glendc / go-external-ip Goto Github PK
View Code? Open in Web Editor NEWa Golang library to get your external ip from multiple services
License: MIT License
a Golang library to get your external ip from multiple services
License: MIT License
I noticed this repo has a public IP detection package (also Go).
One useful feature I noticed is using DNS protocol itself (actually DNS over TLS) to query public IP from OpenDNS and Cloudflare. (Basically dig +short ANY myip.opendns.com @resolver1.opendns.com
).
They are doing it exclusively using DNS over TLS as of this commit. See this issue for explanation of specific attack that is possible using plaintext DNS.
Seems like OpenDNS and Cloudflare are the only two providers that properly support querying public IP over DoT. Google offers a similar service but not over TLS (and was removed in 320d91d
for that reason).
Using DNS like this can supposedly be faster and less likely to be rate-limited than HTTP (this is just anecdotal, I haven't verified this). Might be worth adding to the mix as well as STUN.
Also, there is the option to collaborate somehow with qdm12/ddns-updater, e.g. to build a shared external IP library which can be used by that project, or vice versa.
Using https://github.com/ccding/go-stun it should be fairly easy to support the STUN protocol.
Just need to make sure that RFC5780 is sufficient supported, to make it work with out-in-the-wild servers.
See: ccding/go-stun#20
I wonder if it is a good idea to use only HTTPS providers?
I can't comment much on specific security risks of using non-TLS providers for this purpose (querying external IP), other than the general well-known risks of plaintext communications.
I think the consensus system used in go-external-ip can greatly mitigate MITM attacks, and maybe prevent them completely if at least one provider is using TLS (especially the way go-external-ip is designed to give more weight to TLS providers).
However, on the other hand, is there any real reason to use non-TLS providers when we can change to only HTTPS providers? Is it faster to use HTTP-only providers? (I have not tested, can't see it being that big a difference, especially if we are waiting for multiple providers to get consensus anyway).
All current HTTP-only providers now support HTTPS except:
{"message":"Not Found"}
on HTTPS)To make up for removing Akamai, there are others that could be added such as:
(all of these URLs return plain text when requested from non-browser useragent)
N/A
N/A
This Library and binary have been written by me, in a long forgotten past. I've noticed however that interest in it never has faded. As a first step I'll go over the project, add CI (testing, quality checks), ensure it works against latest Go versions, and add community guidelines.
I have noticed there are a quite a couple of forks out there. Are any of them active? If so, feel free to be in touch with me to see if we can bring any of your contributions and improvements upstream, so all can benefit from them.
This project had a lot of potential but has never been fully finished. As a community we probably can bring it to a new level. To do this I would like to get some input from the users of this project on what features, improvements and changes you can benefit from. Any suggestions to help shape the roadmap and future direction of this project can help yourself and others.
Kind regards, Glen.
Thanks for the package, I'm using it in my route53-ddns project and it has been flawless forever.
However I've recently added ipv6 support to my home connection and now the external IP returned is the ipv6 address. While this makes sense that the reporting services do this, it would be awesome to be able to get either or both v4 and v6 addresses.
From my quick research, as I understand it the golang resolver will almost simultaneously lookup using v4 and v6 and returns the first one found - but there might be a way to disable one of these protocols.
I'll keep looking but wondered if you know of any other possibilities?
Purely an FYI in case you were interested. icanhazip saw 45M requests with the user agent in 72 hours.
https://twitter.com/majorhayden/status/1364778082469621761?s=19
Just an FYI, if you'd like to add it to the consensus.
Note in passing that both are available over HTTPS.
https://api.ident.me for more info.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.