kamarya / dnsd Goto Github PK

DNS-over-HTTPS

License: GNU General Public License v3.0

C 93.27% Makefile 1.21% Shell 5.52%

dnsd's Introduction

DNSd

DNSd is a daemon a.k.a. service for Unix-like systems. It provides a local DNS backend complying (partially) with RFC 1035 in order to forward the queries/answers to/from Google Public DNS over HTTPS.

Google Public DNS offers DNSSEC-validating resolution over an encrypted HTTPS connection. DNS-over-HTTPS greatly enhances privacy and security between a client and a recursive resolver, and complements DNSSEC to provide end-to-end authenticated DNS lookups. -- Google Public DNS

Highlights

Ultra lightweight (disk and memory footage).
Full functionality behind the web proxy out of the box.
Minimalistic implementation approach.
Highly configurable through a simple config. file.
A Self contained package that depends only on libcurl.
Supported records are A,AAAA,CNAME,NS and MX.
Public key pinning

Build and Install

Build the software by running the following commands in the terminal.

make
make install

You may run the service in the background (as a daemon) by setting the config file path as follows.

dnsd -f /etc/dnsd.conf

After the daemon is successfully loaded, the local DNS service is available on the regular DNS port 53. If you are behind a web proxy server, you need to set its address and port in the configuration file.

If you would like to add DNSd as a service on your Linux machine, install the launcher (init and systemd) configuration files.

make linux-service
service dnsd start

For systemd you may need to run systemctl daemon-reload before starting the service.

For macOS systems install and launch the service as follows.

make macos-service
launchctl load -w /Library/LaunchDaemons/service.dnsd.plist

Obtain Public Key

openssl s_client -connect google.com:443 | openssl x509 -pubkey -noout

Verification

You can verify wether the service is accessible through

host -va github.com localhost
nslookup -port=5454 -query=mx github.com 127.0.0.1

Trying "github.com"
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61907
;; flags: qr rd; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;github.com.			IN	ANY

;; ANSWER SECTION:
github.com.		299	IN	A	192.30.253.112
github.com.		299	IN	A	192.30.253.113
github.com.		899	IN	NS	ns-1283.awsdns-32.org.
github.com.		899	IN	NS	ns-1707.awsdns-21.co.uk.
github.com.		899	IN	NS	ns-421.awsdns-52.com.
github.com.		899	IN	NS	ns-520.awsdns-01.net.
github.com.		3599	IN	MX	1 aspmx.l.google.com.
github.com.		3599	IN	MX	10 alt3.aspmx.l.google.com.
github.com.		3599	IN	MX	10 alt4.aspmx.l.google.com.
github.com.		3599	IN	MX	5 alt1.aspmx.l.google.com.
github.com.		3599	IN	MX	5 alt2.aspmx.l.google.com.

Received 390 bytes from 127.0.0.1#53 in 178 ms

License

This software is licensed under the GNU GPLv3 license.

The user of this software (including the source code and the binary form) must read and accept the terms and conditions of Google Public DNS over HTTPS before usage.

dnsd's People

Contributors

Stargazers

Watchers

Forkers

rampagex kryndex-dev erdincay cicku risyasin intika-dns-servers bash99 code3-debug

dnsd's Issues

LEDE Openwrt support suggestion

Hi, could you port it to LEDE router software - it has libcurl. It would be very useful to use this program on a router. The https://github.com/aarond10/https_dns_proxy seems to be abandoned and not working unfortunately :(

Work with nslookup but not dig

First, thanks a lots for your project! It's work but i face some problem:

nslookup -port=5553 twitter.com 127.0.0.1

Server:     127.0.0.1
Address:    127.0.0.1#5553

Non-authoritative answer:
Name:   twitter.com
Address: 104.244.42.129
Name:   twitter.com
Address: 104.244.42.193

dig @127.0.0.1 -p 5553 twitter.com

;; Warning: Message parser reports malformed message packet.

; <<>> DiG 9.10.3-P4 <<>> @127.0.0.1 -p 5553 twitter.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4363
;; flags: qr rd ad; QUERY: 1, ANSWER: 17, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; WARNING: Message has 303 extra bytes at end

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;twitter.com.           IN  A

;; ANSWER SECTION:
twitter.com.        599 IN  MX  20 alt1.aspmx.l.google.com.
twitter.com.        599 IN  MX  10 aspmx.l.google.com.
twitter.com.        599 IN  MX  20 alt2.aspmx.l.google.com.
twitter.com.        599 IN  MX  30 ASPMX3.GOOGLEMAIL.com.
twitter.com.        599 IN  MX  30 ASPMX2.GOOGLEMAIL.com.

;; Query time: 492 msec
;; SERVER: 127.0.0.1#5553(127.0.0.1)
;; WHEN: Sat Oct 29 02:10:00 CST 2016
;; MSG SIZE  rcvd: 541

I am from China, so https://dns.google.com was blocked for sure. I use https_proxy, i can confirm this proxy is work by run curl with proxy:

curl -s --proxy 127.0.0.1:7575 https://dns.google.com/resolve?name=twitter.com | jq -r '.Answer[] | "(.data)"'

104.244.42.129
104.244.42.1

I don't know why dnsd can't work with dig, any suggest?

Handles the new +edns option in dig command

It appears that newer versson of BIND's dig command now defaults to using option +edns by default which currently dnsd doesn't understand and cause dnsd to send incorrect dns query and returned unexpected answer to the dig command.

% dig @127.0.0.1 google.com A +noall +answer
;; Warning: Message parser reports malformed message packet.
google.com.             299     IN      A       216.58.196.14
google.com.             299     IN      AAAA    2404:6800:4001:806::200e
google.com.             599     IN      MX      40 alt3.aspmx.l.google.com.
google.com.             599     IN      MX      30 alt2.aspmx.l.google.com.
google.com.             21599   IN      NS      ns1.google.com.
google.com.             599     IN      MX      10 aspmx.l.google.com.
google.com.             599     IN      MX      50 alt4.aspmx.l.google.com.
google.com.             599     IN      MX      20 alt1.aspmx.l.google.com.
google.com.             21599   IN      NS      ns3.google.com.
google.com.             21599   IN      NS      ns2.google.com.

% dig @8.8.8.8 google.com A +noall +answer
google.com.             299     IN      A       172.217.31.78

With +noedns option specified, everything behaves as expected again.

% dig @127.0.0.1 google.com A +noedns +noall +answer
google.com.             136     IN      A       216.58.199.206

More info on this change:

https://deepthought.isc.org/article/AA-01059/0/Why-does-dig-report-one-more-record-in-the-additional-section-of-a-query-response-than-I-am-seeing.html

https://engineering.salesforce.com/why-is-edns-important-for-content-delivery-85f5690744ba

kamarya / dnsd Goto Github PK

dnsd's Introduction

DNSd

Highlights

Build and Install

Obtain Public Key

Verification

License

dnsd's People

Contributors

Stargazers

Watchers

Forkers

dnsd's Issues

LEDE Openwrt support suggestion

Work with nslookup but not dig

Handles the new +edns option in dig command

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs