emilhernvall / dnsguide Goto Github PK

A guide to writing a DNS Server from scratch in Rust

License: MIT License

rust dns udp tcp network-programming dns-server internet

dnsguide's Introduction

Building a DNS server in Rust

The internet has a rich conceptual foundation, with many exciting ideas that enable it to function as we know it. One of the really cool ones is DNS. Before it was invented, everyone on the internet - which admittedly wasn't that many at that stage - relied on a shared file called HOSTS.TXT, maintained by the Stanford Research Institute. This file was synchronized manually through FTP, and as the number of hosts grew, so did the rate of change and the unfeasibility of the system. In 1983, Paul Mockapetris set out to find a long term solution to the problem and went on to design and implement DNS. It's a testament to his genius that his creation has been able to scale from a few thousand computers to the Internet as we know it today.

With the combined goal of gaining a deep understanding of DNS, of doing something interesting with Rust, and of scratching some of my own itches, I originally set out to implement my own DNS server. This document is not a truthful chronicle of that journey, but rather an idealized version of it, without all the detours I ended up taking. We'll gradually implement a full DNS server, starting from first principles.

Samples

Each chapter has a corresponding sample which contains the full code up to that point in the guide, named sample1.rs through sample5.rs. These can be run using, for first chapter, cargo run --example sample1.

Revision History

June 2020 - Fixed a security vulnerability in read_qname which allowed for a malicious packet to trigger an infinite loop. Modernized the code to conform to current rust practices, and fixed various ugly inefficiencies.
July 2016 - Initial version

dnsguide's People

Contributors

Stargazers

Watchers

Forkers

mendrugory hreeder panickervinod pentesting yaslam-dev rushmorem neochow sunnyc7 genestevens byao001 sanketsudake hotsyk lazear lhutyra travis-joe lato lynnt hamsolodev alxndrmkd sohailnajar goldenmean58 svetlinzarev mborromeo jdlambert mesopotia armand1m heshihao0813 yoeluk simhaonline zerosign voloyev chiamakacha nabiuddin6 dollarkillerx sensor111 nickx720 raymondseger puncoz-bookmarks nsabet jackyyvan vdt adarshkhanna jitendrac bleepster coffeejunk up1 yohannist toshok tanweeralii fritexvz catorpilor intfrr simpleplan2910 kulboi rafaeljesus sthagen backwardn 0xflotus jeremybaumont dallgoot crazyguitar cprakashagr mydogger krzemienski deofly bbuneci gato clivern ydgreene enixdark midas-phoenix noxue windlessstorm joanlopez sahmmie yibit csechuan forkkit premachb obax sysbot sdmg15 soulseen iniesta8 kutsurak d3v3l0 ksharpdabu 5l1v3r1 mavjs mattisx dk26 bigyank rustyforks roki1988 irk3n-dev markhorsfield netgodfather shawvi isgasho dirbaio

dnsguide's Issues

does not give proper IP address for non google domans

`; <<>> DiG 9.16.26 <<>> @127.0.0.1 -p 2053 www.twitch.tv
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50931
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;www.twitch.tv. IN A

;; ANSWER SECTION:
www.twitch.tv. 3600 IN CNAME twitch.map.fastly.net.

;; AUTHORITY SECTION:
twitch.tv. 172800 IN NS ns-1450.awsdns-53.org.
twitch.tv. 172800 IN NS ns-1778.awsdns-30.co.uk.
twitch.tv. 172800 IN NS ns-219.awsdns-27.com.
twitch.tv. 172800 IN NS ns-664.awsdns-19.net.

;; Query time: 842 msec
;; SERVER: 127.0.0.1#2053(127.0.0.1)
;; WHEN: Mon Mar 14 00:06:10 India Standard Time 2022
;; MSG SIZE rcvd: 255`

why is this happening?

License

Forgive me if I misread, but as it is now this project doesn't seem to have a license associated with it. What do you find acceptable?

help! multithreaded server

I wanted to turn your server to a multithreaded one and I receive this error
An error occurred: Either the application has not called WSAStartup, or WSAStartup failed. (os error 10093) handle An error occurred: Either the application has not called WSAStartup, or WSAStartup failed.

I know this is not an issue with your code, help would be much appreciated

Multiple Borrowing Error!

In read_u16 and read_u32 function, multiple borrowing error is occuring. How did you compile your code?

DNS compression when writing labels

Hello. I am currently following your tutorial (great tutorial by the way), and am currently implementing the write methods for the stub resolver section. However, there is something that I don't quite understand: In chapter 1, the read_qname function implemented this label compression idea by jumping to and reusing old labels. However, in chapter two, the write_qname function doesn't implement the same idea. Did you just chose not to implement it, or is there something I am missing?

Thanks beforehand!

Caching Dns guide?

I saw in your Hermes project you have caching. I have been using your dnsguide in implementing my own DNS server in python. Are you considering adding more parts to your guide such as how you dealt with caching?

how writing iodine

How writing similar program?
https://code.kryo.se/iodine/
for example without interface. in userspace for web (www/mastodon) or communicators

Enhancement suggestion: pi-hole-like DNS blocking by blacklisting

Pi-Hole does a great job, but its implementation is not over a thread-safe and blazing fast language like Rust.
It would be awesome to see the full DNS could integrate with it, and maybe embed a port of if in the long-term future.

Thanks a lot!

Thanks a lot, with the help of you project I've been able (after some trial & error) to write my own DNS server implementation - altough I've decided to do it in C# (because that's what I'm learning right now) and not in Rust (also, copy-paste Rust code seemed too easy).
You can check it out at https://github.com/delneg/dns_server_csharp
There are also branches for each chapter, if you're interested

[bug] `netcat` usage may be inproper for GNU's `netcat` in chaper 1.

I'm following your guide on my way to implementing my rust DNS server, but serval trials with your script on catching DNS querying packets lasted an empty query-packet.txt.

nc -u -l 1053 google.com

I'm using Arch Linux and my netcat version is GNU netcat 0.7.1. The proper way to catch the packet shall be as the following script, instead.

# use `-p` option explicitly
nc -u -l -p 1053 google.com

You might be using other versions of netcat, or the (GNU version) netcat itself had an update on its CLI. After all the script does not work on my environment, please take a look.

Jump query issue

if (len & 0xC0) == 0xC0 {
                // Update the buffer position to a point past the current
                // label. We don't need to touch it any further.
                if !jumped {
                    try!(self.seek(pos+2));
                }

and

"" I mentioned earlier that each label is preceeded by a single byte length. The additional thing we need to consider is that if the two Most Significant Bits of the length is set, we can instead expect the length byte to be followed by a second byte. These two bytes taken together, and removing the two MSB's, indicate the jump position. In the example above, we've got 0xC00C. The bit pattern of the the two high bits expressed as hex is 0xC000 (in binary 11000000 00000000), so we can find the jump position by xoring our two bytes with this mask to unset them: 0xC00C ^ 0xC000 = 12. Thus we should jump to byte 12 of the packet and read from there. Recalling that the length the DNS header happens to be 12 bytes, we realize that it's instructing us to start reading from where the question part of the packet begins, which makes sense since the question starts with the query domain which in this case is "google.com". ""

Shoudnt we jump by the number indicated after the set flag? Why are we jumping from pos to pos+2 ?