kenshinx / godns Goto Github PK

View Code? Open in Web Editor NEW

605.0 605.0 162.0 1.35 MB

A fast dns cache server written by go

License: MIT License

Go 100.00%

godns's People

Contributors

Stargazers

Watchers

Forkers

codeskyblue vinsonzou rnoldo jonsen mvrilo rzh mrrama tymiles003 travelton zhangpeihao joliny zhangyc310 scalingo dancebear gabesullice kr9ly bigeagle wfjsw zhang0137 xurenlu bobyou xxoxx j0x47 karm qipilang bylevel karlpilkington kerasking nwcs gjl3189 sorenmat danigiri wheelcomplex guanlicome esushu iexploree dbalan cn869158 fireball2018 x140cc beerbubble frank0718 gosnipp huanjue aksentyev lrbnew maquigu samir80 enoit zhsso mbywin h4ck3rm1k3 jniltinho jnan77 shamork julor admpub derkan di-stars rainfly123 waterem vxed ytcheng hengfeiyang candgo lyj830818 rattuscz gsdu8g9 lato huangdehui2013 secsecsec gemrails nutsteam friendwu sullivanchan yatuhashi zhanglei exinnet robcza gitboy123 xi1314 ls0f wujcheng slucx poppyred isavcic linecode blackholejet modasi huoyinghui lorock priestd09 ryonkn raindylong totopper jursonmo devstudy dolfly asushugo nchrisdk

godns's Issues

关于godns的使用疑问

你好！
这个是我在/etc/resolv.conf添加了记录之后，应用会直接读取/etc/resolv.cong。然后不需要reload。然后其他服务器的nameserver配置成godns？

I have "Update ttl" code.

Hey @kenshinx I forked the service and added Update ttl for responses that are in the memory cache.
Let me know if the snippet is relevant.

i/o timeout

Version = "0.1.2"
go version go1.7.4 windows/amd64
nameserver 114.114.114.114

when query some domain at same time “read udp i/o timeout” randomly occurred,
but use nslookup with host 114.114.114.114 can get the right result.

Festure request: ability to cache negative responses (NXDOMAIN or empty results)

I've seen this feature in other DNS forwarders.

It would be a good idea to implement in godns,

Error codes converted to SERVFAIL

This is a request against unbound resolver (mark the NXDOMAIN status)

# dig @127.0.0.1 -p5353 dfhfghhsdgfgdfgdfhfgh.com   

; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> @127.0.0.1 -p5353 dfhfghhsdgfg
dfgdfhfgh.com                                                                   
; (1 server found)                                                              
;; global options: +cmd                                                         
;; Got answer:                                                                  
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51298                      
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1            

;; OPT PSEUDOSECTION:                                                           
; EDNS: version: 0, flags:; udp: 4096                                           
;; QUESTION SECTION:                                                            
;dfhfghhsdgfgdfgdfhfgh.com.     IN      A                                       

;; AUTHORITY SECTION:                                                           
com.                    900     IN      SOA     a.gtld-servers.net. nstld.verisi
gn-grs.com. 1446026097 1800 900 604800 86400                                    

;; Query time: 98 msec                                                          
;; SERVER: 127.0.0.1#5353(127.0.0.1)                                            
;; WHEN: Wed Oct 28 09:55:07 UTC 2015                                           
;; MSG SIZE  rcvd: 127

This request is sent towards godns that resolves against the same unbound as used earlier (status SERVFAIL)

# dig @127.0.0.1 -p53 dfhfghhsdgfgdfgdfhfgh.com              

; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> @127.0.0.1 -p53 dfhfghhsdgfgdf
gdfhfgh.com                                                                     
; (1 server found)                                                              
;; global options: +cmd                                                         
;; Got answer:                                                                  
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25294                      
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0               
;; WARNING: recursion requested but not available                               

;; QUESTION SECTION:                                                            
;dfhfghhsdgfgdfgdfhfgh.com.     IN      A                                       

;; Query time: 21 msec                                                          
;; SERVER: 127.0.0.1#53(127.0.0.1)                                              
;; WHEN: Wed Oct 28 09:56:53 UTC 2015                                           
;; MSG SIZE  rcvd: 43

In my opinion, this could affect client behavior and any forwarders in the chain, as these responses are inappropriate and does not describe the nature of the response in the right way (SERVFAIL is a signal for a forwarder to try another resolver, however NXDOMAIN is a very clear response stating that it has been verified no such domain exists).
I would suggest processing all the possible response codes according to the source project https://github.com/miekg/dns/blob/adeb323cbc8e73c87181c5ac9d393d66bbc4e165/msg.go#L124 and use these even in the cache (I consider caching NXDOMAIN ok, however caching SERVFAIL does not make sense).
I believe @Karm will be interested in this issue as well

dig xxxx @127.0.0.1 AAAA block 5 seconds or so

it seems that godns doesn't support IPV6, and can be disabled. Or is there any thing i mistaken ?

