coolaj86
/
digd.js
2
1
Fork 1
Code Issues 7 Pull Requests 2 Releases Activity

Compare commits

base: coolaj86:master
Branches Tags
coolaj86:master
coolaj86:httpd
coolaj86:v1.3
coolaj86:v1.2
coolaj86:v1
coolaj86:v1.1
jshaver:master
jshaver:v1
jshaver:v1.1
coolaj86:v1.2.2
coolaj86:v1.2.1
coolaj86:v1.2.0
coolaj86:v1.1.13
coolaj86:v1.1.12
coolaj86:v1.1.11
coolaj86:v1.1.10
coolaj86:v1.1.9
coolaj86:v1.1.8
coolaj86:v1.1.7
coolaj86:v1.1.6
coolaj86:v1.1.5
coolaj86:v1.1.4
coolaj86:v1.1.3
coolaj86:v1.1.2
coolaj86:v1.1.1
coolaj86:v1.1.0
coolaj86:v1.0.0
jshaver:v1.1.11
jshaver:v1.1.10
jshaver:v1.1.9
jshaver:v1.1.8
jshaver:v1.1.7
jshaver:v1.1.6
jshaver:v1.1.5
jshaver:v1.1.4
jshaver:v1.1.3
jshaver:v1.1.2
jshaver:v1.1.1
jshaver:v1.1.0
jshaver:v1.0.0
..
compare: jshaver:master
Branches Tags
jshaver:master
jshaver:v1
jshaver:v1.1
coolaj86:master
coolaj86:httpd
coolaj86:v1.3
coolaj86:v1.2
coolaj86:v1
coolaj86:v1.1
jshaver:v1.1.11
jshaver:v1.1.10
jshaver:v1.1.9
jshaver:v1.1.8
jshaver:v1.1.7
jshaver:v1.1.6
jshaver:v1.1.5
jshaver:v1.1.4
jshaver:v1.1.3
jshaver:v1.1.2
jshaver:v1.1.1
jshaver:v1.1.0
jshaver:v1.0.0
coolaj86:v1.2.2
coolaj86:v1.2.1
coolaj86:v1.2.0
coolaj86:v1.1.13
coolaj86:v1.1.12
coolaj86:v1.1.11
coolaj86:v1.1.10
coolaj86:v1.1.9
coolaj86:v1.1.8
coolaj86:v1.1.7
coolaj86:v1.1.6
coolaj86:v1.1.5
coolaj86:v1.1.4
coolaj86:v1.1.3
coolaj86:v1.1.2
coolaj86:v1.1.1
coolaj86:v1.1.0
coolaj86:v1.0.0

3 Commits
master ... master

Author SHA1 Message Date
jshaver 3c11c772a0 Fixed the link I created earlier. 2017-11-03 22:01:06 +00:00
John Shaver 89ff62cde5 Added some clarification to the readme. 2017-11-03 15:57:05 -06:00
John Shaver dddb3d4e17 Added binary packet file so the last README test works. 2017-11-03 15:11:16 -06:00
14 changed files with 240 additions and 454 deletions
Show Stats Expand all files Collapse all files

4
CHANGELOG
View File

@ -1,4 +0,0 @@
v1.1.13 - Tested and working. Deployed to production with known bugs:
* vanity nameserver handling needs more testing
* delegated nameserver handling needs more testing
* malformed records in JSON may result in failure to respond

41
LICENSE
View File

@ -1,41 +0,0 @@
Copyright 2017 AJ ONeal
This is open source software; you can redistribute it and/or modify it under the
terms of either:
a) the "MIT License"
b) the "Apache-2.0 License"
MIT License
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
Apache-2.0 License Summary
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

16
README.md
View File

@ -5,7 +5,7 @@ digd.js
| [dig.js](https://git.coolaj86.com/coolaj86/dig.js)
| [mdig.js](https://git.coolaj86.com/coolaj86/mdig.js)
| **digd.js**
| A [Root project](https://rootprojects.org).
| Sponsored by [Daplie](https://daplie.com).
A lightweight DNS / mDNS daemon (server) in node.js.
@ -22,7 +22,7 @@ Install
### systemd service
```bash
curl -L https://git.coolaj86.com/coolaj86/digd.js/raw/v1.2/install.sh | bash
curl -L https://git.coolaj86.com/coolaj86/digd.js/raw/v1.1/install.sh | bash
```
### with git
@ -33,13 +33,14 @@ npm install -g 'git+https://git.coolaj86.com/coolaj86/digd.js.git#v1'
```
```bash
# Install exactly v1.2.0
npm install -g 'git+https://git.coolaj86.com/coolaj86/digd.js.git#v1.2.0'
# Install exactly v1.1.9
npm install -g 'git+https://git.coolaj86.com/coolaj86/digd.js.git#v1.1.9'
```
### without git
Don't have git? You can use npm's centralized repository:
Don't have git? Well, you can also bow down to the gods of the centralized, monopolized, concentrated, *dictator*net
(as we like to call it here at Daplie Labs), if that's how you roll:
```bash
npm install -g digd.js
@ -58,6 +59,9 @@ digd.js --input <path/to/dns.json>
digd.js --input ./samples/db.json
```
(For more information on the JSON structure see [JSON Database File](#json-database-file)
below.)
