Merge branch 'v1.1' of ssh://git.coolaj86.com:22042/coolaj86/digd.js into v1.1

EXAMPLE-SET-GLUE-NS-DNS.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com ns:set -n hellabit.com --nameserver ns1.daplie.com,ns2.daplie.domains,ns3.hellabit.com
+
+
+
+# glue setting is rate-limited, or so it would seem
+echo "sleeping between setting glue for rate limit"
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 45.55.1.122 -n ns1.daplie.com
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 45.55.1.122 -n ns1.daplie.domains
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 45.55.1.122 -n ns1.daplie.me --tld me
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 45.55.1.122 -n ns1.hellabit.com --tld com
+sleep 5
+
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns1-do -a 45.55.1.122 -n ns1.daplie.com
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns1-do -a 45.55.1.122 -n ns1.daplie.domains
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns1-do -a 45.55.1.122 -n ns1.daplie.me --tld me
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns1-do -a 45.55.1.122 -n ns1.hellabit.com --tld com
+
+
+
+# glue setting is rate-limited, or so it would seem
+echo "sleeping between setting glue for rate limit"
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 45.55.254.197 -n ns2.daplie.com
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 45.55.254.197 -n ns2.daplie.domains
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 45.55.254.197 -n ns2.daplie.me --tld me
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 45.55.254.197 -n ns2.hellabit.com --tld com
+sleep 5
+
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns2-do -a 45.55.254.197 -n ns2.daplie.com
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns2-do -a 45.55.254.197 -n ns2.daplie.domains
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns2-do -a 45.55.254.197 -n ns2.daplie.me --tld me
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns2-do -a 45.55.254.197 -n ns2.hellabit.com --tld com
+
+
+
+# glue setting is rate-limited, or so it would seem
+echo "sleeping between setting glue for rate limit"
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 159.203.25.112 -n ns3.daplie.com
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 159.203.25.112 -n ns3.daplie.domains
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 159.203.25.112 -n ns3.daplie.me --tld me
+sleep 5
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com glue:set -a 159.203.25.112 -n ns3.hellabit.com --tld com
+sleep 5
+
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns3-do -a 159.203.25.112 -n ns3.daplie.com
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns3-do -a 159.203.25.112 -n ns3.daplie.domains
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns3-do -a 159.203.25.112 -n ns3.daplie.me --tld me
+node bin/daplie.js --oauth3-config ~/.oauth3+domains@daplie.com devices:attach -d ns3-do -a 159.203.25.112 -n ns3.hellabit.com --tld com

HOWTO-NS.md

@@ -0,0 +1,7 @@
+```bash
+# Create a glue record for the nameserver
+daplie glue:set -n ns1.example.com -a 12.55.12.33
+
+# Set the nameservers for a domain
+daplie ns:set -n example.com --nameservers ns1.example.com
+```

README.md

@@ -1,9 +1,10 @@
 digd.js
 =======
 
-| [dns-suite](https://git.daplie.com/Daplie/dns-suite)
-| [dig.js](https://git.daplie.com/Daplie/dig.js)
+| [dns-suite.js](https://git.coolaj86.com/coolaj86/dns-suite.js)
+| [dig.js](https://git.coolaj86.com/coolaj86/dig.js)
 | **digd.js**
+| Sponsored by [Daplie](https://daplie.com).
 
 A lightweight DNS / mDNS daemon (server) for creating and capturing DNS and mDNS
 query and response packets to disk as binary and/or JSON.
@@ -12,16 +13,22 @@ Options are similar to the Unix dig command.
 Install
 -------
 
+### systemd service
+
+```bash
+curl -L https://git.coolaj86.com/coolaj86/digd.js/raw/v1.1/install.sh | bash
+```
+
 ### with git
 
 ```bash
 # Install the latest of v1.x
-npm install -g 'git+https://git@git.daplie.com/Daplie/digd.js.git#v1'
+npm install -g 'git+https://git.coolaj86.com/coolaj86/digd.js.git#v1'
 ```
 
 ```bash
-# Install exactly v1.0.0
-npm install -g 'git+https://git@git.daplie.com/Daplie/digd.js.git#v1.0.0'
+# Install exactly v1.1.9
+npm install -g 'git+https://git.coolaj86.com/coolaj86/digd.js.git#v1.1.9'
 ```
 
