digd.js/README.md

220 lines
6.5 KiB
Markdown

digd.js
=======
| [dns-suite.js](https://git.coolaj86.com/coolaj86/dns-suite.js)
| [dig.js](https://git.coolaj86.com/coolaj86/dig.js)
| **digd.js**
|
Sponsored by [Daplie](https://daplie.com).
A lightweight DNS / mDNS daemon (server) for creating and capturing DNS and mDNS
query and response packets to disk as binary and/or JSON.
Options are similar to the Unix dig command.
Install
-------
### with git
```bash
# Install the latest of v1.x
npm install -g 'git+https://git.coolaj86.com/coolaj86/digd.js.git#v1'
```
```bash
# Install exactly v1.0.0
npm install -g 'git+https://git.coolaj86.com/coolaj86/digd.js.git#v1.0.0'
```
### without git
Don't have git? Well, you can also bow down to the gods of the centralized, monopolized, concentrated, *dictator*net
(as we like to call it here at Daplie Labs), if that's how you roll:
```bash
npm install -g digd.js
```
Usage
-----
```bash
digd.js --input <path/to/dns.json>
```
**Example**:
```bash
digd.js --input ./samples/db.json
```
### Testing
```bash
# unix dig
dig @localhost example.com
# dns-suite's dig.js
dig.js @localhost example.com
# unix netcat
netcat -u 127.0.0.1 53 < ./samples/example.com.a.query.bin
```
Options
-------
```
--output <path/to/file> write query and response(s) to disk with this path prefix (ex: ./samples/dns)
--input <path/to/file> input file to use for authoritative responses (ex: ./samples/db.json)
--mdns Use mDNS port (5353) and nameserver address (224.0.0.251)
-p <port> default 53 (mdns default: 5353) (listener is random for DNS and 5353 for mDNS)
--nameserver <ns> alias of @<nameserver>
--timeout <ms> alias of +time=<seconds>, but in milliseconds
@<nameserver> specify the nameserver to use for recursive DNS resolutions (defaults to system defaults)
+time=<seconds> Sets the timeout for a query in seconds.
+norecurse Set `ra` flag to 0. Do not perform recursion.
+aaonly Set `aa` flag to 1. Do not respond with non-authoritative responses.
--debug verbose output
```
JSON Database File
------------------
This DNS server is being created for use in the wild.
Although there will be a true database adapter later,
this JSON representation gives us an easy way to experiment with serving DNS and various record types.
There are 4 types of information in the file:
* Primary Nameservers `primaryNameservers`
* SOA Records `domains`
* devices
* All other records (A, AAAA, CAA, CNAME, MX, NS, PTR, SPF, SRV, TXT)
```js
module.exports = {
primaryNameservers: [ 'ns1.example.com', 'ns2.example.com' ]
// SOA records
, domains: [
// `primary` is chosen at random from `primaryNameservers` or `vanityNs`
// `serial` is generated from `updatedAt`
{ id: "publicsuffix.net", updatedAt: 1507594095118, ttl: 60
, admin: 'admin.publicsuffix.net', refresh: 1800, retry: 600
, expiration: 2419200, minimum: 5 }
, { id: "doe.publicsuffix.net", updatedAt: 1507594095118, ttl: 60
, admin: 'admin.doe.publicsuffix.net', refresh: 1800, retry: 600
, expiration: 2419200, minimum: 5 }
// default values will be used when left undefined
, { id: "doefam.net", updatedAt: 1507594095118
, vanityNs: [ 'ns1.awesome.com', 'ns2.awesome.com' ] }
]
, records: [
//
// Plain old boring A Records
//
{ name: "publicsuffix.net", zone: "publicsuffix.net"
, tld: "net", sld: "publicsuffix", sub: ""
, type: 'A', ttl: 300, address: '127.0.0.1' }
{ name: "www.publicsuffix.net", zone: "publicsuffix.net"
, tld: "net", sld: "publicsuffix", sub: "www"
, type: 'A', ttl: 300, address: '127.0.0.1' }
//
// Subdomain Delegation of a public suffix (treated as TLD)
//
{ name: "jane.doe.publicsuffix.net", zone: "doe.publicsuffix.net"
, tld: "publicsuffix.net", sld: "doe", sub: "john"
, type: 'NS', ttl: 300, data: 'ns1.other-dns.net'
}
//
// Example of all other record types
//
{ name: "john.doe.publicsuffix.net"
// The zone / SOA it belongs to (keep in mind that subdomains can be delegated to other users and/or nameservers)
, zone: "doe.publicsuffix.net"
// For indexing (note that we can treat delegated subdomains as if they were TLDs for delegation and resale)
, tld: "publicsuffix.net"
, sld: "doe"
, sub: "john"
, type: 'A' // for this example we specify a type even though we show all of the record data
, class: 'IN' // (default)
, ttl: 300
// A, AAAA
, address: '127.0.0.1'
, aname: 'some-device.example.com' // See "A Note on ANAMEs" below
// CAA
, flag: 0
, tag: 'issue'
, value: 'letsencrypt.org'
// CNAME, NS, PTR put 'name' here
// TXT puts an array here
, data: 'a.example.com'
// MX, SRV
, priority: 10
// MX
, exchange: 'mxa.example.org'
// SRV
, weight: 20
, port: 65065
, target: 'laptop1.devices.example.com'
}
]
};
```
The **Primary Nameservers** should be all of the nameservers that are in sync for these collections of records.
The **SOA** records represent that a domain or subdomain has be registered to or delegated to these nameservers.
The SOA records are separate from other record types because they are automatically generated as part of registering
a domain or updating its records.
The **other records** are in their own table for easy and fast lookup.
The **devices** are an abstraction that will be used in the future for ANAMEs and Dynamic DNS.
Note: Because it's possible to that delegated subdomains could have delegated subdomains that go right back to the
original nameserver, **NS** records will be replaced with an SOA record if any of the NS records match any of
the server's primary nameservers or if vanity nameservers are used.
### A Note on ANAMES
ANAMEs serve two purposes in this system:
1. Traditional ANAME. Just a CNAME that is automatically resolved to an A record for the "bare domain" problem, and efficiency.
2. Dynamic DNS. When a record on the system is updated, any records that match it by ANAME are also updated
TODO: use dns0x20 for ANAME resolutions
Other Resources
---------------
You may also be interested in Unbound (https://unboundtest.com), which is an entirely different project by someone else
which is much more complete, written in go, and may be very useful for debugging and linting.
LICENSE
=======
You may, at your option, use this software under the MIT and/or Apache-2.0 licenses.