From 368430d1998e4222fe84b87ab99d37ff263b6aca Mon Sep 17 00:00:00 2001 From: Juergen Kunz Date: Wed, 11 Feb 2026 13:02:37 +0000 Subject: [PATCH] feat(rustdns-client): add Rust DNS client binary and TypeScript IPC bridge to enable UDP and DoH resolution, RDATA decoding, and DNSSEC AD/rcode support --- changelog.md | 10 + npmextra.json | 32 +- readme.md | 1202 +++++++---------- rust/Cargo.lock | 752 ++++++++++- rust/Cargo.toml | 1 + rust/crates/rustdns-client/Cargo.toml | 20 + rust/crates/rustdns-client/src/ipc_types.rs | 94 ++ rust/crates/rustdns-client/src/main.rs | 36 + rust/crates/rustdns-client/src/management.rs | 130 ++ .../crates/rustdns-client/src/resolver_doh.rs | 75 + .../crates/rustdns-client/src/resolver_udp.rs | 193 +++ rust/crates/rustdns-protocol/src/packet.rs | 226 +++- rust/crates/rustdns-protocol/src/types.rs | 3 + test/test.client.ts | 87 +- test/test.soa.debug.ts | 111 ++ test/test.soa.timeout.ts | 121 +- ts/00_commitinfo_data.ts | 2 +- ts/readme.md | 47 + ts_client/classes.dnsclient.ts | 143 +- ts_client/classes.rustdnsclientbridge.ts | 168 +++ ts_client/index.ts | 1 + ts_client/plugins.ts | 10 +- ts_client/readme.md | 94 ++ ts_server/readme.md | 110 ++ 24 files changed, 2805 insertions(+), 863 deletions(-) create mode 100644 rust/crates/rustdns-client/Cargo.toml create mode 100644 rust/crates/rustdns-client/src/ipc_types.rs create mode 100644 rust/crates/rustdns-client/src/main.rs create mode 100644 rust/crates/rustdns-client/src/management.rs create mode 100644 rust/crates/rustdns-client/src/resolver_doh.rs create mode 100644 rust/crates/rustdns-client/src/resolver_udp.rs create mode 100644 ts/readme.md create mode 100644 ts_client/classes.rustdnsclientbridge.ts create mode 100644 ts_client/readme.md create mode 100644 ts_server/readme.md diff --git a/changelog.md b/changelog.md index 574daad..308e172 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,15 @@ # Changelog +## 2026-02-11 - 7.8.0 - feat(rustdns-client) +add Rust DNS client binary and TypeScript IPC bridge to enable UDP and DoH resolution, RDATA decoding, and DNSSEC AD/rcode support + +- Add new rust crate rustdns-client with IPC management, DoH and UDP resolvers (resolver_doh.rs, resolver_udp.rs) and ipc types +- Integrate Rust client via a new TypeScript RustDnsClientBridge that spawns rustdns-client and communicates over JSON IPC +- Expose Rust-based resolution from Smartdns (new strategies: 'udp', 'prefer-udp'; DoH routed through Rust) and add destroy() to clean up the bridge +- Extend rustdns-protocol with RDATA decoders (A, AAAA, TXT, MX, NS/CNAME/PTR name decoding, SOA, SRV), AD flag detection and rcode() helper +- Update tests to cover Rust/UDP/DoH paths, DNSSEC AD flag, SOA round-trip and performance assertions +- Update packaging/readmes and build metadata (npmextra.json, ts_client/readme, ts_server/readme) and Cargo manifests/lock for the new crate + ## 2026-02-11 - 7.7.1 - fix(tests) prune flaky SOA integration and performance tests that rely on external tools and long-running signing/serialization checks diff --git a/npmextra.json b/npmextra.json index fdc02b8..5f341f3 100644 --- a/npmextra.json +++ b/npmextra.json @@ -1,5 +1,11 @@ { - "gitzone": { + "@git.zone/tsrust": { + "targets": [ + "linux_amd64", + "linux_arm64" + ] + }, + "@git.zone/cli": { "projectType": "npm", "module": { "githost": "code.foss.global", @@ -27,20 +33,20 @@ "Domain Propagation", "DNS Server" ] + }, + "release": { + "registries": [ + "https://verdaccio.lossless.digital", + "https://registry.npmjs.org" + ], + "accessLevel": "public" } }, - "npmci": { - "npmGlobalTools": [], - "npmAccessLevel": "public", - "npmRegistryUrl": "registry.npmjs.org" - }, - "@git.zone/tsrust": { - "targets": [ - "linux_amd64", - "linux_arm64" - ] - }, - "tsdoc": { + "@git.zone/tsdoc": { "legal": "\n## License and Legal Information\n\nThis repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. \n\n**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.\n\n### Trademarks\n\nThis project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.\n\n### Company Information\n\nTask Venture Capital GmbH \nRegistered at District court Bremen HRB 35230 HB, Germany\n\nFor any legal inquiries or if you require further information, please contact us via email at hello@task.vc.\n\nBy using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.\n" + }, + "@ship.zone/szci": { + "npmGlobalTools": [], + "npmRegistryUrl": "registry.npmjs.org" } } \ No newline at end of file diff --git a/readme.md b/readme.md index 00a3397..4e6ac86 100644 --- a/readme.md +++ b/readme.md @@ -1,209 +1,80 @@ # @push.rocks/smartdns -A robust TypeScript library providing advanced DNS management and resolution capabilities including support for DNSSEC, custom DNS servers, and integration with various DNS providers. +A TypeScript-first DNS toolkit powered by high-performance Rust binaries โ€” covering everything from simple record lookups to running a full authoritative DNS server with DNSSEC, DNS-over-HTTPS, and automatic Let's Encrypt certificates. + +## Issue Reporting and Security + +For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly. ## Install -To install `@push.rocks/smartdns`, use the following command with pnpm: - ```bash -pnpm install @push.rocks/smartdns --save +pnpm install @push.rocks/smartdns ``` -Or with npm: +## Architecture at a Glance ๐Ÿ—๏ธ + +smartdns ships as **three entry points** that you can import independently: + +| Entry point | What it does | +|---|---| +| `@push.rocks/smartdns/client` | DNS resolution & record queries (UDP, DoH, system resolver) | +| `@push.rocks/smartdns/server` | Full DNS server โ€” UDP, DoH, DNSSEC, ACME | +| `@push.rocks/smartdns` | Convenience re-export of both modules | + +Both the **client** and the **server** delegate performance-critical work to compiled **Rust binaries** that ship with the package: + +- **`rustdns`** โ€” The server binary: network I/O, packet parsing, DNSSEC signing +- **`rustdns-client`** โ€” The client binary: UDP wire-format queries, RFC 8484 DoH resolution + +TypeScript retains the public API, handler registration, ACME orchestration, and strategy routing. Communication between TypeScript and Rust happens over stdin/stdout JSON IPC via [`@push.rocks/smartrust`](https://code.foss.global/push.rocks/smartrust). -```bash -npm install @push.rocks/smartdns --save ``` - -Make sure you have a TypeScript environment set up to utilize the library effectively. + โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” + โ”‚ Your Application โ”‚ + โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ + โ”‚ + โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” + โ–ผ โ–ผ + โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” + โ”‚ Smartdns Client โ”‚ โ”‚ DnsServer โ”‚ + โ”‚ (TypeScript API) โ”‚ โ”‚ (TypeScript API) โ”‚ + โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ + โ”‚ โ”‚ + โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค + โ–ผ โ–ผ โ–ผ โ–ผ โ–ผ + system Rust Rust Rust binary TS Handlers + (Node) UDP DoH (rustdns) (minimatch) + โ”‚ โ”‚ โ”‚ + โ–ผ โ–ผ โ–ผ + rustdns-client UDP / HTTPS listeners + (IPC binary) DNSSEC signing +``` ## Usage -`@push.rocks/smartdns` is a comprehensive library that provides both DNS client and server capabilities, leveraging TypeScript for enhanced development experience. The library is organized into three modules: - -- **Client Module** (`@push.rocks/smartdns/client`): DNS resolution and record queries -- **Server Module** (`@push.rocks/smartdns/server`): Full DNS server implementation with DNSSEC -- **Main Module** (`@push.rocks/smartdns`): Convenience exports for both client and server - -### Getting Started - -You can import the modules based on your needs: +### Quick Start ```typescript -// For DNS client operations +// DNS client โ€” resolve records import { Smartdns } from '@push.rocks/smartdns/client'; -// For DNS server operations +const dns = new Smartdns({}); +const records = await dns.getRecordsA('example.com'); +console.log(records); + +// DNS server โ€” serve records import { DnsServer } from '@push.rocks/smartdns/server'; -// Or import from the main module (note the different syntax) -import { dnsClientMod, dnsServerMod } from '@push.rocks/smartdns'; -const dnsClient = new dnsClientMod.Smartdns({}); -const dnsServer = new dnsServerMod.DnsServer({ /* options */ }); -``` - -### DNS Client Operations - -The DNS client (`Smartdns` class) provides methods to query various DNS record types using DNS-over-HTTPS (DoH) with Cloudflare as the primary provider, with fallback to Node.js DNS resolver. - -#### Fetching A Records - -To fetch "A" records (IPv4 addresses) for a domain: - -```typescript -import { Smartdns } from '@push.rocks/smartdns/client'; - -const dnsClient = new Smartdns({}); -const aRecords = await dnsClient.getRecordsA('example.com'); -console.log(aRecords); -// Output: [{ name: 'example.com', type: 'A', dnsSecEnabled: false, value: '93.184.215.14' }] -``` - -#### Fetching AAAA Records - -For resolving a domain to IPv6 addresses: - -```typescript -const aaaaRecords = await dnsClient.getRecordsAAAA('example.com'); -console.log(aaaaRecords); -// Output: [{ name: 'example.com', type: 'AAAA', dnsSecEnabled: false, value: '2606:2800:21f:cb07:6820:80da:af6b:8b2c' }] -``` - -#### Fetching TXT Records - -TXT records store text data, commonly used for domain verification, SPF records, and other metadata: - -```typescript -const txtRecords = await dnsClient.getRecordsTxt('example.com'); -console.log(txtRecords); -// Output: [{ name: 'example.com', type: 'TXT', dnsSecEnabled: false, value: 'v=spf1 -all' }] -``` - -#### Other Record Types - -The client supports various other DNS record types: - -```typescript -// MX records for mail servers -const mxRecords = await dnsClient.getRecords('example.com', 'MX'); - -// NS records for nameservers -const nsRecords = await dnsClient.getNameServers('example.com'); - -// Generic query method with retry support -const records = await dnsClient.getRecords('example.com', 'CNAME', { retryCount: 3 }); -``` - -### Advanced DNS Features - -#### Checking DNS Propagation - -The client provides a powerful method to verify DNS propagation globally, essential when making DNS changes: - -```typescript -// Check if a specific DNS record has propagated -const recordType = 'TXT'; -const expectedValue = 'verification=abc123'; - -const isAvailable = await dnsClient.checkUntilAvailable( - 'example.com', - recordType, - expectedValue, - 50, // Number of check cycles (default: 50) - 500 // Interval between checks in ms (default: 500) -); - -if (isAvailable) { - console.log('DNS record has propagated successfully!'); -} else { - console.log('DNS propagation timeout - record not found.'); -} -``` - -#### Configuring System DNS Provider - -You can configure Node.js to use a specific DNS provider for all DNS queries: - -```typescript -// Import the standalone function -import { makeNodeProcessUseDnsProvider } from '@push.rocks/smartdns/client'; - -// Use Cloudflare DNS for all Node.js DNS operations -makeNodeProcessUseDnsProvider('cloudflare'); - -// Or use Google DNS -makeNodeProcessUseDnsProvider('google'); -``` - -### Real-World Use Cases - -#### DNS-Based Feature Flagging - -Use TXT records for dynamic feature toggles without redeployment: - -```typescript -const txtRecords = await dnsClient.getRecordsTxt('features.example.com'); -const featureFlags = {}; - -txtRecords.forEach(record => { - // Parse TXT records like "feature-dark-mode=true" - const [feature, enabled] = record.value.split('='); - featureFlags[feature] = enabled === 'true'; -}); - -if (featureFlags['feature-dark-mode']) { - console.log('Dark mode is enabled!'); -} -``` - -#### Service Discovery - -Use DNS for service endpoint discovery: - -```typescript -// Discover API endpoints via TXT records -const serviceRecords = await dnsClient.getRecordsTxt('_services.example.com'); - -// Discover mail servers -const mxRecords = await dnsClient.getRecords('example.com', 'MX'); -const primaryMailServer = mxRecords - .sort((a, b) => a.priority - b.priority)[0]?.exchange; -``` - -### DNS Server Implementation - -The `DnsServer` class provides a full-featured DNS server with support for UDP, DNS-over-HTTPS (DoH), DNSSEC, and automatic SSL certificate management via Let's Encrypt. - -#### Basic DNS Server Setup - -Create a simple DNS server that responds to queries: - -```typescript -import { DnsServer } from '@push.rocks/smartdns/server'; - -const dnsServer = new DnsServer({ - udpPort: 5333, // UDP port for DNS queries - httpsPort: 8443, // HTTPS port for DNS-over-HTTPS - httpsKey: 'path/to/key.pem', // Required for HTTPS - httpsCert: 'path/to/cert.pem', // Required for HTTPS - dnssecZone: 'example.com' // Optional: enable DNSSEC for this zone -}); - -// For enhanced security, bind to specific interfaces -const secureServer = new DnsServer({ - udpPort: 53, - httpsPort: 443, - httpsKey: 'path/to/key.pem', - httpsCert: 'path/to/cert.pem', +const server = new DnsServer({ + udpPort: 5333, + httpsPort: 8443, + httpsKey: '...pem...', + httpsCert: '...pem...', dnssecZone: 'example.com', - udpBindInterface: '127.0.0.1', // Bind UDP to localhost only - httpsBindInterface: '127.0.0.1', // Bind HTTPS to localhost only - primaryNameserver: 'ns1.example.com' // Optional: primary nameserver for SOA records (defaults to ns1.