push.rocks/smartdns
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: push.rocks:v1.0.5
Branches Tags
push.rocks:main
push.rocks:v7.9.0 push.rocks:v7.8.1 push.rocks:v7.8.0 push.rocks:v7.7.1 push.rocks:v7.7.0 push.rocks:v7.6.1 push.rocks:v7.6.0 push.rocks:v7.5.1 push.rocks:v7.5.0 push.rocks:v7.4.7 push.rocks:v7.4.6 push.rocks:v7.4.5 push.rocks:v7.4.4 push.rocks:v7.4.3 push.rocks:v7.4.2 push.rocks:v7.4.1 push.rocks:v7.4.0 push.rocks:v7.3.0 push.rocks:v7.2.0 push.rocks:v7.1.0 push.rocks:v7.0.2 push.rocks:v7.0.1 push.rocks:v7.0.0 push.rocks:v6.2.2 push.rocks:v6.2.1 push.rocks:v6.2.0 push.rocks:v6.1.1 push.rocks:v6.1.0 push.rocks:v6.0.0 push.rocks:v5.0.4 push.rocks:v5.0.3 push.rocks:v5.0.2 push.rocks:v5.0.1 push.rocks:v5.0.0 push.rocks:v4.0.11 push.rocks:v4.0.10 push.rocks:v4.0.9 push.rocks:v4.0.8 push.rocks:v4.0.7 push.rocks:v4.0.6 push.rocks:v4.0.5 push.rocks:v4.0.4 push.rocks:v4.0.3 push.rocks:v4.0.2 push.rocks:v4.0.1 push.rocks:v4.0.0 push.rocks:v3.0.8 push.rocks:v3.0.7 push.rocks:v3.0.6 push.rocks:v3.0.5 push.rocks:v3.0.4 push.rocks:v3.0.3 push.rocks:v3.0.2 push.rocks:v3.0.1 push.rocks:v3.0.0 push.rocks:v2.0.10 push.rocks:v2.0.9 push.rocks:v2.0.8 push.rocks:v2.0.7 push.rocks:v2.0.6 push.rocks:v2.0.5 push.rocks:v2.0.4 push.rocks:v2.0.3 push.rocks:v2.0.2 push.rocks:v2.0.1 push.rocks:v2.0.0 push.rocks:v1.0.7 push.rocks:v1.0.6 push.rocks:v1.0.5 push.rocks:v1.0.4 push.rocks:v1.0.3 push.rocks:v1.0.2 push.rocks:v1.0.1
...
compare: push.rocks:v7.9.0
Branches Tags
push.rocks:main
push.rocks:v7.9.0 push.rocks:v7.8.1 push.rocks:v7.8.0 push.rocks:v7.7.1 push.rocks:v7.7.0 push.rocks:v7.6.1 push.rocks:v7.6.0 push.rocks:v7.5.1 push.rocks:v7.5.0 push.rocks:v7.4.7 push.rocks:v7.4.6 push.rocks:v7.4.5 push.rocks:v7.4.4 push.rocks:v7.4.3 push.rocks:v7.4.2 push.rocks:v7.4.1 push.rocks:v7.4.0 push.rocks:v7.3.0 push.rocks:v7.2.0 push.rocks:v7.1.0 push.rocks:v7.0.2 push.rocks:v7.0.1 push.rocks:v7.0.0 push.rocks:v6.2.2 push.rocks:v6.2.1 push.rocks:v6.2.0 push.rocks:v6.1.1 push.rocks:v6.1.0 push.rocks:v6.0.0 push.rocks:v5.0.4 push.rocks:v5.0.3 push.rocks:v5.0.2 push.rocks:v5.0.1 push.rocks:v5.0.0 push.rocks:v4.0.11 push.rocks:v4.0.10 push.rocks:v4.0.9 push.rocks:v4.0.8 push.rocks:v4.0.7 push.rocks:v4.0.6 push.rocks:v4.0.5 push.rocks:v4.0.4 push.rocks:v4.0.3 push.rocks:v4.0.2 push.rocks:v4.0.1 push.rocks:v4.0.0 push.rocks:v3.0.8 push.rocks:v3.0.7 push.rocks:v3.0.6 push.rocks:v3.0.5 push.rocks:v3.0.4 push.rocks:v3.0.3 push.rocks:v3.0.2 push.rocks:v3.0.1 push.rocks:v3.0.0 push.rocks:v2.0.10 push.rocks:v2.0.9 push.rocks:v2.0.8 push.rocks:v2.0.7 push.rocks:v2.0.6 push.rocks:v2.0.5 push.rocks:v2.0.4 push.rocks:v2.0.3 push.rocks:v2.0.2 push.rocks:v2.0.1 push.rocks:v2.0.0 push.rocks:v1.0.7 push.rocks:v1.0.6 push.rocks:v1.0.5 push.rocks:v1.0.4 push.rocks:v1.0.3 push.rocks:v1.0.2 push.rocks:v1.0.1

138 Commits
v1.0.5 ... v7.9.0

Author SHA1 Message Date
Juergen Kunz
510801b109 v7.9.0 2026-02-20 15:18:30 +00:00
Juergen Kunz
4581a6a1e0 feat(server): emit query events with questions, answered status, response time and timestamp 2026-02-20 15:18:30 +00:00
Juergen Kunz
ca36d3be0a v7.8.1 2026-02-12 23:52:46 +00:00
Juergen Kunz
7fb656e8b5 fix(server): Require Rust bridge for DNS packet processing; remove synchronous TypeScript fallback; change handler API to accept IDnsQuestion and adjust query API 2026-02-12 23:52:46 +00:00
Juergen Kunz
0c140403e9 v7.8.0 2026-02-11 13:02:37 +00:00
Juergen Kunz
368430d199 feat(rustdns-client): add Rust DNS client binary and TypeScript IPC bridge to enable UDP and DoH resolution, RDATA decoding, and DNSSEC AD/rcode support 2026-02-11 13:02:37 +00:00
Juergen Kunz
9d4db39741 v7.7.1 2026-02-11 11:46:16 +00:00
Juergen Kunz
32d7508dce fix(tests): prune flaky SOA integration and performance tests that rely on external tools and long-running signing/serialization checks 2026-02-11 11:46:16 +00:00
Juergen Kunz
ce7c11d084 v7.7.0 2026-02-11 11:24:10 +00:00
Juergen Kunz
60371e1ad5 feat(rust): add Rust-based DNS server backend with IPC management and TypeScript bridge 2026-02-11 11:24:10 +00:00
Juergen Kunz
abbb971d6a 7.6.1 2025-09-12 17:38:43 +00:00
Juergen Kunz
911a20c86d fix(classes.dnsclient): Remove redundant DOH response parsing in getRecords to avoid duplicate processing and clean up client code 2025-09-12 17:38:43 +00:00
Juergen Kunz
1b9eefd70f 7.6.0 2025-09-12 17:32:03 +00:00
Juergen Kunz
f29962a6dc feat(dnsserver): Return multiple matching records, improve DNSSEC RRset signing, add client resolution strategy and localhost handling, update tests 2025-09-12 17:32:03 +00:00
Juergen Kunz
afd1c18496 7.5.1 2025-09-12 15:38:16 +00:00
Juergen Kunz
0ea622aa8d fix(dependencies): Bump dependency versions and add pnpm workspace onlyBuiltDependencies 2025-09-12 15:38:16 +00:00
Philipp Kunz
56a33dd7ae 7.5.0 2025-06-01 20:53:22 +00:00
Philipp Kunz
9e5fae055f feat(dnssec): Add MX record DNSSEC support for proper serialization and authentication of mail exchange records 2025-06-01 20:53:22 +00:00
Philipp Kunz
afdd6a6074 7.4.7 2025-05-30 19:49:34 +00:00
Philipp Kunz
3d06131e04 fix(dnsserver): Update documentation to clarify the primaryNameserver option and SOA record behavior in the DNS server. The changes detail how the primaryNameserver configuration customizes the SOA mname, ensures proper DNSSEC signing for RRsets, and updates the configuration interface examples. 2025-05-30 19:49:34 +00:00
Philipp Kunz
1811ebd4d4 7.4.6 2025-05-30 19:28:54 +00:00
Philipp Kunz
e7ace9b596 7.4.5 2025-05-30 19:28:22 +00:00
Philipp Kunz
f6175d1f2b 7.4.4 
fix(dnsserver): Fix SOA record timeout issue by correcting RRSIG field formatting

- Fixed RRSIG generation by using correct field name 'signersName' (not 'signerName')
- Fixed label count calculation in RRSIG by filtering empty strings
- Added SOA records to DNSSEC signing map for proper RRSIG generation
- Added error logging and fallback values for RRSIG generation robustness
- Updated test expectations to match corrected DNSSEC RRset signing behavior
- Added comprehensive SOA test coverage including timeout, debug, and simple test scenarios
 2025-05-30 19:27:37 +00:00
Philipp Kunz
d67fbc87e2 7.4.3 2025-05-30 18:27:28 +00:00
Philipp Kunz
b87cbbee5c feat(dnsserver): Enhance DNSSEC RRset signing and add configurable primary nameserver 
- Fix DNSSEC to properly sign entire RRsets together instead of individual records
- Implement proper SOA record serialization according to RFC 1035
- Add primaryNameserver option to IDnsServerOptions for customizable SOA mname field
- Add comprehensive tests for DNSSEC RRset signing and SOA record handling
- Update documentation with v7.4.3 improvements

Co-Authored-By: User <user@example.com>
 2025-05-30 18:20:55 +00:00
Philipp Kunz
4e37bc9bc0 7.4.2 2025-05-30 17:09:02 +00:00
Philipp Kunz
2b97dffb47 fix(dnsserver): Enable multiple DNS record support by removing the premature break in processDnsRequest. Now the DNS server aggregates answers from all matching handlers for NS, A, and TXT records, and improves NS record serialization for DNSSEC. 2025-05-30 17:09:02 +00:00
Philipp Kunz
e7cb0921fc 7.4.1 2025-05-28 19:55:01 +00:00
Philipp Kunz
0f8953fc1d fix(test/server): Fix force cleanup in DNS server tests by casting server properties before closing sockets 2025-05-28 19:55:01 +00:00
Philipp Kunz
1185ea67d4 7.4.0 2025-05-28 19:26:52 +00:00
Philipp Kunz
b187da507b feat(manual socket handling): Add comprehensive manual socket handling documentation for advanced DNS server use cases 2025-05-28 19:26:52 +00:00
Philipp Kunz
3094c9d06c 7.3.0 2025-05-28 19:16:54 +00:00
Philipp Kunz
62b6fa26fa feat(dnsserver): Add manual socket mode support to enable external socket control for the DNS server. 2025-05-28 19:16:54 +00:00
Philipp Kunz
46e51cd846 7.2.0 2025-05-28 19:03:46 +00:00
Philipp Kunz
dd12641fb0 feat(dns-server): Improve DNS server interface binding by adding explicit IP validation, configurable UDP/HTTPS binding, and enhanced logging. 2025-05-28 19:03:45 +00:00
Philipp Kunz
df209ffa71 7.1.0 2025-05-27 12:52:00 +00:00
Philipp Kunz
b281fef624 feat(docs): Improve documentation for advanced DNS features and update usage examples for both DNS client and server. 2025-05-27 12:52:00 +00:00
Philipp Kunz
455e9aa6a7 7.0.2 2025-05-27 12:15:17 +00:00
Philipp Kunz
5bc376c8ba fix(dns-client): Improve test assertions for DNS record queries and correct counter increment logic in DNS client 2025-05-27 12:15:17 +00:00
Philipp Kunz
34cc8dd073 7.0.1 2025-05-27 11:39:22 +00:00
Philipp Kunz
f9aa961e01 fix(test & plugins): Rename test client variable and export smartrequest in client plugins 2025-05-27 11:39:22 +00:00
Philipp Kunz
1e6d59b5b2 7.0.0 2025-05-27 11:31:12 +00:00
Philipp Kunz
24ed3bd238 BREAKING CHANGE(core): Refactor module entry point and update plugin imports; remove deprecated dnsly.plugins, update dependency versions, and adjust test imports 2025-05-27 11:31:12 +00:00
Philipp Kunz
34276f71ef 6.2.2 2025-03-21 18:22:20 +00:00
Philipp Kunz
7997e9dc94 update 2025-03-21 18:21:47 +00:00
Philipp Kunz
9bc8278464 6.2.1 2024-09-21 22:56:28 +02:00
Philipp Kunz
58f02cc0c0 fix(core): Fixing issues with keywords and readme formatting. 2024-09-21 22:56:27 +02:00
Philipp Kunz
566a78cee4 6.2.0 2024-09-19 18:51:34 +02:00
Philipp Kunz
74ac0c1287 feat(dnssec): Introduced DNSSEC support with ECDSA algorithm 2024-09-19 18:51:34 +02:00
Philipp Kunz
5278c2ce78 6.1.1 2024-09-19 18:23:42 +02:00
Philipp Kunz
439d08b023 fix(ts_server): Update DnsSec class to fully implement key generation and DNSKEY record creation. 2024-09-19 18:23:42 +02:00
Philipp Kunz
1536475306 6.1.0 2024-09-18 19:28:29 +02:00
Philipp Kunz
5c06ae1edb feat(smartdns): Add DNS Server and DNSSEC tools with comprehensive unit tests 2024-09-18 19:28:28 +02:00
Philipp Kunz
2cfecab96f 6.0.0 2024-06-02 15:34:20 +02:00
Philipp Kunz
7eb8a46c7c BREAKING CHANGE(server/client): move from client only to server + client exports 2024-06-02 15:34:19 +02:00
Philipp Kunz
c56e732d6d update description 2024-05-29 14:12:42 +02:00
Philipp Kunz
aff5f2e7d9 update tsconfig 2024-04-14 17:30:20 +02:00
Philipp Kunz
6c38ff36d7 update npmextra.json: githost 2024-04-01 21:34:39 +02:00
Philipp Kunz
b45cda5084 update npmextra.json: githost 2024-04-01 19:58:04 +02:00
Philipp Kunz
dedd3a3f82 update npmextra.json: githost 2024-03-30 21:47:01 +01:00
Philipp Kunz
f2dffb6e88 switch to new org scheme 2023-07-10 02:48:43 +02:00
Philipp Kunz
2a1fbeb183 5.0.4 2023-04-08 11:30:49 +02:00
Philipp Kunz
a6a47d2e96 fix(core): update 2023-04-08 11:30:48 +02:00
Philipp Kunz
84ad6bbcd6 5.0.3 2023-03-23 01:41:35 +01:00
Philipp Kunz
4102c3a692 fix(core): update 2023-03-23 01:41:35 +01:00
Philipp Kunz
6281ab0c80 5.0.2 2022-07-27 11:42:02 +02:00
Philipp Kunz
622c65291e fix(core): update 2022-07-27 11:42:01 +02:00
Philipp Kunz
dd8c97b99a 5.0.1 2022-07-27 09:15:28 +02:00
Philipp Kunz
9c56dc51e3 fix(core): update 2022-07-27 09:15:28 +02:00
Philipp Kunz
45cbd3a953 5.0.0 2022-07-27 09:00:00 +02:00
Philipp Kunz
d3e2655212 BREAKING CHANGE(core): update 2022-07-27 09:00:00 +02:00
Philipp Kunz
e02b2253f5 4.0.11 2022-07-27 08:59:29 +02:00
Philipp Kunz
862577745d fix(core): update 2022-07-27 08:59:29 +02:00
Philipp Kunz
ca72206ab4 4.0.10 2021-08-24 11:41:22 +02:00
Philipp Kunz
0221c3207e fix(core): update 2021-08-24 11:41:22 +02:00
Philipp Kunz
f2b8fa57af 4.0.9 2021-08-24 11:40:44 +02:00
Philipp Kunz
e5b072d99b fix(core): update 2021-08-24 11:40:44 +02:00
Phil Kunz
97c57b2865 4.0.8 2021-01-22 23:24:03 +00:00
Phil Kunz
e04485231d fix(core): update 2021-01-22 23:24:02 +00:00
Phil Kunz
228bc88d60 4.0.7 2021-01-22 22:40:17 +00:00
Phil Kunz
811041b036 fix(core): update 2021-01-22 22:40:16 +00:00
Phil Kunz
a1203366d7 4.0.6 2021-01-22 22:20:40 +00:00
Phil Kunz
0deb77cda8 fix(core): update 2021-01-22 22:20:39 +00:00
Phil Kunz
ed8b7ec65a 4.0.5 2021-01-22 20:37:52 +00:00
Phil Kunz
6cfc12f83f fix(core): update 2021-01-22 20:37:51 +00:00
Phil Kunz
efd9bbb77a 4.0.4 2020-08-05 15:37:52 +00:00
Phil Kunz
b463aea274 fix(core): update 2020-08-05 15:37:51 +00:00
Phil Kunz
c8cf590a5a 4.0.3 2020-02-19 21:38:43 +00:00
Phil Kunz
42f679ef61 fix(core): update 2020-02-19 21:38:42 +00:00
Phil Kunz
0cb882bb7d 4.0.2 2020-02-15 16:46:46 +00:00
Phil Kunz
66f817cdf8 fix(core): update 2020-02-15 16:46:46 +00:00
Phil Kunz
5925c882c8 4.0.1 2020-02-15 16:46:04 +00:00
Phil Kunz
6f09a82eee fix(core): update 2020-02-15 16:46:04 +00:00
Phil Kunz
e23579709a 4.0.0 2020-02-15 16:41:38 +00:00
Phil Kunz
929e4152d3 BREAKING CHANGE(core): now uses Google DNS HTTPS API and handles DNSSEC validation 2020-02-15 16:41:37 +00:00
Phil Kunz
d0527affc2 3.0.8 2019-01-07 00:53:04 +01:00
Phil Kunz
f2ebaf74d9 fix(core): update 2019-01-07 00:53:04 +01:00
Phil Kunz
b6d8c36f3e 3.0.7 2019-01-07 00:28:27 +01:00
Phil Kunz
587600d571 3.0.6 2019-01-07 00:28:16 +01:00
Phil Kunz
17f293ca4e fix(core): update 2019-01-07 00:28:15 +01:00
Phil Kunz
0ed946ee63 3.0.5 2019-01-07 00:21:15 +01:00
Phil Kunz
e720d5905e fix(core): update 2019-01-07 00:21:15 +01:00
Phil Kunz
6286bfaa8f 3.0.4 2018-05-13 16:43:47 +02:00
Phil Kunz
9390bbae61 fix(core): fix .checkUntilAvailable error 2018-05-13 16:43:46 +02:00
Phil Kunz
ebb007bcdb 3.0.3 2018-05-13 16:22:38 +02:00
Phil Kunz
e6d99d5664 fix(ci): fix @gitzone/npmts package name 2018-05-13 16:22:37 +02:00
Phil Kunz
7b29efc398 3.0.2 2018-05-13 16:21:15 +02:00
Phil Kunz
64c381d42f fix(docs): update 2018-05-13 16:21:15 +02:00
Phil Kunz
d4dbf4f2b3 3.0.1 2018-05-13 16:18:40 +02:00
Phil Kunz
562dca35a7 fix(ci): add access level and correct global packages 2018-05-13 16:18:40 +02:00
Phil Kunz
2bbbbc17e8 3.0.0 2018-05-13 15:51:05 +02:00
Phil Kunz
4ada87a945 BREAKING CHANGE(package): update to new packagename and improve record retrieval 2018-05-13 15:51:04 +02:00
Phil Kunz
3e45a24750 2.0.10 2017-07-31 16:34:00 +02:00
Phil Kunz
96b4926f8f update dependencies 2017-07-31 16:33:57 +02:00
Phil Kunz
b0ceeda2b9 2.0.9 2017-07-18 16:00:59 +02:00
Phil Kunz
b118419301 remove old README 2017-07-18 16:00:48 +02:00
Phil Kunz
25699ebfc5 2.0.8 2017-07-18 15:54:06 +02:00
Phil Kunz
a69f565cf8 add docs 2017-07-18 15:53:54 +02:00
Phil Kunz
fe423a8e8a 2.0.7 2017-07-18 15:47:06 +02:00
Phil Kunz
70862850d5 add npmextra.json 2017-07-18 15:47:01 +02:00
Phil Kunz
31ab725d2f 2.0.6 2017-07-18 15:46:09 +02:00
Phil Kunz
d98890c14e update ci 2017-07-18 15:45:44 +02:00
Phil Kunz
5327914895 2.0.5 2017-07-18 15:45:11 +02:00
Phil Kunz
5bd2b6cb55 update README 2017-07-18 15:45:06 +02:00
Phil Kunz
1cdce1b862 2.0.4 2017-02-02 21:34:33 +01:00
Phil Kunz
e18e7a04ee update README 2017-02-02 21:33:43 +01:00
Phil Kunz
e64fa93dca 2.0.3 2017-01-27 00:39:43 +01:00
Phil Kunz
1cf09016df fix failing of non existent record 2017-01-27 00:39:24 +01:00
Phil Kunz
aaa218003e 2.0.2 2017-01-27 00:24:28 +01:00
Phil Kunz
db9d748f99 merge 2017-01-27 00:23:56 +01:00
Phil Kunz
40e412282c 2.0.1 2017-01-27 00:18:01 +01:00
Phil Kunz
768cf06e0e fix typings 2017-01-27 00:17:01 +01:00
Phil Kunz
bab5cea49f 2.0.0 2017-01-27 00:11:17 +01:00
Phil Kunz
46aa545324 update to better API 2017-01-27 00:11:13 +01:00
Phil Kunz
2ef01e1111 1.0.7 2017-01-15 17:05:35 +01:00
Phil Kunz
0f129262e9 fix 2017-01-15 17:04:16 +01:00
PhilKunz
8e4d40edd0 1.0.6 2016-11-15 22:49:28 +01:00
PhilKunz
f6afe90a63 improve README 2016-11-15 22:48:58 +01:00
80 changed files with 21917 additions and 320 deletions
Expand all files Collapse all files

