )
 		return fake_name_lookup_result(name);
 
+	Init();
+
 	if ( ! nb_dns )
 		return empty_addr_set();
 
-	if ( ! did_init )
-		Init();
-
 	if ( mode != DNS_PRIME )
 		{
 		HostMap::iterator it = host_mappings.find(name);
@@ -553,7 +554,6 @@ TableVal* DNS_Mgr::LookupHost(const char* name)
 
 Val* DNS_Mgr::LookupAddr(const IPAddr& addr)
 	{
-	if ( ! did_init )
 	Init();
 
 	if ( mode != DNS_PRIME )
@@ -1072,7 +1072,6 @@ static void resolve_lookup_cb(DNS_Mgr::LookupCallback* callback,
 
 void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback)
 	{
-	if ( ! did_init )
 	Init();
 
 	if ( mode == DNS_FAKE )
@@ -1111,7 +1110,6 @@ void DNS_Mgr::AsyncLookupAddr(const IPAddr& host, LookupCallback* callback)
 
 void DNS_Mgr::AsyncLookupName(const string& name, LookupCallback* callback)
 	{
-	if ( ! did_init )
 	Init();
 
 	if ( mode == DNS_FAKE )
@@ -1150,7 +1148,6 @@ void DNS_Mgr::AsyncLookupName(const string& name, LookupCallback* callback)
 
 void DNS_Mgr::AsyncLookupNameText(const string& name, LookupCallback* callback)
 	{
-	if ( ! did_init )
 	Init();
 
 	if ( mode == DNS_FAKE )

src/DNS_Mgr.h

@@ -136,6 +136,7 @@ protected:
 	                    iosource::FD_Set* except) override;
 	double NextTimestamp(double* network_time) override;
 	void Process() override;
+	void Init() override;
 	const char* Tag() override { return "DNS_Mgr"; }
 
 	DNS_MgrMode mode;

src/main.cc

@@ -215,6 +215,7 @@ void usage(int code = 1)
 	fprintf(stderr, "    $BRO_LOG_SUFFIX                | ASCII log file extension (.%s)\n", logging::writer::Ascii::LogExt().c_str());
 	fprintf(stderr, "    $BRO_PROFILER_FILE             | Output file for script execution statistics (not set)\n");
 	fprintf(stderr, "    $BRO_DISABLE_BROXYGEN          | Disable Zeexygen documentation support (%s)\n", getenv("BRO_DISABLE_BROXYGEN") ? "set" : "not set");
+	fprintf(stderr, "    $ZEEK_DNS_RESOLVER             | IPv4/IPv6 address of DNS resolver to use (%s)\n", getenv("ZEEK_DNS_RESOLVER") ? getenv("ZEEK_DNS_RESOLVER") : "not set, will use first IPv4 address from /etc/resolv.conf");
 
 	fprintf(stderr, "\n");