diff --git a/README.md b/README.md index 70b4136..03b6921 100644 --- a/README.md +++ b/README.md @@ -1,53 +1,153 @@ mDNS Documentation - -What is mDNS? - -mDNS stands for Multicast Domain Name System. It's function is to resolve host names to IP addresses within small networkds that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as the unicast Domain Name System (DNS). Although mDNS is designed to be stand-alone capable, it can work in concert with unicast DNS servers. - -Full documentation of the protocol is located at: https://tools.ietf.org/html/rfc6762 - -Other helpful topics and documents: - -- Zero Configuration Networking: https://tools.ietf.org/html/rfc6762#ref-Zeroconf -- Automatic link-local addressing: https://tools.ietf.org/html/rfc3927 - - https://tools.ietf.org/html/rfc4862 - - -DNS-format messages contain a header, a Question Section, then Answer, Authority, and additional Record Sections. The Answer, Authority, and Additional Record Sections all hold resource records. - - -mDNS is a datagram protocal that uses broadcast mode and membership groups. - - - -What does mDNS in the Daplie System? - -We are sending messages back and forth on a network that searches for any other mDNS compatible devices and asks that device if it is connected to a router or WiFi with a Daplie-compatible Cloud device. - -If it is a Daplie-compatible Cloud device, then it will reply to the sender with some sort of confirmation. - - - -Terms: - -TTL - IP Time to Live - located in IP header of the DNS packet and is used effectively as a hop-count limit for the packet, to guard against routing loops - - -"shared" resource record set is where several Multicast DNS responders may have records with the same name, rrtype, and rrclass, and several responders may respond to a particular query - -"unique" resource record set is one where all the records with that name, rrtype, and rrclass are conceptually under the control or ownership of a single responder, and it is expected that at most one responder should respond to a query for that name, rrtype, and rrclass. Before claiming ownership of a unique resource record set, a responder MUST probe to verify that no other responder already claims ownership. (For fault-tolerance and other reasons, sometimes it is permissible to have more than one responder answering for a particular "unique" resource record set, but such cooperating resoinders MUST give answers containing identical rdata for these records. If they do not give answers containing identical rdata, then the probing stop will reject the data as being inconsistent with what is already being advertised on the network for these names.) - - -Multicast DNS Names - -A host that belongs to an organization or individual who has control over some potion of the DNS namespace can be assigned a globally unique name within that portion of th DNS namespace, such as, "chechire.example.com". For those of us who have this luxury, this works very well. However, the mojority of home computer users do not have easy access to any portion of the global DNS namespace within which they have the authoriry to create names. This leaves the majority of home computers effectively anonymous for practical purposes - - - - - - - - - +==== + +This document is currently used and update for testing purposes of DNS packets with Daplie applications. Please make note of any errata, as the organization of this document is based on the step by step process of debugging current issues regarding DNS, and not necessarily a demonstration on how to fix those issues. This document is for learning purposes and meant to assist future developers avoid similar bugs. + + +## Objective + +Create a robust DNS library that checks all possible combinations of DNS flags and messages in order to debug current DNS state for Daplie system and potentially develope DNS library with built in linting for use of Daplie, inc and community. + + +### How to duplicate DNS crash: + +``` +>> cd ~/dns_test +>> node listen.jss +``` +Then in another terminal enter: + +``` +>> dig @224.0.0.251 -p 5353 -t PTR _cloud._tcp.local +``` + +The listener then crashes with an output of: + +``` +START DNS PACKET +/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:52 + throw new Error('Buffer overflow') + ^ + +Error: Buffer overflow + at BufferConsumer.slice (/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:52:13) + s at Function.DNSRecord.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnsrecord.js:237:46) + at /home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:164:30 + at Array.forEach (native) + at Function.DNSPacket.