23
.gitignore vendored
View File

@@ -1,4 +1,21 @@
node_modules/
pages/
public/
.nogit/
# artifacts
coverage/
public/
pages/
# installs
node_modules/
# caches
.yarn/
.cache/
.rpt2_cache
# builds
dist/
dist_*/
# custom
rust/target

59
.gitlab-ci.yml
View File

@@ -1,59 +0,0 @@
image: hosttoday/ht-docker-node:npmts
stages:
- test
- release
- trigger
- pages
testLEGACY:
stage: test
script:
- npmci test legacy
tags:
- docker
allow_failure: true
testLTS:
stage: test
script:
- npmci test lts
tags:
- docker
testSTABLE:
stage: test
script:
- npmci test stable
tags:
- docker
release:
stage: release
script:
- npmci publish
only:
- tags
tags:
- docker
trigger:
stage: trigger
script:
- npmci trigger
only:
- tags
tags:
- docker
pages:
image: hosttoday/ht-docker-node:npmpage
stage: pages
script:
- npmci command npmpage --host gitlab
only:
- tags
artifacts:
expire_in: 1 week
paths:
- public

11
.vscode/launch.json vendored Normal file
View File

@@ -0,0 +1,11 @@
{
"version": "0.2.0",
"configurations": [
{
"command": "npm test",
"name": "Run npm test",
"request": "launch",
"type": "node-terminal"
}
]
}

26
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,26 @@
{
"json.schemas": [
{
"fileMatch": ["/npmextra.json"],
"schema": {
"type": "object",
"properties": {
"npmci": {
"type": "object",
"description": "settings for npmci"
},
"gitzone": {
"type": "object",
"description": "settings for gitzone",
"properties": {
"projectType": {
"type": "string",
"enum": ["website", "element", "service", "npm", "wcc"]
}
}
}
}
}
}
]
}

32
README.md
View File

@@ -1,32 +0,0 @@
# dnsly
smart dns methods written in TypeScript
## Availabililty
[![npm](https://push.rocks/assets/repo-button-npm.svg)](https://www.npmjs.com/package/dnsly)
[![git](https://push.rocks/assets/repo-button-git.svg)](https://gitlab.com/pushrocks/dnsly)
[![git](https://push.rocks/assets/repo-button-mirror.svg)](https://github.com/pushrocks/dnsly)
[![docs](https://push.rocks/assets/repo-button-docs.svg)](https://pushrocks.gitlab.io/dnsly/)
## Status for master
[![build status](https://gitlab.com/pushrocks/dnsly/badges/master/build.svg)](https://gitlab.com/pushrocks/dnsly/commits/master)
[![coverage report](https://gitlab.com/pushrocks/dnsly/badges/master/coverage.svg)](https://gitlab.com/pushrocks/dnsly/commits/master)
[![Dependency Status](https://david-dm.org/pushrocks/dnsly.svg)](https://david-dm.org/pushrocks/dnsly)
[![bitHound Dependencies](https://www.bithound.io/github/pushrocks/dnsly/badges/dependencies.svg)](https://www.bithound.io/github/pushrocks/dnsly/master/dependencies/npm)
[![bitHound Code](https://www.bithound.io/github/pushrocks/dnsly/badges/code.svg)](https://www.bithound.io/github/pushrocks/dnsly)
[![TypeScript](https://img.shields.io/badge/TypeScript-2.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
[![node](https://img.shields.io/badge/node->=%206.x.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
[![JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)
## Usage
we recommend the use of TypeScript for optimal intellisense
```javascript
import * as dnsly from 'dnsly'
let myDnsly = new dnsly.Dnsly('google') // uses Google DNS Servers e.g 8.8.8.8
myDnsly.getRecord('example.com','AAAA') // returns promise
.then(record: dnsly.I_AAAA => { // AAAA record for google.com, the I_AAAA will give you proper typings for the record return type
// do something
})
```
[![npm](https://push.rocks/assets/repo-header.svg)](https://push.rocks)

312
changelog.md Normal file
View File

@@ -0,0 +1,312 @@
# Changelog
## 2026-02-20 - 7.9.0 - feat(server)
emit query events with questions, answered status, response time and timestamp
- Added IDnsQueryCompletedEvent interface with questions, answered, responseTimeMs and timestamp fields
- DnsServer now extends EventEmitter and calls super() in constructor
- DnsServer emits a 'query' event on incoming dnsQuery from Rust bridge, providing answers and timing
- Imported IIpcDnsQuestion and used TypeScript 'satisfies' for the emitted event object
## 2026-02-12 - 7.8.1 - fix(server)
Require Rust bridge for DNS packet processing; remove synchronous TypeScript fallback; change handler API to accept IDnsQuestion and adjust query API
- Breaking API change: handler signature changed from dns-packet.Question to IDnsQuestion — update registered handlers accordingly.
- Synchronous TypeScript fallback (processDnsRequest/processRawDnsPacket) removed; callers must start the server/bridge and use the async bridge path (processRawDnsPacketAsync) or the new resolveQuery API.
- processRawDnsPacketAsync now throws if the Rust bridge is not started — call start() before processing packets.
- Public/test API rename/adjustments: processDnsRequest usages were replaced with resolveQuery and tests updated to use tapbundle_serverside.
- Dependency changes: moved dns-packet to devDependencies, bumped @push.rocks/smartenv to ^6.0.0, updated @git.zone/* build/test tools and @types/node; removed @push.rocks/smartrequest from client plugin exports.
- Plugins: dns-packet removed from exported plugins and minimatch kept; ts_client no longer exports smartrequest.
## 2026-02-11 - 7.8.0 - feat(rustdns-client)
add Rust DNS client binary and TypeScript IPC bridge to enable UDP and DoH resolution, RDATA decoding, and DNSSEC AD/rcode support
- Add new rust crate rustdns-client with IPC management, DoH and UDP resolvers (resolver_doh.rs, resolver_udp.rs) and ipc types
- Integrate Rust client via a new TypeScript RustDnsClientBridge that spawns rustdns-client and communicates over JSON IPC
- Expose Rust-based resolution from Smartdns (new strategies: 'udp', 'prefer-udp'; DoH routed through Rust) and add destroy() to clean up the bridge
- Extend rustdns-protocol with RDATA decoders (A, AAAA, TXT, MX, NS/CNAME/PTR name decoding, SOA, SRV), AD flag detection and rcode() helper
- Update tests to cover Rust/UDP/DoH paths, DNSSEC AD flag, SOA round-trip and performance assertions
- Update packaging/readmes and build metadata (npmextra.json, ts_client/readme, ts_server/readme) and Cargo manifests/lock for the new crate
## 2026-02-11 - 7.7.1 - fix(tests)
prune flaky SOA integration and performance tests that rely on external tools and long-running signing/serialization checks
- Removed 'Test raw SOA serialization' from test/test.soa.debug.ts
- Removed dig-based 'Test SOA timeout with real dig command' from test/test.soa.timeout.ts
- Removed 'Check DNSSEC signing performance for SOA' and related serialization/signing performance checks
- Removed unused imports (plugins, execSync) and testPort constant; minor whitespace/cleanup in stopServer
## 2026-02-11 - 7.7.0 - feat(rust)
add Rust-based DNS server backend with IPC management and TypeScript bridge
- Adds a new rust/ workspace with crates: rustdns, rustdns-protocol, rustdns-server, rustdns-dnssec (DNS packet parsing/encoding, UDP/HTTPS servers, DNSSEC signing).
- Implements an IPC management loop and command/event protocol (stdin/stdout) for communication between Rust and TypeScript (ipc_types, management).
- Introduces DnsResolver and DNSSEC key/signing logic in Rust (keys, signing, keytag), plus UDP and DoH HTTPS server implementations.
- Adds a TypeScript Rust bridge (ts_server/classes.rustdnsbridge.ts) using @push.rocks/smartrust to spawn and talk to the Rust binary; exposes spawn/start/stop/processPacket/ping APIs.
- Removes JS-based DNSSEC implementation and updates ts_server plugins to use smartrust; adds tsrust integration and tsrust devDependency and build step in package.json.
- Documentation and tooling: README updated with Rust backend architecture, .gitignore updated for rust/target, Cargo config for cross-compile linker added.
## 2025-09-12 - 7.6.1 - fix(classes.dnsclient)
Remove redundant DOH response parsing in getRecords to avoid duplicate processing and clean up client code
- Removed a duplicated/extra iteration that parsed DNS-over-HTTPS (DoH) answers in ts_client/classes.dnsclient.ts.
- Prevents double-processing or incorrect return behavior from Smartdns.getRecords when using DoH providers.
- Changes affect the Smartdns client implementation (ts_client/classes.dnsclient.ts).
## 2025-09-12 - 7.6.0 - feat(dnsserver)
Return multiple matching records, improve DNSSEC RRset signing, add client resolution strategy and localhost handling, update tests
- Server: process all matching handlers for a question so multiple records (NS, A, TXT, etc.) are returned instead of stopping after the first match
- DNSSEC: sign entire RRsets together (single RRSIG per RRset) and ensure DNSKEY/DS generation and key-tag computation are handled correctly
- Server: built-in localhost handling (RFC 6761) with an enableLocalhostHandling option and synthetic answers for localhost/127.0.0.1 reverse lookups
- Server: improved SOA generation (primary nameserver handling), name serialization (trim trailing dot), and safer start/stop behavior
- Client: added resolution strategy options (doh | system | prefer-system), allowDohFallback and per-query timeout support; improved DoH and system lookup handling (proper TXT quoting and name trimming)
- Tests: updated expectations and test descriptions to reflect correct multi-record behavior and other fixes
## 2025-09-12 - 7.5.1 - fix(dependencies)
Bump dependency versions and add pnpm workspace onlyBuiltDependencies
- Bumped @push.rocks/smartenv from ^5.0.5 to ^5.0.13
- Bumped @git.zone/tsbuild from ^2.6.4 to ^2.6.8
- Bumped @git.zone/tstest from ^2.3.1 to ^2.3.7
- Added pnpm-workspace.yaml with onlyBuiltDependencies: [esbuild, mongodb-memory-server, puppeteer]
## 2025-06-01 - 7.5.0 - feat(dnssec)
Add MX record DNSSEC support for proper serialization and authentication of mail exchange records
- Serialize MX records by combining a 16-bit preference with the exchange domain name
- Enable DNSSEC signature generation for MX records to authenticate mail exchange data
- Update documentation to include the new MX record DNSSEC support in version v7.4.8
## 2025-05-30 - 7.4.7 - fix(dnsserver)
Update documentation to clarify the primaryNameserver option and SOA record behavior in the DNS server. The changes detail how the primaryNameserver configuration customizes the SOA mname, ensures proper DNSSEC signing for RRsets, and updates the configuration interface examples.
- Documented the primaryNameserver option in IDnsServerOptions with default behavior (ns1.{dnssecZone})
- Clarified SOA record generation including mname, rname, serial, and TTL fields
- Updated readme examples to demonstrate binding interfaces and proper DNS server configuration
## 2025-05-30 - 7.4.6 - docs(readme)
Document the primaryNameserver option and SOA record behavior in the DNS server documentation.
- Added comprehensive documentation for the primaryNameserver option in IDnsServerOptions
- Explained SOA record automatic generation and the role of the primary nameserver
- Clarified that only one nameserver is designated as primary in SOA records
- Updated the configuration options interface documentation with all available options
## 2025-05-30 - 7.4.3 - fix(dnsserver)
Fix DNSSEC RRset signing, SOA record timeout issues, and add configurable primary nameserver support.
- Fixed DNSSEC to sign entire RRsets together instead of individual records (one RRSIG per record type)
- Fixed SOA record serialization by implementing proper wire format encoding in serializeRData method
- Fixed RRSIG generation by using correct field names (signersName) and types (string typeCovered)
- Added configurable primary nameserver via primaryNameserver option in IDnsServerOptions
- Enhanced test coverage with comprehensive SOA and DNSSEC test scenarios
## 2025-05-30 - 7.4.2 - fix(dnsserver)
Enable multiple DNS record support by removing the premature break in processDnsRequest. Now the DNS server aggregates answers from all matching handlers for NS, A, and TXT records, and improves NS record serialization for DNSSEC.
- Removed the break statement in processDnsRequest to allow all matching handlers to contribute responses.
- Updated NS record serialization to properly handle domain names in DNSSEC context.
- Enhanced tests for round-robin A records and multiple TXT records scenarios.
## 2025-05-28 - 7.4.1 - fix(test/server)
Fix force cleanup in DNS server tests by casting server properties before closing sockets
- Cast server to any to safely invoke close() on httpsServer and udpServer in test cleanup
- Ensures proper emergency cleanup of server sockets without direct access to private properties
## 2025-05-28 - 7.4.0 - feat(manual socket handling)
Add comprehensive manual socket handling documentation for advanced DNS server use cases
- Introduced detailed examples for configuring manual UDP and HTTPS socket handling
- Provided sample code for load balancing, clustering, custom transport protocols, and multi-interface binding
- Updated performance and best practices sections to reflect manual socket handling benefits
## 2025-05-28 - 7.3.0 - feat(dnsserver)
Add manual socket mode support to enable external socket control for the DNS server.
- Introduced new manualUdpMode and manualHttpsMode options in the server options interface.
- Added initializeServers, initializeUdpServer, and initializeHttpsServer methods for manual socket initialization.
- Updated start() and stop() methods to handle both automatic and manual socket binding modes.
- Enhanced UDP and HTTPS socket error handling and IP address validations.
- Removed obsolete internal documentation file (readme.plan2.md).
## 2025-05-28 - 7.2.0 - feat(dns-server)
Improve DNS server interface binding by adding explicit IP validation, configurable UDP/HTTPS binding, and enhanced logging.
- Added udpBindInterface and httpsBindInterface options to IDnsServerOptions
- Implemented IP address validation for both IPv4 and IPv6 in the start() method
- Configured UDP and HTTPS servers to bind to specified interfaces with detailed logging
- Updated documentation to include interface binding examples (localhost and specific interfaces)
- Enhanced tests to cover valid and invalid interface binding scenarios
## 2025-05-27 - 7.1.0 - feat(docs)
Improve documentation for advanced DNS features and update usage examples for both DNS client and server.
- Revamped readme.hints with expanded architecture overview and detailed explanations of DNSSEC, Let's Encrypt integration, and advanced handler patterns.
- Updated readme.md with clearer instructions and code examples for A, AAAA, TXT, MX record queries, DNS propagation checks, and usage of UDP and DNS-over-HTTPS.
- Enhanced TAP tests documentation demonstrating both client and server flows.
- Bumped version from 7.0.2 to 7.1.0 in preparation for the next release.
## 2025-05-27 - 7.1.0 - feat(docs)
Improve documentation for advanced DNS features by updating usage examples for DNS client and server, and enhancing instructions for DNSSEC and Let's Encrypt integration.
- Revamped readme.hints with an expanded architecture overview and detailed client/server feature explanations.
- Updated readme.md to include clearer instructions and code examples for A, AAAA, TXT, MX record queries and DNS propagation checks.
- Enhanced examples for using DNSSEC, including detailed examples for DNSKEY, DS, and RRSIG records.
- Added new instructions for setting up DNS-over-HTTPS (DoH), UDP-based resolution, and pattern-based routing for handlers.
- Improved testing documentation with updated TAP tests demonstrating both DNS client and server flows.
## 2025-05-27 - 7.0.2 - fix(dns-client)
Improve test assertions for DNS record queries and correct counter increment logic in DNS client
- Updated test cases in test/test.client.ts to use dynamic assertions with 'google.com' instead of fixed values
- Adjusted checkUntilAvailable tests to verify proper behavior when DNS TXT record is missing
- Fixed counter increment in ts_client/classes.dnsclient.ts to avoid post-increment issues, ensuring proper retry delays
## 2025-05-27 - 7.0.1 - fix(test & plugins)
Rename test client variable and export smartrequest in client plugins
- Renamed variable 'testDnsly' to 'testDnsClient' in test/test.client.ts for better clarity.
- Added @push.rocks/smartrequest dependency in package.json and updated ts_client/plugins.ts to export it.
## 2025-05-27 - 7.0.0 - BREAKING CHANGE(core)
Refactor module entry point and update plugin imports; remove deprecated dnsly.plugins, update dependency versions, and adjust test imports
- Changed module export in package.json from './dist_ts_server/index.js' to './dist_ts/index.js'
- Updated dependency versions, notably upgrading '@tsclass/tsclass' from 5.0.0 to 9.2.0 and updating tap bundles to '@git.zone/tstest' packages
- Removed the redundant ts_client/dnsly.plugins.ts file and replaced its usage with the updated ts_client/plugins.ts
- Adjusted test files to use export default tap.start() and updated import paths for tap bundles
- Added tspublish.json files in ts, ts_client, and ts_server directories to control publish order
## 2025-03-21 - 6.3.0 - feat(dns-server)
Enhance DNS server functionality with advanced DNSSEC signing (supporting both ECDSA and ED25519), improved SSL certificate retrieval using Let's Encrypt, and refined handler management for cleaner shutdowns.
- Updated package metadata with expanded keywords and revised dependency versions
- Improved DNSSEC signing logic to support both ECDSA and ED25519 algorithms
- Added unregisterHandler method for cleaner handler lifecycle management
- Enhanced SSL certificate retrieval workflow with better DNS challenge handling
- Refined test utilities for more robust DNS operations
## 2025-03-21 - 6.3.0 - feat(dns-server)
Enhance DNS server functionality with advanced DNSSEC signing (including ED25519 support), improved certificate retrieval using Let's Encrypt, updated package metadata, and refined test utilities for more robust DNS operations.
- Updated package.json and npmextra.json with expanded keywords and revised dependency versions
- Improved DNSSEC signing logic to support both ECDSA and ED25519 algorithms
- Added unregisterHandler method and enhanced server stop logic for cleaner shutdowns
- Enhanced SSL certificate retrieval workflow with better challenge handling and test support
## 2024-09-21 - 6.2.1 - fix(core)
Fixing issues with keywords and readme formatting.
- Synchronized keywords field between npmextra.json and package.json.
- Updated readme.md to fix formatting issues and added new sections.
## 2024-09-19 - 6.2.0 - feat(dnssec)
Introduced DNSSEC support with ECDSA algorithm
- Added `DnsSec` class for handling DNSSEC operations.
- Updated `DnsServer` to support DNSSEC with ECDSA.
- Shifted DNS-related helper functions to `DnsServer` class.
- Integrated parsing and handling of DNSKEY and RRSIG records in `DnsServer`.
## 2024-09-19 - 6.1.1 - fix(ts_server)
Update DnsSec class to fully implement key generation and DNSKEY record creation.
- Added complete support for ECDSA and ED25519 algorithms in the DnsSec class.
- Implemented DNSKEY generation and KeyTag computation methods.
- Improved error handling and initialized the appropriate cryptographic instances based on the algorithm.
## 2024-09-18 - 6.1.0 - feat(smartdns)
Add DNS Server and DNSSEC tools with comprehensive unit tests
- Updated package dependencies to the latest versions
- Introduced DnsServer class for handling DNS requests over both HTTPS and UDP with support for custom handlers
- Added DnsSec class for generating and managing DNSSEC keys and DS records
- Implemented unit tests for DnsServer and Smartdns classes
## 2024-06-02 - 6.0.0 - server/client
Main description here
- **Breaking Change:** Move from client only to server + client exports.
## 2024-03-30 - 5.0.4 - maintenance
Range contains relevant changes
- Switch to new org scheme
## 2023-04-08 - 5.0.4 - core
Main description here
- Core update
- Fixes applied to the system
## 2022-07-27 - 5.0.0 - core
Update contains relevant changes
- **Breaking Change:** Major update and core changes
- Fixes and updates applied
## 2022-07-27 - 4.0.11 - core
Range contains relevant changes
- **Breaking Change:** Core update and changes applied
## 2021-08-24 - 4.0.10 - core
Range contains relevant changes
- Fixes applied to the core functionalities
## 2021-01-23 - 4.0.8 - core
Range contains relevant changes
- Updates and fixes to the core components
## 2020-08-05 - 4.0.4 - core
Range contains relevant changes
- Multiple core fixes applied
## 2020-02-15 - 4.0.0 - core
Main description here
- Core updates
- Fixes applied across the system
## 2020-02-15 - 3.0.8 - core
Core updates with major changes
- **Breaking Change:** Now uses Google DNS HTTPS API and handles DNSSEC validation
## 2019-01-07 - 3.0.6 - core
Range contains relevant changes
- Fixes and updates applied to the core
## 2018-05-13 - 3.0.4 - core
Range contains relevant changes
- Fixes applied, including `fix .checkUntilAvailable` error
## 2018-05-13 - 3.0.0 - ci
Main description here
- CI changes and updates to the access level and global packages
## 2017-07-31 - 2.0.10 - package
Update to new package name and improved record retrieval
- **Breaking Change:** Package name update and record retrieval improvements
## 2017-01-27 - 2.0.1 - maintenance
Multiple fixes and merges
## 2017-01-27 - 2.0.0 - core
Fix typings and update to better API
## 2016-11-15 - 1.0.7 - initial
Initial setup and improvements
- Initial deployment
- README improvements