{dnssecZone}) }); -// Register a handler for all subdomains of example.com -dnsServer.registerHandler('*.example.com', ['A'], (question) => ({ +server.registerHandler('*.example.com', ['A'], (question) => ({ name: question.name, type: 'A', class: 'IN', @@ -211,8 +82,172 @@ dnsServer.registerHandler('*.example.com', ['A'], (question) => ({ data: '192.168.1.100', })); -// Register a handler for TXT records -dnsServer.registerHandler('example.com', ['TXT'], (question) => ({ +await server.start(); +``` + +Or import from the unified entry point: + +```typescript +import { dnsClientMod, dnsServerMod } from '@push.rocks/smartdns'; + +const client = new dnsClientMod.Smartdns({}); +const server = new dnsServerMod.DnsServer({ /* ... */ }); +``` + +--- + +## ๐Ÿ” DNS Client + +The `Smartdns` class resolves DNS records using a configurable strategy that combines the system resolver, raw UDP queries, and DNS-over-HTTPS โ€” all backed by a Rust binary for the wire-format transports. + +### Constructor Options + +```typescript +interface ISmartDnsConstructorOptions { + strategy?: 'doh' | 'udp' | 'system' | 'prefer-system' | 'prefer-udp'; // default: 'prefer-system' + allowDohFallback?: boolean; // fallback to DoH when system fails (default: true) + timeoutMs?: number; // per-query timeout in milliseconds +} +``` + +### Resolution Strategies + +| Strategy | Behavior | +|---|---| +| `prefer-system` | ๐Ÿ  Try the OS resolver first, fall back to Rust DoH. Honors `/etc/hosts`. | +| `system` | ๐Ÿ  Use only the Node.js system resolver. No Rust binary needed. | +| `doh` | ๐ŸŒ Use only DNS-over-HTTPS (RFC 8484 wire format via Cloudflare). Rust-powered. | +| `udp` | โšก Use only raw UDP queries to upstream resolver (Cloudflare 1.1.1.1). Rust-powered. | +| `prefer-udp` | โšก Try Rust UDP first, fall back to Rust DoH if UDP fails. | + +The Rust binary (`rustdns-client`) is spawned **lazily** โ€” only on the first query that needs it. This means `system`-only usage incurs zero Rust overhead. + +### Querying Records + +```typescript +const dns = new Smartdns({ strategy: 'prefer-udp' }); + +// Type-specific helpers +const aRecords = await dns.getRecordsA('example.com'); +const aaaaRecords = await dns.getRecordsAAAA('example.com'); +const txtRecords = await dns.getRecordsTxt('example.com'); + +// Generic query โ€” supports A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV +const mxRecords = await dns.getRecords('example.com', 'MX'); + +// Nameserver lookup +const nameservers = await dns.getNameServers('example.com'); +``` + +Every query returns an array of `IDnsRecord`: + +```typescript +interface IDnsRecord { + name: string; + type: string; // 'A', 'AAAA', 'TXT', 'MX', etc. + dnsSecEnabled: boolean; // true if upstream AD flag was set + value: string; +} +``` + +### DNSSEC Detection ๐Ÿ” + +When using `doh`, `udp`, or `prefer-udp` strategies, the Rust binary sends queries with the EDNS0 DO (DNSSEC OK) bit set and reports the AD (Authenticated Data) flag from the upstream response: + +```typescript +const dns = new Smartdns({ strategy: 'udp' }); +const records = await dns.getRecordsA('cloudflare.com'); +console.log(records[0].dnsSecEnabled); // true โ€” upstream validated DNSSEC +``` + +### Checking DNS Propagation + +Wait for a specific record to appear โ€” essential after making DNS changes: + +```typescript +const propagated = await dns.checkUntilAvailable( + 'example.com', + 'TXT', + 'verification=abc123', + 50, // max check cycles (default: 50) + 500 // interval in ms (default: 500) +); + +if (propagated) { + console.log('Record is live!'); +} +``` + +The method alternates between system resolver and the configured strategy on each cycle for maximum coverage. + +### Configuring the System DNS Provider + +Override the global Node.js DNS resolver for all subsequent lookups: + +```typescript +import { makeNodeProcessUseDnsProvider } from '@push.rocks/smartdns/client'; + +makeNodeProcessUseDnsProvider('cloudflare'); // 1.1.1.1 / 1.0.0.1 +makeNodeProcessUseDnsProvider('google'); // 8.8.8.8 / 8.8.4.4 +``` + +### Cleanup + +When you're done with a `Smartdns` instance (especially one using Rust strategies), call `destroy()` to kill the Rust child process: + +```typescript +const dns = new Smartdns({ strategy: 'udp' }); +// ... do queries ... +dns.destroy(); // kills rustdns-client process +``` + +--- + +## ๐Ÿ–ฅ๏ธ DNS Server + +The `DnsServer` class runs a production-capable authoritative DNS server backed by a Rust binary. It supports standard UDP DNS (port 53), DNS-over-HTTPS, DNSSEC signing, and automated Let's Encrypt certificates. + +### Server Options + +```typescript +interface IDnsServerOptions { + udpPort: number; // Port for UDP DNS queries + httpsPort: number; // Port for DNS-over-HTTPS + httpsKey: string; // PEM private key (path or content) + httpsCert: string; // PEM certificate (path or content) + dnssecZone: string; // Zone for DNSSEC signing + primaryNameserver?: string; // SOA mname field (default: 'ns1.{dnssecZone}') + udpBindInterface?: string; // IP to bind UDP (default: '0.0.0.0') + httpsBindInterface?: string; // IP to bind HTTPS (default: '0.0.0.0') + manualUdpMode?: boolean; // Don't auto-bind UDP socket + manualHttpsMode?: boolean; // Don't auto-bind HTTPS server + enableLocalhostHandling?: boolean; // RFC 6761 localhost (default: true) +} +``` + +### Basic Server + +```typescript +import { DnsServer } from '@push.rocks/smartdns/server'; + +const server = new DnsServer({ + udpPort: 5333, + httpsPort: 8443, + httpsKey: '...pem...', + httpsCert: '...pem...', + dnssecZone: 'example.com', +}); + +// Register handlers +server.registerHandler('example.com', ['A'], (question) => ({ + name: question.name, + type: 'A', + class: 'IN', + ttl: 300, + data: '93.184.215.14', +})); + +server.registerHandler('example.com', ['TXT'], (question) => ({ name: question.name, type: 'TXT', class: 'IN', @@ -220,643 +255,308 @@ dnsServer.registerHandler('example.com', ['TXT'], (question) => ({ data: 'v=spf1 include:_spf.example.com ~all', })); -// Start the server -await dnsServer.start(); -console.log('DNS Server started!'); +await server.start(); +// DNS Server started (UDP: 0.0.0.0:5333, HTTPS: 0.0.0.0:8443) ``` -### SOA Records and Primary Nameserver +### Handler System ๐ŸŽฏ -The DNS server automatically generates SOA (Start of Authority) records for zones when no specific handler matches a query. The SOA record contains important zone metadata including the primary nameserver. +Handlers use **glob patterns** (via `minimatch`) to match incoming query names. Multiple handlers can contribute records to the same response. ```typescript -const dnsServer = new DnsServer({ - udpPort: 53, - httpsPort: 443, - httpsKey: 'path/to/key.pem', - httpsCert: 'path/to/cert.pem', - dnssecZone: 'example.com', - primaryNameserver: 'ns1.example.com' // Specify your actual primary nameserver +// Exact domain +server.registerHandler('example.com', ['A'], handler); + +// All subdomains +server.registerHandler('*.example.com', ['A'], handler); + +// Specific pattern +server.registerHandler('db-*.internal.example.com', ['A'], (question) => { + const id = question.name.match(/db-(\d+)/)?.[1]; + return { + name: question.name, + type: 'A', + class: 'IN', + ttl: 60, + data: `10.0.1.${id}`, + }; }); -// Without primaryNameserver, the SOA mname defaults to 'ns1.{dnssecZone}' -// In this case, it would be 'ns1.example.com' - -// The automatic SOA record includes: -// - mname: Primary nameserver (from primaryNameserver option) -// - rname: Responsible person email (hostmaster.{dnssecZone}) -// - serial: Unix timestamp -// - refresh: 3600 (1 hour) -// - retry: 600 (10 minutes) -// - expire: 604800 (7 days) -// - minimum: 86400 (1 day) -``` - -**Important**: Even if you have multiple nameservers (NS records), only one is designated as the primary in the SOA record. All authoritative nameservers should return the same SOA record. - -### DNSSEC Support - -The DNS server includes comprehensive DNSSEC support with automatic key generation and record signing: - -```typescript -import { DnsServer } from '@push.rocks/smartdns/server'; - -const dnsServer = new DnsServer({ - udpPort: 53, - httpsPort: 443, - dnssecZone: 'secure.example.com', // Enable DNSSEC for this zone -}); - -// The server automatically: -// 1. Generates DNSKEY records with ECDSA (algorithm 13) -// 2. Creates DS records for parent zone delegation -// 3. Signs all responses with RRSIG records -// 4. Provides NSEC records for authenticated denial of existence - -// Register your handlers as normal - DNSSEC signing is automatic -dnsServer.registerHandler('secure.example.com', ['A'], (question) => ({ +// Catch-all +server.registerHandler('*', ['A'], (question) => ({ name: question.name, type: 'A', class: 'IN', ttl: 300, - data: '192.168.1.1', -})); - -await dnsServer.start(); - -// Query for DNSSEC records -import { Smartdns } from '@push.rocks/smartdns/client'; -const client = new Smartdns({}); -const dnskeyRecords = await client.getRecords('secure.example.com', 'DNSKEY'); -const dsRecords = await client.getRecords('secure.example.com', 'DS'); -``` - -#### Supported DNSSEC Algorithms - -The server supports multiple DNSSEC algorithms: -- **ECDSAP256SHA256** (Algorithm 13) - Default, using P-256 curve -- **ED25519** (Algorithm 15) - Modern elliptic curve algorithm -- **RSASHA256** (Algorithm 8) - RSA-based signatures - -### Let's Encrypt Integration - -The DNS server includes built-in Let's Encrypt support for automatic SSL certificate management: - -```typescript -import { DnsServer } from '@push.rocks/smartdns/server'; - -const dnsServer = new DnsServer({ - udpPort: 53, - httpsPort: 443, - httpsKey: '/path/to/letsencrypt/key.pem', // Will be auto-generated - httpsCert: '/path/to/letsencrypt/cert.pem', // Will be auto-generated -}); - -// Retrieve Let's Encrypt certificate for your domain -const result = await dnsServer.retrieveSslCertificate( - ['secure.example.com', 'www.secure.example.com'], - { - email: 'admin@example.com', - staging: false, // Use production Let's Encrypt - certDir: './certs' - } -); - -if (result.success) { - console.log('Certificate retrieved successfully!'); -} - -// The server automatically: -// 1. Handles ACME DNS-01 challenges -// 2. Creates temporary TXT records for domain validation -// 3. Retrieves and installs the certificate -// 4. Restarts the HTTPS server with the new certificate - -await dnsServer.start(); -console.log('DNS Server with Let\'s Encrypt SSL started!'); -``` - -### Manual Socket Handling - -The DNS server supports manual socket handling for advanced use cases like clustering, load balancing, and custom transport implementations. You can control UDP and HTTPS socket handling independently. - -#### Configuration Options - -```typescript -export interface IDnsServerOptions { - httpsKey: string; // Path or content of HTTPS private key - httpsCert: string; // Path or content of HTTPS certificate - httpsPort: number; // Port for DNS-over-HTTPS - udpPort: number; // Port for standard UDP DNS - dnssecZone: string; // Zone name for DNSSEC signing - udpBindInterface?: string; // IP address to bind UDP socket (default: '0.0.0.0') - httpsBindInterface?: string; // IP address to bind HTTPS server (default: '0.0.0.0') - manualUdpMode?: boolean; // Handle UDP sockets manually - manualHttpsMode?: boolean; // Handle HTTPS sockets manually - primaryNameserver?: string; // Primary nameserver for SOA records (default: 'ns1.{dnssecZone}') -} -``` - -#### Basic Manual Socket Usage - -```typescript -import { DnsServer } from '@push.rocks/smartdns/server'; -import * as dgram from 'dgram'; -import * as net from 'net'; - -// Create server with manual UDP mode -const dnsServer = new DnsServer({ - httpsKey: '...', - httpsCert: '...', - httpsPort: 853, - udpPort: 53, - dnssecZone: 'example.com', - manualUdpMode: true // UDP manual, HTTPS automatic -}); - -await dnsServer.start(); // HTTPS binds, UDP doesn't - -// Create your own UDP socket -const udpSocket = dgram.createSocket('udp4'); - -// Handle incoming UDP messages -udpSocket.on('message', (msg, rinfo) => { - dnsServer.handleUdpMessage(msg, rinfo, (response, responseRinfo) => { - // Send response using your socket - udpSocket.send(response, responseRinfo.port, responseRinfo.address); - }); -}); - -// Bind to custom port or multiple interfaces -udpSocket.bind(5353, '0.0.0.0'); -``` - -#### Manual HTTPS Socket Handling - -```typescript -// Create server with manual HTTPS mode -const dnsServer = new DnsServer({ - httpsKey: '...', - httpsCert: '...', - httpsPort: 853, - udpPort: 53, - dnssecZone: 'example.com', - manualHttpsMode: true // HTTPS manual, UDP automatic -}); - -await dnsServer.start(); // UDP binds, HTTPS doesn't - -// Create your own TCP server -const tcpServer = net.createServer((socket) => { - // Pass TCP sockets to DNS server - dnsServer.handleHttpsSocket(socket); -}); - -tcpServer.listen(8853, '0.0.0.0'); -``` - -#### Full Manual Mode - -Control both protocols manually for complete flexibility: - -```typescript -const dnsServer = new DnsServer({ - httpsKey: '...', - httpsCert: '...', - httpsPort: 853, - udpPort: 53, - dnssecZone: 'example.com', - manualUdpMode: true, - manualHttpsMode: true -}); - -await dnsServer.start(); // Neither protocol binds - -// Set up your own socket handling for both protocols -// Perfect for custom routing, load balancing, or clustering -``` - -#### Advanced Use Cases - -##### Load Balancing Across Multiple UDP Sockets - -```typescript -// Create multiple UDP sockets for different CPU cores -const sockets = []; -const numCPUs = require('os').cpus().length; - -for (let i = 0; i < numCPUs; i++) { - const socket = dgram.createSocket({ - type: 'udp4', - reuseAddr: true // Allow multiple sockets on same port - }); - - socket.on('message', (msg, rinfo) => { - dnsServer.handleUdpMessage(msg, rinfo, (response, rinfo) => { - socket.send(response, rinfo.port, rinfo.address); - }); - }); - - socket.bind(53); - sockets.push(socket); -} -``` - -##### Clustering with Worker Processes - -```typescript -import cluster from 'cluster'; -import { DnsServer } from '@push.rocks/smartdns/server'; - -if (cluster.isPrimary) { - // Master process accepts connections - const server = net.createServer({ pauseOnConnect: true }); - - // Distribute connections to workers - server.on('connection', (socket) => { - const worker = getNextWorker(); // Round-robin or custom logic - worker.send('socket', socket); - }); - - server.listen(853); -} else { - // Worker process handles DNS - const dnsServer = new DnsServer({ - httpsKey: '...', - httpsCert: '...', - httpsPort: 853, - udpPort: 53, - dnssecZone: 'example.com', - manualHttpsMode: true - }); - - process.on('message', (msg, socket) => { - if (msg === 'socket') { - dnsServer.handleHttpsSocket(socket); - } - }); - - await dnsServer.start(); -} -``` - -##### Custom Transport Protocol - -```typescript -// Use DNS server with custom transport (e.g., WebSocket) -import WebSocket from 'ws'; - -const wss = new WebSocket.Server({ port: 8080 }); -const dnsServer = new DnsServer({ - httpsKey: '...', - httpsCert: '...', - httpsPort: 853, - udpPort: 53, - dnssecZone: 'example.com', - manualUdpMode: true, - manualHttpsMode: true -}); - -await dnsServer.start(); - -wss.on('connection', (ws) => { - ws.on('message', (data) => { - // Process DNS query from WebSocket - const response = dnsServer.processRawDnsPacket(Buffer.from(data)); - ws.send(response); - }); -}); -``` - -##### Multi-Interface Binding - -```typescript -// Bind to multiple network interfaces manually -const interfaces = [ - { address: '192.168.1.100', type: 'udp4' }, - { address: '10.0.0.50', type: 'udp4' }, - { address: '::1', type: 'udp6' } -]; - -interfaces.forEach(({ address, type }) => { - const socket = dgram.createSocket(type); - - socket.on('message', (msg, rinfo) => { - console.log(`Query received on ${address}`); - dnsServer.handleUdpMessage(msg, rinfo, (response, rinfo) => { - socket.send(response, rinfo.port, rinfo.address); - }); - }); - - socket.bind(53, address); -}); -``` - -### Handling Different Protocols - -#### UDP DNS Server - -Traditional DNS queries over UDP (port 53): - -```typescript -import { DnsServer } from '@push.rocks/smartdns/server'; -import * as plugins from '@push.rocks/smartdns/server/plugins'; - -const dnsServer = new DnsServer({ - udpPort: 5353, // Using alternate port for testing - httpsPort: 