Skip to content

Latest commit

 

History

History
189 lines (159 loc) · 7.36 KB

README.md

File metadata and controls

189 lines (159 loc) · 7.36 KB

Go Report Card Go Doc status-badge

Major changes:

In #470 the rdata was split off into a rdata subpackage. See #258 and https://miek.nl/2022/july/15/a-miekg/dns-v2-package/, where I expressed this need also.

In #468 as mass move to the netip package was made.

Even more alternative approach to a DNS library (version 2)

Status

  • Fast(er); recvmmsg and pipeling suppport.
    • Since a46996c I can get 370K (UDP) qps on my laptop (M2/Asahi Linux).
    • On my Dell XPS 17 (Intel) it is similar.
    • On Intel/AMD it is lower (200K (UDP) qps) - yet to understand why.
    • See cmd/reflect and do a go build; go test -v. Requires dnsperf to be installed.
  • More convenience functions included in dns or otherwise in dnsutils.
  • Test helper function included dnstest.
  • Example programs included and benchmarked in cmd/, cmd/atomdns runs as a nameserver on my server.
  • Everything from https://github.com/miekg/dns should work. See README-diff-with-v1.md for the differences.

Less is more.

Complete and usable DNS library. All Resource Records are supported, including the DNSSEC types. It follows a lean and mean philosophy. Server side and client side programming is supported, i.e. you can build servers and resolvers with it.

We try to keep the "main" branch as sane as possible and at the bleeding edge of standards, avoiding breaking changes wherever reasonable. But because this version is young, we allow ourselves some more headroom.

The naming of types follows the RFCs. EDNS0 types are similarly named, for instance, DHU (Ds Hash Understood). If there is a clash between an actual RR's and an EDNS0 one, the EDNS0 type will get an 'E' as prefix, e.g. EDHU. This will also be done if the RR was named later than the EDNS0 option! The same is the for DSO (DNS Stateful Operations), when clashing those types will be prefixed with a 'D'. If EDNS0 and DSO clash, EDNS0 wins. See PADDING and DPADDING as an example.

Goals

  • KISS.
  • Everything is an resource record.
  • Small API.
    • Package dnsutil contains functions that help programmers, but are not nessecarily in scope the the dns package.
    • Package dnstest contains functions and types that help you test, similar to the httptest package.
    • Package svcb holds all details of the SVCB/HTTPS record.
    • Pacakge deleg holds details for the DELEG record.
    • Many helper/debug functions are moved into internal packages, making the top-level much, much cleaner.
  • Fast.
    • The cmd/reflect server does 400K/380K UDP/TCP respectively on the right hardware. (As stated, unsure why other machines qps numbers are lower).

Users

A not-so-up-to-date-list-that-may-be-actually-current:

  • atomdns - included in cmd/atomdns - a high performance DNS server, based on the principles of CoreDNS, but faster and simpler.
  • dnscrypt-proxy - a flexible DNS proxy, with support for encrypted DNS protocols such as DNSCrypt v2, DoH, Anonymized DNSCrypt and ODoH.

Send pull request if you want to be listed here.

Features

  • UDP/TCP queries, recvmmsg, TCP query-pipelining, IPv4 and IPv6.
  • Fast(er).
  • RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE - for all record types) is supported.
  • Server side programming (mimicking the net/http package), with dns.Handle and dns.HandleFunc allowing for middleware servers.
  • Client side programming.
  • DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519.
  • EDNS0, NSID, Cookies, etc, as pseudo RRs in the (fake) pseudo section.
  • AXFR/IXFR.
  • TSIG, SIG(0).
  • DNS over TLS (DOT): encrypted connection between client and server over TCP.
  • DNS over HTTP (DOH), see the dnshttp package.
  • Improved naming by embracing sub-packages.
  • Examples included the cmd/ directory.
  • Escapes (\DDD and \x) in domain names is not supported (anymore) - the overhead (50-100%) was too high.

Have fun!

Miek Gieben - 2025- - miek@miek.nl

See anonymous users asking for support on why these kind of requests/issues usually get closed pretty swiftly.