### Testing
```bash
@ -88,8 +92,6 @@ Options
+time=<seconds> Sets the timeout for a query in seconds.
+norecurse Set `ra` flag to 0. Do not perform recursion.
+aaonly Set `aa` flag to 1. Do not respond with non-authoritative responses.
+notcp Disable TCP server (default in v1.2)
+tcp Enable TCP server (default in v1.3)
--debug verbose output
```

114
bin/digd.js
View File

@ -5,7 +5,9 @@
var cli = require('cli');
var pkg = require('../package.json');
var dig = require('dig.js/dns-request');
var dgram = require('dgram');
var dnsjs = require('dns-suite');
var crypto = require('crypto');
var common = require('dig.js/common');
var defaultNameservers = require('dns').getServers();
var hexdump;
@ -47,32 +49,8 @@ cli.main(function (args, cli) {
cli.norecurse = true;
return;
}
if (arg === '+notcp') {
if (cli.notcp) {
console.error("'+notcp' was specified more than once");
process.exit(1);
return;
}
cli.notcp = true;
return;
}
if (arg === '+tcp') {
if (cli.tcp) {
console.error("'+tcp' was specified more than once");
process.exit(1);
return;
}
cli.tcp = true;
return;
}
});
if (!cli.tcp) {
if (!cli.notcp) {
console.info("[WARNING] Set '+notcp' to disable tcp connections. The default behavior changes to +tcp in v1.3");
}
}
if (cli.mdns) {
if (!cli.type) {
cli.type = cli.t = 'PTR';
@ -95,10 +73,32 @@ cli.main(function (args, cli) {
}
}
var dnsd = {};
dnsd.onMessage = function (nb, cb) {
var byteOffset = nb._dnsByteOffset || nb.byteOffset;
var queryAb = nb.buffer.slice(byteOffset, byteOffset + nb.byteLength);
var handlers = {};
var server = dgram.createSocket({
type: cli.udp6 ? 'udp6' : 'udp4'
, reuseAddr: true
});
server.bind({
port: cli.port
, address: cli.address
});
handlers.onError = function (err) {
if ('EACCES' === err.code) {
console.error("");
console.error("EACCES: Couldn't bind to port. You probably need to use sudo, authbind, or setcap.");
console.error("");
process.exit(123);
return;
}
console.error("error:", err.stack);
server.close();
};
handlers.onMessage = function (nb, rinfo) {
console.log('[DEBUG] got a message');
var queryAb = nb.buffer.slice(nb.byteOffset, nb.byteOffset + nb.byteLength);
var query;
var count;
@ -215,11 +215,12 @@ cli.main(function (args, cli) {
console.error("Could not write empty DNS response");
console.error(e);
console.error(emptyResp);
cb(e, null, '[DEV] response sent (empty)');
return;
}
cb(null, newAb, '[DEV] response sent (empty)');
server.send(newAb, rinfo.port, rinfo.address, function () {
console.log('[DEV] response sent (empty)', rinfo.port, rinfo.address);
});
}
function sendResponse(newPacket) {
@ -231,11 +232,12 @@ cli.main(function (args, cli) {
console.error("Could not write DNS response from local");
console.error(e);
console.error(newPacket);
cb(e, null, '[DEV] response sent (local query)');
return;
}
cb(null, newAb, '[DEV] response sent (local query)');
server.send(newAb, rinfo.port, rinfo.address, function () {
console.log('[DEV] response sent (local query)', rinfo.port, rinfo.address);
});
}
function recurse() {
@ -288,11 +290,12 @@ cli.main(function (args, cli) {
} catch(e) {
console.error("Could not write DNS response");
console.error(newResponse);
cb(e, null, '[DEV] response sent');
return;
}
cb(null, newAb, '[DEV] response sent');
server.send(newAb, rinfo.port, rinfo.address, function () {
console.log('[DEV] response sent', rinfo.port, rinfo.address);
});
}
}
@ -332,8 +335,7 @@ cli.main(function (args, cli) {
console.log('request sent to', res.nameserver);
}
*/
//console.log('[DEV] query sent (recurse)', rinfo.port, rinfo.address);
//dnsd.onSent('[DEV] query sent (recurse)');
console.log('[DEV] query sent (recurse)', rinfo.port, rinfo.address);
}
, onTimeout: function (res) {
console.log(";; [" + q.name + "] connection timed out; no servers could be reached");
@ -371,7 +373,7 @@ cli.main(function (args, cli) {
return;
}
function respondWithResults(err, resp) {
require('../lib/dns-store').query(path.resolve(cli.input), query, function (err, resp) {
if (err) { console.log('[DEV] answer not found in local db, recursing'); console.error(err); recurse(); return; }
@ -381,34 +383,33 @@ cli.main(function (args, cli) {
if (!cli.norecurse && query.header.rd) { resp.header.ra = 1; }