8443, - httpsKey: fs.readFileSync('/path/to/key.pem', 'utf8'), - httpsCert: fs.readFileSync('/path/to/cert.pem', 'utf8'), - dnssecZone: 'test.local' // Optional -}); - -// The UDP server automatically handles DNS packet parsing and encoding -dnsServer.registerHandler('test.local', ['A'], (question) => ({ - name: question.name, - type: 'A', - class: 'IN', - ttl: 60, data: '127.0.0.1', })); -await dnsServer.start(); +// Multiple record types +server.registerHandler('example.com', ['MX'], (question) => ({ + name: question.name, + type: 'MX', + class: 'IN', + ttl: 300, + data: { preference: 10, exchange: 'mail.example.com' }, +})); -// Test with dig or nslookup: -// dig @localhost -p 5353 test.local +// Unregister a handler +server.unregisterHandler('example.com', ['A']); ``` -#### DNS-over-HTTPS (DoH) Server +When no handler matches, the server automatically returns an **SOA record** for the zone. -Provide encrypted DNS queries over HTTPS: +### DNSSEC โœ… + +DNSSEC is enabled automatically when you set the `dnssecZone` option. The Rust backend handles: + +- **Key generation** โ€” ECDSA P-256 (algorithm 13) by default +- **DNSKEY / DS record** generation +- **RRSIG signing** for all responses +- **NSEC records** for authenticated denial of existence ```typescript -import { DnsServer } from '@push.rocks/smartdns/server'; -import * as fs from 'fs'; - -const dnsServer = new DnsServer({ - httpsPort: 8443, - httpsKey: fs.readFileSync('/path/to/key.pem', 'utf8'), - httpsCert: fs.readFileSync('/path/to/cert.pem', 'utf8'), +const server = new DnsServer({ + udpPort: 53, + httpsPort: 443, + httpsKey: '...', + httpsCert: '...', + dnssecZone: 'secure.example.com', }); -// The HTTPS server automatically handles: -// - DNS wire format in POST body -// - Proper Content-Type headers (application/dns-message) -// - Base64url encoding for GET requests - -dnsServer.registerHandler('secure.local', ['A'], (question) => ({ - name: question.name, +// Just register handlers as usual โ€” signing is automatic +server.registerHandler('secure.example.com', ['A'], (q) => ({ + name: q.name, type: 'A', - class: 'IN', + class: 'IN', ttl: 300, data: '10.0.0.1', })); -await dnsServer.start(); +await server.start(); +``` -// Test with curl: -// curl -H "Content-Type: application/dns-message" \ -// --data-binary @query.bin \ -// https://localhost:8443/dns-query +Supported algorithms: **ECDSAP256SHA256** (13), **ED25519** (15), **RSASHA256** (8). + +### SOA Records + +The server auto-generates SOA records for zones when no specific handler matches. Customize the primary nameserver: + +```typescript +const server = new DnsServer({ + // ... + dnssecZone: 'example.com', + primaryNameserver: 'ns1.example.com', // defaults to 'ns1.{dnssecZone}' +}); + +// Generated SOA includes: +// mname: ns1.example.com +// rname: hostmaster.example.com +// serial: Unix timestamp +// refresh: 3600, retry: 600, expire: 604800, minimum: 86400 +``` + +### Let's Encrypt Integration ๐Ÿ”’ + +Built-in ACME DNS-01 challenge support for automatic SSL certificates: + +```typescript +const server = new DnsServer({ + udpPort: 53, + httpsPort: 443, + httpsKey: '/path/to/key.pem', + httpsCert: '/path/to/cert.pem', + dnssecZone: 'example.com', +}); + +await server.start(); + +const result = await server.retrieveSslCertificate( + ['example.com', 'www.example.com'], + { + email: 'admin@example.com', + staging: false, + certDir: './certs', + } +); + +if (result.success) { + console.log('Certificate installed!'); + // The server automatically: + // 1. Registers temporary _acme-challenge TXT handlers + // 2. Completes DNS-01 validation + // 3. Updates the HTTPS server with the new cert + // 4. Cleans up challenge handlers +} ``` ### Interface Binding -For enhanced security and network isolation, you can bind the DNS server to specific network interfaces instead of all available interfaces. - -#### Localhost-Only Binding - -Bind to localhost for development or local-only DNS services: +Restrict the server to specific network interfaces: ```typescript -const localServer = new DnsServer({ - udpPort: 5353, - httpsPort: 8443, - httpsKey: cert.key, - httpsCert: cert.cert, - dnssecZone: 'local.test', - udpBindInterface: '127.0.0.1', // IPv4 localhost - httpsBindInterface: '127.0.0.1' +// Localhost only โ€” great for development +const server = new DnsServer({ + // ... + udpBindInterface: '127.0.0.1', + httpsBindInterface: '127.0.0.1', }); -// Or use IPv6 localhost -const ipv6LocalServer = new DnsServer({ - // ... other options - udpBindInterface: '::1', // IPv6 localhost - httpsBindInterface: '::1' +// Different interfaces per protocol +const server = new DnsServer({ + // ... + udpBindInterface: '192.168.1.100', + httpsBindInterface: '10.0.0.50', }); ``` -#### Specific Interface Binding +### Manual Socket Handling ๐Ÿ”ง -Bind to a specific network interface in multi-homed servers: +For clustering, load balancing, or custom transports, take control of socket management: ```typescript -const interfaceServer = new DnsServer({ - udpPort: 53, - httpsPort: 443, - httpsKey: cert.key, - httpsCert: cert.cert, - dnssecZone: 'example.com', - udpBindInterface: '192.168.1.100', // Specific internal interface - httpsBindInterface: '10.0.0.50' // Different interface for HTTPS +import { DnsServer } from '@push.rocks/smartdns/server'; +import * as dgram from 'dgram'; + +// Manual UDP mode โ€” you control the socket +const server = new DnsServer({ + // ... + manualUdpMode: true, }); + +await server.start(); // HTTPS auto-binds, UDP does not + +const socket = dgram.createSocket('udp4'); +socket.on('message', (msg, rinfo) => { + server.handleUdpMessage(msg, rinfo, (response, responseRinfo) => { + socket.send(response, responseRinfo.port, responseRinfo.address); + }); +}); +socket.bind(5353); ``` -#### Security Considerations - -- **Default Behavior**: If not specified, servers bind to all interfaces (`0.0.0.0`) -- **Localhost Binding**: Use `127.0.0.1` or `::1` for development and testing -- **Production**: Consider binding to specific internal interfaces for security -- **Validation**: Invalid IP addresses will throw an error during server startup - -### Advanced Handler Patterns - -#### Pattern-Based Routing - -Use glob patterns for flexible domain matching: +Full manual mode (both protocols): ```typescript -// Match all subdomains -dnsServer.registerHandler('*.example.com', ['A'], (question) => { - // Extract subdomain - const subdomain = question.name.replace('.example.com', ''); - - // Dynamic response based on subdomain - return { - name: question.name, - type: 'A', - class: 'IN', - ttl: 300, - data: subdomain === 'api' ? '10.0.0.10' : '10.0.0.1', - }; +const server = new DnsServer({ + // ... + manualUdpMode: true, + manualHttpsMode: true, }); -// Match specific patterns -dnsServer.registerHandler('db-*.service.local', ['A'], (question) => { - const instanceId = question.name.match(/db-(\d+)/)?.[1]; - return { - name: question.name, - type: 'A', - class: 'IN', - ttl: 60, - data: `10.0.1.${instanceId}`, - }; -}); - -// Catch-all handler -dnsServer.registerHandler('*', ['A'], (question) => ({ - name: question.name, - type: 'A', - class: 'IN', - ttl: 300, - data: '127.0.0.1', -})); +await server.start(); // Neither protocol binds automatically ``` -### Testing +Process individual DNS packets directly: -The library uses `@git.zone/tstest` for testing. Here's an example of comprehensive tests: +```typescript +// Synchronous (TypeScript fallback) +const response = server.processRawDnsPacket(packetBuffer); + +// Asynchronous (via Rust bridge โ€” includes DNSSEC signing) +const response = await server.processRawDnsPacketAsync(packetBuffer); +``` + +#### Load Balancing Example + +```typescript +import * as dgram from 'dgram'; +import * as os from 'os'; + +const numCPUs = os.cpus().length; + +for (let i = 0; i < numCPUs; i++) { + const socket = dgram.createSocket({ type: 'udp4', reuseAddr: true }); + + socket.on('message', (msg, rinfo) => { + server.handleUdpMessage(msg, rinfo, (response, rinfo) => { + socket.send(response, rinfo.port, rinfo.address); + }); + }); + + socket.bind(53); +} +``` + +### Stopping the Server + +```typescript +await server.stop(); +``` + +This gracefully shuts down the Rust process and releases all bound sockets. + +--- + +## ๐Ÿฆ€ Rust Crate Structure + +The Rust workspace (`rust/crates/`) contains five crates: + +| Crate | Purpose | +|---|---| +| `rustdns` | Server binary โ€” IPC management loop, handler callback routing | +| `rustdns-client` | Client binary โ€” stateless UDP/DoH query proxy | +| `rustdns-protocol` | DNS wire format parsing, encoding, and RDATA decode/encode | +| `rustdns-server` | Async UDP + HTTPS servers (tokio, hyper, rustls) | +| `rustdns-dnssec` | ECDSA/ED25519 key generation and RRset signing | + +Pre-compiled binaries for `linux_amd64` and `linux_arm64` are included in `dist_rust/`. Cross-compilation is handled by [`@git.zone/tsrust`](https://code.foss.global/git.zone/tsrust). + +--- + +## ๐Ÿงช Testing + +```bash +# Run all tests +pnpm test + +# Run specific test file +tstest test/test.client.ts --verbose +tstest test/test.server.ts --verbose +``` + +Example test: ```typescript import { expect, tap } from '@git.zone/tstest/tapbundle'; import { Smartdns } from '@push.rocks/smartdns/client'; -import { DnsServer } from '@push.rocks/smartdns/server'; -// Test DNS Client -tap.test('DNS Client - Query Records', async () => { - const dnsClient = new Smartdns({}); - - // Test A record query - const aRecords = await dnsClient.getRecordsA('google.com'); - expect(aRecords).toBeArray(); - expect(aRecords[0]).toHaveProperty('type', 'A'); - expect(aRecords[0].data).toMatch(/^\d+\.\d+\.\d+\.\d+$/); - - // Test TXT record query - const txtRecords = await dnsClient.getRecordsTxt('google.com'); - expect(txtRecords).toBeArray(); - expect(txtRecords[0]).toHaveProperty('type', 'TXT'); +tap.test('resolve A records via UDP', async () => { + const dns = new Smartdns({ strategy: 'udp' }); + const records = await dns.getRecordsA('google.com'); + expect(records).toBeArray(); + expect(records[0]).toHaveProperty('type', 'A'); + expect(records[0]).toHaveProperty('value'); + dns.destroy(); }); -// Test DNS Server -let dnsServer: DnsServer; - -tap.test('DNS Server - Setup and Start', async () => { - dnsServer = new DnsServer({ - udpPort: 5353, - httpsPort: 8443, - httpsKey: 'test-key', // Use test certificates - httpsCert: 'test-cert', - dnssecZone: 'test.local' - }); - - expect(dnsServer).toBeInstanceOf(DnsServer); - await dnsServer.start(); +tap.test('detect DNSSEC via DoH', async () => { + const dns = new Smartdns({ strategy: 'doh' }); + const records = await dns.getRecordsA('cloudflare.com'); + expect(records[0].dnsSecEnabled).toBeTrue(); + dns.destroy(); }); -tap.test('DNS Server - Register Handlers', async () => { - // Register multiple handlers - dnsServer.registerHandler('test.local', ['A'], () => ({ - name: 'test.local', - type: 'A', - class: 'IN', - ttl: 300, - data: '127.0.0.1', - })); - - dnsServer.registerHandler('*.test.local', ['A'], (question) => ({ - name: question.name, - type: 'A', - class: 'IN', - ttl: 60, - data: '127.0.0.2', - })); -}); - -tap.test('DNS Server - Query via UDP', async (tools) => { - const dnsPacket = (await import('dns-packet')).default; - const dgram = await import('dgram'); - - const query = dnsPacket.encode({ - type: 'query', - id: 1234, - questions: [{ - type: 'A', - class: 'IN', - name: 'test.local', - }], - }); - - const client = dgram.createSocket('udp4'); - const done = tools.defer(); - - client.on('message', (msg) => { - const response = dnsPacket.decode(msg); - expect(response.answers[0].data).toEqual('127.0.0.1'); - client.close(); - done.resolve(); - }); - - client.send(query, 5353, 'localhost'); // Use the port specified during server creation - await done.promise; -}); - -tap.test('DNS Server - Cleanup', async () => { - await dnsServer.stop(); -}); - -// Run tests -await tap.start(); +export default tap.start(); ``` -### Best Practices - -1. **Port Selection**: Use non-privileged ports (>1024) during development -2. **Handler Organization**: Group related handlers together -3. **Error Handling**: Always handle DNS query errors gracefully -4. **DNSSEC**: Enable DNSSEC for production deployments -5. **Monitoring**: Log DNS queries for debugging and analytics -6. **Rate Limiting**: Implement rate limiting for public DNS servers -7. **Caching**: Respect TTL values and implement proper caching -8. **Manual Sockets**: Use manual socket handling for clustering and load balancing - -### Performance Considerations - -- The DNS client uses HTTP keep-alive for connection reuse -- The DNS server handles concurrent UDP and HTTPS requests efficiently -- DNSSEC signatures are generated on-demand to reduce memory usage -- Pattern matching uses caching for improved performance -- Manual socket handling enables horizontal scaling across CPU cores - -### Security Considerations - -- Always use DNSSEC for authenticated responses -- Enable DoH for encrypted DNS queries -- Validate and sanitize all DNS inputs -- Implement access controls for DNS server handlers -- Use Let's Encrypt for automatic SSL certificate management -- Never expose internal network information through DNS -- Bind to specific interfaces in production environments -- Use manual socket handling for custom security layers - -This comprehensive library provides everything needed for both DNS client operations and running production-grade DNS servers with modern security features in TypeScript. - ## License and Legal Information -This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license.md) file within this repository. +This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](./LICENSE) file. **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. ### Trademarks -This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH. +This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein. + +Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar. ### Company Information -Task Venture Capital GmbH -Registered at District court Bremen HRB 35230 HB, Germany +Task Venture Capital GmbH +Registered at District Court Bremen HRB 35230 HB, Germany -For any legal inquiries or if you require further information, please contact us via email at hello@task.vc. +For any legal inquiries or further information, please contact us via email at hello@task.vc. -By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works. \ No newline at end of file +By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works. diff --git a/rust/Cargo.lock b/rust/Cargo.lock index e257633..8f69399 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -113,6 +113,12 @@ dependencies = [ "generic-array", ] +[[package]] +name = "bumpalo" +version = "3.19.