kenshinx / godns Goto Github PK
View Code? Open in Web Editor NEWA fast dns cache server written by go
License: MIT License
A fast dns cache server written by go
License: MIT License
你好!
这个是我在/etc/resolv.conf添加了记录之后,应用会直接读取/etc/resolv.cong。然后不需要reload。然后其他服务器的nameserver配置成godns?
这个项目挺好的,已经关注,楼主能够加一个dockerfile吗?
Hey @kenshinx I forked the service and added Update ttl for responses that are in the memory cache.
Let me know if the snippet is relevant.
Version = "0.1.2"
go version go1.7.4 windows/amd64
nameserver 114.114.114.114
when query some domain at same time “read udp i/o timeout” randomly occurred,
but use nslookup with host 114.114.114.114 can get the right result.
I've seen this feature in other DNS forwarders.
It would be a good idea to implement in godns,
This is a request against unbound resolver (mark the NXDOMAIN status)
# dig @127.0.0.1 -p5353 dfhfghhsdgfgdfgdfhfgh.com
; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> @127.0.0.1 -p5353 dfhfghhsdgfg
dfgdfhfgh.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51298
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dfhfghhsdgfgdfgdfhfgh.com. IN A
;; AUTHORITY SECTION:
com. 900 IN SOA a.gtld-servers.net. nstld.verisi
gn-grs.com. 1446026097 1800 900 604800 86400
;; Query time: 98 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Wed Oct 28 09:55:07 UTC 2015
;; MSG SIZE rcvd: 127
This request is sent towards godns that resolves against the same unbound as used earlier (status SERVFAIL)
# dig @127.0.0.1 -p53 dfhfghhsdgfgdfgdfhfgh.com
; <<>> DiG 9.10.2-P4-RedHat-9.10.2-5.P4.fc22 <<>> @127.0.0.1 -p53 dfhfghhsdgfgdf
gdfhfgh.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25294
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;dfhfghhsdgfgdfgdfhfgh.com. IN A
;; Query time: 21 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Oct 28 09:56:53 UTC 2015
;; MSG SIZE rcvd: 43
In my opinion, this could affect client behavior and any forwarders in the chain, as these responses are inappropriate and does not describe the nature of the response in the right way (SERVFAIL is a signal for a forwarder to try another resolver, however NXDOMAIN is a very clear response stating that it has been verified no such domain exists).
I would suggest processing all the possible response codes according to the source project https://github.com/miekg/dns/blob/adeb323cbc8e73c87181c5ac9d393d66bbc4e165/msg.go#L124 and use these even in the cache (I consider caching NXDOMAIN ok, however caching SERVFAIL does not make sense).
I believe @Karm will be interested in this issue as well
it seems that godns doesn't support IPV6, and can be disabled. Or is there any thing i mistaken ?
rt.我想实现cname 动态绑定 ,有没有实现呢?
Hello @kenshinx,
对标传统的bind的forwarder功能,实际应用中还是比较多的场景需要用到,例如上游某台dns是由另外一个部门维护的,所有的*.abc.local都是由这台上游dns解释,这个场景就需要用到forwarder功能了。
谢谢。
Version = "0.1.2"
1.1.1.1 aa.aa
1.1.1.2 aa.aa
1.1.1.3 aa.ab
1.1.1.4 aa.ac
2.2.2.2 *.aa.ccc
2.2.2.2 bb.ccc
$ dig @localhost a.aa.ccc |grep IN
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24388
;a.aa.ccc. IN A
. 9768 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017051502 1800 900 604800 86400
$ dig @localhost aa.ccc |grep IN
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8079
;aa.ccc. IN A
. 8571 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017051502 1800 900 604800 86400
$
$ dig @localhost bb.ccc |grep IN
;; WARNING: recursion requested but not available
;bb.ccc. IN A
bb.ccc. 600 IN A 2.2.2.2
$
Expect return 2.2.2.2 for a.aa.ccc or aa.ccc, got no A record for both a.aa.ccc and aa.ccc
2017/05/16 10:15:04 [DEBUG] update hosts records from hosts
2017/05/16 10:15:07 [INFO] 127.0.0.1 lookup a.aa.ccc IN A
2017/05/16 10:15:07 [DEBUG] a.aa.ccc didn't found in hosts file
2017/05/16 10:15:07 [DEBUG] a.aa.ccc IN A didn't hit cache
2017/05/16 10:15:07 [WARN] a.aa.ccc. failed to get an valid answer on 100.100.2.138:53
2017/05/16 10:15:09 [DEBUG] update hosts records from hosts
hostname support wildcard such as *.local.example.com
refer:
#15
能不能增加TCP查询,防污染
exec ”dig www.github.com @localhost“
When a request hit in cache. The ttl of this record is a static value configured at conf file. This is an incomplete implementation, the ttl should be update dynamic.
经过我的测试,似乎还没有这个特性,我可以考虑添加一个PR完善它
第一次运行,出现以下WARN
2018/01/25 10:18:38 [WARN] Update hosts records from redis failed Redis Error: Key godns:hosts
does not exist
如果该key不存在,就初始化该Key到Redis。
Do you have an estimation when the redis cache backend will be developed? I´m looking for something like this right now, but if I have to start from scratch I'd rather use sth else than "go"...
Suggestions for redis backend:
Use limit_req
, limit_conn
, limit_rate
similar as Nginx used to defend againt DDoS attack.
Especially the DNS Refelection Attack & DNS Amplification Attack that is being rampant recently.
such as: forward demo.example.com to another cache server, than any domain of *.demo.exmaple.com will query from the special cache server.
It's not possible today to setup multiple IPs for a given domain name, it would be great if this was possible.
Any thought about that?
Regards,
-- Leo
(1)refresh redis cache when delete some records at redis.
(2)add tmp value to make makemap safety .
Output cpu and memory profile file.
我的意思是我有个域名
用这个程序能解析到特定服务器上吗?
比如:
我有一台公网服务器 server1 架设这个程序
然后我又买了个域名,domain1
然后在server1上了 配置域名domain1 解析到server2
最后我家里的电脑 home pc 通过域名 能找到这个server2吗?
I think this would be useful. :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.