sendResponse(resp);
}
});
var engine;
try {
engine = require('../lib/store.json.js').create({ filepath: path.resolve(cli.input) });
} catch(e) {
respondWithResults(e);
return;
}
require('../lib/digd.js').query(engine, query, respondWithResults);
};
cli.defaultNameservers = defaultNameservers;
require('../lib/udpd.js').create(cli, dnsd).on('listening', function () {
handlers.onListening = function () {
/*jshint validthis:true*/
var server = this;
cli.chosenNameserver = cli.nameserver;
var index;
if (!cli.chosenNameserver) {
index = require('crypto').randomBytes(2).readUInt16BE(0) % cli.defaultNameservers.length;
cli.chosenNameserver = cli.defaultNameservers[index];
index = crypto.randomBytes(2).readUInt16BE(0) % defaultNameservers.length;
cli.chosenNameserver = defaultNameservers[index];
if (cli.debug) {
console.log('index, defaultNameservers', index, cli.defaultNameservers);
console.log('index, defaultNameservers', index, defaultNameservers);
}
}
});
if (cli.tcp /* TODO v1.3 !cli.notcp */) {
require('../lib/tcpd.js').create(cli, dnsd);
}
if (cli.mdns || '224.0.0.251' === cli.nameserver) {
server.setBroadcast(true);
server.addMembership(cli.nameserver);
}
console.log('');
console.log('Bound and Listening:');
console.log(server.address().address + '#' + server.address().port + ' (' + server.type + ')');
};
console.log('');
if (!cli.nocmd) {
@ -416,4 +417,7 @@ cli.main(function (args, cli) {
console.log(';; global options: +cmd');
}
server.on('error', handlers.onError);
server.on('message', handlers.onMessage);
server.on('listening', handlers.onListening);
});

2
dist/etc/systemd/system/digd.js.service vendored
View File

@ -8,7 +8,7 @@ Wants=network-online.target systemd-networkd-wait-online.service
# Restart on crash (bad signal), but not on 'clean' failure (error exit code)
# Allow up to 3 restarts within 10 seconds
# (it's unlikely that a user or properly-running script will do this)
Restart=always
Restart=on-abnormal
StartLimitInterval=10
StartLimitBurst=3

10
install.sh
View File

@ -6,17 +6,17 @@ sudo mkdir -p /opt/digd.js /srv/digd.js
#chown -R $(whoami):$(whoami) /opt/digd.js /srv/digd.js
chown -R digd:digd /opt/digd.js /srv/digd.js
echo "v8.9.3" > /tmp/NODEJS_VER
echo "v8.9.0" > /tmp/NODEJS_VER
export NODE_PATH=/opt/digd.js/lib/node_modules
export NPM_CONFIG_PREFIX=/opt/digd.js
curl -fsSL https://git.coolaj86.com/coolaj86/node-installer.sh/raw/master/install.sh -o ./node-installer.sh.tmp
bash ./node-installer.sh.tmp
rm ./node-installer.sh.tmp
curl -fsSL https://bit.ly/install-min-node -o ./install-node.sh.tmp
bash ./install-node.sh.tmp
rm ./install-node.sh.tmp
/opt/digd.js/bin/node /opt/digd.js/bin/npm install -g npm@4
git clone https://git.coolaj86.com/coolaj86/digd.js /opt/digd.js/lib/node_modules/digd.js
pushd /opt/digd.js/lib/node_modules/digd.js
git checkout v1.2
git checkout v1.1
/opt/digd.js/bin/node /opt/digd.js/bin/npm install
popd

277
lib/digd.js → lib/dns-store.js
View File

@ -10,102 +10,110 @@ var NOERROR = 0;
var NXDOMAIN = 3;
var REFUSED = 5;
function getRecords(engine, qname, cb) {
function getRecords(db, qname, cb) {
var delMe = {};
var dns = require('dns');
// SECURITY XXX TODO var dig = require('dig.js/dns-request');
var count;
var myRecords = db.records.slice(0).filter(function (r) {
return engine.getRecords({ name: qname }, function (err, myRecords) {
if (err) { cb(err); return; }
function checkCount() {
var ready;
count -= 1;
ready = count <= 0;
if (!ready) {
return;
}
myRecords = myRecords.filter(function (r) {
return !delMe[r.id];
});
// There are a number of ways to interpret the wildcard rules
var hasWild = false;
var hasMatch = false;
myRecords.some(function (r) {
if (qname === r.name) {
hasMatch = true;
return true;
}
if ('*' === r.name[0]) {
hasWild = true;
}
});
if (hasMatch) {
myRecords = myRecords.filter(function (r) {
if ('*' !== r.name[0]) { return true; }
});
}
/*
// no need to filter out records if wildcard is used
else {
records = records.filter(function (r) {
if ('*' === r.name[0]) { return true; }
});
}
*/
cb(null, myRecords);
if ('string' !== typeof r.name) {
return false;
}
function getRecord(r) {
// TODO allow multiple records to be returned(?)