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dd9dc738b7a8311c7ade152424974d8115f2cdad61e8dab8dac9f2362298510" + [[package]] name = "bytes" version = "1.11.1" @@ -137,6 +143,12 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" +[[package]] +name = "cfg_aliases" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" + [[package]] name = "clap" version = "4.5.57" @@ -220,7 +232,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" dependencies = [ "generic-array", - "rand_core", + "rand_core 0.6.4", "subtle", "zeroize", ] @@ -299,6 +311,17 @@ dependencies = [ "subtle", ] +[[package]] +name = "displaydoc" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "dunce" version = "1.0.5" @@ -337,7 +360,7 @@ checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9" dependencies = [ "curve25519-dalek", "ed25519", - "rand_core", + "rand_core 0.6.4", "serde", "sha2", "subtle", @@ -358,7 +381,7 @@ dependencies = [ "group", "pem-rfc7468", "pkcs8", - "rand_core", + "rand_core 0.6.4", "sec1", "subtle", "zeroize", @@ -380,7 +403,7 @@ version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" dependencies = [ - "rand_core", + "rand_core 0.6.4", "subtle", ] @@ -396,6 +419,15 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582" +[[package]] +name = "form_urlencoded" +version = "1.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf" +dependencies = [ + "percent-encoding", +] + [[package]] name = "fs_extra" version = "1.3.0" @@ -417,6 +449,25 @@ version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "05f29059c0c2090612e8d742178b0580d2dc940c837851ad723096f87af6663e" +[[package]] +name = "futures-task" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f90f7dce0722e95104fcb095585910c0977252f286e354b5e3bd38902cd99988" + +[[package]] +name = "futures-util" +version = "0.3.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fa08315bb612088cc391249efdc3bc77536f16c91f6cf495e6fbe85b20a4a81" +dependencies = [ + "futures-core", + "futures-task", + "pin-project-lite", + "pin-utils", + "slab", +] + [[package]] name = "generic-array" version = "0.14.9" @@ -435,8 +486,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0" dependencies = [ "cfg-if", + "js-sys", "libc", "wasi", + "wasm-bindgen", ] [[package]] @@ -446,9 +499,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" dependencies = [ "cfg-if", + "js-sys", "libc", "r-efi", "wasip2", + "wasm-bindgen", ] [[package]] @@ -458,7 +513,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ "ff", - "rand_core", + "rand_core 0.6.4", "subtle", ] @@ -547,6 +602,24 @@ dependencies = [ "pin-utils", "smallvec", "tokio", + "want", +] + +[[package]] +name = "hyper-rustls" +version = "0.27.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58" +dependencies = [ + "http", + "hyper", + "hyper-util", + "rustls", + "rustls-pki-types", + "tokio", + "tokio-rustls", + "tower-service", + "webpki-roots", ] [[package]] @@ -555,12 +628,139 @@ version = "0.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0" dependencies = [ + "base64", "bytes", + "futures-channel", + "futures-util", "http", "http-body", "hyper", + "ipnet", + "libc", + "percent-encoding", "pin-project-lite", + "socket2", "tokio", + "tower-service", + "tracing", +] + +[[package]] +name = "icu_collections" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c6b649701667bbe825c3b7e6388cb521c23d88644678e83c0c4d0a621a34b43" +dependencies = [ + "displaydoc", + "potential_utf", + "yoke", + "zerofrom", + "zerovec", +] + +[[package]] +name = "icu_locale_core" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "edba7861004dd3714265b4db54a3c390e880ab658fec5f7db895fae2046b5bb6" +dependencies = [ + "displaydoc", + "litemap", + "tinystr", + "writeable", + "zerovec", +] + +[[package]] +name = "icu_normalizer" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f6c8828b67bf8908d82127b2054ea1b4427ff0230ee9141c54251934ab1b599" +dependencies = [ + "icu_collections", + "icu_normalizer_data", + "icu_properties", + "icu_provider", + "smallvec", + "zerovec", +] + +[[package]] +name = "icu_normalizer_data" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7aedcccd01fc5fe81e6b489c15b247b8b0690feb23304303a9e560f37efc560a" + +[[package]] +name = "icu_properties" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "020bfc02fe870ec3a66d93e677ccca0562506e5872c650f893269e08615d74ec" +dependencies = [ + "icu_collections", + "icu_locale_core", + "icu_properties_data", + "icu_provider", + "zerotrie", + "zerovec", +] + +[[package]] +name = "icu_properties_data" +version = "2.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "616c294cf8d725c6afcd8f55abc17c56464ef6211f9ed59cccffe534129c77af" + +[[package]] +name = "icu_provider" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85962cf0ce02e1e0a629cc34e7ca3e373ce20dda4c4d7294bbd0bf1fdb59e614" +dependencies = [ + "displaydoc", + "icu_locale_core", + "writeable", + "yoke", + "zerofrom", + "zerotrie", + "zerovec", +] + +[[package]] +name = "idna" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de" +dependencies = [ + "idna_adapter", + "smallvec", + "utf8_iter", +] + +[[package]] +name = "idna_adapter" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344" +dependencies = [ + "icu_normalizer", + "icu_properties", +] + +[[package]] +name = "ipnet" +version = "2.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "469fb0b9cefa57e3ef31275ee7cacb78f2fdca44e4765491884a2b119d4eb130" + +[[package]] +name = "iri-string" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c91338f0783edbd6195decb37bae672fd3b165faffb89bf7b9e6942f8b1a731a" +dependencies = [ + "memchr", + "serde", ] [[package]] @@ -585,6 +785,16 @@ dependencies = [ "libc", ] +[[package]] +name = "js-sys" +version = "0.3.85" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c942ebf8e95485ca0d52d97da7c5a2c387d0e7f0ba4c35e93bfcaee045955b3" +dependencies = [ + "once_cell", + "wasm-bindgen", +] + [[package]] name = "lazy_static" version = "1.5.0" @@ -597,6 +807,12 @@ version = "0.2.181" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "459427e2af2b9c839b132acb702a1c654d95e10f8c326bfc2ad11310e458b1c5" +[[package]] +name = "litemap" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6373607a59f0be73a39b6fe456b8192fcc3585f602af20751600e974dd455e77" + [[package]] name = "lock_api" version = "0.4.14" @@ -612,6 +828,12 @@ version = "0.4.29" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" +[[package]] +name = "lru-slab" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "112b39cec0b298b6c1999fee3e31427f74f676e4cb9879ed1a121b43661a4154" + [[package]] name = "memchr" version = "2.8.0" @@ -694,6 +916,12 @@ dependencies = [ "base64ct", ] +[[package]] +name = "percent-encoding" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220" + [[package]] name = "pin-project-lite" version = "0.2.16" @@ -716,6 +944,15 @@ dependencies = [ "spki", ] +[[package]] +name = "potential_utf" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b73949432f5e2a09657003c25bca5e19a0e9c84f8058ca374f49e0ebe605af77" +dependencies = [ + "zerovec", +] + [[package]] name = "ppv-lite86" version = "0.2.21" @@ -743,6 +980,61 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "quinn" +version = "0.11.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20" +dependencies = [ + "bytes", + "cfg_aliases", + "pin-project-lite", + "quinn-proto", + "quinn-udp", + "rustc-hash", + "rustls", + "socket2", + "thiserror", + "tokio", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-proto" +version = "0.11.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1906b49b0c3bc04b5fe5d86a77925ae6524a19b816ae38ce1e426255f1d8a31" +dependencies = [ + "bytes", + "getrandom 0.3.4", + "lru-slab", + "rand 0.9.2", + "ring", + "rustc-hash", + "rustls", + "rustls-pki-types", + "slab", + "thiserror", + "tinyvec", + "tracing", + "web-time", +] + +[[package]] +name = "quinn-udp" +version = "0.5.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "addec6a0dcad8a8d96a771f815f0eaf55f9d1805756410b39f5fa81332574cbd" +dependencies = [ + "cfg_aliases", + "libc", + "once_cell", + "socket2", + "tracing", + "windows-sys 0.60.2", +] + [[package]] name = "quote" version = "1.0.44" @@ -765,8 +1057,18 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", - "rand_chacha", - "rand_core", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.5", ] [[package]] @@ -776,7 +1078,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" dependencies = [ "ppv-lite86", - "rand_core", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.5", ] [[package]] @@ -788,6 +1100,15 @@ dependencies = [ "getrandom 0.2.17", ] +[[package]] +name = "rand_core" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c" +dependencies = [ + "getrandom 0.3.4", +] + [[package]] name = "redox_syscall" version = "0.5.18" @@ -797,6 +1118,44 @@ dependencies = [ "bitflags", ] +[[package]] +name = "reqwest" +version = "0.12.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147" +dependencies = [ + "base64", + "bytes", + "futures-core", + "http", + "http-body", + "http-body-util", + "hyper", + "hyper-rustls", + "hyper-util", + "js-sys", + "log", + "percent-encoding", + "pin-project-lite", + "quinn", + "rustls", + "rustls-pki-types", + "serde", + "serde_json", + "serde_urlencoded", + "sync_wrapper", + "tokio", + "tokio-rustls", + "tower", + "tower-http", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", + "webpki-roots", +] + [[package]] name = "rfc6979" version = "0.4.0" @@ -821,6 +1180,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + [[package]] name = "rustc_version" version = "0.4.1" @@ -848,13 +1213,29 @@ dependencies = [ "tracing-subscriber", ] +[[package]] +name = "rustdns-client" +version = "0.1.0" +dependencies = [ + "clap", + "rand 0.9.2", + "reqwest", + "rustdns-protocol", + "rustls", + "serde", + "serde_json", + "tokio", + "tracing", + "tracing-subscriber", +] + [[package]] name = "rustdns-dnssec" version = "0.1.0" dependencies = [ "ed25519-dalek", "p256", - "rand", + "rand 0.8.5", "rustdns-protocol", "sha2", ] @@ -911,6 +1292,7 @@ version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd" dependencies = [ + "web-time", "zeroize", ] @@ -926,6 +1308,18 @@ dependencies = [ "untrusted", ] +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "ryu" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" + [[package]] name = "scopeguard" version = "1.2.0" @@ -995,6 +1389,18 @@ dependencies = [ "zmij", ] +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + [[package]] name = "sha2" version = "0.10.9" @@ -1038,9 +1444,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" dependencies = [ "digest", - "rand_core", + "rand_core 0.6.4", ] +[[package]] +name = "slab" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5" + [[package]] name = "smallvec" version = "1.15.1" @@ -1067,6 +1479,12 @@ dependencies = [ "der", ] +[[package]] +name = "stable_deref_trait" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" + [[package]] name = "strsim" version = "0.11.1" @@ -1090,6 +1508,46 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "sync_wrapper" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263" +dependencies = [ + "futures-core", +] + +[[package]] +name = "synstructure" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "thiserror" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4" +dependencies = [ + "thiserror-impl", +] + +[[package]] +name = "thiserror-impl" +version = "2.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "thread_local" version = "1.1.9" @@ -1099,6 +1557,31 @@ dependencies = [ "cfg-if", ] +[[package]] +name = "tinystr" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42d3e9c45c09de15d06dd8acf5f4e0e399e85927b7f00711024eb7ae10fa4869" +dependencies = [ + "displaydoc", + "zerovec", +] + +[[package]] +name = "tinyvec" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa5fdc3bce6191a1dbc8c02d5c8bffcf557bafa17c124c5264a458f1b0613fa" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + [[package]] name = "tokio" version = "1.49.0" @@ -1137,6 +1620,51 @@ dependencies = [ "tokio", ] +[[package]] +name = "tower" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4" +dependencies = [ + "futures-core", + "futures-util", + "pin-project-lite", + "sync_wrapper", + "tokio", + "tower-layer", + "tower-service", +] + +[[package]] +name = "tower-http" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" +dependencies = [ + "bitflags", + "bytes", + "futures-util", + "http", + "http-body", + "iri-string", + "pin-project-lite", + "tower", + "tower-layer", + "tower-service", +] + +[[package]] +name = "tower-layer" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e" + +[[package]] +name = "tower-service" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3" + [[package]] name = "tracing" version = "0.1.44" @@ -1194,6 +1722,12 @@ dependencies = [ "tracing-log", ] +[[package]] +name = "try-lock" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" + [[package]] name = "typenum" version = "1.19.0" @@ -1212,6 +1746,24 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "url" +version = "2.5.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", + "serde", +] + +[[package]] +name = "utf8_iter" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" + [[package]] name = "utf8parse" version = "0.2.2" @@ -1230,6 +1782,15 @@ version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" +[[package]] +name = "want" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" +dependencies = [ + "try-lock", +] + [[package]] name = "wasi" version = "0.11.1+wasi-snapshot-preview1" @@ -1245,6 +1806,94 @@ dependencies = [ "wit-bindgen", ] +[[package]] +name = "wasm-bindgen" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "64024a30ec1e37399cf85a7ffefebdb72205ca1c972291c51512360d90bd8566" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.58" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70a6e77fd0ae8029c9ea0063f87c46fde723e7d887703d74ad2616d792e51e6f" +dependencies = [ + "cfg-if", + "futures-util", + "js-sys", + "once_cell", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "008b239d9c740232e71bd39e8ef6429d27097518b6b30bdf9086833bd5b6d608" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5256bae2d58f54820e6490f9839c49780dff84c65aeab9e772f15d5f0e913a55" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.108" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f01b580c9ac74c8d8f0c0e4afb04eeef2acf145458e52c03845ee9cd23e3d12" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "web-sys" +version = "0.3.85" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "312e32e551d92129218ea9a2452120f4aabc03529ef03e4d0d82fb2780608598" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "webpki-roots" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22cfaf3c063993ff62e73cb4311efde4db1efb31ab78a3e5c457939ad5cc0bed" +dependencies = [ + "rustls-pki-types", +] + [[package]] name = "windows-link" version = "0.2.1" @@ -1413,6 +2062,35 @@ version = "0.51.