4
dist/dnsly.plugins.d.ts vendored
View File

@@ -1,4 +0,0 @@
import 'typings-global';
import * as beautylog from 'beautylog';
import * as dns from 'dns';
export { beautylog, dns };

7
dist/dnsly.plugins.js vendored
View File

@@ -1,7 +0,0 @@
"use strict";
require("typings-global");
const beautylog = require("beautylog");
exports.beautylog = beautylog;
const dns = require("dns");
exports.dns = dns;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG5zbHkucGx1Z2lucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3RzL2Ruc2x5LnBsdWdpbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLDBCQUF1QjtBQUN2Qix1Q0FBc0M7QUFJbEMsOEJBQVM7QUFIYiwyQkFBMEI7QUFJdEIsa0JBQUcifQ==

23
dist/index.d.ts vendored
View File

@@ -1,23 +0,0 @@
/// <reference types="q" />
import * as q from 'q';
export declare type TDnsProvider = 'google';
export declare type TDnsRecordType = 'A' | 'AAAA' | 'CNAME' | 'PTR' | 'MX' | 'NAPTR' | 'NS' | 'SOA' | 'SRV' | 'TXT';
/**
* class dnsly offers methods for working with dns from a dns provider like Google DNS
*/
export declare class Dnsly {
dnsServerIp: string;
dnsServerPort: number;
/**
* constructor for class dnsly
*/
constructor(dnsProviderArg: TDnsProvider);
/**
* gets a record
*/
getRecord(recordNameArg: string, recordTypeArg: TDnsRecordType): q.Promise<{}>;
/**
* set the DNS provider
*/
private _setDnsProvider(dnsProvider);
}

42
dist/index.js vendored
View File

@@ -1,42 +0,0 @@
"use strict";
const q = require("q");
const plugins = require("./dnsly.plugins");
/**
* class dnsly offers methods for working with dns from a dns provider like Google DNS
*/
class Dnsly {
/**
* constructor for class dnsly
*/
constructor(dnsProviderArg) {
this._setDnsProvider(dnsProviderArg);
}
/**
* gets a record
*/
getRecord(recordNameArg, recordTypeArg) {
let done = q.defer();
plugins.dns.resolve(recordNameArg, recordTypeArg, (err, addresses) => {
if (err) {
done.reject(err);
}
done.resolve(addresses);
});
return done.promise;
}
/**
* set the DNS provider
*/
_setDnsProvider(dnsProvider) {
if (dnsProvider === 'google') {
this.dnsServerIp = '8.8.8.8';
this.dnsServerPort = 53;
plugins.dns.setServers(['8.8.8.8', '8.8.4.4']);
}
else {
throw new Error('unknown dns provider');
}
}
}
exports.Dnsly = Dnsly;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi90cy9pbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsdUJBQXNCO0FBQ3RCLDJDQUEwQztBQWMxQzs7R0FFRztBQUNIO0lBR0k7O09BRUc7SUFDSCxZQUFZLGNBQTRCO1FBQ3BDLElBQUksQ0FBQyxlQUFlLENBQUMsY0FBYyxDQUFDLENBQUE7SUFDeEMsQ0FBQztJQUVEOztPQUVHO0lBQ0gsU0FBUyxDQUFDLGFBQXFCLEVBQUUsYUFBNkI7UUFDMUQsSUFBSSxJQUFJLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFBO1FBQ3BCLE9BQU8sQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFBQyxhQUFhLEVBQUUsQ0FBQyxHQUFHLEVBQUUsU0FBUztZQUM1RCxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUNOLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUE7WUFDcEIsQ0FBQztZQUNELElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUE7UUFDM0IsQ0FBQyxDQUFDLENBQUE7UUFDRixNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQTtJQUN2QixDQUFDO0lBRUQ7O09BRUc7SUFDSyxlQUFlLENBQUMsV0FBeUI7UUFDN0MsRUFBRSxDQUFDLENBQUMsV0FBVyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUM7WUFDM0IsSUFBSSxDQUFDLFdBQVcsR0FBRyxTQUFTLENBQUE7WUFDNUIsSUFBSSxDQUFDLGFBQWEsR0FBRyxFQUFFLENBQUE7WUFDdkIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQyxTQUFTLEVBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQTtRQUNqRCxDQUFDO1FBQUMsSUFBSSxDQUFDLENBQUM7WUFDSixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQixDQUFDLENBQUE7UUFDM0MsQ0FBQztJQUNMLENBQUM7Q0FDSjtBQXBDRCxzQkFvQ0MifQ==

52
npmextra.json Normal file
View File

@@ -0,0 +1,52 @@
{
"@git.zone/tsrust": {
"targets": [
"linux_amd64",
"linux_arm64"
]
},
"@git.zone/cli": {
"projectType": "npm",
"module": {
"githost": "code.foss.global",
"gitscope": "push.rocks",
"gitrepo": "smartdns",
"description": "A robust TypeScript library providing advanced DNS management and resolution capabilities including support for DNSSEC, custom DNS servers, and integration with various DNS providers.",
"npmPackagename": "@push.rocks/smartdns",
"license": "MIT",
"keywords": [
"TypeScript",
"DNS",
"DNS records",
"DNS resolution",
"DNS management",
"DNSSEC",
"Node.js",
"Google DNS",
"Cloudflare",
"UDP DNS",
"HTTPS DNS",
"ACME",
"Let's Encrypt",
"SSL Certificates",
"Feature Flagging",
"Domain Propagation",
"DNS Server"
]
},
"release": {
"registries": [
"https://verdaccio.lossless.digital",
"https://registry.npmjs.org"
],
"accessLevel": "public"
}
},
"@git.zone/tsdoc": {
"legal": "\n## License and Legal Information\n\nThis repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. \n\n**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.\n\n### Trademarks\n\nThis project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.\n\n### Company Information\n\nTask Venture Capital GmbH \nRegistered at District court Bremen HRB 35230 HB, Germany\n\nFor any legal inquiries or if you require further information, please contact us via email at hello@task.vc.\n\nBy using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.\n"
},
"@ship.zone/szci": {
"npmGlobalTools": [],
"npmRegistryUrl": "registry.npmjs.org"
}
}

82
package.json
View File

@@ -1,36 +1,80 @@
{
"name": "dnsly",
"version": "1.0.5",
"description": "smart dns methods written in TypeScript",
"main": "dist/index.js",
"typings": "../dist/index.d.ts",
"name": "@push.rocks/smartdns",
"version": "7.9.0",
"private": false,
"description": "A robust TypeScript library providing advanced DNS management and resolution capabilities including support for DNSSEC, custom DNS servers, and integration with various DNS providers.",
"exports": {
".": "./dist_ts/index.js",
"./server": "./dist_ts_server/index.js",
"./client": "./dist_ts_client/index.js"
},
"scripts": {
"test": "(npmts)"
"test": "(tstest test/ --verbose --timeout 60)",
"build": "(tsbuild tsfolders --web --allowimplicitany) && (tsrust)",
"buildDocs": "tsdoc"
},
"repository": {
"type": "git",
"url": "git+ssh://git@gitlab.com/pushrocks/dnsly.git"
"url": "https://code.foss.global/push.rocks/smartdns.git"
},
"keywords": [
"dns",
"google dns",
"dns record"
"TypeScript",
"DNS",
"DNS records",
"DNS resolution",
"DNS management",
"DNSSEC",
"Node.js",
"Google DNS",
"Cloudflare",
"UDP DNS",
"HTTPS DNS",
"ACME",
"Let's Encrypt",
"SSL Certificates",
"Feature Flagging",
"Domain Propagation",
"DNS Server"
],
"author": "Lossless GmbH",
"license": "MIT",
"bugs": {
"url": "https://gitlab.com/pushrocks/dnsly/issues"
},
"homepage": "https://gitlab.com/pushrocks/dnsly#README",
"homepage": "https://code.foss.global/push.rocks/smartdns",
"dependencies": {
"@types/q": "0.0.32",
"beautylog": "^6.0.0",
"q": "^1.4.1",
"typings-global": "^1.0.14"
"@push.rocks/smartdelay": "^3.0.1",
"@push.rocks/smartenv": "^6.0.0",
"@push.rocks/smartpromise": "^4.2.3",
"@push.rocks/smartrust": "^1.2.1",
"@tsclass/tsclass": "^9.3.0",
"acme-client": "^5.4.0",
"minimatch": "^10.2.0"
},
"devDependencies": {
"@types/should": "^8.1.30",
"should": "^11.1.1",
"typings-test": "^1.0.3"
}
"@git.zone/tsbuild": "^4.1.2",
"@git.zone/tsrun": "^2.0.1",
"@git.zone/tsrust": "^1.3.0",
"@git.zone/tstest": "^3.1.8",
"@types/dns-packet": "^5.6.5",
"@types/node": "^25.2.3",
"dns-packet": "^5.6.1"
},
"files": [
"ts/**/*",
"ts_web/**/*",
"dist/**/*",
"dist_*/**/*",
"dist_ts/**/*",
"dist_ts_web/**/*",
"assets/**/*",
"cli.js",
"npmextra.json",
"readme.md"
],
"browserslist": [
"last 1 chrome versions"
],
"type": "module",
"packageManager": "pnpm@10.10.0+sha512.d615db246fe70f25dcfea6d8d73dee782ce23e2245e3c4f6f888249fb568149318637dca73c2c5c8ef2a4ca0d5657fb9567188bfab47f566d1ee6ce987815c39"
}

10089
pnpm-lock.yaml generated Normal file
View File

File diff suppressed because it is too large Load Diff

4
pnpm-workspace.yaml Normal file
View File

@@ -0,0 +1,4 @@
onlyBuiltDependencies:
- esbuild
- mongodb-memory-server
- puppeteer

148
readme.hints.md Normal file
View File

@@ -0,0 +1,148 @@
# smartdns - Implementation Hints
## Architecture Overview
The smartdns library is structured into three main modules:
1. **Client Module** (`ts_client/`) - DNS client functionality
2. **Server Module** (`ts_server/`) - DNS server with Rust backend
3. **Main Module** (`ts/`) - Re-exports both client and server
4. **Rust Module** (`rust/`) - High-performance DNS server binary
## Rust Backend Architecture (v8.0+)
The DNS server's network I/O, packet parsing/encoding, and DNSSEC signing run in Rust.
TypeScript retains handler registration, ACME orchestration, and the public API.
### Rust Crate Structure
- `rustdns` - Main binary with IPC management loop (`--management` flag)
- `rustdns-protocol` - DNS wire format parsing/encoding, record types
- `rustdns-server` - Async UDP + HTTPS DoH servers (tokio, hyper, rustls)
- `rustdns-dnssec` - ECDSA P-256 / ED25519 key generation and RRset signing
### IPC Flow
```
DNS Query -> Rust (UDP/HTTPS) -> Parse packet
-> Try local resolution (localhost, DNSKEY)
-> If handler needed: emit "dnsQuery" event to TypeScript
-> TypeScript runs minimatch handlers, sends "dnsQueryResult" back
-> Rust builds response, signs DNSSEC if requested, sends packet
```
### Key Files
- `ts_server/classes.rustdnsbridge.ts` - TypeScript IPC bridge wrapping smartrust.RustBridge
- `ts_server/classes.dnsserver.ts` - DnsServer class (public API, delegates to Rust bridge)
- `rust/crates/rustdns/src/management.rs` - IPC management loop
- `rust/crates/rustdns/src/resolver.rs` - DNS resolver with callback support
## Client Module (Smartdns class)
### Key Features:
- DNS record queries (A, AAAA, TXT, MX, etc.)
- Support for multiple DNS providers (Google DNS, Cloudflare)
- DNS propagation checking with retry logic
- DNSSEC verification support
- Both HTTP-based (DoH) and Node.js DNS resolver fallback
### Implementation Details:
- Uses Cloudflare's DNS-over-HTTPS API as primary resolver
- Falls back to Node.js DNS module for local resolution
- Implements automatic retry logic with configurable intervals
- Properly handles quoted TXT records and trailing dots in domain names
### Key Methods:
- `getRecordsA()`, `getRecordsAAAA()`, `getRecordsTxt()` - Type-specific queries
- `getRecords()` - Generic record query with retry support
- `checkUntilAvailable()` - DNS propagation verification
- `getNameServers()` - NS record lookup
- `makeNodeProcessUseDnsProvider()` - Configure system DNS resolver
## Server Module (DnsServer class)
### Key Features:
- Full DNS server supporting UDP and HTTPS (DoH) protocols
- DNSSEC implementation with multiple algorithms
- Dynamic handler registration for custom responses
- Let's Encrypt integration for automatic SSL certificates
- Wildcard domain support with pattern matching
### DNSSEC Implementation:
- Supports ECDSA (algorithm 13), ED25519 (algorithm 15), and RSA (algorithm 8)
- Automatic DNSKEY and DS record generation
- RRSIG signature generation for authenticated responses
- Key tag computation following RFC 4034
### Let's Encrypt Integration:
- Automatic SSL certificate retrieval using DNS-01 challenges
- Dynamic TXT record handler registration for ACME validation
- Certificate renewal and HTTPS server restart capability
- Domain authorization filtering for security
### Handler System:
- Pattern-based domain matching using minimatch
- Support for all common record types
- **Multiple Handler Support**: As of v7.4.2+, multiple handlers can contribute records of the same type
- Handler chaining for complex scenarios
- Automatic SOA response for unhandled queries
### Multiple Records Support (v7.4.2+):
- Server now processes ALL matching handlers for a query (previously stopped after first match)
- Enables proper multi-NS record support for domain registration
- Supports round-robin DNS with multiple A/AAAA records
- Allows multiple TXT records (SPF, DKIM, domain verification)
- Each handler contributes its record to the response
## Key Dependencies
- `dns-packet`: DNS packet encoding/decoding (wire format, used by TS fallback path)
- `acme-client`: Let's Encrypt certificate automation
- `minimatch`: Glob pattern matching for domains
- `@push.rocks/smartrust`: TypeScript-to-Rust IPC bridge
- `@tsclass/tsclass`: Type definitions for DNS records
## Testing Insights
The test suite demonstrates:
- Mock ACME client for testing Let's Encrypt integration
- Self-signed certificate generation for HTTPS testing
- Unique port allocation to avoid conflicts
- Proper server cleanup between tests
- Both UDP and HTTPS query validation
## Common Patterns
1. **DNS Record Types**: Internally mapped to numeric values (A=1, AAAA=28, etc.)
2. **Error Handling**: Graceful fallback and retry mechanisms
3. **DNSSEC Workflow**: Zone → Key Generation → Signing → Verification
4. **Certificate Flow**: Domain validation → Challenge setup → Verification → Certificate retrieval
## Performance Considerations
- Client implements caching via DNS-over-HTTPS responses
- Server can handle concurrent UDP and HTTPS requests
- DNSSEC signing is performed on-demand for efficiency
- Handler registration is O(n) lookup but uses pattern caching
## Security Notes
- DNSSEC provides authentication but not encryption
- DoH (DNS-over-HTTPS) provides both privacy and integrity
- Let's Encrypt integration requires proper domain authorization
- Handler patterns should be carefully designed to avoid open resolvers
## Recent Improvements (v7.4.3)
1. **DNSSEC RRset Signing**: Fixed to properly sign entire RRsets together instead of individual records
2. **SOA Record Serialization**: Implemented proper SOA record encoding for DNSSEC compatibility
3. **Configurable Primary Nameserver**: Added `primaryNameserver` option to customize SOA mname field
## Recent Improvements (v7.4.8)
1. **MX Record DNSSEC Support**: Implemented MX record serialization for DNSSEC signing
- MX records consist of a 16-bit preference value followed by the exchange domain name
- Properly serializes both components for DNSSEC signature generation
- Enables mail exchange records to be authenticated with DNSSEC
## Known Limitations
1. **Handler Deduplication**: If the same handler is registered multiple times, it will contribute duplicate records (this may be desired behavior for some use cases)