return function (err, addresses) {
if (err || !addresses.length) {
r.id = r.id || Math.random();
delMe[r.id] = true;
} else if (addresses.length > 1) {
r._address = addresses[Math.floor(Math.random() * addresses.length)];
} else {
r._address = addresses[0];
}
checkCount();
};
}
count = myRecords.length;
myRecords.forEach(function (r) {
if (r.aname && !r.address) {
if ('A' === r.type) {
// SECURITY XXX TODO dig.resolveJson(query, opts);
dns.resolve4(r.aname, getRecord(r));
return;
}
if ('AAAA' === r.type) {
// SECURITY XXX TODO dig.resolveJson(query, opts);
dns.resolve6(r.aname, getRecord(r));
return;
}
}
checkCount();
});
if (!myRecords.length) {
checkCount();
// TODO use IN in masterquest (or implement OR)
// Only return single-level wildcard?
if (qname === r.name || ('*.' + qname.split('.').slice(1).join('.')) === r.name) {
return true;
}
});
function checkCount() {
var ready;
count -= 1;
ready = count <= 0;
if (!ready) {
return;
}
myRecords = myRecords.filter(function (r) {
return !delMe[r.id];
});
// There are a number of ways to interpret the wildcard rules
var hasWild = false;
var hasMatch = false;
myRecords.some(function (r) {
if (qname === r.name) {
hasMatch = true;
return true;
}
if ('*' === r.name[0]) {
hasWild = true;
}
});
if (hasMatch) {
myRecords = myRecords.filter(function (r) {
if ('*' !== r.name[0]) { return true; }
});
}
/*
// no need to filter out records if wildcard is used
else {
records = records.filter(function (r) {
if ('*' === r.name[0]) { return true; }
});
}
*/
cb(null, myRecords);
}
function getRecord(r) {
// TODO allow multiple records to be returned(?)
return function (err, addresses) {
if (err || !addresses.length) {
r.id = r.id || Math.random();
delMe[r.id] = true;
} else if (addresses.length > 1) {
r._address = addresses[Math.floor(Math.random() * addresses.length)];
} else {
r._address = addresses[0];
}
checkCount();
};
}
count = myRecords.length;
myRecords.forEach(function (r) {
if (r.aname && !r.address) {
if ('A' === r.type) {
// SECURITY XXX TODO dig.resolveJson(query, opts);
dns.resolve4(r.aname, getRecord(r));
return;
}
if ('AAAA' === r.type) {
// SECURITY XXX TODO dig.resolveJson(query, opts);
dns.resolve6(r.aname, getRecord(r));
return;
}
}
checkCount();
});
if (!myRecords.length) {
checkCount();
}
}
function dbToResourceRecord(r) {
return {
name: r.name
, typeName: r.typeName || r.type // NS
, typeName: r.type // NS
, className: 'IN'
, ttl: r.ttl || 300
@ -139,7 +147,7 @@ function dbToResourceRecord(r) {
};
}
function getNs(engine, ds, results, cb) {
function getNs(db, ds, results, cb) {
console.log('[DEV] getNs entered with domains', ds);
var d = ds.shift();
@ -153,7 +161,7 @@ function getNs(engine, ds, results, cb) {
var qn = d.id.toLowerCase();
return getRecords(engine, qn, function (err, records) {
return getRecords(db, qn, function (err, records) {
if (err) { cb(err); return; }
records.forEach(function (r) {
@ -179,16 +187,16 @@ function getNs(engine, ds, results, cb) {
});
if (!results.authority.length) {
return getNs(engine, ds, results, cb);
return getNs(db, ds, results, cb);
}
// d.vanityNs should only be vanity nameservers (pointing to this same server)
if (d.vanityNs || results.authority.some(function (ns) {
console.log('[debug] ns', ns);
return -1 !== engine.primaryNameservers.indexOf(ns.data.toLowerCase());
return -1 !== db.primaryNameservers.indexOf(ns.data.toLowerCase());
})) {
results.authority.length = 0;
results.authority.push(domainToSoa(engine.primaryNameservers, d));
results.authority.push(domainToSoa(db, d));
results.header.rcode = NXDOMAIN;
}
cb(null, results);
@ -196,8 +204,8 @@ function getNs(engine, ds, results, cb) {
});
}
function domainToSoa(primaryNameservers, domain) {
var nameservers = domain.vanityNs || primaryNameservers;
function domainToSoa(db, domain) {
var nameservers = domain.vanityNs || db.primaryNameservers;
var index = Math.floor(Math.random() * nameservers.length) % nameservers.length;