能不能实现cname动态缓存?

rt.我想实现cname 动态绑定，有没有实现呢?

打搅了，不知有无计划增加forwarder功能

Hello @kenshinx,
对标传统的bind的forwarder功能，实际应用中还是比较多的场景需要用到，例如上游某台dns是由另外一个部门维护的，所有的*.abc.local都是由这台上游dns解释，这个场景就需要用到forwarder功能了。

谢谢。

wildcard in hosts file didn't work

Version

Version = "0.1.2"

Hosts

1.1.1.1 aa.aa
1.1.1.2 aa.aa
1.1.1.3 aa.ab
1.1.1.4 aa.ac
2.2.2.2 *.aa.ccc
2.2.2.2 bb.ccc

Result

$ dig @localhost a.aa.ccc |grep IN
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24388
;a.aa.ccc.                      IN      A
.                       9768    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2017051502 1800 900 604800 86400
$ dig @localhost aa.ccc |grep IN  
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8079
;aa.ccc.                                IN      A
.                       8571    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2017051502 1800 900 604800 86400
$ 
$ dig @localhost bb.ccc |grep IN   
;; WARNING: recursion requested but not available
;bb.ccc.                                IN      A
bb.ccc.                 600     IN      A       2.2.2.2
$

Expect return 2.2.2.2 for a.aa.ccc or aa.ccc, got no A record for both a.aa.ccc and aa.ccc

Log

2017/05/16 10:15:04 [DEBUG] update hosts records from hosts
2017/05/16 10:15:07 [INFO] 127.0.0.1 lookup　a.aa.ccc IN A
2017/05/16 10:15:07 [DEBUG] a.aa.ccc didn't found in hosts file
2017/05/16 10:15:07 [DEBUG] a.aa.ccc IN A didn't hit cache
2017/05/16 10:15:07 [WARN] a.aa.ccc. failed to get an valid answer on 100.100.2.138:53
2017/05/16 10:15:09 [DEBUG] update hosts records from hosts

Config

godns.tar.gz

Domain support wildcard

hostname support wildcard such as *.local.example.com

refer:
#15

能不能增加TCP查询，防污染

connection timed out; no servers could be reached

exec ”dig www.github.com @localhost“

Update ttl dynamic

When a request hit in cache. The ttl of this record is a static value configured at conf file. This is an incomplete implementation, the ttl should be update dynamic.

能否运行时检查 /etc/hosts 的更改来载入变更？

经过我的测试，似乎还没有这个特性，我可以考虑添加一个PR完善它

使用Redis，没有初始化godns:hosts的key

第一次运行，出现以下WARN
2018/01/25 10:18:38 [WARN] Update hosts records from redis failed Redis Error: Key godns:hosts does not exist
如果该key不存在，就初始化该Key到Redis。

redis backed cache

Do you have an estimation when the redis cache backend will be developed? I´m looking for something like this right now, but if I have to start from scratch I'd rather use sth else than "go"...
Suggestions for redis backend:

use dns provided ttl of a record as ttl in redis for auto-expiry
allow different servers for writing something into the cache and reading from the cache (for distributed setups with read-only slaves)
allow either tcp or unix socket connection to redis

Limit response rate to defense DDoS

Use limit_req, limit_conn, limit_rate similar as Nginx used to defend againt DDoS attack.
Especially the DNS Refelection Attack & DNS Amplification Attack that is being rampant recently.

请问这是dns权威服务还是递归服务？

zone forward

such as: forward demo.example.com to another cache server, than any domain of *.demo.exmaple.com will query from the special cache server.

Support multiple A entries / DNS round robin

It's not possible today to setup multiple IPs for a given domain name, it would be great if this was possible.

Any thought about that?

Regards,

-- Leo