dinodns's Introduction

Dino DNS

A fast and efficient DNS server and client

Overview

Dino DNS provides fast and flexible DNS client and server implementations for:

DNS-over-UDP
DNS-over-TCP
DNS-over-TLS
DNS-over-HTTPS

🤝 Licensing and Support

Dino DNS is licensed under the MIT license. It is free to use in personal and commercial projects.

There are support plans available that cover all active Turner Software OSS projects. Support plans provide private email support, expert usage advice for our projects, priority bug fixes and more. These support plans help fund our OSS commitments to provide better software for everyone.

🥇 Performance

These performance comparisons show the performance overhead of the DNS library itself and associated allocations. They do not represent the network overhead to a remote DNS servers.

The server implementation that each benchmark is performing against is Dino DNS.

DNS-over-UDP

This is your typical DNS query. While fast and efficient, it is limited by the lack of transport-layer encryption, reliable delivery and message length.

Method	Mean	Error	StdDev	Op/s	Ratio	RatioSD	Gen 0	Gen 1	Allocated
DinoDNS	90.28 us	1.066 us	0.945 us	11,077.1	1.00	0.00	0.4883	-	1,704 B
Kapetan_DNS	325.99 us	10.447 us	30.803 us	3,067.6	3.58	0.19	23.4375	0.9766	73,996 B
MichaCo_DnsClient	257.72 us	5.141 us	10.384 us	3,880.1	2.84	0.11	22.4609	-	71,640 B

DNS-over-TCP

With TCP DNS queries, there is a small overhead from negotiating the connection but otherwise is very fast. It addresses the reliable delivery and message length limitations that occur with UDP queries.

A good DNS client implementation will pool TCP sockets to avoid needing to negotiate the connection per request.

Method	Mean	Error	StdDev	Op/s	Ratio	RatioSD	Gen 0	Allocated
DinoDNS	94.99 us	1.018 us	0.902 us	10,527.1	1.00	0.00	0.4883	1,892 B
MichaCo_DnsClient	112.52 us	2.246 us	3.562 us	8,887.1	1.21	0.05	1.4648	5,064 B

⚠ Note: While Kapetan's DNS client does support TCP, it can't be benchmarked due to port exhaustion issues it has.

DNS-over-TLS

With DNS-over-TLS, you get the benefits of DNS-over-TCP with transport-layer encryption between the client and the server.

Method	Mean	Error	StdDev	Op/s	Ratio	Gen 0	Allocated
DinoDNS	126.5 us	2.09 us	1.95 us	7,908.1	1.00	0.4883	2,274 B

👋 Know of a .NET DNS-over-TLS client? Raise a PR to add it as a comparison!

DNS-over-HTTPS

An alternative to DNS-over-TLS is DNS-over-HTTPS, providing the same core functionality through a different method. This can disguise DNS traffic when performed over port 443 (the default port for HTTPS).

Method	Mean	Error	StdDev	Op/s	Ratio	Gen 0	Allocated
DinoDNS	207.2 us	3.77 us	3.52 us	4,827.1	1.00	1.4648	5,625 B

👋 Know of a .NET DNS-over-HTTPS client? Raise a PR to add it as a comparison!

⭐ Getting Started

Perform a DNS query

This is a basic query against a DNS server, retrieving "A" records to further process.

var client = new DnsClient(new NameServer[]
{
	new NameServer(IPAddress.Parse("192.168.0.1"), ConnectionType.Udp)
	NameServers.Cloudflare.IPv4.GetPrimary(ConnectionType.DoH),
}, DnsMessageOptions.Default);

var dnsMessage = await client.QueryAsync("example.org", DnsQueryType.A);
var aRecords = dnsMessage.Answers.WithARecords();

Implement a basic DNS server

This is a basic forwarding DNS server where you can, for example, have use a UDP server endpoint but forward over TLS to another name server.

public class DnsForwardingServer : DnsServerBase
{
	private readonly DnsClient Client;

	public DnsForwardingServer(
		NameServer[] nameServers,
		ServerEndPoint[] endPoints,
		DnsMessageOptions options
	) : base(endPoints, options)
	{
		Client = new DnsClient(nameServers, options);
	}

	protected override async ValueTask<int> OnReceiveAsync(ReadOnlyMemory<byte> requestBuffer, Memory<byte> responseBuffer, CancellationToken cancellationToken)
	{
		return await Client.SendAsync(requestBuffer, responseBuffer, cancellationToken).ConfigureAwait(false);
	}
}

var server = new DnsForwardingServer(
	new[] { NameServers.Cloudflare.IPv4.GetPrimary(ConnectionType.DoT) },
	new[] { new ServerEndpoint(ConnectionType.Udp) },
	DnsMessageOptions.Default
);
server.Start();

dinodns's People

Contributors

Stargazers

Watchers

dinodns's Issues

Investigate zero-configuration DNS

See: https://en.wikipedia.org/wiki/Zero-configuration_networking#DNS-based_service_discovery

Is this relevant for Dino DNS?

Investigate support for DNS updates

The DNS protocol does actually support updates directly - could be an interesting feature to implement.

Need a document about DinoDNS

I'm trying to use DinoDNS. A document would make it much easier. Is there a document introducing the classes & functions in DinoDNS?

Investigate support for DNS over TLS

See: https://en.wikipedia.org/wiki/DNS_over_TLS

Investigate support for DNS over HTTPS

See: https://en.wikipedia.org/wiki/DNS_over_HTTPS

Extended options/configuration for DoH and DoT

This issue has two parts with the general theme being extended options/configuration support.

Currently the path is hard coded to "/dns-query". While this works for Google, Cloudflare and is mentioned in the DNS-over-HTTPS RFC, not all DoH servers may use that. As long as they correspond to POST requests still, the HTTPS resolver should still be able to communicate with them if the path was set to what they use.

Current thought is a custom static method to create an instance of NameServer with options for HTTPS resolvers:

NameServer.CreateHttps(IPEndPoint, HttpsResolverOptions);

Examples of DoH servers that don't as raised to me via email (I do not know nor endorse these, they purely serve as an example of alternative DoH paths in the wild):

https://doh.applied-privacy.net/query
https://doh.cleanbrowsing.org/doh/security-filter
https://doh.cleanbrowsing.org/doh/adult-filter

Currently DNS-over-TLS doesn't allow you to easily specify the DNS host name for the resolver in terms of validating the certificate. Similar to the above with HTTPS options, a more functional way to modify options for a TLS connection would be nicer than creating a custom resolver manually.

Related #19

For the case of general nested resolving, both of these could be extended to have an async variant that allows resolving of a DNS server which would create the NameServer instance. This would need to create a one-off DNS client to somewhere to resolve it and will need to be provided a name server to connect to.

For example, something like this:

NameServer.CreateHttpsAsync(Uri httpsDnsServer, NameServer resolvedVia, HttpsResolverOptions);

Recommend Projects

turnersoftware / dinodns Goto Github PK