562
readme.md Normal file
View File

@@ -0,0 +1,562 @@
# @push.rocks/smartdns
A TypeScript-first DNS toolkit powered by high-performance Rust binaries — covering everything from simple record lookups to running a full authoritative DNS server with DNSSEC, DNS-over-HTTPS, and automatic Let's Encrypt certificates.
## Issue Reporting and Security
For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
## Install
```bash
pnpm install @push.rocks/smartdns
```
## Architecture at a Glance 🏗️
smartdns ships as **three entry points** that you can import independently:
| Entry point | What it does |
|---|---|
| `@push.rocks/smartdns/client` | DNS resolution & record queries (UDP, DoH, system resolver) |
| `@push.rocks/smartdns/server` | Full DNS server — UDP, DoH, DNSSEC, ACME |
| `@push.rocks/smartdns` | Convenience re-export of both modules |
Both the **client** and the **server** delegate performance-critical work to compiled **Rust binaries** that ship with the package:
- **`rustdns`** — The server binary: network I/O, packet parsing, DNSSEC signing
- **`rustdns-client`** — The client binary: UDP wire-format queries, RFC 8484 DoH resolution
TypeScript retains the public API, handler registration, ACME orchestration, and strategy routing. Communication between TypeScript and Rust happens over stdin/stdout JSON IPC via [`@push.rocks/smartrust`](https://code.foss.global/push.rocks/smartrust).
```
┌─────────────────────────┐
│ Your Application │
└────────┬────────────────┘
┌────────────────────┼─────────────────────┐
▼ ▼
┌──────────────────┐ ┌──────────────────┐
│ Smartdns Client │ │ DnsServer │
│ (TypeScript API) │ │ (TypeScript API) │
└────────┬─────────┘ └────────┬─────────┘
│ │
┌───────┼────────┐ ┌───────────┤
▼ ▼ ▼ ▼ ▼
system Rust Rust Rust binary TS Handlers
(Node) UDP DoH (rustdns) (minimatch)
│ │ │
▼ ▼ ▼
rustdns-client UDP / HTTPS listeners
(IPC binary) DNSSEC signing
```
## Usage
### Quick Start
```typescript
// DNS client — resolve records
import { Smartdns } from '@push.rocks/smartdns/client';
const dns = new Smartdns({});
const records = await dns.getRecordsA('example.com');
console.log(records);
// DNS server — serve records
import { DnsServer } from '@push.rocks/smartdns/server';
const server = new DnsServer({
udpPort: 5333,
httpsPort: 8443,
httpsKey: '...pem...',
httpsCert: '...pem...',
dnssecZone: 'example.com',
});
server.registerHandler('*.example.com', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '192.168.1.100',
}));
await server.start();
```
Or import from the unified entry point:
```typescript
import { dnsClientMod, dnsServerMod } from '@push.rocks/smartdns';
const client = new dnsClientMod.Smartdns({});
const server = new dnsServerMod.DnsServer({ /* ... */ });
```
---
## 🔍 DNS Client
The `Smartdns` class resolves DNS records using a configurable strategy that combines the system resolver, raw UDP queries, and DNS-over-HTTPS — all backed by a Rust binary for the wire-format transports.
### Constructor Options
```typescript
interface ISmartDnsConstructorOptions {
strategy?: 'doh' | 'udp' | 'system' | 'prefer-system' | 'prefer-udp'; // default: 'prefer-system'
allowDohFallback?: boolean; // fallback to DoH when system fails (default: true)
timeoutMs?: number; // per-query timeout in milliseconds
}
```
### Resolution Strategies
| Strategy | Behavior |
|---|---|
| `prefer-system` | 🏠 Try the OS resolver first, fall back to Rust DoH. Honors `/etc/hosts`. |
| `system` | 🏠 Use only the Node.js system resolver. No Rust binary needed. |
| `doh` | 🌐 Use only DNS-over-HTTPS (RFC 8484 wire format via Cloudflare). Rust-powered. |
| `udp` | ⚡ Use only raw UDP queries to upstream resolver (Cloudflare 1.1.1.1). Rust-powered. |
| `prefer-udp` | ⚡ Try Rust UDP first, fall back to Rust DoH if UDP fails. |
The Rust binary (`rustdns-client`) is spawned **lazily** — only on the first query that needs it. This means `system`-only usage incurs zero Rust overhead.
### Querying Records
```typescript
const dns = new Smartdns({ strategy: 'prefer-udp' });
// Type-specific helpers
const aRecords = await dns.getRecordsA('example.com');
const aaaaRecords = await dns.getRecordsAAAA('example.com');
const txtRecords = await dns.getRecordsTxt('example.com');
// Generic query — supports A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV
const mxRecords = await dns.getRecords('example.com', 'MX');
// Nameserver lookup
const nameservers = await dns.getNameServers('example.com');
```
Every query returns an array of `IDnsRecord`:
```typescript
interface IDnsRecord {
name: string;
type: string; // 'A', 'AAAA', 'TXT', 'MX', etc.
dnsSecEnabled: boolean; // true if upstream AD flag was set
value: string;
}
```
### DNSSEC Detection 🔐
When using `doh`, `udp`, or `prefer-udp` strategies, the Rust binary sends queries with the EDNS0 DO (DNSSEC OK) bit set and reports the AD (Authenticated Data) flag from the upstream response:
```typescript
const dns = new Smartdns({ strategy: 'udp' });
const records = await dns.getRecordsA('cloudflare.com');
console.log(records[0].dnsSecEnabled); // true — upstream validated DNSSEC
```
### Checking DNS Propagation
Wait for a specific record to appear — essential after making DNS changes:
```typescript
const propagated = await dns.checkUntilAvailable(
'example.com',
'TXT',
'verification=abc123',
50, // max check cycles (default: 50)
500 // interval in ms (default: 500)
);
if (propagated) {
console.log('Record is live!');
}
```
The method alternates between system resolver and the configured strategy on each cycle for maximum coverage.
### Configuring the System DNS Provider
Override the global Node.js DNS resolver for all subsequent lookups:
```typescript
import { makeNodeProcessUseDnsProvider } from '@push.rocks/smartdns/client';
makeNodeProcessUseDnsProvider('cloudflare'); // 1.1.1.1 / 1.0.0.1
makeNodeProcessUseDnsProvider('google'); // 8.8.8.8 / 8.8.4.4
```
### Cleanup
When you're done with a `Smartdns` instance (especially one using Rust strategies), call `destroy()` to kill the Rust child process:
```typescript
const dns = new Smartdns({ strategy: 'udp' });
// ... do queries ...
dns.destroy(); // kills rustdns-client process
```
---
## 🖥️ DNS Server
The `DnsServer` class runs a production-capable authoritative DNS server backed by a Rust binary. It supports standard UDP DNS (port 53), DNS-over-HTTPS, DNSSEC signing, and automated Let's Encrypt certificates.
### Server Options
```typescript
interface IDnsServerOptions {
udpPort: number; // Port for UDP DNS queries
httpsPort: number; // Port for DNS-over-HTTPS
httpsKey: string; // PEM private key (path or content)
httpsCert: string; // PEM certificate (path or content)
dnssecZone: string; // Zone for DNSSEC signing
primaryNameserver?: string; // SOA mname field (default: 'ns1.{dnssecZone}')
udpBindInterface?: string; // IP to bind UDP (default: '0.0.0.0')
httpsBindInterface?: string; // IP to bind HTTPS (default: '0.0.0.0')
manualUdpMode?: boolean; // Don't auto-bind UDP socket
manualHttpsMode?: boolean; // Don't auto-bind HTTPS server
enableLocalhostHandling?: boolean; // RFC 6761 localhost (default: true)
}
```
### Basic Server
```typescript
import { DnsServer } from '@push.rocks/smartdns/server';
const server = new DnsServer({
udpPort: 5333,
httpsPort: 8443,
httpsKey: '...pem...',
httpsCert: '...pem...',
dnssecZone: 'example.com',
});
// Register handlers
server.registerHandler('example.com', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '93.184.215.14',
}));
server.registerHandler('example.com', ['TXT'], (question) => ({
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 300,
data: 'v=spf1 include:_spf.example.com ~all',
}));
await server.start();
// DNS Server started (UDP: 0.0.0.0:5333, HTTPS: 0.0.0.0:8443)
```
### Handler System 🎯
Handlers use **glob patterns** (via `minimatch`) to match incoming query names. Multiple handlers can contribute records to the same response.
```typescript
// Exact domain
server.registerHandler('example.com', ['A'], handler);
// All subdomains
server.registerHandler('*.example.com', ['A'], handler);
// Specific pattern
server.registerHandler('db-*.internal.example.com', ['A'], (question) => {
const id = question.name.match(/db-(\d+)/)?.[1];
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 60,
data: `10.0.1.${id}`,
};
});
// Catch-all
server.registerHandler('*', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
}));
// Multiple record types
server.registerHandler('example.com', ['MX'], (question) => ({
name: question.name,
type: 'MX',
class: 'IN',
ttl: 300,
data: { preference: 10, exchange: 'mail.example.com' },
}));
// Unregister a handler
server.unregisterHandler('example.com', ['A']);
```
When no handler matches, the server automatically returns an **SOA record** for the zone.
### DNSSEC ✅
DNSSEC is enabled automatically when you set the `dnssecZone` option. The Rust backend handles:
- **Key generation** — ECDSA P-256 (algorithm 13) by default
- **DNSKEY / DS record** generation
- **RRSIG signing** for all responses
- **NSEC records** for authenticated denial of existence
```typescript
const server = new DnsServer({
udpPort: 53,
httpsPort: 443,
httpsKey: '...',
httpsCert: '...',
dnssecZone: 'secure.example.com',
});
// Just register handlers as usual — signing is automatic
server.registerHandler('secure.example.com', ['A'], (q) => ({
name: q.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '10.0.0.1',
}));
await server.start();
```
Supported algorithms: **ECDSAP256SHA256** (13), **ED25519** (15), **RSASHA256** (8).
### SOA Records
The server auto-generates SOA records for zones when no specific handler matches. Customize the primary nameserver:
```typescript
const server = new DnsServer({
// ...
dnssecZone: 'example.com',
primaryNameserver: 'ns1.example.com', // defaults to 'ns1.{dnssecZone}'
});
// Generated SOA includes:
// mname: ns1.example.com
// rname: hostmaster.example.com
// serial: Unix timestamp
// refresh: 3600, retry: 600, expire: 604800, minimum: 86400
```
### Let's Encrypt Integration 🔒
Built-in ACME DNS-01 challenge support for automatic SSL certificates:
```typescript
const server = new DnsServer({
udpPort: 53,
httpsPort: 443,
httpsKey: '/path/to/key.pem',
httpsCert: '/path/to/cert.pem',
dnssecZone: 'example.com',
});
await server.start();
const result = await server.retrieveSslCertificate(
['example.com', 'www.example.com'],
{
email: 'admin@example.com',
staging: false,
certDir: './certs',
}
);
if (result.success) {
console.log('Certificate installed!');
// The server automatically:
// 1. Registers temporary _acme-challenge TXT handlers
// 2. Completes DNS-01 validation
// 3. Updates the HTTPS server with the new cert
// 4. Cleans up challenge handlers
}
```
### Interface Binding
Restrict the server to specific network interfaces:
```typescript
// Localhost only — great for development
const server = new DnsServer({
// ...
udpBindInterface: '127.0.0.1',
httpsBindInterface: '127.0.0.1',
});
// Different interfaces per protocol
const server = new DnsServer({
// ...
udpBindInterface: '192.168.1.100',
httpsBindInterface: '10.0.0.50',
});
```
### Manual Socket Handling 🔧
For clustering, load balancing, or custom transports, take control of socket management:
```typescript
import { DnsServer } from '@push.rocks/smartdns/server';
import * as dgram from 'dgram';
// Manual UDP mode — you control the socket
const server = new DnsServer({
// ...
manualUdpMode: true,
});
await server.start(); // HTTPS auto-binds, UDP does not
const socket = dgram.createSocket('udp4');
socket.on('message', (msg, rinfo) => {
server.handleUdpMessage(msg, rinfo, (response, responseRinfo) => {
socket.send(response, responseRinfo.port, responseRinfo.address);
});
});
socket.bind(5353);
```
Full manual mode (both protocols):
```typescript
const server = new DnsServer({
// ...
manualUdpMode: true,
manualHttpsMode: true,
});
await server.start(); // Neither protocol binds automatically
```
Process individual DNS packets directly:
```typescript
// Synchronous (TypeScript fallback)
const response = server.processRawDnsPacket(packetBuffer);
// Asynchronous (via Rust bridge — includes DNSSEC signing)
const response = await server.processRawDnsPacketAsync(packetBuffer);
```
#### Load Balancing Example
```typescript
import * as dgram from 'dgram';
import * as os from 'os';
const numCPUs = os.cpus().length;
for (let i = 0; i < numCPUs; i++) {
const socket = dgram.createSocket({ type: 'udp4', reuseAddr: true });
socket.on('message', (msg, rinfo) => {
server.handleUdpMessage(msg, rinfo, (response, rinfo) => {
socket.send(response, rinfo.port, rinfo.address);
});
});
socket.bind(53);
}
```
### Stopping the Server
```typescript
await server.stop();
```
This gracefully shuts down the Rust process and releases all bound sockets.
---
## 🦀 Rust Crate Structure
The Rust workspace (`rust/crates/`) contains five crates:
| Crate | Purpose |
|---|---|
| `rustdns` | Server binary — IPC management loop, handler callback routing |
| `rustdns-client` | Client binary — stateless UDP/DoH query proxy |
| `rustdns-protocol` | DNS wire format parsing, encoding, and RDATA decode/encode |
| `rustdns-server` | Async UDP + HTTPS servers (tokio, hyper, rustls) |
| `rustdns-dnssec` | ECDSA/ED25519 key generation and RRset signing |
Pre-compiled binaries for `linux_amd64` and `linux_arm64` are included in `dist_rust/`. Cross-compilation is handled by [`@git.zone/tsrust`](https://code.foss.global/git.zone/tsrust).
---
## 🧪 Testing
```bash
# Run all tests
pnpm test
# Run specific test file
tstest test/test.client.ts --verbose
tstest test/test.server.ts --verbose
```
Example test:
```typescript
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { Smartdns } from '@push.rocks/smartdns/client';
tap.test('resolve A records via UDP', async () => {
const dns = new Smartdns({ strategy: 'udp' });
const records = await dns.getRecordsA('google.com');
expect(records).toBeArray();
expect(records[0]).toHaveProperty('type', 'A');
expect(records[0]).toHaveProperty('value');
dns.destroy();
});
tap.test('detect DNSSEC via DoH', async () => {
const dns = new Smartdns({ strategy: 'doh' });
const records = await dns.getRecordsA('cloudflare.com');
expect(records[0].dnsSecEnabled).toBeTrue();
dns.destroy();
});
export default tap.start();
```
## License and Legal Information
This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](./LICENSE) file.
**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
### Trademarks
This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
### Company Information
Task Venture Capital GmbH
Registered at District Court Bremen HRB 35230 HB, Germany
For any legal inquiries or further information, please contact us via email at hello@task.vc.
By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

2
rust/.cargo/config.toml Normal file
View File

@@ -0,0 +1,2 @@
[target.aarch64-unknown-linux-gnu]
linker = "aarch64-linux-gnu-gcc"

2178
rust/Cargo.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

9
rust/Cargo.toml Normal file
View File

@@ -0,0 +1,9 @@
[workspace]
resolver = "2"
members = [
"crates/rustdns",
"crates/rustdns-protocol",
"crates/rustdns-server",
"crates/rustdns-dnssec",
"crates/rustdns-client",
]

20
rust/crates/rustdns-client/Cargo.toml Normal file
View File

@@ -0,0 +1,20 @@
[package]
name = "rustdns-client"
version = "0.1.0"
edition = "2021"
[[bin]]
name = "rustdns-client"
path = "src/main.rs"
[dependencies]
rustdns-protocol = { path = "../rustdns-protocol" }
tokio = { version = "1", features = ["full"] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
clap = { version = "4", features = ["derive"] }
tracing = "0.1"
tracing-subscriber = "0.3"
reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"] }
rustls = { version = "0.23", features = ["ring"] }
rand = "0.9"

94
rust/crates/rustdns-client/src/ipc_types.rs Normal file
View File

@@ -0,0 +1,94 @@
use serde::{Deserialize, Serialize};
/// IPC request from TypeScript to Rust (via stdin).
#[derive(Debug, Deserialize)]
pub struct IpcRequest {
pub id: String,
pub method: String,
#[serde(default)]
pub params: serde_json::Value,
}
/// IPC response from Rust to TypeScript (via stdout).
#[derive(Debug, Serialize)]
pub struct IpcResponse {
pub id: String,
pub success: bool,
#[serde(skip_serializing_if = "Option::is_none")]
pub result: Option<serde_json::Value>,
#[serde(skip_serializing_if = "Option::is_none")]
pub error: Option<String>,
}
impl IpcResponse {
pub fn ok(id: String, result: serde_json::Value) -> Self {
IpcResponse {
id,
success: true,
result: Some(result),
error: None,
}
}
pub fn err(id: String, error: String) -> Self {
IpcResponse {
id,
success: false,
result: None,
error: Some(error),
}
}
}
/// IPC event from Rust to TypeScript (unsolicited, no id).
#[derive(Debug, Serialize)]
pub struct IpcEvent {
pub event: String,
pub data: serde_json::Value,
}
/// Parameters for a DNS resolve request.
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct ResolveParams {
pub name: String,
pub record_type: String,
pub protocol: String,
#[serde(default = "default_server_addr")]
pub server_addr: String,
#[serde(default = "default_doh_url")]
pub doh_url: String,
#[serde(default = "default_timeout_ms")]
pub timeout_ms: u64,
}
fn default_server_addr() -> String {
"1.1.1.1:53".to_string()
}
fn default_doh_url() -> String {
"https://cloudflare-dns.com/dns-query".to_string()
}
fn default_timeout_ms() -> u64 {
5000
}
/// A single DNS answer record sent back to TypeScript.
#[derive(Debug, Serialize, Clone)]
pub struct ClientDnsAnswer {
pub name: String,
#[serde(rename = "type")]
pub rtype: String,
pub ttl: u32,
pub value: String,
}
/// Result of a DNS resolve request.
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct ResolveResult {
pub answers: Vec<ClientDnsAnswer>,
pub ad_flag: bool,
pub rcode: u8,
}

36
rust/crates/rustdns-client/src/main.rs Normal file
View File

@@ -0,0 +1,36 @@
use clap::Parser;
mod ipc_types;
mod management;
mod resolver_doh;
mod resolver_udp;
#[derive(Parser, Debug)]
#[command(name = "rustdns-client", about = "Rust DNS client with IPC management")]
struct Cli {
/// Run in management mode (IPC via stdin/stdout)
#[arg(long)]
management: bool,
}
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Install the default rustls crypto provider (ring) before any TLS operations
let _ = rustls::crypto::ring::default_provider().install_default();
let cli = Cli::parse();
// Tracing writes to stderr so stdout is reserved for IPC
tracing_subscriber::fmt()
.with_writer(std::io::stderr)
.init();
if cli.management {
management::management_loop().await?;
} else {
eprintln!("rustdns-client: use --management flag for IPC mode");
std::process::exit(1);
}
Ok(())
}

130
rust/crates/rustdns-client/src/management.rs Normal file
View File

@@ -0,0 +1,130 @@
use crate::ipc_types::*;
use crate::resolver_doh;
use crate::resolver_udp;
use std::io::{self, BufRead, Write};
use tokio::sync::mpsc;
use tracing::{error, info};
/// Emit a JSON event on stdout.
fn send_event(event: &str, data: serde_json::Value) {
let evt = IpcEvent {
event: event.to_string(),
data,
};
let json = serde_json::to_string(&evt).unwrap();
let stdout = io::stdout();
let mut lock = stdout.lock();
let _ = writeln!(lock, "{}", json);
let _ = lock.flush();
}
/// Send a JSON response on stdout.
fn send_response(response: &IpcResponse) {
let json = serde_json::to_string(response).unwrap();
let stdout = io::stdout();
let mut lock = stdout.lock();
let _ = writeln!(lock, "{}", json);
let _ = lock.flush();
}
/// Main management loop — reads JSON lines from stdin, dispatches commands.
pub async fn management_loop() -> Result<(), Box<dyn std::error::Error>> {
// Emit ready event
send_event(
"ready",
serde_json::json!({
"version": env!("CARGO_PKG_VERSION")
}),
);
// Create a shared HTTP client for DoH connection pooling
let http_client = reqwest::Client::builder()
.use_rustls_tls()
.build()
.map_err(|e| format!("Failed to create HTTP client: {}", e))?;
// Channel for stdin commands (read in blocking thread)
let (cmd_tx, mut cmd_rx) = mpsc::channel::<String>(256);
// Spawn blocking stdin reader
std::thread::spawn(move || {
let stdin = io::stdin();
let reader = stdin.lock();
for line in reader.lines() {
match line {
Ok(l) => {
if cmd_tx.blocking_send(l).is_err() {
break; // channel closed
}
}
Err(_) => break, // stdin closed
}
}
});
loop {
match cmd_rx.recv().await {
Some(line) => {
let request: IpcRequest = match serde_json::from_str(&line) {
Ok(r) => r,
Err(e) => {
error!("Failed to parse IPC request: {}", e);
continue;
}
};
let response = handle_request(&request, &http_client).await;
send_response(&response);
}
None => {
// stdin closed — parent process exited
info!("stdin closed, shutting down");
break;
}
}
}
Ok(())
}
async fn handle_request(request: &IpcRequest, http_client: &reqwest::Client) -> IpcResponse {
let id = request.id.clone();
match request.method.as_str() {
"ping" => IpcResponse::ok(id, serde_json::json!({ "pong": true })),
"resolve" => handle_resolve(id, &request.params, http_client).await,
_ => IpcResponse::err(id, format!("Unknown method: {}", request.method)),
}
}
async fn handle_resolve(
id: String,
params: &serde_json::Value,
http_client: &reqwest::Client,
) -> IpcResponse {
let resolve_params: ResolveParams = match serde_json::from_value(params.clone()) {
Ok(p) => p,
Err(e) => return IpcResponse::err(id, format!("Invalid resolve params: {}", e)),
};
let result = match resolve_params.protocol.as_str() {
"udp" => resolver_udp::resolve_udp(&resolve_params).await,
"doh" => resolver_doh::resolve_doh(&resolve_params, http_client).await,
other => {
return IpcResponse::err(
id,
format!("Unknown protocol '{}'. Use 'udp' or 'doh'.", other),
);
}
};
match result {
Ok(resolve_result) => {
let result_json = serde_json::to_value(&resolve_result).unwrap();
IpcResponse::ok(id, result_json)
}
Err(e) => IpcResponse::err(id, e),
}
}