Building/developing

This library uses Go modules and uses semantic versioning. Getting the code and working with the library is done via:

git clone git@codeberg.org:miekg/dns  # use https if you don't have a codeberg account
cd dns
# $EDTIOR *.go

If you want to use codeberg/miekg/dns in your own project, just do a go get codeberg.org/miekg/dns@latest and import codeberg.org/miekg/dns in your Go files.

Examples

A short "how to use the API" is at the beginning of doc.go. The cmd/ directory contains a reflect example program that is used for benchmarking, and further has atomdns which is full fledged DNS server that is developed in tandem with the library.

Supported RFCs

all of them

  • 103{4,5} - DNS standard
  • 1348 - NSAP record (removed the record)
  • 1982 - Serial Arithmetic
  • 1876 - LOC record
  • 1995 - IXFR
  • 1996 - DNS notify
  • 2136 - DNS Update (dynamic updates)
  • 2181 - RRset definition
  • 2537 - RSAMD5 DNS keys
  • 2065 - DNSSEC (updated in later RFCs)
  • 2671 - EDNS record
  • 2782 - SRV record
  • 2845 - TSIG record
  • 2915 - NAPTR record
  • 2929 - DNS IANA Considerations
  • 3110 - RSASHA1 DNS keys
  • 3123 - APL record
  • 3225 - DO bit (DNSSEC OK)
  • 340{1,2,3} - NAPTR record
  • 3445 - Limiting the scope of (DNS)KEY
  • 3596 - AAAA record
  • 3597 - Unknown RRs
  • 4025 - A Method for Storing IPsec Keying Material in DNS
  • 403{3,4,5} - DNSSEC
  • 4255 - SSHFP record
  • 4343 - Case insensitivity
  • 4408 - SPF record
  • 4509 - SHA256 Hash in DS
  • 4592 - Wildcards in the DNS
  • 4635 - HMAC SHA TSIG
  • 4701 - DHCID
  • 4892 - id.server
  • 5001 - NSID
  • 5155 - NSEC3 record
  • 5205 - HIP record
  • 5702 - SHA2 in the DNS
  • 5936 - AXFR
  • 5966 - TCP implementation recommendations
  • 6605 - ECDSA
  • 6672 - DNAME
  • 6725 - IANA Registry Update
  • 6742 - ILNP DNS
  • 6840 - Clarifications and Implementation Notes for DNS Security
  • 6844 - CAA record
  • 6891 - EDNS0 update
  • 6895 - DNS IANA considerations
  • 6944 - DNSSEC DNSKEY Algorithm Status
  • 6975 - Algorithm Understanding in DNSSEC
  • 7043 - EUI48/EUI64 records
  • 7314 - DNS (EDNS) EXPIRE Option
  • 7477 - CSYNC RR
  • 7828 - TCP-keepalive EDNS0 Option
  • 7553 - URI record
  • 7719 - DNS Terminology
  • 7858 - DNS over TLS: Initiation and Performance Considerations
  • 7871 - EDNS0 Client Subnet
  • 7873 - Domain Name System (DNS) Cookies
  • 8080 - EdDSA for DNSSEC
  • 8482 - Minimal Answers for ANY
  • 8484 - DOH
  • 8499 - DNS Terminology
  • 8659 - DNS Certification Authority Authorization (CAA) Resource Record
  • 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery
  • 8914 - Extended DNS Errors
  • 8976 - Message Digest for DNS Zones (ZONEMD RR)
  • 9250 - DOQ (not implemented, waiting until Go supports QUIC)
  • 9461 - Service Binding Mapping for DNS Servers
  • 9462 - Discovery of Designated Resolvers
  • 9460 - SVCB and HTTPS Records
  • 9499 - DNS Terminology
  • 9567 - DNS Error Reporting
  • 9606 - DNS Resolver Information
  • 9660 - Zone version
  • 9859 - DSYNC RR
  • draft-ietf-compact-denial - CO bit
  • draft-ietf-deleg - DELEG RR