var nameserver = nameservers[index];
@ -237,20 +245,20 @@ function domainToSoa(primaryNameservers, domain) {
};
}
function getSoa(primaryNameservers, domain, results, cb, answerSoa) {
function getSoa(db, domain, results, cb, answerSoa) {
console.log('[DEV] getSoa entered');
if (!answerSoa) {
results.authority.push(domainToSoa(primaryNameservers, domain));
results.authority.push(domainToSoa(db, domain));
} else {
results.answer.push(domainToSoa(primaryNameservers, domain));
results.answer.push(domainToSoa(db, domain));
}
cb(null, results);
return;
}
module.exports.query = function (engine, query, cb) {
module.exports.query = function (input, query, cb) {
/*
var fs = require('fs');
@ -263,7 +271,11 @@ module.exports.query = function (engine, query, cb) {
});
*/
var db;
var qname;
try {
db = require(input);
} catch(e) { cb(e); return; }
if (!Array.isArray(query.question) || query.question.length < 1) {
cb(new Error("query is missing question section"));
@ -325,48 +337,46 @@ module.exports.query = function (engine, query, cb) {
console.log('[DEV] answerSoa?', answerSoa);
console.log('[DEV] qnames');
console.log(qnames);
var myDomains = db.domains.filter(function (d) {
return -1 !== qnames.indexOf(d.id.toLowerCase());
});
return engine.getSoas({ names: qnames}, function (err, myDomains) {
console.log('[SOA] looking for', qnames, 'and proudly serving', err, myDomains);
if (err) { cb(err); return; }
// this should result in a REFUSED status
if (!myDomains.length) {
// REFUSED will have no records, so we could still recursion, if enabled
results.header.rcode = REFUSED;
cb(null, results);
return;
}
// this should result in a REFUSED status
if (!myDomains.length) {
// REFUSED will have no records, so we could still recursion, if enabled
results.header.rcode = REFUSED;
cb(null, results);
return;
myDomains.sort(function (d1, d2) {
if (d1.id.length > d2.id.length) {
return -1;
}
if (d1.id.length < d2.id.length) {
return 1;
}
return 0;
});
//console.log('sorted domains', myDomains);
if (!getNsAlso) {
return getSoa(db, myDomains[0], results, cb, answerSoa);
}
return getNs(db, /*myDomains.slice(0)*/qnames.map(function (qn) { return { id: qn }; }), results, function (err, results) {
//console.log('[DEV] getNs complete');
if (err) { cb(err, results); return; }
// has NS records (or SOA record if NS records match the server itself)
if (results.authority.length) {
console.log(results); cb(null, results); return;
}
myDomains.sort(function (d1, d2) {
if (d1.id.length > d2.id.length) {
return -1;
}
if (d1.id.length < d2.id.length) {
return 1;
}
return 0;
});
//console.log('sorted domains', myDomains);
// myDomains was sorted such that the longest was first
return getSoa(db, myDomains[0], results, cb);
if (!getNsAlso) {
return getSoa(engine.primaryNameservers, myDomains[0], results, cb, answerSoa);
}
return getNs(engine, /*myDomains.slice(0)*/qnames.map(function (qn) { return { id: qn }; }), results, function (err, results) {
//console.log('[DEV] getNs complete');
if (err) { cb(err, results); return; }
// has NS records (or SOA record if NS records match the server itself)
if (results.authority.length) {
console.log(results); cb(null, results); return;
}
// myDomains was sorted such that the longest was first
return getSoa(engine.primaryNameservers, myDomains[0], results, cb);
});
});
}
@ -375,7 +385,7 @@ module.exports.query = function (engine, query, cb) {
}
//console.log('[DEV] QUERY NAME', qname);
return getRecords(engine, qname, function (err, someRecords) {
return getRecords(db, qname, function (err, someRecords) {
var myRecords;
var nsRecords = [];
@ -397,10 +407,7 @@ module.exports.query = function (engine, query, cb) {
console.log("It's NS");
// If it's a vanity NS, it's not a valid NS for lookup
// NOTE: I think that the issue here is EXTERNAL vs INTERNAL vanity NS
// We _should_ reply for EXTERNAL vanity NS... but not when it's listed on the SOA internally?