75
rust/crates/rustdns-client/src/resolver_doh.rs Normal file
View File

@@ -0,0 +1,75 @@
use crate::ipc_types::{ResolveParams, ResolveResult};
use crate::resolver_udp::decode_answers;
use rustdns_protocol::packet::{DnsPacket, DnsQuestion};
use rustdns_protocol::types::{QClass, QType, EDNS_DO_BIT, FLAG_RD};
use std::time::Duration;
use tracing::debug;
/// Resolve a DNS query via DNS-over-HTTPS (RFC 8484 wire format).
pub async fn resolve_doh(
params: &ResolveParams,
http_client: &reqwest::Client,
) -> Result<ResolveResult, String> {
let qtype = QType::from_str(&params.record_type);
let id: u16 = rand::random();
// Build query packet (same as UDP)
let mut query = DnsPacket::new_query(id);
query.flags = FLAG_RD;
query.questions.push(DnsQuestion {
name: params.name.clone(),
qtype,
qclass: QClass::IN,
});
// Add OPT record with DO bit for DNSSEC
query.additionals.push(rustdns_protocol::packet::DnsRecord {
name: ".".to_string(),
rtype: QType::OPT,
rclass: QClass::from_u16(4096),
ttl: 0,
rdata: vec![],
opt_flags: Some(EDNS_DO_BIT),
});
let query_bytes = query.encode();
let timeout = Duration::from_millis(params.timeout_ms);
let response = http_client
.post(&params.doh_url)
.header("Content-Type", "application/dns-message")
.header("Accept", "application/dns-message")
.body(query_bytes)
.timeout(timeout)
.send()
.await
.map_err(|e| format!("DoH request failed: {}", e))?;
if !response.status().is_success() {
return Err(format!("DoH server returned status {}", response.status()));
}
let response_bytes = response
.bytes()
.await
.map_err(|e| format!("Failed to read DoH response body: {}", e))?;
let dns_response = DnsPacket::parse(&response_bytes)
.map_err(|e| format!("Failed to parse DoH response: {}", e))?;
debug!(
"DoH response: id={}, rcode={}, answers={}, ad={}",
dns_response.id,
dns_response.rcode(),
dns_response.answers.len(),
dns_response.has_ad_flag()
);
let answers = decode_answers(&dns_response.answers, &response_bytes);
Ok(ResolveResult {
answers,
ad_flag: dns_response.has_ad_flag(),
rcode: dns_response.rcode(),
})
}

193
rust/crates/rustdns-client/src/resolver_udp.rs Normal file
View File

@@ -0,0 +1,193 @@
use crate::ipc_types::{ClientDnsAnswer, ResolveParams, ResolveResult};
use rustdns_protocol::packet::{
decode_a, decode_aaaa, decode_mx, decode_name_rdata, decode_soa, decode_srv, decode_txt,
DnsPacket, DnsQuestion, DnsRecord,
};
use rustdns_protocol::types::{QClass, QType, EDNS_DO_BIT, FLAG_RD};
use std::net::SocketAddr;
use std::time::Duration;
use tokio::net::UdpSocket;
use tracing::debug;
/// Resolve a DNS query via UDP to an upstream server.
pub async fn resolve_udp(params: &ResolveParams) -> Result<ResolveResult, String> {
let server_addr: SocketAddr = params
.server_addr
.parse()
.map_err(|e| format!("Invalid server address '{}': {}", params.server_addr, e))?;
let qtype = QType::from_str(&params.record_type);
let id: u16 = rand::random();
// Build query packet with RD flag and EDNS0 DO bit
let mut query = DnsPacket::new_query(id);
query.flags = FLAG_RD;
query.questions.push(DnsQuestion {
name: params.name.clone(),
qtype,
qclass: QClass::IN,
});
// Add OPT record with DO bit for DNSSEC
query.additionals.push(rustdns_protocol::packet::DnsRecord {
name: ".".to_string(),
rtype: QType::OPT,
rclass: QClass::from_u16(4096), // UDP payload size
ttl: 0,
rdata: vec![],
opt_flags: Some(EDNS_DO_BIT),
});
let query_bytes = query.encode();
// Bind to an ephemeral port
let bind_addr = if server_addr.is_ipv6() {
"[::]:0"
} else {
"0.0.0.0:0"
};
let socket = UdpSocket::bind(bind_addr)
.await
.map_err(|e| format!("Failed to bind UDP socket: {}", e))?;
socket
.send_to(&query_bytes, server_addr)
.await
.map_err(|e| format!("Failed to send UDP query: {}", e))?;
let mut buf = vec![0u8; 4096];
let timeout = Duration::from_millis(params.timeout_ms);
let len = tokio::time::timeout(timeout, socket.recv_from(&mut buf))
.await
.map_err(|_| "UDP query timed out".to_string())?
.map_err(|e| format!("Failed to receive UDP response: {}", e))?
.0;
let response_bytes = &buf[..len];
let response = DnsPacket::parse(response_bytes)
.map_err(|e| format!("Failed to parse UDP response: {}", e))?;
debug!(
"UDP response: id={}, rcode={}, answers={}, ad={}",
response.id,
response.rcode(),
response.answers.len(),
response.has_ad_flag()
);
let answers = decode_answers(&response.answers, response_bytes);
Ok(ResolveResult {
answers,
ad_flag: response.has_ad_flag(),
rcode: response.rcode(),
})
}
/// Decode answer records into ClientDnsAnswer values.
pub fn decode_answers(records: &[DnsRecord], packet_bytes: &[u8]) -> Vec<ClientDnsAnswer> {
let mut answers = Vec::new();
for record in records {
// Skip OPT, RRSIG, DNSKEY records — they're metadata, not answer data
match record.rtype {
QType::OPT | QType::RRSIG | QType::DNSKEY => continue,
_ => {}
}
let value = decode_record_value(record, packet_bytes);
let value = match value {
Ok(v) => v,
Err(_) => continue, // skip records we can't decode
};
// Strip trailing dot from name
let name = record.name.strip_suffix('.').unwrap_or(&record.name).to_string();
answers.push(ClientDnsAnswer {
name,
rtype: record.rtype.as_str().to_string(),
ttl: record.ttl,
value,
});
}
answers
}
/// Decode a single record's RDATA to a string value.
fn decode_record_value(record: &DnsRecord, packet_bytes: &[u8]) -> Result<String, String> {
// We need the rdata offset within the packet for compression pointer resolution.
// Since we have the raw rdata and the full packet, we find the rdata position.
let rdata_offset = find_rdata_offset(packet_bytes, &record.rdata);
match record.rtype {
QType::A => decode_a(&record.rdata).map_err(|e| e.to_string()),
QType::AAAA => decode_aaaa(&record.rdata).map_err(|e| e.to_string()),
QType::TXT => {
let chunks = decode_txt(&record.rdata).map_err(|e| e.to_string())?;
Ok(chunks.join(""))
}
QType::MX => {
if let Some(offset) = rdata_offset {
let (pref, exchange) = decode_mx(&record.rdata, packet_bytes, offset)?;
Ok(format!("{} {}", pref, exchange))
} else {
Err("Cannot find MX rdata in packet".into())
}
}
QType::NS | QType::CNAME | QType::PTR => {
if let Some(offset) = rdata_offset {
decode_name_rdata(&record.rdata, packet_bytes, offset)
} else {
Err("Cannot find name rdata in packet".into())
}
}
QType::SOA => {
if let Some(offset) = rdata_offset {
let soa = decode_soa(&record.rdata, packet_bytes, offset)?;
Ok(format!(
"{} {} {} {} {} {} {}",
soa.mname, soa.rname, soa.serial, soa.refresh, soa.retry, soa.expire, soa.minimum
))
} else {
Err("Cannot find SOA rdata in packet".into())
}
}
QType::SRV => {
if let Some(offset) = rdata_offset {
let srv = decode_srv(&record.rdata, packet_bytes, offset)?;
Ok(format!(
"{} {} {} {}",
srv.priority, srv.weight, srv.port, srv.target
))
} else {
Err("Cannot find SRV rdata in packet".into())
}
}
_ => {
// Unknown type: return hex encoding
Ok(record.rdata.iter().map(|b| format!("{:02x}", b)).collect::<String>())
}
}
}
/// Find the offset of the rdata bytes within the full packet buffer.
/// This is needed because compression pointers in RDATA reference absolute positions.
fn find_rdata_offset(packet: &[u8], rdata: &[u8]) -> Option<usize> {
if rdata.is_empty() {
return None;
}
// Search for the rdata slice within the packet
let rdata_len = rdata.len();
if rdata_len > packet.len() {
return None;
}
for i in 0..=(packet.len() - rdata_len) {
if &packet[i..i + rdata_len] == rdata {
return Some(i);
}
}
None
}

11
rust/crates/rustdns-dnssec/Cargo.toml Normal file
View File

@@ -0,0 +1,11 @@
[package]
name = "rustdns-dnssec"
version = "0.1.0"
edition = "2021"
[dependencies]
rustdns-protocol = { path = "../rustdns-protocol" }
p256 = { version = "0.13", features = ["ecdsa", "ecdsa-core"] }
ed25519-dalek = { version = "2", features = ["rand_core"] }
sha2 = "0.10"
rand = "0.8"

157
rust/crates/rustdns-dnssec/src/keys.rs Normal file
View File

@@ -0,0 +1,157 @@
use p256::ecdsa::SigningKey as EcdsaSigningKey;
use ed25519_dalek::SigningKey as Ed25519SigningKey;
use rand::rngs::OsRng;
/// Supported DNSSEC algorithms.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum DnssecAlgorithm {
/// ECDSA P-256 with SHA-256 (algorithm 13)
EcdsaP256Sha256,
/// ED25519 (algorithm 15)
Ed25519,
}
impl DnssecAlgorithm {
pub fn number(&self) -> u8 {
match self {
DnssecAlgorithm::EcdsaP256Sha256 => 13,
DnssecAlgorithm::Ed25519 => 15,
}
}
pub fn from_str(s: &str) -> Option<Self> {
match s.to_uppercase().as_str() {
"ECDSA" | "ECDSAP256SHA256" => Some(DnssecAlgorithm::EcdsaP256Sha256),
"ED25519" => Some(DnssecAlgorithm::Ed25519),
_ => None,
}
}
}
/// A DNSSEC key pair with material for signing and DNSKEY generation.
pub enum DnssecKeyPair {
EcdsaP256 {
signing_key: EcdsaSigningKey,
},
Ed25519 {
signing_key: Ed25519SigningKey,
},
}
impl DnssecKeyPair {
/// Generate a new key pair for the given algorithm.
pub fn generate(algorithm: DnssecAlgorithm) -> Self {
match algorithm {
DnssecAlgorithm::EcdsaP256Sha256 => {
let signing_key = EcdsaSigningKey::random(&mut OsRng);
DnssecKeyPair::EcdsaP256 { signing_key }
}
DnssecAlgorithm::Ed25519 => {
let signing_key = Ed25519SigningKey::generate(&mut OsRng);
DnssecKeyPair::Ed25519 { signing_key }
}
}
}
/// Get the algorithm.
pub fn algorithm(&self) -> DnssecAlgorithm {
match self {
DnssecKeyPair::EcdsaP256 { .. } => DnssecAlgorithm::EcdsaP256Sha256,
DnssecKeyPair::Ed25519 { .. } => DnssecAlgorithm::Ed25519,
}
}
/// Get the public key bytes for the DNSKEY record.
/// For ECDSA P-256: 64 bytes (uncompressed x || y, without 0x04 prefix).
/// For ED25519: 32 bytes.
pub fn public_key_bytes(&self) -> Vec<u8> {
match self {
DnssecKeyPair::EcdsaP256 { signing_key } => {
use p256::ecdsa::VerifyingKey;
let verifying_key = VerifyingKey::from(signing_key);
let point = verifying_key.to_encoded_point(false); // uncompressed
let bytes = point.as_bytes();
// Remove 0x04 prefix for DNS format
bytes[1..].to_vec()
}
DnssecKeyPair::Ed25519 { signing_key } => {
let verifying_key = signing_key.verifying_key();
verifying_key.as_bytes().to_vec()
}
}
}
/// Get the DNSKEY RDATA (flags=256/ZSK, protocol=3, algorithm, public key).
pub fn dnskey_rdata(&self) -> Vec<u8> {
let flags: u16 = 256; // Zone Signing Key
let protocol: u8 = 3;
let algorithm = self.algorithm().number();
let pubkey = self.public_key_bytes();
let mut buf = Vec::new();
buf.extend_from_slice(&flags.to_be_bytes());
buf.push(protocol);
buf.push(algorithm);
buf.extend_from_slice(&pubkey);
buf
}
/// Sign data with this key pair.
pub fn sign(&self, data: &[u8]) -> Vec<u8> {
match self {
DnssecKeyPair::EcdsaP256 { signing_key } => {
use p256::ecdsa::{signature::Signer, Signature};
let sig: Signature = signing_key.sign(data);
sig.to_der().as_bytes().to_vec()
}
DnssecKeyPair::Ed25519 { signing_key } => {
use ed25519_dalek::Signer;
let sig = signing_key.sign(data);
sig.to_bytes().to_vec()
}
}
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_ecdsa_key_generation() {
let kp = DnssecKeyPair::generate(DnssecAlgorithm::EcdsaP256Sha256);
assert_eq!(kp.algorithm(), DnssecAlgorithm::EcdsaP256Sha256);
assert_eq!(kp.public_key_bytes().len(), 64); // x(32) + y(32)
}
#[test]
fn test_ed25519_key_generation() {
let kp = DnssecKeyPair::generate(DnssecAlgorithm::Ed25519);
assert_eq!(kp.algorithm(), DnssecAlgorithm::Ed25519);
assert_eq!(kp.public_key_bytes().len(), 32);
}
#[test]
fn test_dnskey_rdata() {
let kp = DnssecKeyPair::generate(DnssecAlgorithm::EcdsaP256Sha256);
let rdata = kp.dnskey_rdata();
// flags(2) + protocol(1) + algorithm(1) + pubkey(64) = 68
assert_eq!(rdata.len(), 68);
assert_eq!(rdata[0], 1); // flags high byte (256 >> 8)
assert_eq!(rdata[1], 0); // flags low byte
assert_eq!(rdata[2], 3); // protocol
assert_eq!(rdata[3], 13); // algorithm 13 = ECDSA P-256
}
#[test]
fn test_sign_and_verify() {
let kp = DnssecKeyPair::generate(DnssecAlgorithm::EcdsaP256Sha256);
let data = b"test data to sign";
let sig = kp.sign(data);
assert!(!sig.is_empty());
let kp2 = DnssecKeyPair::generate(DnssecAlgorithm::Ed25519);
let sig2 = kp2.sign(data);
assert!(!sig2.is_empty());
}
}

38
rust/crates/rustdns-dnssec/src/keytag.rs Normal file
View File

@@ -0,0 +1,38 @@
/// Compute the DNSSEC key tag as per RFC 4034 Appendix B.
/// Input is the full DNSKEY RDATA (flags + protocol + algorithm + public key).
pub fn compute_key_tag(dnskey_rdata: &[u8]) -> u16 {
let mut acc: u32 = 0;
for (i, &byte) in dnskey_rdata.iter().enumerate() {
if i & 1 == 0 {
acc += (byte as u32) << 8;
} else {
acc += byte as u32;
}
}
acc += (acc >> 16) & 0xFFFF;
(acc & 0xFFFF) as u16
}
/// Compute a DS record digest (SHA-256) from owner name + DNSKEY RDATA.
pub fn compute_ds_digest(owner_name_wire: &[u8], dnskey_rdata: &[u8]) -> Vec<u8> {
use sha2::{Sha256, Digest};
let mut hasher = Sha256::new();
hasher.update(owner_name_wire);
hasher.update(dnskey_rdata);
hasher.finalize().to_vec()
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_key_tag_computation() {
// A known DNSKEY RDATA: flags=256, protocol=3, algorithm=13, plus some key bytes
let mut rdata = vec![1u8, 0, 3, 13]; // flags=256, protocol=3, algorithm=13
rdata.extend_from_slice(&[0u8; 64]); // dummy 64-byte key
let tag = compute_key_tag(&rdata);
// Just verify it produces a reasonable value
assert!(tag > 0);
}
}

3
rust/crates/rustdns-dnssec/src/lib.rs Normal file
View File

@@ -0,0 +1,3 @@
pub mod keys;
pub mod signing;
pub mod keytag;

147
rust/crates/rustdns-dnssec/src/signing.rs Normal file
View File

@@ -0,0 +1,147 @@
use crate::keys::DnssecKeyPair;
use crate::keytag::compute_key_tag;
use rustdns_protocol::name::encode_name;
use rustdns_protocol::packet::{encode_rrsig, DnsRecord};
use rustdns_protocol::types::QType;
use sha2::{Sha256, Digest};
/// Canonical RRset serialization for DNSSEC signing (RFC 4034 Section 6).
/// Each record: name(wire) + type(2) + class(2) + ttl(4) + rdlength(2) + rdata
pub fn serialize_rrset_canonical(records: &[DnsRecord]) -> Vec<u8> {
let mut buf = Vec::new();
for rr in records {
if rr.rtype == QType::OPT {
continue;
}
let name = if rr.name.ends_with('.') {
rr.name.to_lowercase()
} else {
format!("{}.", rr.name).to_lowercase()
};
buf.extend_from_slice(&encode_name(&name));
buf.extend_from_slice(&rr.rtype.to_u16().to_be_bytes());
buf.extend_from_slice(&rr.rclass.to_u16().to_be_bytes());
buf.extend_from_slice(&rr.ttl.to_be_bytes());
buf.extend_from_slice(&(rr.rdata.len() as u16).to_be_bytes());
buf.extend_from_slice(&rr.rdata);
}
buf
}
/// Generate an RRSIG record for a given RRset.
pub fn generate_rrsig(
key_pair: &DnssecKeyPair,
zone: &str,
rrset: &[DnsRecord],
name: &str,
rtype: QType,
) -> DnsRecord {
let algorithm = key_pair.algorithm().number();
let dnskey_rdata = key_pair.dnskey_rdata();
let key_tag = compute_key_tag(&dnskey_rdata);
let signers_name = if zone.ends_with('.') {
zone.to_string()
} else {
format!("{}.", zone)
};
let ttl = if rrset.is_empty() { 300 } else { rrset[0].ttl };
let now = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_secs() as u32;
let inception = now.wrapping_sub(3600); // 1 hour ago
let expiration = inception.wrapping_add(86400); // +1 day
let labels = name
.strip_suffix('.')
.unwrap_or(name)
.split('.')
.filter(|l| !l.is_empty())
.count() as u8;
// Build the RRSIG RDATA preamble (everything before the signature)
let type_covered = rtype.to_u16();
let mut sig_data = Vec::new();
sig_data.extend_from_slice(&type_covered.to_be_bytes());
sig_data.push(algorithm);
sig_data.push(labels);
sig_data.extend_from_slice(&ttl.to_be_bytes());
sig_data.extend_from_slice(&expiration.to_be_bytes());
sig_data.extend_from_slice(&inception.to_be_bytes());
sig_data.extend_from_slice(&key_tag.to_be_bytes());
sig_data.extend_from_slice(&encode_name(&signers_name));
// Append the canonical RRset
sig_data.extend_from_slice(&serialize_rrset_canonical(rrset));
// Sign: ECDSA uses SHA-256 internally via the p256 crate, ED25519 does its own hashing
let signature = match key_pair {
DnssecKeyPair::EcdsaP256 { .. } => {
// For ECDSA, we hash first then sign
let hash = Sha256::digest(&sig_data);
key_pair.sign(&hash)
}
DnssecKeyPair::Ed25519 { .. } => {
// ED25519 includes hashing internally
key_pair.sign(&sig_data)
}
};
let rrsig_rdata = encode_rrsig(
type_covered,
algorithm,
labels,
ttl,
expiration,
inception,
key_tag,
&signers_name,
&signature,
);
DnsRecord {
name: name.to_string(),
rtype: QType::RRSIG,
rclass: rustdns_protocol::types::QClass::IN,
ttl,
rdata: rrsig_rdata,
opt_flags: None,
}
}
#[cfg(test)]
mod tests {
use super::*;
use crate::keys::{DnssecAlgorithm, DnssecKeyPair};
use rustdns_protocol::packet::{build_record, encode_a};
#[test]
fn test_generate_rrsig_ecdsa() {
let kp = DnssecKeyPair::generate(DnssecAlgorithm::EcdsaP256Sha256);
let record = build_record("test.example.com", QType::A, 300, encode_a("127.0.0.1"));
let rrsig = generate_rrsig(&kp, "example.com", &[record], "test.example.com", QType::A);
assert_eq!(rrsig.rtype, QType::RRSIG);
assert!(!rrsig.rdata.is_empty());
}
#[test]
fn test_generate_rrsig_ed25519() {
let kp = DnssecKeyPair::generate(DnssecAlgorithm::Ed25519);
let record = build_record("test.example.com", QType::A, 300, encode_a("10.0.0.1"));
let rrsig = generate_rrsig(&kp, "example.com", &[record], "test.example.com", QType::A);
assert_eq!(rrsig.rtype, QType::RRSIG);
assert!(!rrsig.rdata.is_empty());
}
#[test]
fn test_serialize_rrset_canonical() {
let r1 = build_record("example.com", QType::A, 300, encode_a("1.2.3.4"));
let r2 = build_record("example.com", QType::A, 300, encode_a("5.6.7.8"));
let serialized = serialize_rrset_canonical(&[r1, r2]);
assert!(!serialized.is_empty());
}
}