 ### without git

dist/etc/systemd/system/digd.js.service

@@ -0,0 +1,61 @@
+[Unit]
+Description=digd.js - A lightweight DNS server in node.js.
+Documentation=https://git.coolaj86.com/coolaj86/digd.js
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+
+[Service]
+# Restart on crash (bad signal), but not on 'clean' failure (error exit code)
+# Allow up to 3 restarts within 10 seconds
+# (it's unlikely that a user or properly-running script will do this)
+Restart=on-abnormal
+StartLimitInterval=10
+StartLimitBurst=3
+
+# User and group the process will run as
+# (git is the de facto standard on most systems)
+User=digd
+Group=digd
+
+WorkingDirectory=/opt/digd.js
+# TODO use --config instead of commandline params
+ExecStart=/opt/digd.js/bin/node /opt/digd.js/bin/digd.js --port 53 --input /srv/digd.js/db.json +norecurse
+ExecReload=/bin/kill -USR1 $MAINPID
+
+# Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings.
+# Unmodified digd.js is not expected to use more than this.
+LimitNOFILE=1048576
+LimitNPROC=64
+
+# Use private /tmp and /var/tmp, which are discarded after digd.js stops.
+PrivateTmp=true
+# Use a minimal /dev
+PrivateDevices=true
+# Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
+ProtectHome=true
+# Make /usr, /boot, /etc and possibly some more folders read-only.
+ProtectSystem=full
+# ... except /srv/digd.js because we want a place for the database
+# and /var/log/digd.js because we want a place where logs can go.
+# This merely retains r/w access rights, it does not add any new.
+# Must still be writable on the host!
+ReadWriteDirectories=/opt/digd.js /srv/digd.js /var/log/digd.js
+
+# Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories
+; ReadWritePaths=/opt/digd.js /srv/digd.js /var/log/digd.js
+
+# The following additional security directives only work with systemd v229 or later.
+# They further retrict privileges that can be gained by digd.js.
+# Note that you may have to add capabilities required by any plugins in use.
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+
+# Caveat: Some features may need additional capabilities.
+# For example an "upload" may need CAP_LEASE
+; CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_LEASE
+; AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_LEASE
+; NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target

install.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+sudo adduser --home /opt/digd.js --gecos '' --disabled-password digd
+sudo mkdir -p /opt/digd.js/ /srv/digd.js /var/log/digd.js
+sudo mkdir -p /opt/digd.js /srv/digd.js
+#chown -R $(whoami):$(whoami) /opt/digd.js /srv/digd.js
+chown -R digd:digd /opt/digd.js /srv/digd.js
+
+echo "v8.9.0" > /tmp/NODEJS_VER
+export NODE_PATH=/opt/digd.js/lib/node_modules
+export NPM_CONFIG_PREFIX=/opt/digd.js
+curl -fsSL https://bit.ly/install-min-node -o ./install-node.sh.tmp
+bash ./install-node.sh.tmp
+rm ./install-node.sh.tmp
+/opt/digd.js/bin/node /opt/digd.js/bin/npm install -g npm@4
+
+git clone https://git.coolaj86.com/coolaj86/digd.js /opt/digd.js/lib/node_modules/digd.js
+pushd /opt/digd.js/lib/node_modules/digd.js
+  git checkout v1.1
+  /opt/digd.js/bin/node /opt/digd.js/bin/npm install
+popd
+
+sudo rsync -v /opt/digd.js/lib/node_modules/digd.js/dist/etc/systemd/system/digd.js.service /etc/systemd/system/
+sudo rsync -v /opt/digd.js/lib/node_modules/digd.js/samples/db.json /srv/digd.js/db.json
+sudo ln -s /opt/digd.js/lib/node_modules/digd.js/bin/digd.js /opt/digd.js/bin/
+
+sudo chown -R digd:digd /opt/digd.js/ /srv/digd.js /var/log/digd.js
+
+sudo systemctl daemon-reload
+sudo systemctl restart digd.js
+
+dig @localhost -p 53 example.com
+
+#sudo journalctl -xefu digd.js
+sudo journalctl -xeu digd.js

lib/dns-store.js

@@ -395,7 +395,7 @@ module.exports.query = function (input, query, cb) {
     // NS records are returned as ANSWER for NS and ANY, and as AUTHORITY when an externally-delegated domain would return an SOA (no records)
     // SOA records are returned as ANSWER for SOA and ANY, and as AUTHORITY when no records are found, but the domain is controlled here
 
-    console.log("[DEV] has records");
+    console.log("[DEV] has", someRecords.length, "records");
 