// It's surrounding the problem of what if I do sub domain delegation to the same server.
if (-1 === engine.primaryNameservers.indexOf(r.data.toLowerCase())) {
if (-1 === db.primaryNameservers.indexOf(r.data.toLowerCase())) {
console.log("It's a vanity NS");
return false;
}

37
lib/store.json.js
View File

@ -1,37 +0,0 @@
'use strict';
module.exports.create = function (opts) {
// opts = { filepath };
var engine = { db: null };
var db = require(opts.filepath);
engine.primaryNameservers = db.primaryNameservers;
engine.getSoas = function (query, cb) {
var myDomains = db.domains.filter(function (d) {
return -1 !== query.names.indexOf(d.id.toLowerCase());
});
process.nextTick(function () {
cb(null, myDomains);
});
};
engine.getRecords = function (query, cb) {
var myRecords = db.records.slice(0).filter(function (r) {
if ('string' !== typeof r.name) {
return false;
}
// TODO use IN in masterquest (or implement OR)
// Only return single-level wildcard?
if (query.name === r.name || ('*.' + query.name.split('.').slice(1).join('.')) === r.name) {
return true;
}
});
process.nextTick(function () {
cb(null, myRecords);
});
};
return engine;
};

70
lib/tcpd.js
View File

@ -1,70 +0,0 @@
'use strict';
module.exports.create = function (cli, dnsd) {
function runTcp() {
var tcpServer = require('net').createServer({ }, function (c) {
c.on('error', function (err) {
console.warn("TCP Connection Error:");
console.warn(err);
});
c.on('data', function (nb) {
//console.log('TCP data.length:', nb.length);
//console.log(nb.toString('hex'));
// DNS packets include a 2-byte length header
var count = nb.length;
var length = nb[0] << 8;
length = length | nb[1];
count -= 2;
// TODO slice?
nb._dnsByteOffset = nb.byteOffset + 2;
if (length !== count) {
console.error("Handling TCP packets > 512 bytes not implemented.");
c.end();
return;
}
// TODO pad two bytes for lengths
dnsd.onMessage(nb, function (err, newAb, dbgmsg) {
var lenbuf = Buffer.from([ newAb.length >> 8, newAb.length & 255 ]);
// TODO XXX generate legit error packet
if (err) { console.error("Error", err); c.end(); return; }
console.log('TCP ' + dbgmsg);
c.write(lenbuf);
c.end(newAb);
});
});
c.on('end', function () {
console.log('TCP client disconnected from server');
});
});
tcpServer.on('error', function (err) {
if ('EADDRINUSE' === err.code) {
console.error("Port '" + cli.port + "' is already in use.");
tcpServer.close();
process.exit(0);
}
if ('EACCES' === err.code) {
console.error("Could not bind on port '" + cli.port + "': EACCESS (you probably need root permissions)");
tcpServer.close();
process.exit(0);
}
console.error("TCP Server Error:");
console.error(err);
tcpServer.close(function () {
setTimeout(runTcp, 1000);
});
});
tcpServer.listen(cli.port, function () {
console.log('TCP Server bound');
});
return tcpServer;
}
return runTcp();
};

58
lib/udpd.js
View File

@ -1,58 +0,0 @@
'use strict';
module.exports.create = function (cli, dnsd) {
var server = require('dgram').createSocket({
type: cli.udp6 ? 'udp6' : 'udp4'
, reuseAddr: true
});
server.bind({
port: cli.port
, address: cli.address
});
var handlers = {};
handlers.onError = function (err) {
if ('EACCES' === err.code) {
console.error("");
console.error("EACCES: Couldn't bind to port. You probably need to use sudo, authbind, or setcap.");
console.error("");
process.exit(123);
return;
}
console.error("error:", err.stack);
server.close();
};
handlers.onMessage = function (nb, rinfo) {
//console.log('[DEBUG] got a UDP message', nb.length);
//console.log(nb.toString('hex'));
dnsd.onMessage(nb, function (err, newAb, dbgmsg) {
// TODO send legit error message
if (err) { server.send(Buffer.from([0x00])); return; }
server.send(newAb, rinfo.port, rinfo.address, function () {
console.log(dbgmsg, rinfo.port, rinfo.address);
});
});
};
handlers.onListening = function () {
/*jshint validthis:true*/
var server = this;
if (cli.mdns || '224.0.0.251' === cli.nameserver) {
server.setBroadcast(true);