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:159:17) + at /home/daplie/dns_test/cloud-respond.js:86:31 + at Array.forEach (native) + at /home/daplie/dns_test/cloud-respond.js:11:21 + at Array.forEach (native) + at Object.module.exports.respond (/home/daplie/dns_test/cloud-respond.js:10:11) + +``` +After commenting out lines 45-53 in dns_test/node_modules/dns-js/lib/bufferconsumer.js +and rerunning the previous commands, the result is a new error: + +``` +START DNS PACKET +buffer.js:829 + throw new RangeError('Index out of range'); + ^ + +RangeError: Index out of range + at checkOffset (buffer.js:829:11) + at Buffer.readUInt8 (buffer.js:867:5) + at BufferConsumer.byte (/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:67:22) + at BufferConsumer.name (/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:120:14) + at Function.DNSRecord.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnsrecord.js:187:14) + at /home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:164:30 + at Array.forEach (native) + at Function.DNSPacket.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:159:17) + at /home/daplie/dns_test/cloud-respond.js:86:31 + at Array.forEach (native) + +``` +which is located in the node.js buffer module. The API is [here](https://nodejs.org/api/buffer.html). + +However, the error we are working with will most likely be dealt with by parsing through the binary +and putting it in a format that is acceptable to a custom buffer, since the current buffer.js does doesn't seem to do the trick. + +Using + +```javascript +function pad(str, len, ch) { + + while (str.length < len) { + str = ch + str; + } + + return str; +} +``` +the binary output comes out as: + +``` +11100001 +10001000 +00000001 +00100000 +00000000 +00000001 +00000000 +00000000 +00000000 +00000000 +00000000 +00000001 +00000110 +01011111 +01100011 +01101100 +01101111 +01110101 +01100100 +00000100 +01011111 +01110100 +01100011 +01110000 +00000101 +01101100 +01101111 +01100011 +01100001 +01101100 +00000000 +00000000 +00001100 +00000000 +00000001 +00000000 +00000000 +00101001 +00010000 +00000000 +00000000 +00000000 +00000000 +00000000 +00000000 +00000000 +``` + + +What are the possible problems? + + +How to print out hex values of the DNS message in node.js? + +```javascript +socket.on('message', function (message, rinfo) { + console.log('Received %d bytes from %s:%d\n', + message.length, rinfo.address, rinfo.port); + //console.log(msg.toString('utf8')); + + console.log(message.toString('hex')); +``` + + + +DNS sec: security +puts a signature on a DNS packet and imprints a signature so that the sender of the packet is confirmed diff --git a/howto.md b/howto.md index d68ab4b..068504b 100644 --- a/howto.md +++ b/howto.md @@ -1,147 +1,5 @@ -mDNS howto Documentation -===== - How to create a JSON file with information about your project: ```bash npm init -``` -How to duplicate DNS crash: - -``` ->> cd ~/dns_test ->> node listen.jss -``` -Then in another terminal enter: - -``` ->> dig @224.0.0.251 -p 5353 -t PTR _cloud._tcp.local -``` - -The listener then crashes with an output of: - -``` -START DNS PACKET -/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:52 - throw new Error('Buffer overflow') - ^ - -Error: Buffer overflow - at BufferConsumer.slice (/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:52:13) - s at Function.DNSRecord.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnsrecord.js:237:46) - at /home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:164:30 - at Array.forEach (native) - at Function.DNSPacket.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:159:17) - at /home/daplie/dns_test/cloud-respond.js:86:31 - at Array.forEach (native) - at /home/daplie/dns_test/cloud-respond.js:11:21 - at Array.forEach (native) - at Object.module.exports.respond (/home/daplie/dns_test/cloud-respond.js:10:11) - -``` -After commenting out lines 45-53 in dns_test/node_modules/dns-js/lib/bufferconsumer.js -and rerunning the previous commands, the result is a new error: - -``` -START DNS PACKET -buffer.js:829 - throw new RangeError('Index out of range'); - ^ - -RangeError: Index out of range - at checkOffset (buffer.js:829:11) - at Buffer.readUInt8 (buffer.js:867:5) - at BufferConsumer.byte (/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:67:22) - at BufferConsumer.name (/home/daplie/dns_test/node_modules/dns-js/lib/bufferconsumer.js:120:14) - at Function.DNSRecord.