forked from bortzmeyer/grong
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathREADME
133 lines (89 loc) · 3.99 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
GRONG (Gross and ROugh Nameserver written in Go) is a DNS (Domain Name
System) authoritative name server. It is intended as a research
project and is *not* suitable for use on the wild Internet (for
instance, it has little protection against rogue packets).
DO NOT USE ON A PRODUCTION SITE
YOU HAVE BEEN WARNED!!!
Disclaimer: I've never been to this city
<http://en.wikipedia.org/wiki/Grong>
GRONG can only be used as an authoritative name server (like, for
instance, nsd), not as a recursive one.
GRONG provides a general DNS engine, the front-end, which receives
packets, parses them and sends a proper response, and several possible
back-ends (named "responders") which generates a response, given the
query. Some are provided with GRONG and you are welcome to write
others.
The official source is <http://github.com/bortzmeyer/grong>
Usage
*****
./dnsserver [-address="[ADDRESS]:PORT"] [-debug=N]
Run with -h to see the defaults.
The -address option takes either a port (in the syntax ":NNN"), in
that case GRONG listens on all IP addresses, or one address (in the
syntax "x.y.z.T:NNN" for IPv4 and "[xxxx:yyyy::zzzz]:NNN" for
IPv6). There is currently no way to listen on some (but not all) of the IP
addresses.
The back-end is choosen at compile-time only (I have no idea about the
support for dynamic linking in Go)
Among the provided responders:
* rude-responder: responds REFUSED to every query
* reflector-responder: for TXT requests, responds with the IP address of the client
* as112: an AS 112 name server (see <http://www.as112.net/>)
For the person who compiles
**************************
You need a working Go <http://golang.org> environment. Today, only the
gc compiler is supported.
To choose a responder (here, foobar-responder):
make clean
ln -sf foobar-responder.go responder.go
make
mv ./server /where/you/want/grong-foobar
For the person who writes a responder
************************************
The interface of the responder is:
It must be in package "responder" and imports package "types". Read
"types.go" first, it contains useful constants (named from the RFC
1035).
The front-end checks that the request is a query and, if so, calls the
responder. The prototype is:
func Respond(query types.DNSquery) types.DNSresponse
In the DNSresponse, RRs (Resource Records) have to be in the wire
format (the front-end does not know the format of the RR, to keep it
generic). For instance, data in TXT RR has to be {length,
value}. There are some utilities functions in types to help you to do
so.
Implementation notes
********************
One goroutine is run for every DNS request. Makes the code much
simpler and easier to read but may explain the fact that performance
are behind BIND.
TODO
****
EDNS, specially for NSID (RFC 5001)
Give the responder some global info such as the debug level and some
per-query info such as the buffer size (512 by default)
Pass unknown command-line options to the responder. Options Qname for
the reflector and various TXT for as112
Use the log package
Hardening against rogue packets. Better handling of errors, an invalid
packet should not stop the name server. Test with typing junk in
telnet. Or learn Scapy, which seems more interesting. See for instance
the example in <http://www.secdev.org/projects/scapy/demo.html>
Finish the AS112 responder
The abiity to listen to more than one address (but not all). Can I
give several -address option to the flag module? If so, it probably
just means firing several udpListeners and several tcpListeners
Debugging of Go runtime performance issues, hit it harder with
queryperf!
Test with gccgo
See if we can replace a good part of package "types" by standard
package net/ <http://golang.org/src/pkg/net/dnsmsg.go>
Daemonize <http://groups.google.com/group/golang-nuts/browse_thread/thread/2b29d93b90501a4b/95242bfb7ae0549e>
DNSSEC (no, I'm joking)
Author
******
Stéphane Bortzmeyer <[email protected]>
License
*******
This is free software. Free as in free speech, not as in free beer.
See the actual license in LICENSE