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +[[package]] +name = "writeable" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9edde0db4769d2dc68579893f2306b26c6ecfbe0ef499b013d731b7b9247e0b9" + +[[package]] +name = "yoke" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72d6e5c6afb84d73944e5cedb052c4680d5657337201555f9f2a16b7406d4954" +dependencies = [ + "stable_deref_trait", + "yoke-derive", + "zerofrom", +] + +[[package]] +name = "yoke-derive" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b659052874eb698efe5b9e8cf382204678a0086ebf46982b79d6ca3182927e5d" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + [[package]] name = "zerocopy" version = "0.8.39" @@ -1433,12 +2111,66 @@ dependencies = [ "syn", ] +[[package]] +name = "zerofrom" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "50cc42e0333e05660c3587f3bf9d0478688e15d870fab3346451ce7f8c9fbea5" +dependencies = [ + "zerofrom-derive", +] + +[[package]] +name = "zerofrom-derive" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d71e5d6e06ab090c67b5e44993ec16b72dcbaabc526db883a360057678b48502" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "synstructure", +] + [[package]] name = "zeroize" version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +[[package]] +name = "zerotrie" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2a59c17a5562d507e4b54960e8569ebee33bee890c70aa3fe7b97e85a9fd7851" +dependencies = [ + "displaydoc", + "yoke", + "zerofrom", +] + +[[package]] +name = "zerovec" +version = "0.11.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c28719294829477f525be0186d13efa9a3c602f7ec202ca9e353d310fb9a002" +dependencies = [ + "yoke", + "zerofrom", + "zerovec-derive", +] + +[[package]] +name = "zerovec-derive" +version = "0.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eadce39539ca5cb3985590102671f2567e659fca9666581ad3411d59207951f3" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "zmij" version = "1.0.20" diff --git a/rust/Cargo.toml b/rust/Cargo.toml index 7d4db99..43b69e3 100644 --- a/rust/Cargo.toml +++ b/rust/Cargo.toml @@ -5,4 +5,5 @@ members = [ "crates/rustdns-protocol", "crates/rustdns-server", "crates/rustdns-dnssec", + "crates/rustdns-client", ] diff --git a/rust/crates/rustdns-client/Cargo.toml b/rust/crates/rustdns-client/Cargo.toml new file mode 100644 index 0000000..50d5b13 --- /dev/null +++ b/rust/crates/rustdns-client/Cargo.toml @@ -0,0 +1,20 @@ +[package] +name = "rustdns-client" +version = "0.1.0" +edition = "2021" + +[[bin]] +name = "rustdns-client" +path = "src/main.rs" + +[dependencies] +rustdns-protocol = { path = "../rustdns-protocol" } +tokio = { version = "1", features = ["full"] } +serde = { version = "1", features = ["derive"] } +serde_json = "1" +clap = { version = "4", features = ["derive"] } +tracing = "0.1" +tracing-subscriber = "0.3" +reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"] } +rustls = { version = "0.23", features = ["ring"] } +rand = "0.9" diff --git a/rust/crates/rustdns-client/src/ipc_types.rs b/rust/crates/rustdns-client/src/ipc_types.rs new file mode 100644 index 0000000..7a3eeaa --- /dev/null +++ b/rust/crates/rustdns-client/src/ipc_types.rs @@ -0,0 +1,94 @@ +use serde::{Deserialize, Serialize}; + +/// IPC request from TypeScript to Rust (via stdin). +#[derive(Debug, Deserialize)] +pub struct IpcRequest { + pub id: String, + pub method: String, + #[serde(default)] + pub params: serde_json::Value, +} + +/// IPC response from Rust to TypeScript (via stdout). +#[derive(Debug, Serialize)] +pub struct IpcResponse { + pub id: String, + pub success: bool, + #[serde(skip_serializing_if = "Option::is_none")] + pub result: Option, + #[serde(skip_serializing_if = "Option::is_none")] + pub error: Option, +} + +impl IpcResponse { + pub fn ok(id: String, result: serde_json::Value) -> Self { + IpcResponse { + id, + success: true, + result: Some(result), + error: None, + } + } + + pub fn err(id: String, error: String) -> Self { + IpcResponse { + id, + success: false, + result: None, + error: Some(error), + } + } +} + +/// IPC event from Rust to TypeScript (unsolicited, no id). +#[derive(Debug, Serialize)] +pub struct IpcEvent { + pub event: String, + pub data: serde_json::Value, +} + +/// Parameters for a DNS resolve request. +#[derive(Debug, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct ResolveParams { + pub name: String, + pub record_type: String, + pub protocol: String, + #[serde(default = "default_server_addr")] + pub server_addr: String, + #[serde(default = "default_doh_url")] + pub doh_url: String, + #[serde(default = "default_timeout_ms")] + pub timeout_ms: u64, +} + +fn default_server_addr() -> String { + "1.1.1.1:53".to_string() +} + +fn default_doh_url() -> String { + "https://cloudflare-dns.com/dns-query".to_string() +} + +fn default_timeout_ms() -> u64 { + 5000 +} + +/// A single DNS answer record sent back to TypeScript. +#[derive(Debug, Serialize, Clone)] +pub struct ClientDnsAnswer { + pub name: String, + #[serde(rename = "type")] + pub rtype: String, + pub ttl: u32, + pub value: String, +} + +/// Result of a DNS resolve request. +#[derive(Debug, Serialize)] +#[serde(rename_all = "camelCase")] +pub struct ResolveResult { + pub answers: Vec, + pub ad_flag: bool, + pub rcode: u8, +} diff --git a/rust/crates/rustdns-client/src/main.rs b/rust/crates/rustdns-client/src/main.rs new file mode 100644 index 0000000..85ee1e8 --- /dev/null +++ b/rust/crates/rustdns-client/src/main.rs @@ -0,0 +1,36 @@ +use clap::Parser; + +mod ipc_types; +mod management; +mod resolver_doh; +mod resolver_udp; + +#[derive(Parser, Debug)] +#[command(name = "rustdns-client", about = "Rust DNS client with IPC management")] +struct Cli { + /// Run in management mode (IPC via stdin/stdout) + #[arg(long)] + management: bool, +} + +#[tokio::main] +async fn main() -> Result<(), Box> { + // Install the default rustls crypto provider (ring) before any TLS operations + let _ = rustls::crypto::ring::default_provider().install_default(); + + let cli = Cli::parse(); + + // Tracing writes to stderr so stdout is reserved for IPC + tracing_subscriber::fmt() + .with_writer(std::io::stderr) + .init(); + + if cli.management { + management::management_loop().await?; + } else { + eprintln!("rustdns-client: use --management flag for IPC mode"); + std::process::exit(1); + } + + Ok(()) +} diff --git a/rust/crates/rustdns-client/src/management.rs b/rust/crates/rustdns-client/src/management.rs new file mode 100644 index 0000000..4b80d4a --- /dev/null +++ b/rust/crates/rustdns-client/src/management.rs @@ -0,0 +1,130 @@ +use crate::ipc_types::*; +use crate::resolver_doh; +use crate::resolver_udp; +use std::io::{self, BufRead, Write}; +use tokio::sync::mpsc; +use tracing::{error, info}; + +/// Emit a JSON event on stdout. +fn send_event(event: &str, data: serde_json::Value) { + let evt = IpcEvent { + event: event.to_string(), + data, + }; + let json = serde_json::to_string(&evt).unwrap(); + let stdout = io::stdout(); + let mut lock = stdout.lock(); + let _ = writeln!(lock, "{}", json); + let _ = lock.flush(); +} + +/// Send a JSON response on stdout. +fn send_response(response: &IpcResponse) { + let json = serde_json::to_string(response).unwrap(); + let stdout = io::stdout(); + let mut lock = stdout.lock(); + let _ = writeln!(lock, "{}", json); + let _ = lock.flush(); +} + +/// Main management loop โ€” reads JSON lines from stdin, dispatches commands. +pub async fn management_loop() -> Result<(), Box> { + // Emit ready event + send_event( + "ready", + serde_json::json!({ + "version": env!("CARGO_PKG_VERSION") + }), + ); + + // Create a shared HTTP client for DoH connection pooling + let http_client = reqwest::Client::builder() + .use_rustls_tls() + .build() + .map_err(|e| format!("Failed to create HTTP client: {}", e))?; + + // Channel for stdin commands (read in blocking thread) + let (cmd_tx, mut cmd_rx) = mpsc::channel::(256); + + // Spawn blocking stdin reader + std::thread::spawn(move || { + let stdin = io::stdin(); + let reader = stdin.lock(); + for line in reader.lines() { + match line { + Ok(l) => { + if cmd_tx.blocking_send(l).is_err() { + break; // channel closed + } + } + Err(_) => break, // stdin closed + } + } + }); + + loop { + match cmd_rx.recv().await { + Some(line) => { + let request: IpcRequest = match serde_json::from_str(&line) { + Ok(r) => r, + Err(e) => { + error!("Failed to parse IPC request: {}", e); + continue; + } + }; + + let response = handle_request(&request, &http_client).await; + send_response(&response); + } + None => { + // stdin closed โ€” parent process exited + info!("stdin closed, shutting down"); + break; + } + } + } + + Ok(()) +} + +async fn handle_request(request: &IpcRequest, http_client: &reqwest::Client) -> IpcResponse { + let id = request.id.clone(); + + match request.method.as_str() { + "ping" => IpcResponse::ok(id, serde_json::json!({ "pong": true })), + + "resolve" => handle_resolve(id, &request.params, http_client).await, + + _ => IpcResponse::err(id, format!("Unknown method: {}", request.method)), + } +} + +async fn handle_resolve( + id: String, + params: &serde_json::Value, + http_client: &reqwest::Client, +) -> IpcResponse { + let resolve_params: ResolveParams = match serde_json::from_value(params.clone()) { + Ok(p) => p, + Err(e) => return IpcResponse::err(id, format!("Invalid resolve params: {}", e)), + }; + + let result = match resolve_params.protocol.as_str() { + "udp" => resolver_udp::resolve_udp(&resolve_params).await, + "doh" => resolver_doh::resolve_doh(&resolve_params, http_client).await, + other => { + return IpcResponse::err( + id, + format!("Unknown protocol '{}'. Use 'udp' or 'doh'.", other), + ); + } + }; + + match result { + Ok(resolve_result) => { + let result_json = serde_json::to_value(&resolve_result).unwrap(); + IpcResponse::ok(id, result_json) + } + Err(e) => IpcResponse::err(id, e), + } +} diff --git a/rust/crates/rustdns-client/src/resolver_doh.rs b/rust/crates/rustdns-client/src/resolver_doh.rs new file mode 100644 index 0000000..fd6b97b --- /dev/null +++ b/rust/crates/rustdns-client/src/resolver_doh.rs @@ -0,0 +1,75 @@ +use crate::ipc_types::{ResolveParams, ResolveResult}; +use crate::resolver_udp::decode_answers; +use rustdns_protocol::packet::{DnsPacket, DnsQuestion}; +use rustdns_protocol::types::{QClass, QType, EDNS_DO_BIT, FLAG_RD}; +use std::time::Duration; +use tracing::debug; + +/// Resolve a DNS query via DNS-over-HTTPS (RFC 8484 wire format). +pub async fn resolve_doh( + params: &ResolveParams, + http_client: &reqwest::Client, +) -> Result { + let qtype = QType::from_str(¶ms.record_type); + let id: u16 = rand::random(); + + // Build query packet (same as UDP) + let mut query = DnsPacket::new_query(id); + query.flags = FLAG_RD; + query.questions.push(DnsQuestion { + name: params.name.clone(), + qtype, + qclass: QClass::IN, + }); + + // Add OPT record with DO bit for DNSSEC + query.additionals.push(rustdns_protocol::packet::DnsRecord { + name: ".".to_string(), + rtype: QType::OPT, + rclass: QClass::from_u16(4096), + ttl: 0, + rdata: vec![], + opt_flags: Some(EDNS_DO_BIT), + }); + + let query_bytes = query.encode(); + let timeout = Duration::from_millis(params.timeout_ms); + + let response = http_client + .post(¶ms.doh_url) + .header("Content-Type", "application/dns-message") + .header("Accept", "application/dns-message") + .body(query_bytes) + .timeout(timeout) + .send() + .await + .map_err(|e| format!("DoH request failed: {}", e))?; + + if !response.status().is_success() { + return Err(format!("DoH server returned status {}", response.status())); + } + + let response_bytes = response + .bytes() + .await + .map_err(|e| format!("Failed to read DoH response body: {}", e))?; + + let dns_response = DnsPacket::parse(&response_bytes) + .map_err(|e| format!("Failed to parse DoH response: {}", e))?; + + debug!( + "DoH response: id={}, rcode={}, answers={}, ad={}", + dns_response.id, + dns_response.rcode(), + dns_response.answers.len(), + dns_response.has_ad_flag() + ); + + let answers = decode_answers(&dns_response.answers, &response_bytes); + + Ok(ResolveResult { + answers, + ad_flag: dns_response.has_ad_flag(), + rcode: dns_response.rcode(), + }) +} diff --git a/rust/crates/rustdns-client/src/resolver_udp.rs b/rust/crates/rustdns-client/src/resolver_udp.rs new file mode 100644 index 0000000..c6aef37 --- /dev/null +++ b/rust/crates/rustdns-client/src/resolver_udp.rs @@ -0,0 +1,193 @@ +use crate::ipc_types::{ClientDnsAnswer, ResolveParams, ResolveResult}; +use rustdns_protocol::packet::{ + decode_a, decode_aaaa, decode_mx, decode_name_rdata, decode_soa, decode_srv, decode_txt, + DnsPacket, DnsQuestion, DnsRecord, +}; +use rustdns_protocol::types::{QClass, QType, EDNS_DO_BIT, FLAG_RD}; +use std::net::SocketAddr; +use std::time::Duration; +use tokio::net::UdpSocket; +use tracing::debug; + +/// Resolve a DNS query via UDP to an upstream server. +pub async fn resolve_udp(params: &ResolveParams) -> Result { + let server_addr: SocketAddr = params + .server_addr + .parse() + .map_err(|e| format!("Invalid server address '{}': {}", params.server_addr, e))?; + + let qtype = QType::from_str(¶ms.record_type); + let id: u16 = rand::random(); + + // Build query packet with RD flag and EDNS0 DO bit + let mut query = DnsPacket::new_query(id); + query.flags = FLAG_RD; + query.questions.push(DnsQuestion { + name: params.name.clone(), + qtype, + qclass: QClass::IN, + }); + + // Add OPT record with DO bit for DNSSEC + query.additionals.push(rustdns_protocol::packet::DnsRecord { + name: ".".to_string(), + rtype: QType::OPT, + rclass: QClass::from_u16(4096), // UDP payload size + ttl: 0, + rdata: vec![], + opt_flags: Some(EDNS_DO_BIT), + }); + + let query_bytes = query.encode(); + + // Bind to an ephemeral port + let bind_addr = if server_addr.is_ipv6() { + "[::]:0" + } else { + "0.0.0.0:0" + }; + let socket = UdpSocket::bind(bind_addr) + .await + .map_err(|e| format!("Failed to bind UDP socket: {}", e))?; + + socket + .send_to(&query_bytes, server_addr) + .await + .map_err(|e| format!("Failed to send UDP query: {}", e))?; + + let mut buf = vec![0u8; 4096]; + let timeout = Duration::from_millis(params.timeout_ms); + + let len = tokio::time::timeout(timeout, socket.recv_from(&mut buf)) + .await + .map_err(|_| "UDP query timed out".to_string())? + .map_err(|e| format!("Failed to receive UDP response: {}", e))? + .0; + + let response_bytes = &buf[..len]; + let response = DnsPacket::parse(response_bytes) + .map_err(|e| format!("Failed to parse UDP response: {}", e))?; + + debug!