The DNS Resolver module provides user protection for DNS interception and configuration update attacks and improved network performance for DNS resolutions. The module contains the code that implements the DNS stub resolver, which translates names such as www.google.com to IP addresses such as 2001:db8::1. The DNS stub resolver backs Java API elements such as InetAddress#getAllByName and Network#getAllByName, as well as native networking functions, and implements sending and receiving DNS queries and caching the results.
Changes in Android 10
On devices running Android 9 and lower, the DNS resolver code is spread across
Bionic and netd
. DNS lookups are centralized in the
netd
daemon to allow for system-wide caching, while apps
call functions (such as getaddrinfo
) in Bionic. The query is sent
over a UNIX socket to /dev/socket/dnsproxyd
to the
netd
daemon, which parses the request and calls
getaddrinfo
again to issue DNS lookups, then caches the results
so that other apps can use them. The DNS resolver implementation was mostly
contained in bionic/libc/dns/
and partly in
system/netd/server/dns
.
Android 10 moves the DNS resolver code to
system/netd/resolv,
converts it to C++, then modernizes and
refactors the code. The code in Bionic continues to exist for app
compatibility reasons, but is no longer called by the system. These source
paths are affected by the refactoring:
bionic/libc/dns
system/netd/client
system/netd/server/dns
system/netd/server/DnsProxyListener.*
system/netd/resolv
Format and dependencies
The DNS Resolver module is delivered as an
APEX file and is dynamically linked by
netd
; however, netd
is not a
dependency as the module serves the local socket
/dev/socket/dnsproxyd
directly. The Binder endpoint for the
resolver configuration was moved from netd
to the resolver,
meaning that the system service can call directly into the resolver module
without going through netd
.
The DNS Resolver module depends on libc
(Bionic) and
statically links its dependencies; no other libraries are required.