     // filter out NS (delegation) records, unless that is what is intended
     someRecords = someRecords.filter(function (r) {
@@ -439,7 +439,7 @@ module.exports.query = function (input, query, cb) {
       results.header.rcode = NOERROR;
       //console.log('[DEV] ANSWER results', results);
 
-      if (255 === query.question[0].type && 'ANY' === query.question[0].typeName) {
+      if (255 === query.question[0].type || 'ANY' === query.question[0].typeName) {
         getNsAndSoa(false, true);
         return;
       }

package.json

@@ -1,8 +1,9 @@
 {
   "name": "digd.js",
-  "version": "1.1.4",
+  "version": "1.1.9",
   "description": "A lightweight DNS / mDNS daemon (server) for creating and capturing DNS and mDNS query and response packets to disk as binary and/or JSON. Options are similar to the Unix dig command.",
   "main": "bin/digd.js",
+  "homepage": "https://git.coolaj86.com/coolaj86/digd.js",
   "bin": {
     "digd.js": "bin/digd.js"
   },
@@ -11,7 +12,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git@git.daplie.com:Daplie/digd.js.git"
+    "url": "git://git.coolaj86.com:coolaj86/digd.js.git"
   },
   "keywords": [
     "mdig",
@@ -46,7 +47,7 @@
   "author": "AJ ONeal <coolaj86@gmail.com> (https://coolaj86.com)",
   "license": "MIT OR Apache-2.0",
   "dependencies": {
-    "dig.js": "git+https://git.daplie.com/Daplie/dig.js#v1.3",
-    "hexdump.js": "git+https://git.daplie.com/Daplie/hexdump.js#v1.0.4"
+    "dig.js": "git+https://git.coolaj86.com/coolaj86/dig.js#v1.3",
+    "hexdump.js": "git+https://git.coolaj86.com/coolaj86/hexdump.js#v1.0.4"
   }
 }

samples/db.js

@@ -1,12 +1,13 @@
 'use strict';
 
-module.exports = {
-  "primaryNameservers": [ 'localhost' ] // 'ns1.vanity-dns.org'
+module.exports =
+{
+  "primaryNameservers": [ "localhost" ] // 'ns1.vanity-dns.org'
 , "domains": [
     { "id": "example.com", "revokedAt": 0 }
   , { "id": "smith.example.com", "revokedAt": 0 }
   , { "id": "in-delegated.example.com", "revokedAt": 0 }
-  , { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ 'ns1.dns-server.net', 'ns2.dns-server.net' ] }
+  , { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ "ns1.dns-server.net", "ns2.dns-server.net" ] }
     // test and probably remove
   //, { "id": "out-delegated.example.com", "revokedAt": 0 }
   ]