( + "UDP response: id={}, rcode={}, answers={}, ad={}", + response.id, + response.rcode(), + response.answers.len(), + response.has_ad_flag() + ); + + let answers = decode_answers(&response.answers, response_bytes); + + Ok(ResolveResult { + answers, + ad_flag: response.has_ad_flag(), + rcode: response.rcode(), + }) +} + +/// Decode answer records into ClientDnsAnswer values. +pub fn decode_answers(records: &[DnsRecord], packet_bytes: &[u8]) -> Vec { + let mut answers = Vec::new(); + + for record in records { + // Skip OPT, RRSIG, DNSKEY records โ€” they're metadata, not answer data + match record.rtype { + QType::OPT | QType::RRSIG | QType::DNSKEY => continue, + _ => {} + } + + let value = decode_record_value(record, packet_bytes); + let value = match value { + Ok(v) => v, + Err(_) => continue, // skip records we can't decode + }; + + // Strip trailing dot from name + let name = record.name.strip_suffix('.').unwrap_or(&record.name).to_string(); + + answers.push(ClientDnsAnswer { + name, + rtype: record.rtype.as_str().to_string(), + ttl: record.ttl, + value, + }); + } + + answers +} + +/// Decode a single record's RDATA to a string value. +fn decode_record_value(record: &DnsRecord, packet_bytes: &[u8]) -> Result { + // We need the rdata offset within the packet for compression pointer resolution. + // Since we have the raw rdata and the full packet, we find the rdata position. + let rdata_offset = find_rdata_offset(packet_bytes, &record.rdata); + + match record.rtype { + QType::A => decode_a(&record.rdata).map_err(|e| e.to_string()), + QType::AAAA => decode_aaaa(&record.rdata).map_err(|e| e.to_string()), + QType::TXT => { + let chunks = decode_txt(&record.rdata).map_err(|e| e.to_string())?; + Ok(chunks.join("")) + } + QType::MX => { + if let Some(offset) = rdata_offset { + let (pref, exchange) = decode_mx(&record.rdata, packet_bytes, offset)?; + Ok(format!("{} {}", pref, exchange)) + } else { + Err("Cannot find MX rdata in packet".into()) + } + } + QType::NS | QType::CNAME | QType::PTR => { + if let Some(offset) = rdata_offset { + decode_name_rdata(&record.rdata, packet_bytes, offset) + } else { + Err("Cannot find name rdata in packet".into()) + } + } + QType::SOA => { + if let Some(offset) = rdata_offset { + let soa = decode_soa(&record.rdata, packet_bytes, offset)?; + Ok(format!( + "{} {} {} {} {} {} {}", + soa.mname, soa.rname, soa.serial, soa.refresh, soa.retry, soa.expire, soa.minimum + )) + } else { + Err("Cannot find SOA rdata in packet".into()) + } + } + QType::SRV => { + if let Some(offset) = rdata_offset { + let srv = decode_srv(&record.rdata, packet_bytes, offset)?; + Ok(format!( + "{} {} {} {}", + srv.priority, srv.weight, srv.port, srv.target + )) + } else { + Err("Cannot find SRV rdata in packet".into()) + } + } + _ => { + // Unknown type: return hex encoding + Ok(record.rdata.iter().map(|b| format!("{:02x}", b)).collect::()) + } + } +} + +/// Find the offset of the rdata bytes within the full packet buffer. +/// This is needed because compression pointers in RDATA reference absolute positions. +fn find_rdata_offset(packet: &[u8], rdata: &[u8]) -> Option { + if rdata.is_empty() { + return None; + } + // Search for the rdata slice within the packet + let rdata_len = rdata.len(); + if rdata_len > packet.len() { + return None; + } + for i in 0..=(packet.len() - rdata_len) { + if &packet[i..i + rdata_len] == rdata { + return Some(i); + } + } + None +} diff --git a/rust/crates/rustdns-protocol/src/packet.rs b/rust/crates/rustdns-protocol/src/packet.rs index a423c76..a816617 100644 --- a/rust/crates/rustdns-protocol/src/packet.rs +++ b/rust/crates/rustdns-protocol/src/packet.rs @@ -1,5 +1,5 @@ use crate::name::{decode_name, encode_name}; -use crate::types::{QClass, QType, FLAG_QR, FLAG_AA, FLAG_RD, FLAG_RA, EDNS_DO_BIT}; +use crate::types::{QClass, QType, FLAG_QR, FLAG_AA, FLAG_RD, FLAG_RA, FLAG_AD, EDNS_DO_BIT}; /// A parsed DNS question. #[derive(Debug, Clone)] @@ -61,6 +61,16 @@ impl DnsPacket { } } + /// Extract the response code (lower 4 bits of flags). + pub fn rcode(&self) -> u8 { + (self.flags & 0x000F) as u8 + } + + /// Check if the AD (Authenticated Data) flag is set. + pub fn has_ad_flag(&self) -> bool { + self.flags & FLAG_AD != 0 + } + /// Check if DNSSEC (DO bit) is requested in the OPT record. pub fn is_dnssec_requested(&self) -> bool { for additional in &self.additionals { @@ -335,6 +345,181 @@ pub fn encode_rrsig( buf } +// โ”€โ”€ RDATA decoding helpers โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ + +/// Decode an A record (4 bytes -> IPv4 string). +pub fn decode_a(rdata: &[u8]) -> Result { + if rdata.len() < 4 { + return Err("A rdata too short"); + } + Ok(format!("{}.{}.{}.{}", rdata[0], rdata[1], rdata[2], rdata[3])) +} + +/// Decode an AAAA record (16 bytes -> IPv6 string). +pub fn decode_aaaa(rdata: &[u8]) -> Result { + if rdata.len() < 16 { + return Err("AAAA rdata too short"); + } + let groups: Vec = (0..8) + .map(|i| { + let val = u16::from_be_bytes([rdata[i * 2], rdata[i * 2 + 1]]); + format!("{:x}", val) + }) + .collect(); + // Build full form, then compress :: notation + let full = groups.join(":"); + compress_ipv6(&full) +} + +/// Compress a full IPv6 address to shortest form. +fn compress_ipv6(full: &str) -> Result { + let groups: Vec<&str> = full.split(':').collect(); + if groups.len() != 8 { + return Ok(full.to_string()); + } + + // Find longest run of consecutive "0" groups + let mut best_start = None; + let mut best_len = 0usize; + let mut cur_start = None; + let mut cur_len = 0usize; + + for (i, g) in groups.iter().enumerate() { + if *g == "0" { + if cur_start.is_none() { + cur_start = Some(i); + cur_len = 1; + } else { + cur_len += 1; + } + if cur_len > best_len { + best_start = cur_start; + best_len = cur_len; + } + } else { + cur_start = None; + cur_len = 0; + } + } + + if best_len >= 2 { + let bs = best_start.unwrap(); + let left: Vec<&str> = groups[..bs].to_vec(); + let right: Vec<&str> = groups[bs + best_len..].to_vec(); + let l = left.join(":"); + let r = right.join(":"); + if l.is_empty() && r.is_empty() { + Ok("::".to_string()) + } else if l.is_empty() { + Ok(format!("::{}", r)) + } else if r.is_empty() { + Ok(format!("{}::", l)) + } else { + Ok(format!("{}::{}", l, r)) + } + } else { + Ok(full.to_string()) + } +} + +/// Decode a TXT record (length-prefixed chunks -> strings). +pub fn decode_txt(rdata: &[u8]) -> Result, &'static str> { + let mut strings = Vec::new(); + let mut pos = 0; + while pos < rdata.len() { + let len = rdata[pos] as usize; + pos += 1; + if pos + len > rdata.len() { + return Err("TXT chunk extends beyond rdata"); + } + let s = std::str::from_utf8(&rdata[pos..pos + len]) + .map_err(|_| "invalid UTF-8 in TXT")?; + strings.push(s.to_string()); + pos += len; + } + Ok(strings) +} + +/// Decode an MX record (preference + exchange name with compression). +pub fn decode_mx(rdata: &[u8], packet: &[u8], rdata_offset: usize) -> Result<(u16, String), String> { + if rdata.len() < 3 { + return Err("MX rdata too short".into()); + } + let preference = u16::from_be_bytes([rdata[0], rdata[1]]); + let (name, _) = decode_name(packet, rdata_offset + 2).map_err(|e| e.to_string())?; + Ok((preference, name)) +} + +/// Decode a name from RDATA (for NS, CNAME, PTR records with compression). +pub fn decode_name_rdata(_rdata: &[u8], packet: &[u8], rdata_offset: usize) -> Result { + let (name, _) = decode_name(packet, rdata_offset).map_err(|e| e.to_string())?; + Ok(name) +} + +/// SOA record decoded fields. +#[derive(Debug, Clone)] +pub struct SoaData { + pub mname: String, + pub rname: String, + pub serial: u32, + pub refresh: u32, + pub retry: u32, + pub expire: u32, + pub minimum: u32, +} + +/// Decode a SOA record RDATA. +pub fn decode_soa(rdata: &[u8], packet: &[u8], rdata_offset: usize) -> Result { + let (mname, consumed1) = decode_name(packet, rdata_offset).map_err(|e| e.to_string())?; + let (rname, consumed2) = decode_name(packet, rdata_offset + consumed1).map_err(|e| e.to_string())?; + let nums_offset = consumed1 + consumed2; + if rdata.len() < nums_offset + 20 { + return Err("SOA rdata too short for numeric fields".into()); + } + let serial = u32::from_be_bytes([ + rdata[nums_offset], rdata[nums_offset + 1], + rdata[nums_offset + 2], rdata[nums_offset + 3], + ]); + let refresh = u32::from_be_bytes([ + rdata[nums_offset + 4], rdata[nums_offset + 5], + rdata[nums_offset + 6], rdata[nums_offset + 7], + ]); + let retry = u32::from_be_bytes([ + rdata[nums_offset + 8], rdata[nums_offset + 9], + rdata[nums_offset + 10], rdata[nums_offset + 11], + ]); + let expire = u32::from_be_bytes([ + rdata[nums_offset + 12], rdata[nums_offset + 13], + rdata[nums_offset + 14], rdata[nums_offset + 15], + ]); + let minimum = u32::from_be_bytes([ + rdata[nums_offset + 16], rdata[nums_offset + 17], + rdata[nums_offset + 18], rdata[nums_offset + 19], + ]); + Ok(SoaData { mname, rname, serial, refresh, retry, expire, minimum }) +} + +/// SRV record decoded fields. +#[derive(Debug, Clone)] +pub struct SrvData { + pub priority: u16, + pub weight: u16, + pub port: u16, + pub target: String, +} + +/// Decode a SRV record RDATA. +pub fn decode_srv(rdata: &[u8], packet: &[u8], rdata_offset: usize) -> Result { + if rdata.len() < 7 { + return Err("SRV rdata too short".into()); + } + let priority = u16::from_be_bytes([rdata[0], rdata[1]]); + let weight = u16::from_be_bytes([rdata[2], rdata[3]]); + let port = u16::from_be_bytes([rdata[4], rdata[5]]); + let (target, _) = decode_name(packet, rdata_offset + 6).map_err(|e| e.to_string())?; + Ok(SrvData { priority, weight, port, target }) +} + /// Build a DnsRecord from high-level data. pub fn build_record(name: &str, rtype: QType, ttl: u32, rdata: Vec) -> DnsRecord { DnsRecord { @@ -416,6 +601,45 @@ mod tests { assert_eq!(&data[7..12], b"world"); } + #[test] + fn test_decode_a() { + let rdata = encode_a("192.168.1.1"); + let decoded = decode_a(&rdata).unwrap(); + assert_eq!(decoded, "192.168.1.1"); + } + + #[test] + fn test_decode_aaaa() { + let rdata = encode_aaaa("::1"); + let decoded = decode_aaaa(&rdata).unwrap(); + assert_eq!(decoded, "::1"); + + let rdata2 = encode_aaaa("2001:db8::1"); + let decoded2 = decode_aaaa(&rdata2).unwrap(); + assert_eq!(decoded2, "2001:db8::1"); + } + + #[test] + fn test_decode_txt() { + let strings = vec!["hello".to_string(), "world".to_string()]; + let rdata = encode_txt(&strings); + let decoded = decode_txt(&rdata).unwrap(); + assert_eq!(decoded, strings); + } + + #[test] + fn test_rcode_and_ad_flag() { + let mut pkt = DnsPacket::new_query(1); + assert_eq!(pkt.rcode(), 0); + assert!(!pkt.has_ad_flag()); + + pkt.flags |= crate::types::FLAG_AD; + assert!(pkt.has_ad_flag()); + + pkt.flags |= 0x0003; // NXDOMAIN + assert_eq!(pkt.rcode(), 3); + } + #[test] fn test_dnssec_do_bit() { let mut query = DnsPacket::new_query(1); diff --git a/rust/crates/rustdns-protocol/src/types.rs b/rust/crates/rustdns-protocol/src/types.rs index 7a1cf7f..3f4885b 100644 --- a/rust/crates/rustdns-protocol/src/types.rs +++ b/rust/crates/rustdns-protocol/src/types.rs @@ -127,5 +127,8 @@ pub const FLAG_AA: u16 = 0x0400; pub const FLAG_RD: u16 = 0x0100; pub const FLAG_RA: u16 = 0x0080; +/// Authenticated Data flag +pub const FLAG_AD: u16 = 0x0020; + /// OPT record DO bit (DNSSEC OK) pub const EDNS_DO_BIT: u16 = 0x8000; diff --git a/test/test.client.ts b/test/test.client.ts index d339168..d7779a2 100644 --- a/test/test.client.ts +++ b/test/test.client.ts @@ -4,12 +4,12 @@ import * as smartdns from '../ts_client/index.js'; let testDnsClient: smartdns.Smartdns; -tap.test('should create an instance of Dnsly', async () => { +tap.test('should create an instance of Smartdns', async () => { testDnsClient = new smartdns.Smartdns({}); expect(testDnsClient).toBeInstanceOf(smartdns.Smartdns); }); -tap.test('should get an A DNS Record', async () => { +tap.test('should get an A DNS Record (system)', async () => { const records = await testDnsClient.getRecordsA('google.com'); expect(records).toBeInstanceOf(Array); expect(records.length).toBeGreaterThan(0); @@ -19,7 +19,7 @@ tap.test('should get an A DNS Record', async () => { expect(records[0]).toHaveProperty('dnsSecEnabled'); }); -tap.test('should get an AAAA Record', async () => { +tap.test('should get an AAAA Record (system)', async () => { const records = await testDnsClient.getRecordsAAAA('google.com'); expect(records).toBeInstanceOf(Array); expect(records.length).toBeGreaterThan(0); @@ -29,7 +29,7 @@ tap.test('should get an AAAA Record', async () => { expect(records[0]).toHaveProperty('dnsSecEnabled'); }); -tap.test('should get a txt record', async () => { +tap.test('should get a txt record (system)', async () => { const records = await testDnsClient.getRecordsTxt('google.com'); expect(records).toBeInstanceOf(Array); expect(records.length).toBeGreaterThan(0); @@ -39,7 +39,7 @@ tap.test('should get a txt record', async () => { expect(records[0]).toHaveProperty('dnsSecEnabled'); }); -tap.test('should, get a mx record for a domain', async () => { +tap.test('should get a mx record for a domain (system)', async () => { const res = await testDnsClient.getRecords('bleu.de', 'MX'); console.log(res); }); @@ -52,13 +52,13 @@ tap.test('should check until DNS is available', async () => { } }); -tap.test('should check until DNS is available an return false if it fails', async () => { +tap.test('should check until DNS is available and return false if it fails', async () => { return expect( await testDnsClient.checkUntilAvailable('google.com', 'TXT', 'this-txt-record-does-not-exist') ).toBeFalse(); }); -tap.test('should check until DNS is available an return false if it fails', async () => { +tap.test('should check until DNS is available and return false if it fails', async () => { return expect( await testDnsClient.checkUntilAvailable('nonexistent.example.com', 'TXT', 'sometext_txt2') ).toBeFalse(); @@ -69,10 +69,79 @@ tap.test('should get name server for hostname', async () => { console.log(result); }); -tap.test('should detect dns sec', async () => { - const result = await testDnsClient.getRecordsA('lossless.com'); +tap.test('should detect DNSSEC via DoH (Rust)', async () => { + const dohClient = new smartdns.Smartdns({ strategy: 'doh' }); + const result = await dohClient.getRecordsA('lossless.com'); console.log(result[0]); expect(result[0].dnsSecEnabled).toBeTrue(); + dohClient.destroy(); +}); + +// โ”€โ”€ New tests for UDP and Rust-based resolution โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ + +tap.test('should resolve A record via UDP (Rust)', async () => { + const udpClient = new smartdns.Smartdns({ strategy: 'udp' }); + const records = await udpClient.getRecordsA('google.com'); + expect(records).toBeInstanceOf(Array); + expect(records.length).toBeGreaterThan(0); + expect(records[0]).toHaveProperty('name', 'google.com'); + expect(records[0]).toHaveProperty('type', 'A'); + expect(records[0]).toHaveProperty('value'); + console.log('UDP A record:', records[0]); + udpClient.destroy(); +}); + +tap.test('should resolve AAAA record via UDP (Rust)', async () => { + const udpClient = new smartdns.Smartdns({ strategy: 'udp' }); + const records = await udpClient.getRecordsAAAA('google.com'); + expect(records).toBeInstanceOf(Array); + expect(records.length).toBeGreaterThan(0); + expect(records[0]).toHaveProperty('type', 'AAAA'); + console.log('UDP