server.addMembership(cli.nameserver);
}
console.log('');
console.log('Bound and Listening:');
console.log(server.address().address + '#' + server.address().port + ' (' + server.type + ')');
};
server.on('error', handlers.onError);
server.on('message', handlers.onMessage);
server.on('listening', handlers.onListening);
return server;
};

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "digd.js",
"version": "1.2.1",
"version": "1.1.9",
"description": "A lightweight DNS / mDNS daemon (server) for creating and capturing DNS and mDNS query and response packets to disk as binary and/or JSON. Options are similar to the Unix dig command.",
"main": "bin/digd.js",
"homepage": "https://git.coolaj86.com/coolaj86/digd.js",

40
samples/daplie.com.db.json
View File

@ -1,22 +1,19 @@
{ "primaryNameservers": [ "ns1.daplie.com", "ns2.daplie.com", "ns3.daplie.com" ]
{ "primaryNameservers": [ "ns1.daplie.me", "ns2.daplie.me", "ns3.daplie.me" ]
, "domains": [
{ "id": "daplie.com", "revokedAt": 0 }
, { "id": "daplie.domains", "revokedAt": 0, "vanityNs": [ "ns1.daplie.domains", "ns2.daplie.domains", "ns3.daplie.domains" ] }
, { "id": "daplie.me", "revokedAt": 0, "vanityNs": [ "ns1.daplie.me", "ns2.daplie.me", "ns3.daplie.me" ] }
, { "id": "daplie.me", "revokedAt": 0 }
, { "id": "oauth3.org", "revokedAt": 0 }
, { "id": "hellabit.com", "revokedAt": 0 }
]
, "records": [
{"zone":"daplie.com","name":"daplie.com","type":"NS","class":"IN","ttl":43200,"tld":"com","sld":"daplie","sub":"ns1","data":"ns1.daplie.com"}
, {"zone":"daplie.com","name":"daplie.com","type":"NS","class":"IN","ttl":43200,"tld":"com","sld":"daplie","sub":"ns2","data":"ns2.daplie.com"}
, {"zone":"daplie.com","name":"daplie.com","type":"NS","class":"IN","ttl":43200,"tld":"com","sld":"daplie","sub":"ns3","data":"ns3.daplie.com"}
{"zone":"daplie.com","name":"daplie.com","type":"NS","class":"IN","ttl":5,"tld":"com","sld":"daplie","sub":"ns1","data":"ns1.daplie.me"}
, {"zone":"daplie.com","name":"daplie.com","type":"NS","class":"IN","ttl":5,"tld":"com","sld":"daplie","sub":"ns2","data":"ns2.daplie.me"}
, {"zone":"daplie.com","name":"daplie.com","type":"NS","class":"IN","ttl":5,"tld":"com","sld":"daplie","sub":"ns3","data":"ns3.daplie.me"}
, {"zone":"daplie.com","name":"ns1.daplie.com","type":"A","class":"IN","ttl":43200,"tld":"com","sld":"daplie","sub":"ns1","address":"45.55.1.122"}
, {"zone":"daplie.com","name":"ns2.daplie.com","type":"A","class":"IN","ttl":43200,"tld":"com","sld":"daplie","sub":"ns2","address":"45.55.254.197"}
, {"zone":"daplie.com","name":"ns3.daplie.com","type":"A","class":"IN","ttl":43200,"tld":"com","sld":"daplie","sub":"ns3","address":"159.203.25.112"}
, {"zone":"daplie.me","name":"daplie.me","type":"NS","class":"IN","ttl":43200,"tld":"me","sld":"daplie","sub":"ns1","data":"ns1.daplie.me"}
, {"zone":"daplie.me","name":"daplie.me","type":"NS","class":"IN","ttl":43200,"tld":"me","sld":"daplie","sub":"ns2","data":"ns2.daplie.me"}
, {"zone":"daplie.me","name":"daplie.me","type":"NS","class":"IN","ttl":43200,"tld":"me","sld":"daplie","sub":"ns3","data":"ns3.daplie.me"}
, {"zone":"daplie.com","name":"ns1.daplie.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"daplie","sub":"ns1","address":"45.55.1.122"}
, {"zone":"daplie.com","name":"ns2.daplie.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"daplie","sub":"ns2","address":"45.55.254.197"}
, {"zone":"daplie.com","name":"ns3.daplie.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"daplie","sub":"ns3","address":"159.203.25.112"}
, {"zone":"daplie.me","name":"ns1.daplie.me","type":"A","class":"IN","ttl":5,"tld":"me","sld":"daplie","sub":"ns1","address":"45.55.1.122"}
, {"zone":"daplie.me","name":"ns2.daplie.me","type":"A","class":"IN","ttl":5,"tld":"me","sld":"daplie","sub":"ns2","address":"45.55.254.197"}
@ -26,11 +23,6 @@
, {"zone":"oauth3.org","name":"ns2.oauth3.org","type":"A","class":"IN","ttl":5,"tld":"org","sld":"oauth3","sub":"ns2","address":"45.55.254.197"}