samples/db.json

@@ -0,0 +1,98 @@
+{
+  "primaryNameservers": [ "localhost" ]
+, "domains": [
+    { "id": "example.com", "revokedAt": 0 }
+  , { "id": "smith.example.com", "revokedAt": 0 }
+  , { "id": "in-delegated.example.com", "revokedAt": 0 }
+  , { "id": "john.smith.example.com", "revokedAt": 0, "vanityNs": [ "ns1.dns-server.net", "ns2.dns-server.net" ] }
+  ]
+, "records": [
+    { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "MX", "priority": 10, "exchange": "mxa.example.org" }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "MX", "priority": 10, "exchange": "mxb.example.org" }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "SRV", "priority": 10, "weight": 20, "port": 65065, "target": "spot.devices.example.com" }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "TXT", "data": [ "foo bar baz" ] }
+  , { "zone": "example.com", "name": "example.com", "tld": "com", "sld": "example", "sub": ""
+    , "type": "TXT", "data": [ "foo", "bar", "baz" ] }
+
+  , { "zone": "example.com", "name": "a.example.com", "tld": "com", "sld": "example", "sub": "a"
+    , "type": "A", "address": "4.3.2.1" }
+  , { "zone": "example.com", "name": "aaaa.example.com", "tld": "com", "sld": "example", "sub": "aaaa"
+    , "type": "AAAA", "address": "::1" }
+  , { "zone": "example.com", "name": "aname.example.com", "tld": "com", "sld": "example", "sub": "aname"
+    , "type": "A", "aname": "amazon.com" }
+  , { "zone": "example.com", "name": "devname.example.com", "tld": "com", "sld": "example", "sub": "devname"
+    , "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
+  , { "zone": "example.com", "name": "cname.example.com", "tld": "com", "sld": "example", "sub": "cname"
+    , "type": "CNAME", "data": "example.com" }
+  , { "zone": "example.com", "name": "mx.example.com", "tld": "com", "sld": "example", "sub": "mx"
+    , "type": "MX", "priority": 10, "exchange": "mxa.example.org" }
+  , { "zone": "example.com", "name": "mx.example.com", "tld": "com", "sld": "example", "sub": "mx"
+    , "type": "MX", "priority": 10, "exchange": "mxb.example.org" }
+  , { "zone": "example.com", "name": "srv.example.com", "tld": "com", "sld": "example", "sub": "srv"
+    , "type": "SRV", "priority": 10, "weight": 20, "port": 65065, "target": "spot.devices.example.com" }
+  , { "zone": "example.com", "name": "txt.example.com", "tld": "com", "sld": "example", "sub": "txt"
+    , "type": "TXT", "data": [ "foo bar baz" ] }
+  , { "zone": "example.com", "name": "mtxt.example.com", "tld": "com", "sld": "example", "sub": "mtxt"
+    , "type": "TXT", "data": [ "foo", "bar", "baz" ] }
+  , { "zone": "example.com", "type": "NS", "name": "ns.example.com"
+    , "tld": "com", "sld": "example", "sub": "ns", "data": "ns1.vanity-dns.org" }
+  , { "zone": "example.com", "type": "NS", "name": "ns.example.com"
+    , "tld": "com", "sld": "example", "sub": "ns", "data": "ns2.vanity-dns.org" }
+
+  , { "zone": "example.com", "name": "www.example.com", "tld": "com", "sld": "example", "sub": "www"
+    , "type": "A", "address": "1.2.3.4", "aname": "fido.devices.example.com" }
+  , { "zone": "example.com", "name": "email.example.com", "tld": "com", "sld": "example", "sub": "email"
+    , "type": "CNAME", "data": "mailgun.org" }
+
+  , { "zone": "example.com", "name": "*.wild.example.com", "tld": "com", "sld": "example", "sub": "*.wild"
+    , "type": "A", "address": "12.34.56.78" }
+  , { "zone": "example.com", "name": "exists.wild.example.com", "tld": "com", "sld": "example", "sub": "exists.wild"
+    , "type": "A", "address": "123.0.0.45" }
+
+  , { "zone": "example.com", "type": "NS", "name": "out-delegated.example.com"
+    , "tld": "com", "sld": "example", "sub": "out-delegated", "data": "ns1.vanity-dns.org" }
+  , { "zone": "example.com", "type": "NS", "name": "out-delegated.example.com"
+    , "tld": "com", "sld": "example", "sub": "out-delegated", "data": "ns2.vanity-dns.org" }
+
+  , { "zone": "example.com", "type": "NS", "name": "in-delegated.example.com"
+    , "tld": "com", "sld": "example", "sub": "in-delegated", "data": "localhost" }
+
+  , { "zone": "example.com", "name": "fido.devices.example.com", "tld": "com", "sld": "example", "sub": "fido.devices"
+    , "device": "abcdef123"
+    , "type": "ANAME", "address": "1.2.3.4" }
+
+  , { "zone": "example.com", "type": "NS", "name": "smith.example.com"
+    , "tld": "com", "sld": "example", "sub": "smith", "data": "ns1.vanity-dns.org" }
+
+  , { "zone": "example.com", "name": "smith.example.com", "tld": "com", "sld": "example", "sub": "smith"
+    , "type": "NS", "data": "ns2.vanity-dns.org" }
+
+  , { "zone": "smith.example.com", "name": "smith.example.com", "tld": "example.com", "sld": "smith", "sub": ""
+    , "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
+
+  , { "zone": "smith.example.com", "name": "www.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "www"
+    , "type": "CNAME", "data": "smith.example.com" }
+
+  , { "zone": "smith.example.com", "name": "john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "john"
+    , "type": "NS", "data": "ns1.vanity-dns.org" }
+
+  , { "zone": "smith.example.com", "name": "john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "john"
+    , "type": "NS", "data": "ns2.vanity-dns.org" }
+
+  , { "zone": "smith.example.com", "name": "*.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "*"
+    , "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
+
+  , { "zone": "smith.example.com", "name": "exception.john.smith.example.com", "tld": "example.com", "sld": "smith", "sub": "exception.john"
+    , "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
+
+
+  , { "zone": "john.smith.example.com", "name": "john.smith.example.com", "tld": "smith.example.com", "sld": "john", "sub": ""
+   , "type": "A", "address": "45.56.59.142", "aname": "rex.devices.smith.example.com" }
+  ]
+}