AAAA record:', records[0]); + udpClient.destroy(); +}); + +tap.test('should resolve TXT record via DoH (Rust)', async () => { + const dohClient = new smartdns.Smartdns({ strategy: 'doh' }); + const records = await dohClient.getRecordsTxt('google.com'); + expect(records).toBeInstanceOf(Array); + expect(records.length).toBeGreaterThan(0); + expect(records[0]).toHaveProperty('type', 'TXT'); + expect(records[0]).toHaveProperty('value'); + console.log('DoH TXT record:', records[0]); + dohClient.destroy(); +}); + +tap.test('should resolve with prefer-udp strategy', async () => { + const client = new smartdns.Smartdns({ strategy: 'prefer-udp' }); + const records = await client.getRecordsA('google.com'); + expect(records).toBeInstanceOf(Array); + expect(records.length).toBeGreaterThan(0); + expect(records[0]).toHaveProperty('type', 'A'); + console.log('prefer-udp A record:', records[0]); + client.destroy(); +}); + +tap.test('should detect DNSSEC AD flag via UDP (Rust)', async () => { + const udpClient = new smartdns.Smartdns({ strategy: 'udp' }); + const records = await udpClient.getRecordsA('lossless.com'); + expect(records.length).toBeGreaterThan(0); + // Note: AD flag from upstream depends on upstream resolver behavior + // Cloudflare 1.1.1.1 sets AD for DNSSEC-signed domains + console.log('UDP DNSSEC:', records[0]); + udpClient.destroy(); +}); + +tap.test('should cleanup via destroy()', async () => { + const client = new smartdns.Smartdns({ strategy: 'udp' }); + // Trigger bridge spawn + await client.getRecordsA('google.com'); + // Destroy should not throw + client.destroy(); +}); + +tap.test('cleanup default client', async () => { + testDnsClient.destroy(); }); export default tap.start(); diff --git a/test/test.soa.debug.ts b/test/test.soa.debug.ts index fa5bd1c..fb7e46e 100644 --- a/test/test.soa.debug.ts +++ b/test/test.soa.debug.ts @@ -247,4 +247,115 @@ tap.test('SOA query with DNSSEC should work', async () => { dnsServer = null; }); +tap.test('SOA serialization produces correct wire format', async () => { + const httpsData = await tapNodeTools.createHttpsCert(); + const udpPort = getUniqueUdpPort(); + + dnsServer = new smartdns.DnsServer({ + httpsKey: httpsData.key, + httpsCert: httpsData.cert, + httpsPort: getUniqueHttpsPort(), + udpPort: udpPort, + dnssecZone: 'roundtrip.example.com', + }); + + // Register a handler with specific SOA data we can verify round-trips correctly + const expectedSoa = { + mname: 'ns1.roundtrip.example.com', + rname: 'admin.roundtrip.example.com', + serial: 2025020101, + refresh: 7200, + retry: 1800, + expire: 1209600, + minimum: 43200, + }; + + dnsServer.registerHandler('roundtrip.example.com', ['SOA'], (question) => { + return { + name: question.name, + type: 'SOA', + class: 'IN', + ttl: 3600, + data: expectedSoa, + }; + }); + + await dnsServer.start(); + + const client = dgram.createSocket('udp4'); + + // Plain UDP query without DNSSEC to test pure SOA serialization + const query = dnsPacket.encode({ + type: 'query', + id: 3, + flags: dnsPacket.RECURSION_DESIRED, + questions: [ + { + name: 'roundtrip.example.com', + type: 'SOA', + class: 'IN', + }, + ], + }); + + console.log('Sending plain SOA query for serialization round-trip test'); + + const responsePromise = new Promise((resolve, reject) => { + const timeout = setTimeout(() => { + client.close(); + reject(new Error('Query timed out after 5 seconds')); + }, 5000); + + client.on('message', (msg) => { + clearTimeout(timeout); + try { + const dnsResponse = dnsPacket.decode(msg); + resolve(dnsResponse); + } catch (e) { + reject(new Error(`Failed to decode response: ${e.message}`)); + } + client.close(); + }); + + client.on('error', (err) => { + clearTimeout(timeout); + reject(err); + client.close(); + }); + + client.send(query, udpPort, 'localhost', (err) => { + if (err) { + clearTimeout(timeout); + reject(err); + client.close(); + } + }); + }); + + try { + const dnsResponse = await responsePromise; + const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA'); + expect(soaAnswers.length).toEqual(1); + + const soaData = (soaAnswers[0] as any).data; + console.log('Round-trip SOA data:', soaData); + + // Verify all 7 SOA fields survived the full round-trip: + // handler โ†’ Rust encode_soa โ†’ wire โ†’ dns-packet decode + expect(soaData.mname).toEqual(expectedSoa.mname); + expect(soaData.rname).toEqual(expectedSoa.rname); + expect(soaData.serial).toEqual(expectedSoa.serial); + expect(soaData.refresh).toEqual(expectedSoa.refresh); + expect(soaData.retry).toEqual(expectedSoa.retry); + expect(soaData.expire).toEqual(expectedSoa.expire); + expect(soaData.minimum).toEqual(expectedSoa.minimum); + } catch (error) { + console.error('SOA serialization round-trip test failed:', error); + throw error; + } + + await stopServer(dnsServer); + dnsServer = null; +}); + export default tap.start(); \ No newline at end of file diff --git a/test/test.soa.timeout.ts b/test/test.soa.timeout.ts index a142592..61cddce 100644 --- a/test/test.soa.timeout.ts +++ b/test/test.soa.timeout.ts @@ -108,14 +108,19 @@ tap.test('Test SOA with DNSSEC timing', async () => { const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA'); const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG'); - + console.log('- SOA records:', soaAnswers.length); console.log('- RRSIG records:', rrsigAnswers.length); - - // With the fix, SOA should have its RRSIG - if (soaAnswers.length > 0) { - expect(rrsigAnswers.length).toBeGreaterThan(0); - } + + // Must have exactly 1 SOA for the zone + expect(soaAnswers.length).toEqual(1); + + // Must have at least 1 RRSIG covering the SOA + expect(rrsigAnswers.length).toBeGreaterThan(0); + + // Verify RRSIG covers SOA type + const rrsigData = (rrsigAnswers[0] as any).data; + expect(rrsigData.typeCovered).toEqual('SOA'); } catch (error) { console.error('DNSSEC SOA query failed:', error); throw error; @@ -125,4 +130,108 @@ tap.test('Test SOA with DNSSEC timing', async () => { dnsServer = null; }); +tap.test('DNSSEC signing completes within reasonable time', async () => { + const httpsData = await tapNodeTools.createHttpsCert(); + const udpPort = 8756; + + dnsServer = new smartdns.DnsServer({ + httpsKey: httpsData.key, + httpsCert: httpsData.cert, + httpsPort: 8757, + udpPort: udpPort, + dnssecZone: 'perf.example.com', + }); + + // No handlers registered โ€” server returns SOA for nonexistent domain + await dnsServer.start(); + + const client = dgram.createSocket('udp4'); + + const query = dnsPacket.encode({ + type: 'query', + id: 2, + flags: dnsPacket.RECURSION_DESIRED, + questions: [ + { + name: 'nonexistent.perf.example.com', + type: 'A', + class: 'IN', + }, + ], + additionals: [ + { + name: '.', + type: 'OPT', + ttl: 0, + flags: 0x8000, // DO bit set for DNSSEC + data: Buffer.alloc(0), + } as any, + ], + }); + + const startTime = Date.now(); + console.log('Sending DNSSEC query for performance test...'); + + const responsePromise = new Promise((resolve, reject) => { + const timeout = setTimeout(() => { + client.close(); + const elapsed = Date.now() - startTime; + reject(new Error(`Query timed out after ${elapsed}ms โ€” exceeds 2s budget`)); + }, 2000); + + client.on('message', (msg) => { + clearTimeout(timeout); + const elapsed = Date.now() - startTime; + console.log(`DNSSEC response received in ${elapsed}ms`); + try { + const dnsResponse = dnsPacket.decode(msg); + resolve(dnsResponse); + } catch (e) { + reject(new Error(`Failed to decode response: ${e.message}`)); + } + client.close(); + }); + + client.on('error', (err) => { + clearTimeout(timeout); + reject(err); + client.close(); + }); + + client.send(query, udpPort, 'localhost', (err) => { + if (err) { + clearTimeout(timeout); + reject(err); + client.close(); + } + }); + }); + + try { + const dnsResponse = await responsePromise; + const elapsed = Date.now() - startTime; + + // Response must arrive within 2 seconds (generous for CI) + expect(elapsed).toBeLessThan(2000); + + // Verify correctness: SOA + RRSIG present + const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA'); + const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG'); + + expect(soaAnswers.length).toEqual(1); + expect(rrsigAnswers.length).toBeGreaterThan(0); + + const rrsigData = (rrsigAnswers[0] as any).data; + expect(rrsigData.typeCovered).toEqual('SOA'); + + console.log(`DNSSEC signing performance OK: ${elapsed}ms`); + } catch (error) { + console.error('DNSSEC performance test failed:', error); + throw error; + } + + await stopServer(dnsServer); + dnsServer = null; +}); + export default tap.start(); \ No newline at end of file diff --git a/ts/00_commitinfo_data.ts b/ts/00_commitinfo_data.ts index 67f5722..9b3b19e 100644 --- a/ts/00_commitinfo_data.ts +++ b/ts/00_commitinfo_data.ts @@ -3,6 +3,6 @@ */ export const commitinfo = { name: '@push.rocks/smartdns', - version: '7.7.1', + version: '7.8.0', description: 'A robust TypeScript library providing advanced DNS management and resolution capabilities including support for DNSSEC, custom DNS servers, and integration with various DNS providers.' } diff --git a/ts/readme.md b/ts/readme.md new file mode 100644 index 0000000..99b824e --- /dev/null +++ b/ts/readme.md @@ -0,0 +1,47 @@ +# @push.rocks/smartdns + +Unified entry point that re-exports both the DNS client and DNS server modules. + +## Import + +```typescript +import { dnsClientMod, dnsServerMod } from '@push.rocks/smartdns'; +``` + +## Modules + +| Module | Description | +|---|---| +| `dnsClientMod` | DNS resolution โ€” system, UDP, DoH strategies via `Smartdns` class | +| `dnsServerMod` | Authoritative DNS server โ€” UDP, HTTPS, DNSSEC, ACME via `DnsServer` class | + +## Usage + +```typescript +import { dnsClientMod, dnsServerMod } from '@push.rocks/smartdns'; + +// Client +const client = new dnsClientMod.Smartdns({ strategy: 'prefer-udp' }); +const records = await client.getRecordsA('example.com'); +client.destroy(); + +// Server +const server = new dnsServerMod.DnsServer({ + udpPort: 5333, + httpsPort: 8443, + httpsKey: '...', + httpsCert: '...', + dnssecZone: 'example.com', +}); +server.registerHandler('example.com', ['A'], (q) => ({ + name: q.name, type: 'A', class: 'IN', ttl: 300, data: '93.184.215.14', +})); +await server.start(); +``` + +For direct imports, use the sub-module paths: + +```typescript +import { Smartdns } from '@push.rocks/smartdns/client'; +import { DnsServer } from '@push.rocks/smartdns/server'; +``` diff --git a/ts_client/classes.dnsclient.ts b/ts_client/classes.dnsclient.ts index 9e6a910..013c74a 100644 --- a/ts_client/classes.dnsclient.ts +++ b/ts_client/classes.dnsclient.ts @@ -1,4 +1,5 @@ import * as plugins from './plugins.js'; +import { RustDnsClientBridge } from './classes.rustdnsclientbridge.js'; export type TDnsProvider = 'google' | 'cloudflare'; @@ -22,7 +23,7 @@ export const makeNodeProcessUseDnsProvider = (providerArg: TDnsProvider) => { } }; -export type TResolutionStrategy = 'doh' | 'system' | 'prefer-system'; +export type TResolutionStrategy = 'doh' | 'udp' | 'system' | 'prefer-system' | 'prefer-udp'; export interface ISmartDnsConstructorOptions { strategy?: TResolutionStrategy; // default: 'prefer-system' @@ -30,40 +31,28 @@ export interface ISmartDnsConstructorOptions { timeoutMs?: number; // optional per-query timeout } -export interface IDnsJsonResponse { - Status: number; - TC: boolean; - RD: boolean; - RA: boolean; - AD: boolean; - CD: boolean; - Question: Array<{ name: string; type: number }>; - Answer: Array<{ name: string; type: number; TTL: number; data: string }>; - Additional: []; - Comment: string; -} - /** - * class dnsly offers methods for working with dns from a dns provider like Google DNS + * Smartdns offers methods for working with DNS resolution. + * Supports system resolver, UDP wire-format, and DoH (DNS-over-HTTPS) via a Rust binary. */ export class Smartdns { - public dnsServerIp: string; - public dnsServerPort: number; private strategy: TResolutionStrategy = 'prefer-system'; private allowDohFallback = true; private timeoutMs: number | undefined; + private rustBridge: RustDnsClientBridge | null = null; public dnsTypeMap: { [key: string]: number } = { A: 1, - AAAA: 28, + NS: 2, CNAME: 5, + SOA: 6, + PTR: 12, MX: 15, TXT: 16, + AAAA: 28, + SRV: 33, }; - /** - * constructor for class dnsly - */ constructor(optionsArg: ISmartDnsConstructorOptions) { this.strategy = optionsArg?.strategy || 'prefer-system'; this.allowDohFallback = @@ -71,12 +60,15 @@ export class Smartdns { this.timeoutMs = optionsArg?.timeoutMs; } + private getRustBridge(): RustDnsClientBridge { + if (!this.rustBridge) { + this.rustBridge = new RustDnsClientBridge(); + } + return this.rustBridge; + } + /** - * check a dns record until it has propagated to Google DNS - * should be considerably fast - * @param recordNameArg - * @param recordTypeArg - * @param expectedValue + * check a dns record until it has propagated */ public async checkUntilAvailable( recordNameArg: string, @@ -107,7 +99,6 @@ export class Smartdns { return await doCheck(); } } catch (err) { - // console.log(err); await plugins.smartdelay.delayFor(intervalArg); return await doCheck(); } @@ -185,7 +176,7 @@ export class Smartdns { }); return records.map((chunks) => ({ name: recordNameArg, - type: 'TXT', + type: 'TXT' as plugins.tsclass.network.TDnsRecordType, dnsSecEnabled: false, value: chunks.join(''), })); @@ -193,44 +184,22 @@ export class Smartdns { return []; }; - const tryDoh = async (): Promise => { - const requestUrl = `https://cloudflare-dns.com/dns-query?name=${recordNameArg}&type=${recordTypeArg}&do=1`; - const returnArray: plugins.tsclass.network.IDnsRecord[] = []; - const getResponseBody = async (counterArg = 0): Promise => { - const response = await plugins.smartrequest.request(requestUrl, { - method: 'GET', - headers: { - accept: 'application/dns-json', - }, - timeout: this.timeoutMs, - }); - const responseBody: IDnsJsonResponse = response.body; - if (responseBody?.Status !== 0 && counterArg < retriesCounterArg) { - await plugins.smartdelay.delayFor(500); - return getResponseBody(counterArg + 1); - } else { - return responseBody; - } - }; - const responseBody = await getResponseBody(); - if (!responseBody || !responseBody.Answer || !typeof (responseBody.Answer as any)[Symbol.iterator]) { - return returnArray; - } - for (const dnsEntry of responseBody.Answer) { - if (typeof dnsEntry.data === 'string' && dnsEntry.data.startsWith('"') && dnsEntry.data.endsWith('"')) { - dnsEntry.data = dnsEntry.data.replace(/^\"(.