6
rust/crates/rustdns-protocol/Cargo.toml Normal file
View File

@@ -0,0 +1,6 @@
[package]
name = "rustdns-protocol"
version = "0.1.0"
edition = "2021"
[dependencies]

3
rust/crates/rustdns-protocol/src/lib.rs Normal file
View File

@@ -0,0 +1,3 @@
pub mod types;
pub mod name;
pub mod packet;

108
rust/crates/rustdns-protocol/src/name.rs Normal file
View File

@@ -0,0 +1,108 @@
/// Encode a domain name into DNS wire format.
/// e.g. "example.com" -> [7, 'e','x','a','m','p','l','e', 3, 'c','o','m', 0]
pub fn encode_name(name: &str) -> Vec<u8> {
let mut buf = Vec::new();
let trimmed = name.strip_suffix('.').unwrap_or(name);
if trimmed.is_empty() {
buf.push(0);
return buf;
}
for label in trimmed.split('.') {
let len = label.len();
if len > 63 {
// Truncate to 63 per DNS spec
buf.push(63);
buf.extend_from_slice(&label.as_bytes()[..63]);
} else {
buf.push(len as u8);
buf.extend_from_slice(label.as_bytes());
}
}
buf.push(0); // root label
buf
}
/// Decode a domain name from DNS wire format at the given offset.
/// Returns (name, bytes_consumed).
/// Handles compression pointers (0xC0 prefix).
pub fn decode_name(data: &[u8], offset: usize) -> Result<(String, usize), &'static str> {
let mut labels: Vec<String> = Vec::new();
let mut pos = offset;
let mut bytes_consumed = 0;
let mut jumped = false;
loop {
if pos >= data.len() {
return Err("unexpected end of data in name");
}
let len = data[pos] as usize;
if len == 0 {
// Root label
if !jumped {
bytes_consumed = pos - offset + 1;
}
break;
}
// Check for compression pointer
if len & 0xC0 == 0xC0 {
if pos + 1 >= data.len() {
return Err("unexpected end of data in compression pointer");
}
let pointer = ((len & 0x3F) << 8) | (data[pos + 1] as usize);
if !jumped {
bytes_consumed = pos - offset + 2;
jumped = true;
}
pos = pointer;
continue;
}
// Regular label
pos += 1;
if pos + len > data.len() {
return Err("label extends beyond data");
}
let label = std::str::from_utf8(&data[pos..pos + len]).map_err(|_| "invalid UTF-8 in label")?;
labels.push(label.to_string());
pos += len;
}
if bytes_consumed == 0 && !jumped {
bytes_consumed = 1; // just the root label
}
Ok((labels.join("."), bytes_consumed))
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_encode_decode_roundtrip() {
let names = vec!["example.com", "sub.domain.example.com", "localhost", "a.b.c.d.e"];
for name in names {
let encoded = encode_name(name);
let (decoded, consumed) = decode_name(&encoded, 0).unwrap();
assert_eq!(decoded, name);
assert_eq!(consumed, encoded.len());
}
}
#[test]
fn test_encode_trailing_dot() {
let a = encode_name("example.com.");
let b = encode_name("example.com");
assert_eq!(a, b);
}
#[test]
fn test_root_name() {
let encoded = encode_name("");
assert_eq!(encoded, vec![0]);
let (decoded, _) = decode_name(&encoded, 0).unwrap();
assert_eq!(decoded, "");
}
}

666
rust/crates/rustdns-protocol/src/packet.rs Normal file
View File

@@ -0,0 +1,666 @@
use crate::name::{decode_name, encode_name};
use crate::types::{QClass, QType, FLAG_QR, FLAG_AA, FLAG_RD, FLAG_RA, FLAG_AD, EDNS_DO_BIT};
/// A parsed DNS question.
#[derive(Debug, Clone)]
pub struct DnsQuestion {
pub name: String,
pub qtype: QType,
pub qclass: QClass,
}
/// A parsed DNS resource record.
#[derive(Debug, Clone)]
pub struct DnsRecord {
pub name: String,
pub rtype: QType,
pub rclass: QClass,
pub ttl: u32,
pub rdata: Vec<u8>,
// For OPT records, the flags are stored in the TTL field position
pub opt_flags: Option<u16>,
}
/// A complete DNS packet (parsed).
#[derive(Debug, Clone)]
pub struct DnsPacket {
pub id: u16,
pub flags: u16,
pub questions: Vec<DnsQuestion>,
pub answers: Vec<DnsRecord>,
pub authorities: Vec<DnsRecord>,
pub additionals: Vec<DnsRecord>,
}
impl DnsPacket {
/// Create a new empty query packet.
pub fn new_query(id: u16) -> Self {
DnsPacket {
id,
flags: 0,
questions: Vec::new(),
answers: Vec::new(),
authorities: Vec::new(),
additionals: Vec::new(),
}
}
/// Create a response packet for a given request.
pub fn new_response(request: &DnsPacket) -> Self {
let mut flags = FLAG_QR | FLAG_AA | FLAG_RA;
if request.flags & FLAG_RD != 0 {
flags |= FLAG_RD;
}
DnsPacket {
id: request.id,
flags,
questions: request.questions.clone(),
answers: Vec::new(),
authorities: Vec::new(),
additionals: Vec::new(),
}
}
/// Extract the response code (lower 4 bits of flags).
pub fn rcode(&self) -> u8 {
(self.flags & 0x000F) as u8
}
/// Check if the AD (Authenticated Data) flag is set.
pub fn has_ad_flag(&self) -> bool {
self.flags & FLAG_AD != 0
}
/// Check if DNSSEC (DO bit) is requested in the OPT record.
pub fn is_dnssec_requested(&self) -> bool {
for additional in &self.additionals {
if additional.rtype == QType::OPT {
if let Some(flags) = additional.opt_flags {
if flags & EDNS_DO_BIT != 0 {
return true;
}
}
}
}
false
}
/// Parse a DNS packet from wire format bytes.
pub fn parse(data: &[u8]) -> Result<Self, String> {
if data.len() < 12 {
return Err("packet too short for DNS header".into());
}
let id = u16::from_be_bytes([data[0], data[1]]);
let flags = u16::from_be_bytes([data[2], data[3]]);
let qdcount = u16::from_be_bytes([data[4], data[5]]) as usize;
let ancount = u16::from_be_bytes([data[6], data[7]]) as usize;
let nscount = u16::from_be_bytes([data[8], data[9]]) as usize;
let arcount = u16::from_be_bytes([data[10], data[11]]) as usize;
let mut offset = 12;
// Parse questions
let mut questions = Vec::with_capacity(qdcount);
for _ in 0..qdcount {
let (name, consumed) = decode_name(data, offset).map_err(|e| e.to_string())?;
offset += consumed;
if offset + 4 > data.len() {
return Err("packet too short for question fields".into());
}
let qtype = QType::from_u16(u16::from_be_bytes([data[offset], data[offset + 1]]));
let qclass = QClass::from_u16(u16::from_be_bytes([data[offset + 2], data[offset + 3]]));
offset += 4;
questions.push(DnsQuestion { name, qtype, qclass });
}
// Parse resource records
fn parse_records(data: &[u8], offset: &mut usize, count: usize) -> Result<Vec<DnsRecord>, String> {
let mut records = Vec::with_capacity(count);
for _ in 0..count {
let (name, consumed) = decode_name(data, *offset).map_err(|e| e.to_string())?;
*offset += consumed;
if *offset + 10 > data.len() {
return Err("packet too short for RR fields".into());
}
let rtype = QType::from_u16(u16::from_be_bytes([data[*offset], data[*offset + 1]]));
let rclass_or_payload = u16::from_be_bytes([data[*offset + 2], data[*offset + 3]]);
let ttl_bytes = u32::from_be_bytes([data[*offset + 4], data[*offset + 5], data[*offset + 6], data[*offset + 7]]);
let rdlength = u16::from_be_bytes([data[*offset + 8], data[*offset + 9]]) as usize;
*offset += 10;
if *offset + rdlength > data.len() {
return Err("packet too short for RDATA".into());
}
let rdata = data[*offset..*offset + rdlength].to_vec();
*offset += rdlength;
// For OPT records, extract flags from the TTL position
let (rclass, ttl, opt_flags) = if rtype == QType::OPT {
// OPT: class = UDP payload size, TTL upper 16 = extended RCODE + version, lower 16 = flags
let flags = (ttl_bytes & 0xFFFF) as u16;
(QClass::from_u16(rclass_or_payload), 0, Some(flags))
} else {
(QClass::from_u16(rclass_or_payload), ttl_bytes, None)
};
records.push(DnsRecord {
name,
rtype,
rclass,
ttl,
rdata,
opt_flags,
});
}
Ok(records)
}
let answers = parse_records(data, &mut offset, ancount)?;
let authorities = parse_records(data, &mut offset, nscount)?;
let additionals = parse_records(data, &mut offset, arcount)?;
Ok(DnsPacket {
id,
flags,
questions,
answers,
authorities,
additionals,
})
}
/// Encode this DNS packet to wire format bytes.
pub fn encode(&self) -> Vec<u8> {
let mut buf = Vec::with_capacity(512);
// Header
buf.extend_from_slice(&self.id.to_be_bytes());
buf.extend_from_slice(&self.flags.to_be_bytes());
buf.extend_from_slice(&(self.questions.len() as u16).to_be_bytes());
buf.extend_from_slice(&(self.answers.len() as u16).to_be_bytes());
buf.extend_from_slice(&(self.authorities.len() as u16).to_be_bytes());
buf.extend_from_slice(&(self.additionals.len() as u16).to_be_bytes());
// Questions
for q in &self.questions {
buf.extend_from_slice(&encode_name(&q.name));
buf.extend_from_slice(&q.qtype.to_u16().to_be_bytes());
buf.extend_from_slice(&q.qclass.to_u16().to_be_bytes());
}
// Resource records
fn encode_records(buf: &mut Vec<u8>, records: &[DnsRecord]) {
for rr in records {
buf.extend_from_slice(&encode_name(&rr.name));
buf.extend_from_slice(&rr.rtype.to_u16().to_be_bytes());
if rr.rtype == QType::OPT {
// OPT: class = UDP payload size (4096), TTL = ext rcode + flags
buf.extend_from_slice(&rr.rclass.to_u16().to_be_bytes());
let flags = rr.opt_flags.unwrap_or(0) as u32;
buf.extend_from_slice(&flags.to_be_bytes());
} else {
buf.extend_from_slice(&rr.rclass.to_u16().to_be_bytes());
buf.extend_from_slice(&rr.ttl.to_be_bytes());
}
buf.extend_from_slice(&(rr.rdata.len() as u16).to_be_bytes());
buf.extend_from_slice(&rr.rdata);
}
}
encode_records(&mut buf, &self.answers);
encode_records(&mut buf, &self.authorities);
encode_records(&mut buf, &self.additionals);
buf
}
}
// ── RDATA encoding helpers ─────────────────────────────────────────
/// Encode an A record (IPv4 address string -> 4 bytes).
pub fn encode_a(ip: &str) -> Vec<u8> {
ip.split('.')
.filter_map(|s| s.parse::<u8>().ok())
.collect()
}
/// Encode an AAAA record (IPv6 address string -> 16 bytes).
pub fn encode_aaaa(ip: &str) -> Vec<u8> {
// Handle :: expansion
let expanded = expand_ipv6(ip);
expanded
.split(':')
.flat_map(|seg| {
let val = u16::from_str_radix(seg, 16).unwrap_or(0);
val.to_be_bytes().to_vec()
})
.collect()
}
fn expand_ipv6(ip: &str) -> String {
if !ip.contains("::") {
return ip.to_string();
}
let parts: Vec<&str> = ip.split("::").collect();
let left: Vec<&str> = if parts[0].is_empty() {
vec![]
} else {
parts[0].split(':').collect()
};
let right: Vec<&str> = if parts.len() > 1 && !parts[1].is_empty() {
parts[1].split(':').collect()
} else {
vec![]
};
let fill_count = 8 - left.len() - right.len();
let mut result: Vec<String> = left.iter().map(|s| s.to_string()).collect();
for _ in 0..fill_count {
result.push("0".to_string());
}
result.extend(right.iter().map(|s| s.to_string()));
result.join(":")
}
/// Encode a TXT record (array of strings -> length-prefixed chunks).
pub fn encode_txt(strings: &[String]) -> Vec<u8> {
let mut buf = Vec::new();
for s in strings {
let bytes = s.as_bytes();
// TXT strings must be <= 255 bytes each
let len = bytes.len().min(255);
buf.push(len as u8);
buf.extend_from_slice(&bytes[..len]);
}
buf
}
/// Encode a domain name for use in RDATA (NS, CNAME, PTR, etc.).
pub fn encode_name_rdata(name: &str) -> Vec<u8> {
encode_name(name)
}
/// Encode a SOA record RDATA.
pub fn encode_soa(mname: &str, rname: &str, serial: u32, refresh: u32, retry: u32, expire: u32, minimum: u32) -> Vec<u8> {
let mut buf = Vec::new();
buf.extend_from_slice(&encode_name(mname));
buf.extend_from_slice(&encode_name(rname));
buf.extend_from_slice(&serial.to_be_bytes());
buf.extend_from_slice(&refresh.to_be_bytes());
buf.extend_from_slice(&retry.to_be_bytes());
buf.extend_from_slice(&expire.to_be_bytes());
buf.extend_from_slice(&minimum.to_be_bytes());
buf
}
/// Encode an MX record RDATA.
pub fn encode_mx(preference: u16, exchange: &str) -> Vec<u8> {
let mut buf = Vec::new();
buf.extend_from_slice(&preference.to_be_bytes());
buf.extend_from_slice(&encode_name(exchange));
buf
}
/// Encode a SRV record RDATA.
pub fn encode_srv(priority: u16, weight: u16, port: u16, target: &str) -> Vec<u8> {
let mut buf = Vec::new();
buf.extend_from_slice(&priority.to_be_bytes());
buf.extend_from_slice(&weight.to_be_bytes());
buf.extend_from_slice(&port.to_be_bytes());
buf.extend_from_slice(&encode_name(target));
buf
}
/// Encode a DNSKEY record RDATA.
pub fn encode_dnskey(flags: u16, protocol: u8, algorithm: u8, public_key: &[u8]) -> Vec<u8> {
let mut buf = Vec::new();
buf.extend_from_slice(&flags.to_be_bytes());
buf.push(protocol);
buf.push(algorithm);
buf.extend_from_slice(public_key);
buf
}
/// Encode an RRSIG record RDATA.
pub fn encode_rrsig(
type_covered: u16,
algorithm: u8,
labels: u8,
original_ttl: u32,
expiration: u32,
inception: u32,
key_tag: u16,
signers_name: &str,
signature: &[u8],
) -> Vec<u8> {
let mut buf = Vec::new();
buf.extend_from_slice(&type_covered.to_be_bytes());
buf.push(algorithm);
buf.push(labels);
buf.extend_from_slice(&original_ttl.to_be_bytes());
buf.extend_from_slice(&expiration.to_be_bytes());
buf.extend_from_slice(&inception.to_be_bytes());
buf.extend_from_slice(&key_tag.to_be_bytes());
buf.extend_from_slice(&encode_name(signers_name));
buf.extend_from_slice(signature);
buf
}
// ── RDATA decoding helpers ─────────────────────────────────────────
/// Decode an A record (4 bytes -> IPv4 string).
pub fn decode_a(rdata: &[u8]) -> Result<String, &'static str> {
if rdata.len() < 4 {
return Err("A rdata too short");
}
Ok(format!("{}.{}.{}.{}", rdata[0], rdata[1], rdata[2], rdata[3]))
}
/// Decode an AAAA record (16 bytes -> IPv6 string).
pub fn decode_aaaa(rdata: &[u8]) -> Result<String, &'static str> {
if rdata.len() < 16 {
return Err("AAAA rdata too short");
}
let groups: Vec<String> = (0..8)
.map(|i| {
let val = u16::from_be_bytes([rdata[i * 2], rdata[i * 2 + 1]]);
format!("{:x}", val)
})
.collect();
// Build full form, then compress :: notation
let full = groups.join(":");
compress_ipv6(&full)
}
/// Compress a full IPv6 address to shortest form.
fn compress_ipv6(full: &str) -> Result<String, &'static str> {
let groups: Vec<&str> = full.split(':').collect();
if groups.len() != 8 {
return Ok(full.to_string());
}
// Find longest run of consecutive "0" groups
let mut best_start = None;
let mut best_len = 0usize;
let mut cur_start = None;
let mut cur_len = 0usize;
for (i, g) in groups.iter().enumerate() {
if *g == "0" {
if cur_start.is_none() {
cur_start = Some(i);
cur_len = 1;
} else {
cur_len += 1;
}
if cur_len > best_len {
best_start = cur_start;
best_len = cur_len;
}
} else {
cur_start = None;
cur_len = 0;
}
}
if best_len >= 2 {
let bs = best_start.unwrap();
let left: Vec<&str> = groups[..bs].to_vec();
let right: Vec<&str> = groups[bs + best_len..].to_vec();
let l = left.join(":");
let r = right.join(":");
if l.is_empty() && r.is_empty() {
Ok("::".to_string())
} else if l.is_empty() {
Ok(format!("::{}", r))
} else if r.is_empty() {
Ok(format!("{}::", l))
} else {
Ok(format!("{}::{}", l, r))
}
} else {
Ok(full.to_string())
}
}
/// Decode a TXT record (length-prefixed chunks -> strings).
pub fn decode_txt(rdata: &[u8]) -> Result<Vec<String>, &'static str> {
let mut strings = Vec::new();
let mut pos = 0;
while pos < rdata.len() {
let len = rdata[pos] as usize;
pos += 1;
if pos + len > rdata.len() {
return Err("TXT chunk extends beyond rdata");
}
let s = std::str::from_utf8(&rdata[pos..pos + len])
.map_err(|_| "invalid UTF-8 in TXT")?;
strings.push(s.to_string());
pos += len;
}
Ok(strings)
}
/// Decode an MX record (preference + exchange name with compression).
pub fn decode_mx(rdata: &[u8], packet: &[u8], rdata_offset: usize) -> Result<(u16, String), String> {
if rdata.len() < 3 {
return Err("MX rdata too short".into());
}
let preference = u16::from_be_bytes([rdata[0], rdata[1]]);
let (name, _) = decode_name(packet, rdata_offset + 2).map_err(|e| e.to_string())?;
Ok((preference, name))
}
/// Decode a name from RDATA (for NS, CNAME, PTR records with compression).
pub fn decode_name_rdata(_rdata: &[u8], packet: &[u8], rdata_offset: usize) -> Result<String, String> {
let (name, _) = decode_name(packet, rdata_offset).map_err(|e| e.to_string())?;
Ok(name)
}
/// SOA record decoded fields.
#[derive(Debug, Clone)]
pub struct SoaData {
pub mname: String,
pub rname: String,
pub serial: u32,
pub refresh: u32,
pub retry: u32,
pub expire: u32,
pub minimum: u32,
}
/// Decode a SOA record RDATA.
pub fn decode_soa(rdata: &[u8], packet: &[u8], rdata_offset: usize) -> Result<SoaData, String> {
let (mname, consumed1) = decode_name(packet, rdata_offset).map_err(|e| e.to_string())?;
let (rname, consumed2) = decode_name(packet, rdata_offset + consumed1).map_err(|e| e.to_string())?;
let nums_offset = consumed1 + consumed2;
if rdata.len() < nums_offset + 20 {
return Err("SOA rdata too short for numeric fields".into());
}
let serial = u32::from_be_bytes([
rdata[nums_offset], rdata[nums_offset + 1],
rdata[nums_offset + 2], rdata[nums_offset + 3],
]);
let refresh = u32::from_be_bytes([
rdata[nums_offset + 4], rdata[nums_offset + 5],
rdata[nums_offset + 6], rdata[nums_offset + 7],
]);
let retry = u32::from_be_bytes([
rdata[nums_offset + 8], rdata[nums_offset + 9],
rdata[nums_offset + 10], rdata[nums_offset + 11],
]);
let expire = u32::from_be_bytes([
rdata[nums_offset + 12], rdata[nums_offset + 13],
rdata[nums_offset + 14], rdata[nums_offset + 15],
]);
let minimum = u32::from_be_bytes([
rdata[nums_offset + 16], rdata[nums_offset + 17],
rdata[nums_offset + 18], rdata[nums_offset + 19],
]);
Ok(SoaData { mname, rname, serial, refresh, retry, expire, minimum })
}
/// SRV record decoded fields.
#[derive(Debug, Clone)]
pub struct SrvData {
pub priority: u16,
pub weight: u16,
pub port: u16,
pub target: String,
}
/// Decode a SRV record RDATA.
pub fn decode_srv(rdata: &[u8], packet: &[u8], rdata_offset: usize) -> Result<SrvData, String> {
if rdata.len() < 7 {
return Err("SRV rdata too short".into());
}
let priority = u16::from_be_bytes([rdata[0], rdata[1]]);
let weight = u16::from_be_bytes([rdata[2], rdata[3]]);
let port = u16::from_be_bytes([rdata[4], rdata[5]]);
let (target, _) = decode_name(packet, rdata_offset + 6).map_err(|e| e.to_string())?;
Ok(SrvData { priority, weight, port, target })
}
/// Build a DnsRecord from high-level data.
pub fn build_record(name: &str, rtype: QType, ttl: u32, rdata: Vec<u8>) -> DnsRecord {
DnsRecord {
name: name.to_string(),
rtype,
rclass: QClass::IN,
ttl,
rdata,
opt_flags: None,
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_parse_encode_roundtrip() {
// Build a simple query
let mut query = DnsPacket::new_query(0x1234);
query.flags = FLAG_RD;
query.questions.push(DnsQuestion {
name: "example.com".to_string(),
qtype: QType::A,
qclass: QClass::IN,
});
let encoded = query.encode();
let parsed = DnsPacket::parse(&encoded).unwrap();
assert_eq!(parsed.id, 0x1234);
assert_eq!(parsed.questions.len(), 1);
assert_eq!(parsed.questions[0].name, "example.com");
assert_eq!(parsed.questions[0].qtype, QType::A);
}
#[test]
fn test_response_with_answer() {
let mut query = DnsPacket::new_query(0x5678);
query.flags = FLAG_RD;
query.questions.push(DnsQuestion {
name: "test.example.com".to_string(),
qtype: QType::A,
qclass: QClass::IN,
});
let mut response = DnsPacket::new_response(&query);
response.answers.push(build_record(
"test.example.com",
QType::A,
300,
encode_a("127.0.0.1"),
));
let encoded = response.encode();
let parsed = DnsPacket::parse(&encoded).unwrap();
assert_eq!(parsed.id, 0x5678);
assert!(parsed.flags & FLAG_QR != 0); // Is a response
assert!(parsed.flags & FLAG_AA != 0); // Authoritative
assert_eq!(parsed.answers.len(), 1);
assert_eq!(parsed.answers[0].rdata, vec![127, 0, 0, 1]);
}
#[test]
fn test_encode_aaaa() {
let data = encode_aaaa("::1");
assert_eq!(data.len(), 16);
assert_eq!(data[15], 1);
assert!(data[..15].iter().all(|&b| b == 0));
}
#[test]
fn test_encode_txt() {
let data = encode_txt(&["hello".to_string(), "world".to_string()]);
assert_eq!(data[0], 5); // length of "hello"
assert_eq!(&data[1..6], b"hello");
assert_eq!(data[6], 5); // length of "world"
assert_eq!(&data[7..12], b"world");
}
#[test]
fn test_decode_a() {
let rdata = encode_a("192.168.1.1");
let decoded = decode_a(&rdata).unwrap();
assert_eq!(decoded, "192.168.1.1");
}
#[test]
fn test_decode_aaaa() {
let rdata = encode_aaaa("::1");
let decoded = decode_aaaa(&rdata).unwrap();
assert_eq!(decoded, "::1");
let rdata2 = encode_aaaa("2001:db8::1");
let decoded2 = decode_aaaa(&rdata2).unwrap();
assert_eq!(decoded2, "2001:db8::1");
}
#[test]
fn test_decode_txt() {
let strings = vec!["hello".to_string(), "world".to_string()];
let rdata = encode_txt(&strings);
let decoded = decode_txt(&rdata).unwrap();
assert_eq!(decoded, strings);
}
#[test]
fn test_rcode_and_ad_flag() {
let mut pkt = DnsPacket::new_query(1);
assert_eq!(pkt.rcode(), 0);
assert!(!pkt.has_ad_flag());
pkt.flags |= crate::types::FLAG_AD;
assert!(pkt.has_ad_flag());
pkt.flags |= 0x0003; // NXDOMAIN
assert_eq!(pkt.rcode(), 3);
}
#[test]
fn test_dnssec_do_bit() {
let mut query = DnsPacket::new_query(1);
query.questions.push(DnsQuestion {
name: "example.com".to_string(),
qtype: QType::A,
qclass: QClass::IN,
});
// No OPT record = no DNSSEC
assert!(!query.is_dnssec_requested());
// Add OPT with DO bit
query.additionals.push(DnsRecord {
name: ".".to_string(),
rtype: QType::OPT,
rclass: QClass::from_u16(4096), // UDP payload size
ttl: 0,
rdata: vec![],
opt_flags: Some(EDNS_DO_BIT),
});
assert!(query.is_dnssec_requested());
}
}