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnsrecord.js:187:14) - at /home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:164:30 - at Array.forEach (native) - at Function.DNSPacket.parse (/home/daplie/dns_test/node_modules/dns-js/lib/dnspacket.js:159:17) - at /home/daplie/dns_test/cloud-respond.js:86:31 - at Array.forEach (native) - -``` -which is located in the node.js buffer module. The API is [here](https://nodejs.org/api/buffer.html). - -However, the error we are working with will most likely be dealt with by parsing through the binary -and putting it in a format that is acceptable to a custom buffer, since the current buffer.js does doesn't seem to do the trick. - -Using - -```javascript -function pad(str, len, ch) { - - while (str.length < len) { - str = ch + str; - } - - return str; -} -``` -the binary output comes out as: - -``` -11100001 -10001000 -00000001 -00100000 -00000000 -00000001 -00000000 -00000000 -00000000 -00000000 -00000000 -00000001 -00000110 -01011111 -01100011 -01101100 -01101111 -01110101 -01100100 -00000100 -01011111 -01110100 -01100011 -01110000 -00000101 -01101100 -01101111 -01100011 -01100001 -01101100 -00000000 -00000000 -00001100 -00000000 -00000001 -00000000 -00000000 -00101001 -00010000 -00000000 -00000000 -00000000 -00000000 -00000000 -00000000 -00000000 -``` - - -What are the possible problems? - - -How to print out hex values of the DNS message in node.js? - -```javascript -socket.on('message', function (message, rinfo) { - console.log('Received %d bytes from %s:%d\n', - message.length, rinfo.address, rinfo.port); - //console.log(msg.toString('utf8')); - - console.log(message.toString('hex')); -``` - -### Objective +``` \ No newline at end of file diff --git a/notes.md b/notes.md new file mode 100644 index 0000000..70b4136 --- /dev/null +++ b/notes.md @@ -0,0 +1,53 @@ +mDNS Documentation + +What is mDNS? + +mDNS stands for Multicast Domain Name System. It's function is to resolve host names to IP addresses within small networkds that do not include a local name server. It is a zero-configuration service, using essentially the same programming interfaces, packet formats and operating semantics as the unicast Domain Name System (DNS). Although mDNS is designed to be stand-alone capable, it can work in concert with unicast DNS servers. + +Full documentation of the protocol is located at: https://tools.ietf.org/html/rfc6762 + +Other helpful topics and documents: + +- Zero Configuration Networking: https://tools.ietf.org/html/rfc6762#ref-Zeroconf +- Automatic link-local addressing: https://tools.ietf.org/html/rfc3927 + + https://tools.ietf.org/html/rfc4862 + + +DNS-format messages contain a header, a Question Section, then Answer, Authority, and additional Record Sections. The Answer, Authority, and Additional Record Sections all hold resource records. + + +mDNS is a datagram protocal that uses broadcast mode and membership groups. + + + +What does mDNS in the Daplie System? + +We are sending messages back and forth on a network that searches for any other mDNS compatible devices and asks that device if it is connected to a router or WiFi with a Daplie-compatible Cloud device. + +If it is a Daplie-compatible Cloud device, then it will reply to the sender with some sort of confirmation. + + + +Terms: + +TTL - IP Time to Live - located in IP header of the DNS packet and is used effectively as a hop-count limit for the packet, to guard against routing loops + + +"shared" resource record set is where several Multicast DNS responders may have records with the same name, rrtype, and rrclass, and several responders may respond to a particular query + +"unique" resource record set is one where all the records with that name, rrtype, and rrclass are conceptually under the control or ownership of a single responder, and it is expected that at most one responder should respond to a query for that name, rrtype, and rrclass. Before claiming ownership of a unique resource record set, a responder MUST probe to verify that no other responder already claims ownership. (For fault-tolerance and other reasons, sometimes it is permissible to have more than one responder answering for a particular "unique" resource record set, but such cooperating resoinders MUST give answers containing identical rdata for these records. If they do not give answers containing identical rdata, then the probing stop will reject the data as being inconsistent with what is already being advertised on the network for these names.) + + +Multicast DNS Names + +A host that belongs to an organization or individual who has control over some potion of the DNS namespace can be assigned a globally unique name within that portion of th DNS namespace, such as, "chechire.example.com". For those of us who have this luxury, this works very well. However, the mojority of home computer users do not have easy access to any portion of the global DNS namespace within which they have the authoriry to create names. This leaves the majority of home computers effectively anonymous for practical purposes + + + + + + + + +