*)\"$/, '$1'); - } - if (dnsEntry.name.endsWith('.')) { - dnsEntry.name = dnsEntry.name.substring(0, dnsEntry.name.length - 1); - } - returnArray.push({ - name: dnsEntry.name, - type: this.convertDnsTypeNumberToTypeName(dnsEntry.type), - dnsSecEnabled: !!responseBody.AD, - value: dnsEntry.data, - }); - } - return returnArray; + const tryRust = async (protocol: 'udp' | 'doh'): Promise => { + const bridge = this.getRustBridge(); + const result = await bridge.resolve( + recordNameArg, + recordTypeArg, + protocol, + undefined, + undefined, + this.timeoutMs + ); + return result.answers.map((answer) => ({ + name: answer.name, + type: this.convertDnsTypeNameToCanonical(answer.type) || recordTypeArg, + dnsSecEnabled: result.adFlag, + value: answer.value, + })); }; try { @@ -238,21 +207,32 @@ export class Smartdns { return await trySystem(); } if (this.strategy === 'doh') { - return await tryDoh(); + return await tryRust('doh'); } - // prefer-system + if (this.strategy === 'udp') { + return await tryRust('udp'); + } + if (this.strategy === 'prefer-udp') { + try { + const udpRes = await tryRust('udp'); + if (udpRes.length > 0) return udpRes; + return await tryRust('doh'); + } catch (err) { + return await tryRust('doh'); + } + } + // prefer-system (default) try { const sysRes = await trySystem(); if (sysRes.length > 0) return sysRes; - return this.allowDohFallback ? await tryDoh() : []; + return this.allowDohFallback ? await tryRust('doh') : []; } catch (err) { - return this.allowDohFallback ? await tryDoh() : []; + return this.allowDohFallback ? await tryRust('doh') : []; } } catch (finalErr) { return []; } } - /** * gets a record using nodejs dns resolver @@ -308,4 +288,25 @@ export class Smartdns { } return null; } + + /** + * Convert a DNS type string from Rust (e.g. "A", "AAAA") to the canonical TDnsRecordType. + */ + private convertDnsTypeNameToCanonical(typeName: string): plugins.tsclass.network.TDnsRecordType | null { + const upper = typeName.toUpperCase(); + if (upper in this.dnsTypeMap) { + return upper as plugins.tsclass.network.TDnsRecordType; + } + return null; + } + + /** + * Destroy the Rust client bridge and free resources. + */ + public destroy(): void { + if (this.rustBridge) { + this.rustBridge.kill(); + this.rustBridge = null; + } + } } diff --git a/ts_client/classes.rustdnsclientbridge.ts b/ts_client/classes.rustdnsclientbridge.ts new file mode 100644 index 0000000..8a64f3f --- /dev/null +++ b/ts_client/classes.rustdnsclientbridge.ts @@ -0,0 +1,168 @@ +import * as plugins from './plugins.js'; + +// IPC command map for type-safe bridge communication +export type TClientDnsCommands = { + resolve: { + params: IResolveParams; + result: IResolveResult; + }; + ping: { + params: Record; + result: { pong: boolean }; + }; +}; + +export interface IResolveParams { + name: string; + recordType: string; + protocol: 'udp' | 'doh'; + serverAddr?: string; + dohUrl?: string; + timeoutMs?: number; +} + +export interface IClientDnsAnswer { + name: string; + type: string; + ttl: number; + value: string; +} + +export interface IResolveResult { + answers: IClientDnsAnswer[]; + adFlag: boolean; + rcode: number; +} + +/** + * Bridge to the Rust DNS client binary via smartrust IPC. + */ +export class RustDnsClientBridge { + private bridge: InstanceType>; + private spawnPromise: Promise | null = null; + + constructor() { + const packageDir = plugins.path.resolve( + plugins.path.dirname(new URL(import.meta.url).pathname), + '..' + ); + + // Determine platform suffix for dist_rust binaries (matches tsrust naming) + const platformSuffix = getPlatformSuffix(); + const localPaths: string[] = []; + + // dist_rust/ candidates (tsrust cross-compiled output, platform-specific) + if (platformSuffix) { + localPaths.push(plugins.path.join(packageDir, 'dist_rust', `rustdns-client_${platformSuffix}`)); + } + // dist_rust/ without suffix (native build) + localPaths.push(plugins.path.join(packageDir, 'dist_rust', 'rustdns-client')); + // Local dev build paths + localPaths.push(plugins.path.join(packageDir, 'rust', 'target', 'release', 'rustdns-client')); + localPaths.push(plugins.path.join(packageDir, 'rust', 'target', 'debug', 'rustdns-client')); + + this.bridge = new plugins.smartrust.RustBridge({ + binaryName: 'rustdns-client', + cliArgs: ['--management'], + requestTimeoutMs: 30_000, + readyTimeoutMs: 10_000, + localPaths, + searchSystemPath: false, + }); + + this.bridge.on('stderr', (line: string) => { + if (line.trim()) { + console.log(`[rustdns-client] ${line}`); + } + }); + } + + /** + * Lazily spawn the Rust binary. Only spawns once, caches the promise. + */ + public async ensureSpawned(): Promise { + if (!this.spawnPromise) { + this.spawnPromise = this.bridge.spawn(); + } + const ok = await this.spawnPromise; + if (!ok) { + this.spawnPromise = null; + throw new Error('Failed to spawn rustdns-client binary'); + } + } + + /** + * Resolve a DNS query through the Rust binary. + */ + public async resolve( + name: string, + recordType: string, + protocol: 'udp' | 'doh', + serverAddr?: string, + dohUrl?: string, + timeoutMs?: number + ): Promise { + await this.ensureSpawned(); + const params: IResolveParams = { + name, + recordType, + protocol, + }; + if (serverAddr) params.serverAddr = serverAddr; + if (dohUrl) params.dohUrl = dohUrl; + if (timeoutMs) params.timeoutMs = timeoutMs; + return this.bridge.sendCommand('resolve', params); + } + + /** + * Ping the Rust binary for health check. + */ + public async ping(): Promise { + await this.ensureSpawned(); + const result = await this.bridge.sendCommand('ping', {} as Record); + return result.pong; + } + + /** + * Kill the Rust process. + */ + public kill(): void { + this.bridge.kill(); + this.spawnPromise = null; + } + + /** + * Whether the bridge is running. + */ + public get running(): boolean { + return this.bridge.running; + } +} + +/** + * Get the tsrust platform suffix for the current platform. + */ +function getPlatformSuffix(): string | null { + const platform = process.platform; + const arch = process.arch; + + const platformMap: Record = { + 'linux': 'linux', + 'darwin': 'macos', + 'win32': 'windows', + }; + + const archMap: Record = { + 'x64': 'amd64', + 'arm64': 'arm64', + }; + + const p = platformMap[platform]; + const a = archMap[arch]; + + if (p && a) { + return `${p}_${a}`; + } + + return null; +} diff --git a/ts_client/index.ts b/ts_client/index.ts index 0396bb4..3e2b4d7 100644 --- a/ts_client/index.ts +++ b/ts_client/index.ts @@ -1 +1,2 @@ export * from './classes.dnsclient.js'; +export * from './classes.rustdnsclientbridge.js'; diff --git a/ts_client/plugins.ts b/ts_client/plugins.ts index 8710b68..d18ebda 100644 --- a/ts_client/plugins.ts +++ b/ts_client/plugins.ts @@ -6,12 +6,20 @@ const dns: typeof dnsType = await smartenvInstance.getSafeNodeModule('dns'); export { dns }; +// node native scope +import * as path from 'path'; +import { EventEmitter } from 'events'; + +export { path }; +export const events = { EventEmitter }; + // pushrocks scope import * as smartdelay from '@push.rocks/smartdelay'; import * as smartpromise from '@push.rocks/smartpromise'; import * as smartrequest from '@push.rocks/smartrequest'; +import * as smartrust from '@push.rocks/smartrust'; -export { smartdelay, smartenv, smartpromise, smartrequest }; +export { smartdelay, smartenv, smartpromise, smartrequest, smartrust }; import * as tsclass from '@tsclass/tsclass'; diff --git a/ts_client/readme.md b/ts_client/readme.md new file mode 100644 index 0000000..06e4ba1 --- /dev/null +++ b/ts_client/readme.md @@ -0,0 +1,94 @@ +# @push.rocks/smartdns/client + +DNS client module for `@push.rocks/smartdns` โ€” provides DNS record resolution via system resolver, raw UDP wire-format queries, and DNS-over-HTTPS (RFC 8484), with UDP and DoH powered by a Rust binary for performance. + +## Import + +```typescript +import { Smartdns, makeNodeProcessUseDnsProvider } from '@push.rocks/smartdns/client'; +``` + +## Architecture + +The client routes queries through one of three backends depending on the configured strategy: + +- **System** โ€” Uses Node.js `dns` module (`dns.lookup` / `dns.resolveTxt`). Honors `/etc/hosts`. No external binary. +- **UDP** โ€” Sends raw DNS wire-format queries to upstream resolvers (default: Cloudflare 1.1.1.1) via the `rustdns-client` Rust binary over IPC. +- **DoH** โ€” Sends RFC 8484 wire-format POST requests to a DoH endpoint (default: `https://cloudflare-dns.com/dns-query`) via the same Rust binary. + +The Rust binary is spawned **lazily** โ€” only when the first UDP or DoH query is made. The binary stays alive for connection pooling (DoH) and is killed via `destroy()`. + +## Classes & Functions + +### `Smartdns` + +The main DNS client class. Supports five resolution strategies: + +| Strategy | Behavior | +|---|---| +| `prefer-system` | Try OS resolver first, fall back to Rust DoH | +| `system` | Use only Node.js system resolver | +| `doh` | Use only Rust DoH (RFC 8484 wire format) | +| `udp` | Use only Rust UDP to upstream resolver | +| `prefer-udp` | Try Rust UDP first, fall back to Rust DoH | + +```typescript +const dns = new Smartdns({ + strategy: 'prefer-udp', + allowDohFallback: true, + timeoutMs: 5000, +}); +``` + +#### Key Methods + +| Method | Description | +|---|---| +| `getRecordsA(domain)` | Resolve A records (IPv4) | +| `getRecordsAAAA(domain)` | Resolve AAAA records (IPv6) | +| `getRecordsTxt(domain)` | Resolve TXT records | +| `getRecords(domain, type, retries?)` | Generic query โ€” supports A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV | +| `getNameServers(domain)` | Resolve NS records | +| `checkUntilAvailable(domain, type, value, cycles?, interval?)` | Poll until a record propagates | +| `destroy()` | Kill the Rust client binary and free resources | + +All query methods return `IDnsRecord[]`: + +```typescript +interface IDnsRecord { + name: string; + type: string; + dnsSecEnabled: boolean; // true if upstream AD flag was set + value: string; +} +``` + +### `RustDnsClientBridge` + +Low-level IPC bridge to the `rustdns-client` binary. Used internally by `Smartdns` โ€” typically not imported directly. Provides: + +- `ensureSpawned()` โ€” lazy spawn of the Rust binary +- `resolve(name, type, protocol, ...)` โ€” send a resolve command via IPC +- `ping()` โ€” health check +- `kill()` โ€” terminate the binary + +### `makeNodeProcessUseDnsProvider(provider)` + +Configures the global Node.js DNS resolver to use a specific provider: + +```typescript +makeNodeProcessUseDnsProvider('cloudflare'); // 1.1.1.1 +makeNodeProcessUseDnsProvider('google'); // 8.8.8.8 +``` + +## Supported Record Types + +A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV + +## Dependencies + +- `@push.rocks/smartrust` โ€” TypeScript-to-Rust IPC bridge +- `@push.rocks/smartrequest` โ€” HTTP client (used by legacy paths) +- `@push.rocks/smartdelay` โ€” delay utility for retry logic +- `@push.rocks/smartpromise` โ€” deferred promise helper +- `@tsclass/tsclass` โ€” DNS record type definitions diff --git a/ts_server/readme.md b/ts_server/readme.md new file mode 100644 index 0000000..e1cb136 --- /dev/null +++ b/ts_server/readme.md @@ -0,0 +1,110 @@ +# @push.rocks/smartdns/server + +DNS server module for `@push.rocks/smartdns` โ€” a full-featured authoritative DNS server powered by a Rust backend with DNSSEC, DNS-over-HTTPS, and Let's Encrypt integration. + +## Import + +```typescript +import { DnsServer } from '@push.rocks/smartdns/server'; +``` + +## Architecture + +The server delegates network I/O, DNS packet parsing/encoding, and DNSSEC signing to a compiled **Rust binary** (`rustdns`). TypeScript retains the public API, handler registration, and ACME certificate orchestration. + +Communication happens via JSON-over-stdin/stdout IPC using `@push.rocks/smartrust`'s `RustBridge`. DNS queries that need handler resolution are forwarded from Rust to TypeScript with correlation IDs, then results are sent back for response assembly and DNSSEC signing. + +### Rust Crate Structure + +| Crate | Purpose | +|---|---| +| `rustdns` | Main binary with IPC management loop | +| `rustdns-protocol` | DNS wire format parsing/encoding, RDATA encode/decode | +| `rustdns-server` | Async UDP + HTTPS servers (tokio, hyper, rustls) | +| `rustdns-dnssec` | ECDSA/ED25519 key generation and RRset signing | + +## Classes + +### `DnsServer` + +The primary class. Manages handler registration, server lifecycle, and certificate retrieval. + +```typescript +const server = new DnsServer({ + udpPort: 53, + httpsPort: 443, + httpsKey: '...pem...', + httpsCert: '...pem...', + dnssecZone: 'example.com', + primaryNameserver: 'ns1.example.com', +}); +``` + +#### Options + +| Option | Type | Default | Description | +|---|---|---|---| +| `udpPort` | `number` | โ€” | UDP DNS port | +| `httpsPort` | `number` | โ€” | HTTPS DoH port | +| `httpsKey` | `string` | โ€” | TLS private key (PEM) | +| `httpsCert` | `string` | โ€” | TLS certificate (PEM) | +| `dnssecZone` | `string` | โ€” | Zone to enable DNSSEC for | +| `primaryNameserver` | `string` | `ns1.{zone}` | SOA mname field | +| `udpBindInterface` | `string` | `0.0.0.0` | IP to bind UDP | +| `httpsBindInterface` | `string` | `0.0.0.0` | IP to bind HTTPS | +| `manualUdpMode` | `boolean` | `false` | Don't auto-bind UDP | +| `manualHttpsMode` | `boolean` | `false` | Don't auto-bind HTTPS | +| `enableLocalhostHandling` | `boolean` | `true` | Handle RFC 6761 localhost | + +#### Key Methods + +| Method | Description | +|---|---| +| `start()` | Spawn Rust binary and start listening | +| `stop()` | Gracefully shut down | +| `registerHandler(pattern, types, fn)` | Add a DNS handler (glob patterns via minimatch) | +| `unregisterHandler(pattern, types)` | Remove a handler | +| `handleUdpMessage(msg, rinfo, cb)` | Process a UDP message manually | +| `processRawDnsPacket(buf)` | Sync packet processing (TS fallback) | +| `processRawDnsPacketAsync(buf)` | Async packet processing (Rust bridge, includes DNSSEC) | +| `retrieveSslCertificate(domains, opts)` | ACME DNS-01 certificate retrieval | +| `filterAuthorizedDomains(domains)` | Filter domains the server is authoritative for | + +### `RustDnsBridge` + +Low-level IPC bridge to the `rustdns` binary. Used internally by `DnsServer` โ€” typically not imported directly. + +Emits events: `dnsQuery`, `started`, `stopped`, `error`. + +## Handler System + +Handlers use **glob patterns** (via `minimatch`) for domain matching. Multiple handlers can contribute records to a single response. + +```typescript +server.registerHandler('*.example.com', ['A'], (question) => ({ + name: question.name, + type: 'A', + class: 'IN', + ttl: 300, + data: '10.0.0.1', +})); +``` + +When no handler matches, the server returns an automatic **SOA record** for the zone. + +## DNSSEC + +Enabled automatically with the `dnssecZone` option. Supports: + +- **ECDSAP256SHA256** (13) โ€” default +- **ED25519** (15) +- **RSASHA256** (8) + +Key generation, DNSKEY/RRSIG/NSEC record creation is fully handled by the Rust backend. + +## Dependencies + +- `@push.rocks/smartrust` โ€” TypeScript-to-Rust IPC bridge +- `dns-packet` โ€” DNS wire format codec (used for TS fallback path) +- `minimatch` โ€” glob pattern matching for handlers +- `acme-client` โ€” Let's Encrypt ACME protocol