134
rust/crates/rustdns-protocol/src/types.rs Normal file
View File

@@ -0,0 +1,134 @@
/// DNS record types
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
#[repr(u16)]
pub enum QType {
A = 1,
NS = 2,
CNAME = 5,
SOA = 6,
PTR = 12,
MX = 15,
TXT = 16,
AAAA = 28,
SRV = 33,
OPT = 41,
RRSIG = 46,
DNSKEY = 48,
Unknown(u16),
}
impl QType {
pub fn from_u16(val: u16) -> Self {
match val {
1 => QType::A,
2 => QType::NS,
5 => QType::CNAME,
6 => QType::SOA,
12 => QType::PTR,
15 => QType::MX,
16 => QType::TXT,
28 => QType::AAAA,
33 => QType::SRV,
41 => QType::OPT,
46 => QType::RRSIG,
48 => QType::DNSKEY,
v => QType::Unknown(v),
}
}
pub fn to_u16(self) -> u16 {
match self {
QType::A => 1,
QType::NS => 2,
QType::CNAME => 5,
QType::SOA => 6,
QType::PTR => 12,
QType::MX => 15,
QType::TXT => 16,
QType::AAAA => 28,
QType::SRV => 33,
QType::OPT => 41,
QType::RRSIG => 46,
QType::DNSKEY => 48,
QType::Unknown(v) => v,
}
}
pub fn from_str(s: &str) -> Self {
match s.to_uppercase().as_str() {
"A" => QType::A,
"NS" => QType::NS,
"CNAME" => QType::CNAME,
"SOA" => QType::SOA,
"PTR" => QType::PTR,
"MX" => QType::MX,
"TXT" => QType::TXT,
"AAAA" => QType::AAAA,
"SRV" => QType::SRV,
"OPT" => QType::OPT,
"RRSIG" => QType::RRSIG,
"DNSKEY" => QType::DNSKEY,
_ => QType::Unknown(0),
}
}
pub fn as_str(&self) -> &'static str {
match self {
QType::A => "A",
QType::NS => "NS",
QType::CNAME => "CNAME",
QType::SOA => "SOA",
QType::PTR => "PTR",
QType::MX => "MX",
QType::TXT => "TXT",
QType::AAAA => "AAAA",
QType::SRV => "SRV",
QType::OPT => "OPT",
QType::RRSIG => "RRSIG",
QType::DNSKEY => "DNSKEY",
QType::Unknown(_) => "UNKNOWN",
}
}
}
/// DNS record classes
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
#[repr(u16)]
pub enum QClass {
IN = 1,
CH = 3,
HS = 4,
Unknown(u16),
}
impl QClass {
pub fn from_u16(val: u16) -> Self {
match val {
1 => QClass::IN,
3 => QClass::CH,
4 => QClass::HS,
v => QClass::Unknown(v),
}
}
pub fn to_u16(self) -> u16 {
match self {
QClass::IN => 1,
QClass::CH => 3,
QClass::HS => 4,
QClass::Unknown(v) => v,
}
}
}
/// DNS header flags
pub const FLAG_QR: u16 = 0x8000;
pub const FLAG_AA: u16 = 0x0400;
pub const FLAG_RD: u16 = 0x0100;
pub const FLAG_RA: u16 = 0x0080;
/// Authenticated Data flag
pub const FLAG_AD: u16 = 0x0020;
/// OPT record DO bit (DNSSEC OK)
pub const EDNS_DO_BIT: u16 = 0x8000;

17
rust/crates/rustdns-server/Cargo.toml Normal file
View File

@@ -0,0 +1,17 @@
[package]
name = "rustdns-server"
version = "0.1.0"
edition = "2021"
[dependencies]
rustdns-protocol = { path = "../rustdns-protocol" }
rustdns-dnssec = { path = "../rustdns-dnssec" }
tokio = { version = "1", features = ["full"] }
hyper = { version = "1", features = ["http1", "server"] }
hyper-util = { version = "0.1", features = ["tokio"] }
http-body-util = "0.1"
rustls = { version = "0.23", features = ["ring"] }
tokio-rustls = "0.26"
rustls-pemfile = "2"
tracing = "0.1"
bytes = "1"

164
rust/crates/rustdns-server/src/https.rs Normal file
View File

@@ -0,0 +1,164 @@
use hyper::body::Incoming;
use hyper::{Request, Response, StatusCode};
use hyper::service::service_fn;
use hyper_util::rt::TokioIo;
use http_body_util::{BodyExt, Full};
use rustdns_protocol::packet::DnsPacket;
use rustls::ServerConfig;
use std::net::SocketAddr;
use std::sync::Arc;
use tokio::net::TcpListener;
use tokio_rustls::TlsAcceptor;
use tracing::{error, info};
/// Configuration for the HTTPS DoH server.
pub struct HttpsServerConfig {
pub bind_addr: SocketAddr,
pub tls_config: Arc<ServerConfig>,
}
/// An HTTPS DNS-over-HTTPS server.
pub struct HttpsServer {
shutdown: tokio::sync::watch::Sender<bool>,
local_addr: SocketAddr,
}
impl HttpsServer {
/// Start the HTTPS DoH server.
pub async fn start<F, Fut>(
config: HttpsServerConfig,
resolver: F,
) -> Result<Self, Box<dyn std::error::Error + Send + Sync>>
where
F: Fn(DnsPacket) -> Fut + Send + Sync + 'static,
Fut: std::future::Future<Output = DnsPacket> + Send + 'static,
{
let listener = TcpListener::bind(config.bind_addr).await?;
let local_addr = listener.local_addr()?;
let (shutdown_tx, shutdown_rx) = tokio::sync::watch::channel(false);
let tls_acceptor = TlsAcceptor::from(config.tls_config);
let resolver = Arc::new(resolver);
info!("HTTPS DoH server listening on {}", local_addr);
tokio::spawn(async move {
let mut shutdown_rx = shutdown_rx;
loop {
tokio::select! {
result = listener.accept() => {
match result {
Ok((stream, _peer_addr)) => {
let acceptor = tls_acceptor.clone();
let resolver = resolver.clone();
tokio::spawn(async move {
match acceptor.accept(stream).await {
Ok(tls_stream) => {
let io = TokioIo::new(tls_stream);
let resolver = resolver.clone();
let service = service_fn(move |req: Request<Incoming>| {
let resolver = resolver.clone();
async move {
handle_doh_request(req, resolver).await
}
});
if let Err(e) = hyper::server::conn::http1::Builder::new()
.serve_connection(io, service)
.await
{
error!("HTTPS connection error: {}", e);
}
}
Err(e) => {
error!("TLS accept error: {}", e);
}
}
});
}
Err(e) => {
error!("TCP accept error: {}", e);
}
}
}
_ = shutdown_rx.changed() => {
if *shutdown_rx.borrow() {
info!("HTTPS DoH server shutting down");
break;
}
}
}
}
});
Ok(HttpsServer {
shutdown: shutdown_tx,
local_addr,
})
}
/// Stop the HTTPS server.
pub fn stop(&self) {
let _ = self.shutdown.send(true);
}
/// Get the bound local address.
pub fn local_addr(&self) -> SocketAddr {
self.local_addr
}
}
async fn handle_doh_request<F, Fut>(
req: Request<Incoming>,
resolver: Arc<F>,
) -> Result<Response<Full<bytes::Bytes>>, hyper::Error>
where
F: Fn(DnsPacket) -> Fut + Send + Sync,
Fut: std::future::Future<Output = DnsPacket> + Send,
{
if req.method() == hyper::Method::POST && req.uri().path() == "/dns-query" {
let body = req.collect().await?.to_bytes();
match DnsPacket::parse(&body) {
Ok(request) => {
let response = resolver(request).await;
let encoded = response.encode();
Ok(Response::builder()
.status(StatusCode::OK)
.header("Content-Type", "application/dns-message")
.body(Full::new(bytes::Bytes::from(encoded)))
.unwrap())
}
Err(e) => {
error!("Failed to parse DoH request: {}", e);
Ok(Response::builder()
.status(StatusCode::BAD_REQUEST)
.body(Full::new(bytes::Bytes::from(format!("Invalid DNS message: {}", e))))
.unwrap())
}
}
} else {
Ok(Response::builder()
.status(StatusCode::NOT_FOUND)
.body(Full::new(bytes::Bytes::new()))
.unwrap())
}
}
/// Create a rustls ServerConfig from PEM-encoded certificate and key.
pub fn create_tls_config(cert_pem: &str, key_pem: &str) -> Result<Arc<ServerConfig>, Box<dyn std::error::Error + Send + Sync>> {
let certs = rustls_pemfile::certs(&mut cert_pem.as_bytes())
.collect::<Result<Vec<_>, _>>()?;
let key = rustls_pemfile::private_key(&mut key_pem.as_bytes())?
.ok_or("no private key found in PEM data")?;
let config = ServerConfig::builder()
.with_no_client_auth()
.with_single_cert(certs, key)?;
Ok(Arc::new(config))
}

12
rust/crates/rustdns-server/src/lib.rs Normal file
View File

@@ -0,0 +1,12 @@
pub mod udp;
pub mod https;
use rustdns_protocol::packet::DnsPacket;
use std::future::Future;
use std::pin::Pin;
/// Trait for DNS query resolution.
/// The resolver receives a parsed DNS packet and returns a response packet.
pub type DnsResolverFn = Box<
dyn Fn(DnsPacket) -> Pin<Box<dyn Future<Output = DnsPacket> + Send>> + Send + Sync,
>;

95
rust/crates/rustdns-server/src/udp.rs Normal file
View File

@@ -0,0 +1,95 @@
use rustdns_protocol::packet::DnsPacket;
use std::net::SocketAddr;
use std::sync::Arc;
use tokio::net::UdpSocket;
use tracing::{error, info};
/// Configuration for the UDP DNS server.
pub struct UdpServerConfig {
pub bind_addr: SocketAddr,
}
/// A UDP DNS server that delegates resolution to a callback.
pub struct UdpServer {
socket: Arc<UdpSocket>,
shutdown: tokio::sync::watch::Sender<bool>,
}
impl UdpServer {
/// Bind and start the UDP server. The resolver function is called for each query.
pub async fn start<F, Fut>(
config: UdpServerConfig,
resolver: F,
) -> Result<Self, Box<dyn std::error::Error + Send + Sync>>
where
F: Fn(DnsPacket) -> Fut + Send + Sync + 'static,
Fut: std::future::Future<Output = DnsPacket> + Send + 'static,
{
let socket = UdpSocket::bind(config.bind_addr).await?;
let socket = Arc::new(socket);
let (shutdown_tx, shutdown_rx) = tokio::sync::watch::channel(false);
info!("UDP DNS server listening on {}", config.bind_addr);
let recv_socket = socket.clone();
let resolver = Arc::new(resolver);
tokio::spawn(async move {
let mut buf = vec![0u8; 4096];
let mut shutdown_rx = shutdown_rx;
loop {
tokio::select! {
result = recv_socket.recv_from(&mut buf) => {
match result {
Ok((len, src)) => {
let data = buf[..len].to_vec();
let sock = recv_socket.clone();
let resolver = resolver.clone();
tokio::spawn(async move {
match DnsPacket::parse(&data) {
Ok(request) => {
let response = resolver(request).await;
let encoded = response.encode();
if let Err(e) = sock.send_to(&encoded, src).await {
error!("Failed to send UDP response: {}", e);
}
}
Err(e) => {
error!("Failed to parse DNS packet from {}: {}", src, e);
}
}
});
}
Err(e) => {
error!("UDP recv error: {}", e);
}
}
}
_ = shutdown_rx.changed() => {
if *shutdown_rx.borrow() {
info!("UDP DNS server shutting down");
break;
}
}
}
}
});
Ok(UdpServer {
socket,
shutdown: shutdown_tx,
})
}
/// Stop the UDP server.
pub fn stop(&self) {
let _ = self.shutdown.send(true);
}
/// Get the bound local address.
pub fn local_addr(&self) -> std::io::Result<SocketAddr> {
self.socket.local_addr()
}
}

26
rust/crates/rustdns/Cargo.toml Normal file
View File

@@ -0,0 +1,26 @@
[package]
name = "rustdns"
version = "0.1.0"
edition = "2021"
[[bin]]
name = "rustdns"
path = "src/main.rs"
[lib]
name = "rustdns"
path = "src/lib.rs"
[dependencies]
rustdns-protocol = { path = "../rustdns-protocol" }
rustdns-dnssec = { path = "../rustdns-dnssec" }
rustdns-server = { path = "../rustdns-server" }
tokio = { version = "1", features = ["full"] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
clap = { version = "4", features = ["derive"] }
tracing = "0.1"
tracing-subscriber = "0.3"
dashmap = "6"
base64 = "0.22"
rustls = { version = "0.23", features = ["ring"] }

125
rust/crates/rustdns/src/ipc_types.rs Normal file
View File

@@ -0,0 +1,125 @@
use serde::{Deserialize, Serialize};
/// IPC request from TypeScript to Rust (via stdin).
#[derive(Debug, Deserialize)]
pub struct IpcRequest {
pub id: String,
pub method: String,
#[serde(default)]
pub params: serde_json::Value,
}
/// IPC response from Rust to TypeScript (via stdout).
#[derive(Debug, Serialize)]
pub struct IpcResponse {
pub id: String,
pub success: bool,
#[serde(skip_serializing_if = "Option::is_none")]
pub result: Option<serde_json::Value>,
#[serde(skip_serializing_if = "Option::is_none")]
pub error: Option<String>,
}
impl IpcResponse {
pub fn ok(id: String, result: serde_json::Value) -> Self {
IpcResponse {
id,
success: true,
result: Some(result),
error: None,
}
}
pub fn err(id: String, error: String) -> Self {
IpcResponse {
id,
success: false,
result: None,
error: Some(error),
}
}
}
/// IPC event from Rust to TypeScript (unsolicited, no id).
#[derive(Debug, Serialize)]
pub struct IpcEvent {
pub event: String,
pub data: serde_json::Value,
}
/// Configuration sent via the "start" command.
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct RustDnsConfig {
pub udp_port: u16,
pub https_port: u16,
#[serde(default = "default_bind")]
pub udp_bind_interface: String,
#[serde(default = "default_bind")]
pub https_bind_interface: String,
#[serde(default)]
pub https_key: String,
#[serde(default)]
pub https_cert: String,
pub dnssec_zone: String,
#[serde(default = "default_algorithm")]
pub dnssec_algorithm: String,
#[serde(default)]
pub primary_nameserver: String,
#[serde(default = "default_true")]
pub enable_localhost_handling: bool,
#[serde(default)]
pub manual_udp_mode: bool,
#[serde(default)]
pub manual_https_mode: bool,
}
fn default_bind() -> String {
"0.0.0.0".to_string()
}
fn default_algorithm() -> String {
"ECDSA".to_string()
}
fn default_true() -> bool {
true
}
/// A DNS question as sent over IPC.
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct IpcDnsQuestion {
pub name: String,
#[serde(rename = "type")]
pub qtype: String,
pub class: String,
}
/// A DNS answer as received from TypeScript over IPC.
#[derive(Debug, Serialize, Deserialize, Clone)]
pub struct IpcDnsAnswer {
pub name: String,
#[serde(rename = "type")]
pub rtype: String,
pub class: String,
pub ttl: u32,
pub data: serde_json::Value,
}
/// The dnsQuery event sent from Rust to TypeScript.
#[derive(Debug, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct DnsQueryEvent {
pub correlation_id: String,
pub questions: Vec<IpcDnsQuestion>,
pub dnssec_requested: bool,
}
/// The dnsQueryResult command from TypeScript to Rust.
#[derive(Debug, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct DnsQueryResult {
pub correlation_id: String,
pub answers: Vec<IpcDnsAnswer>,
pub answered: bool,
}