, {"zone":"oauth3.org","name":"ns3.oauth3.org","type":"A","class":"IN","ttl":5,"tld":"org","sld":"oauth3","sub":"ns3","address":"159.203.25.112"}
, {"zone":"oauth3.org","name":"oauth3.org","type":"NS","class":"IN","ttl":43200,"tld":"me","sld":"oauth3","sub":"ns1","data":"ns1.oauth3.org"}
, {"zone":"oauth3.org","name":"oauth3.org","type":"NS","class":"IN","ttl":43200,"tld":"me","sld":"oauth3","sub":"ns2","data":"ns2.oauth3.org"}
, {"zone":"oauth3.org","name":"oauth3.org","type":"NS","class":"IN","ttl":43200,"tld":"me","sld":"oauth3","sub":"ns3","data":"ns3.oauth3.org"}
, {"zone":"daplie.com","name":"daplie.com","type":"A","class":"IN","ttl":43200,"tld":"com","sld":"daplie","address":"23.228.168.108"}
, {"zone":"daplie.com","name":"daplie.com","type":"TXT","class":"IN","ttl":43200,"tld":"com","sld":"daplie","data":["v=spf1 include:mailgun.org include:spf.mandrillapp.com include:_spf.google.com include:servers.mcsv.net include:mail.zendesk.com ~all"]}
@ -71,6 +63,20 @@
, {"zone":"hellabit.com","name":"hellabit.com","type":"NS","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"ns1","data":"ns1.hellabit.com"}
, {"zone":"hellabit.com","name":"hellabit.com","type":"NS","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"ns2","data":"ns2.hellabit.com"}
, {"zone":"hellabit.com","name":"hellabit.com","type":"NS","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"ns3","data":"ns3.hellabit.com"}
, {"zone":"hellabit.com","name":"ns1.hellabit.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"ns1","address":"45.55.1.122"}
, {"zone":"hellabit.com","name":"ns2.hellabit.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"ns2","address":"45.55.254.197"}
, {"zone":"hellabit.com","name":"ns3.hellabit.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"ns3","address":"159.203.25.112"}
, {"zone":"hellabit.com","name":"leo.devices.hellabit.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"leo.devices","address":"45.56.59.142"}
, {"zone":"hellabit.com","name":"hellabit.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"","address":"45.56.59.142","aname":"leo.devices.hellabit.com"}
, {"zone":"hellabit.com","name":"hellabit.com","type":"A","class":"IN","ttl":5,"tld":"com","sld":"hellabit","sub":"www","address":"45.56.59.142","aname":"leo.devices.hellabit.com"}
, {"zone":"daplie.domains","name":"daplie.domains","type":"NS","class":"IN","ttl":5,"tld":"domains","sld":"daplie","sub":"ns1","data":"ns1.daplie.domains"}
, {"zone":"daplie.domains","name":"daplie.domains","type":"NS","class":"IN","ttl":5,"tld":"domains","sld":"daplie","sub":"ns2","data":"ns2.daplie.domains"}
, {"zone":"daplie.domains","name":"daplie.domains","type":"NS","class":"IN","ttl":5,"tld":"domains","sld":"daplie","sub":"ns3","data":"ns3.daplie.domains"}

BIN
samples/example.com.a.query.bin Normal file
View File

Binary file not shown.

23
samples/hellabit.enom.sh
View File

@ -1,23 +0,0 @@
daplie domains:list # shows hellabit.com in my list of domains
# for hellabit.com to lookup itself (chicken and egg problem),
# we must first set glue records
daplie glue:set -n ns1.hellabit.com --tld com -a 138.197.72.1
daplie glue:set -n ns2.hellabit.com --tld com -a 162.243.136.134
# now we can set hellabit.com to use nsx.hellabit.com nameservers
daplie ns:set -n hellabit.com --tld com --nameservers ns1.hellabit.com,ns2.hellabit.com
# now we can't use the dns tools because digd.js does not (yet) have oauth3 compatible apis
# these won't work
# daplie devices:set -d sfo2.devices.hellabit.com -a 138.197.216.176
# daplie devices:attach -d sfo2.devices.hellabit.com -n hellabit.com
# daplie devices:attach -d sfo2.devices.hellabit.com -n www.hellabit.com
# now you can test that your hard work worked
# < ==== NOTE ==== > It may take a few minutes before this starts to work as you'd expect
dig +trace ns1.hellabit.com
dig +trace ns2.hellabit.com
dig +trace hellabit.com
dig +trace www.hellabit.com