3
rust/crates/rustdns/src/lib.rs Normal file
View File

@@ -0,0 +1,3 @@
pub mod management;
pub mod ipc_types;
pub mod resolver;

36
rust/crates/rustdns/src/main.rs Normal file
View File

@@ -0,0 +1,36 @@
use clap::Parser;
use tracing_subscriber;
mod management;
mod ipc_types;
mod resolver;
#[derive(Parser, Debug)]
#[command(name = "rustdns", about = "Rust DNS server with IPC management")]
struct Cli {
/// Run in management mode (IPC via stdin/stdout)
#[arg(long)]
management: bool,
}
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Install the default rustls crypto provider (ring) before any TLS operations
let _ = rustls::crypto::ring::default_provider().install_default();
let cli = Cli::parse();
// Tracing writes to stderr so stdout is reserved for IPC
tracing_subscriber::fmt()
.with_writer(std::io::stderr)
.init();
if cli.management {
management::management_loop().await?;
} else {
eprintln!("rustdns: use --management flag for IPC mode");
std::process::exit(1);
}
Ok(())
}

402
rust/crates/rustdns/src/management.rs Normal file
View File

@@ -0,0 +1,402 @@
use crate::ipc_types::*;
use crate::resolver::DnsResolver;
use dashmap::DashMap;
use rustdns_dnssec::keys::DnssecAlgorithm;
use rustdns_protocol::packet::DnsPacket;
use rustdns_server::https::{self, HttpsServer};
use rustdns_server::udp::{UdpServer, UdpServerConfig};
use std::io::{self, BufRead, Write};
use std::net::SocketAddr;
use std::sync::Arc;
use tokio::sync::{mpsc, oneshot};
use tracing::{error, info};
/// Pending DNS query callbacks waiting for TypeScript response.
type PendingCallbacks = Arc<DashMap<String, oneshot::Sender<DnsQueryResult>>>;
/// Active server state.
struct ServerState {
udp_server: Option<UdpServer>,
https_server: Option<HttpsServer>,
resolver: Arc<DnsResolver>,
}
/// Emit a JSON event on stdout.
fn send_event(event: &str, data: serde_json::Value) {
let evt = IpcEvent {
event: event.to_string(),
data,
};
let json = serde_json::to_string(&evt).unwrap();
let stdout = io::stdout();
let mut lock = stdout.lock();
let _ = writeln!(lock, "{}", json);
let _ = lock.flush();
}
/// Send a JSON response on stdout.
fn send_response(response: &IpcResponse) {
let json = serde_json::to_string(response).unwrap();
let stdout = io::stdout();
let mut lock = stdout.lock();
let _ = writeln!(lock, "{}", json);
let _ = lock.flush();
}
/// Main management loop — reads JSON lines from stdin, dispatches commands.
pub async fn management_loop() -> Result<(), Box<dyn std::error::Error>> {
// Emit ready event
send_event("ready", serde_json::json!({
"version": env!("CARGO_PKG_VERSION")
}));
let pending: PendingCallbacks = Arc::new(DashMap::new());
let mut server_state: Option<ServerState> = None;
// Channel for stdin commands (read in blocking thread)
let (cmd_tx, mut cmd_rx) = mpsc::channel::<String>(256);
// Channel for DNS query events from the server
let (query_tx, mut query_rx) = mpsc::channel::<(String, DnsPacket)>(256);
// Spawn blocking stdin reader
std::thread::spawn(move || {
let stdin = io::stdin();
let reader = stdin.lock();
for line in reader.lines() {
match line {
Ok(l) => {
if cmd_tx.blocking_send(l).is_err() {
break; // channel closed
}
}
Err(_) => break, // stdin closed
}
}
});
loop {
tokio::select! {
cmd = cmd_rx.recv() => {
match cmd {
Some(line) => {
let request: IpcRequest = match serde_json::from_str(&line) {
Ok(r) => r,
Err(e) => {
error!("Failed to parse IPC request: {}", e);
continue;
}
};
let response = handle_request(
&request,
&mut server_state,
&pending,
&query_tx,
).await;
send_response(&response);
}
None => {
// stdin closed — parent process exited
info!("stdin closed, shutting down");
if let Some(ref state) = server_state {
if let Some(ref udp) = state.udp_server {
udp.stop();
}
if let Some(ref https) = state.https_server {
https.stop();
}
}
break;
}
}
}
query = query_rx.recv() => {
if let Some((correlation_id, packet)) = query {
let dnssec = packet.is_dnssec_requested();
let questions = DnsResolver::questions_to_ipc(&packet.questions);
send_event("dnsQuery", serde_json::to_value(&DnsQueryEvent {
correlation_id,
questions,
dnssec_requested: dnssec,
}).unwrap());
}
}
}
}
Ok(())
}
async fn handle_request(
request: &IpcRequest,
server_state: &mut Option<ServerState>,
pending: &PendingCallbacks,
query_tx: &mpsc::Sender<(String, DnsPacket)>,
) -> IpcResponse {
let id = request.id.clone();
match request.method.as_str() {
"ping" => IpcResponse::ok(id, serde_json::json!({ "pong": true })),
"start" => {
handle_start(id, &request.params, server_state, pending, query_tx).await
}
"stop" => {
handle_stop(id, server_state)
}
"dnsQueryResult" => {
handle_query_result(id, &request.params, pending)
}
"updateCerts" => {
// TODO: hot-swap TLS certs (requires rustls cert resolver)
IpcResponse::ok(id, serde_json::json!({}))
}
"processPacket" => {
handle_process_packet(id, &request.params, server_state, pending, query_tx).await
}
_ => IpcResponse::err(id, format!("Unknown method: {}", request.method)),
}
}
async fn handle_start(
id: String,
params: &serde_json::Value,
server_state: &mut Option<ServerState>,
pending: &PendingCallbacks,
query_tx: &mpsc::Sender<(String, DnsPacket)>,
) -> IpcResponse {
let config: RustDnsConfig = match serde_json::from_value(params.get("config").cloned().unwrap_or_default()) {
Ok(c) => c,
Err(e) => return IpcResponse::err(id, format!("Invalid config: {}", e)),
};
let algorithm = DnssecAlgorithm::from_str(&config.dnssec_algorithm)
.unwrap_or(DnssecAlgorithm::EcdsaP256Sha256);
let resolver = Arc::new(DnsResolver::new(
&config.dnssec_zone,
algorithm,
&config.primary_nameserver,
config.enable_localhost_handling,
));
// Start UDP server if not manual mode
let udp_server = if !config.manual_udp_mode {
let addr: SocketAddr = format!("{}:{}", config.udp_bind_interface, config.udp_port)
.parse()
.unwrap_or_else(|_| SocketAddr::from(([0, 0, 0, 0], config.udp_port)));
let resolver_clone = resolver.clone();
let pending_clone = pending.clone();
let query_tx_clone = query_tx.clone();
match UdpServer::start(
UdpServerConfig { bind_addr: addr },
move |packet| {
let resolver = resolver_clone.clone();
let pending = pending_clone.clone();
let query_tx = query_tx_clone.clone();
async move {
resolve_with_callback(packet, &resolver, &pending, &query_tx).await
}
},
).await {
Ok(server) => {
info!("UDP DNS server started on {}", addr);
Some(server)
}
Err(e) => {
return IpcResponse::err(id, format!("Failed to start UDP server: {}", e));
}
}
} else {
None
};
// Start HTTPS server if not manual mode and certs are provided
let https_server = if !config.manual_https_mode && !config.https_cert.is_empty() && !config.https_key.is_empty() {
let addr: SocketAddr = format!("{}:{}", config.https_bind_interface, config.https_port)
.parse()
.unwrap_or_else(|_| SocketAddr::from(([0, 0, 0, 0], config.https_port)));
match https::create_tls_config(&config.https_cert, &config.https_key) {
Ok(tls_config) => {
let resolver_clone = resolver.clone();
let pending_clone = pending.clone();
let query_tx_clone = query_tx.clone();
match HttpsServer::start(
https::HttpsServerConfig {
bind_addr: addr,
tls_config,
},
move |packet| {
let resolver = resolver_clone.clone();
let pending = pending_clone.clone();
let query_tx = query_tx_clone.clone();
async move {
resolve_with_callback(packet, &resolver, &pending, &query_tx).await
}
},
).await {
Ok(server) => {
info!("HTTPS DoH server started on {}", addr);
Some(server)
}
Err(e) => {
return IpcResponse::err(id, format!("Failed to start HTTPS server: {}", e));
}
}
}
Err(e) => {
return IpcResponse::err(id, format!("Failed to configure TLS: {}", e));
}
}
} else {
None
};
*server_state = Some(ServerState {
udp_server,
https_server,
resolver,
});
send_event("started", serde_json::json!({}));
IpcResponse::ok(id, serde_json::json!({}))
}
fn handle_stop(id: String, server_state: &mut Option<ServerState>) -> IpcResponse {
if let Some(ref state) = server_state {
if let Some(ref udp) = state.udp_server {
udp.stop();
}
if let Some(ref https) = state.https_server {
https.stop();
}
}
*server_state = None;
send_event("stopped", serde_json::json!({}));
IpcResponse::ok(id, serde_json::json!({}))
}
fn handle_query_result(
id: String,
params: &serde_json::Value,
pending: &PendingCallbacks,
) -> IpcResponse {
let result: DnsQueryResult = match serde_json::from_value(params.clone()) {
Ok(r) => r,
Err(e) => return IpcResponse::err(id, format!("Invalid query result: {}", e)),
};
let correlation_id = result.correlation_id.clone();
if let Some((_, sender)) = pending.remove(&correlation_id) {
let _ = sender.send(result);
IpcResponse::ok(id, serde_json::json!({ "resolved": true }))
} else {
IpcResponse::err(id, format!("No pending query for correlationId: {}", correlation_id))
}
}
async fn handle_process_packet(
id: String,
params: &serde_json::Value,
server_state: &mut Option<ServerState>,
pending: &PendingCallbacks,
query_tx: &mpsc::Sender<(String, DnsPacket)>,
) -> IpcResponse {
let packet_b64 = match params.get("packet").and_then(|v| v.as_str()) {
Some(p) => p,
None => return IpcResponse::err(id, "Missing packet parameter".to_string()),
};
let packet_data = match base64_decode(packet_b64) {
Ok(d) => d,
Err(e) => return IpcResponse::err(id, format!("Invalid base64: {}", e)),
};
let state = match server_state {
Some(ref s) => s,
None => return IpcResponse::err(id, "Server not started".to_string()),
};
let request = match DnsPacket::parse(&packet_data) {
Ok(p) => p,
Err(e) => return IpcResponse::err(id, format!("Failed to parse packet: {}", e)),
};
let response = resolve_with_callback(request, &state.resolver, pending, query_tx).await;
let encoded = response.encode();
use base64::Engine;
let response_b64 = base64::engine::general_purpose::STANDARD.encode(&encoded);
IpcResponse::ok(id, serde_json::json!({ "packet": response_b64 }))
}
/// Core resolution: try local first, then IPC callback to TypeScript.
async fn resolve_with_callback(
packet: DnsPacket,
resolver: &DnsResolver,
pending: &PendingCallbacks,
query_tx: &mpsc::Sender<(String, DnsPacket)>,
) -> DnsPacket {
// Try local resolution first (localhost, DNSKEY)
if let Some(response) = resolver.try_local_resolution(&packet) {
return response;
}
// Need IPC callback to TypeScript
let correlation_id = format!("dns_{}", uuid_v4());
let (tx, rx) = oneshot::channel();
pending.insert(correlation_id.clone(), tx);
// Send the query event to the management loop for emission
if query_tx.send((correlation_id.clone(), packet.clone())).await.is_err() {
pending.remove(&correlation_id);
return DnsPacket::new_response(&packet);
}
// Wait for the result with a timeout
match tokio::time::timeout(std::time::Duration::from_secs(10), rx).await {
Ok(Ok(result)) => {
resolver.build_response_from_answers(&packet, &result.answers, result.answered)
}
Ok(Err(_)) => {
// Sender dropped
pending.remove(&correlation_id);
resolver.build_response_from_answers(&packet, &[], false)
}
Err(_) => {
// Timeout
pending.remove(&correlation_id);
resolver.build_response_from_answers(&packet, &[], false)
}
}
}
/// Simple UUID v4 generation (no external dep needed).
fn uuid_v4() -> String {
use std::time::{SystemTime, UNIX_EPOCH};
let nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos();
let random: u64 = nanos as u64 ^ (std::process::id() as u64 * 0x517cc1b727220a95);
format!("{:016x}{:016x}", nanos as u64, random)
}
fn base64_decode(input: &str) -> Result<Vec<u8>, String> {
use base64::Engine;
base64::engine::general_purpose::STANDARD
.decode(input)
.map_err(|e| e.to_string())
}

258
rust/crates/rustdns/src/resolver.rs Normal file
View File

@@ -0,0 +1,258 @@
use crate::ipc_types::{IpcDnsAnswer, IpcDnsQuestion};
use rustdns_protocol::packet::*;
use rustdns_protocol::types::QType;
use rustdns_dnssec::keys::{DnssecAlgorithm, DnssecKeyPair};
use rustdns_dnssec::keytag::compute_key_tag;
use rustdns_dnssec::signing::generate_rrsig;
use std::collections::HashMap;
/// DNS resolver that builds responses from IPC callback answers.
pub struct DnsResolver {
pub zone: String,
pub primary_nameserver: String,
pub enable_localhost: bool,
pub key_pair: DnssecKeyPair,
pub dnskey_rdata: Vec<u8>,
pub key_tag: u16,
}
impl DnsResolver {
pub fn new(zone: &str, algorithm: DnssecAlgorithm, primary_nameserver: &str, enable_localhost: bool) -> Self {
let key_pair = DnssecKeyPair::generate(algorithm);
let dnskey_rdata = key_pair.dnskey_rdata();
let key_tag = compute_key_tag(&dnskey_rdata);
let primary_ns = if primary_nameserver.is_empty() {
format!("ns1.{}", zone)
} else {
primary_nameserver.to_string()
};
DnsResolver {
zone: zone.to_string(),
primary_nameserver: primary_ns,
enable_localhost,
key_pair,
dnskey_rdata,
key_tag,
}
}
/// Check if a query can be answered locally (localhost, DNSKEY).
/// Returns Some(answers) if handled locally, None if it needs IPC callback.
pub fn try_local_resolution(&self, packet: &DnsPacket) -> Option<DnsPacket> {
let dnssec = packet.is_dnssec_requested();
let mut response = DnsPacket::new_response(packet);
let mut all_local = true;
for q in &packet.questions {
if let Some(records) = self.try_local_question(q, dnssec) {
for r in records {
response.answers.push(r);
}
} else {
all_local = false;
}
}
if all_local && !packet.questions.is_empty() {
Some(response)
} else {
None
}
}
fn try_local_question(&self, q: &DnsQuestion, dnssec: bool) -> Option<Vec<DnsRecord>> {
let name_lower = q.name.to_lowercase();
let name_trimmed = name_lower.strip_suffix('.').unwrap_or(&name_lower);
// DNSKEY queries for our zone
if dnssec && q.qtype == QType::DNSKEY && name_trimmed == self.zone.to_lowercase() {
let record = build_record(&q.name, QType::DNSKEY, 3600, self.dnskey_rdata.clone());
let mut records = vec![record.clone()];
// Sign the DNSKEY record
let rrsig = generate_rrsig(&self.key_pair, &self.zone, &[record], &q.name, QType::DNSKEY);
records.push(rrsig);
return Some(records);
}
// Localhost handling (RFC 6761)
if self.enable_localhost {
if name_trimmed == "localhost" {
match q.qtype {
QType::A => {
return Some(vec![build_record(&q.name, QType::A, 0, encode_a("127.0.0.1"))]);
}
QType::AAAA => {
return Some(vec![build_record(&q.name, QType::AAAA, 0, encode_aaaa("::1"))]);
}
_ => {}
}
}
// Reverse localhost
if name_trimmed == "1.0.0.127.in-addr.arpa" && q.qtype == QType::PTR {
return Some(vec![build_record(&q.name, QType::PTR, 0, encode_name_rdata("localhost."))]);
}
}
None
}
/// Build a response from IPC callback answers.
pub fn build_response_from_answers(
&self,
request: &DnsPacket,
answers: &[IpcDnsAnswer],
answered: bool,
) -> DnsPacket {
let dnssec = request.is_dnssec_requested();
let mut response = DnsPacket::new_response(request);
if answered && !answers.is_empty() {
// Group answers by (name, type) for DNSSEC RRset signing
let mut rrset_map: HashMap<(String, QType), Vec<DnsRecord>> = HashMap::new();
for answer in answers {
let rtype = QType::from_str(&answer.rtype);
let rdata = self.encode_answer_rdata(rtype, &answer.data);
let record = build_record(&answer.name, rtype, answer.ttl, rdata);
response.answers.push(record.clone());
if dnssec {
let key = (answer.name.clone(), rtype);
rrset_map.entry(key).or_default().push(record);
}
}
// Sign RRsets
if dnssec {
for ((name, rtype), rrset) in &rrset_map {
let rrsig = generate_rrsig(&self.key_pair, &self.zone, rrset, name, *rtype);
response.answers.push(rrsig);
}
}
} else {
// No handler matched — return SOA
for q in &request.questions {
let soa_rdata = encode_soa(
&self.primary_nameserver,
&format!("hostmaster.{}", self.zone),
std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_secs() as u32,
3600,
600,
604800,
86400,
);
let soa_record = build_record(&q.name, QType::SOA, 3600, soa_rdata);
response.answers.push(soa_record.clone());
if dnssec {
let rrsig = generate_rrsig(&self.key_pair, &self.zone, &[soa_record], &q.name, QType::SOA);
response.answers.push(rrsig);
}
}
}
response
}
/// Process a raw DNS packet (for manual/passthrough mode).
/// Returns local answers or None if IPC callback is needed.
pub fn process_packet_local(&self, data: &[u8]) -> Result<Option<Vec<u8>>, String> {
let packet = DnsPacket::parse(data)?;
if let Some(response) = self.try_local_resolution(&packet) {
Ok(Some(response.encode()))
} else {
Ok(None)
}
}
fn encode_answer_rdata(&self, rtype: QType, data: &serde_json::Value) -> Vec<u8> {
match rtype {
QType::A => {
if let Some(ip) = data.as_str() {
encode_a(ip)
} else {
vec![]
}
}
QType::AAAA => {
if let Some(ip) = data.as_str() {
encode_aaaa(ip)
} else {
vec![]
}
}
QType::TXT => {
if let Some(arr) = data.as_array() {
let strings: Vec<String> = arr.iter().filter_map(|v| v.as_str().map(|s| s.to_string())).collect();
encode_txt(&strings)
} else if let Some(s) = data.as_str() {
encode_txt(&[s.to_string()])
} else {
vec![]
}
}
QType::NS | QType::CNAME | QType::PTR => {
if let Some(name) = data.as_str() {
encode_name_rdata(name)
} else {
vec![]
}
}
QType::MX => {
let preference = data.get("preference").and_then(|v| v.as_u64()).unwrap_or(10) as u16;
let exchange = data.get("exchange").and_then(|v| v.as_str()).unwrap_or("");
encode_mx(preference, exchange)
}
QType::SRV => {
let priority = data.get("priority").and_then(|v| v.as_u64()).unwrap_or(0) as u16;
let weight = data.get("weight").and_then(|v| v.as_u64()).unwrap_or(0) as u16;
let port = data.get("port").and_then(|v| v.as_u64()).unwrap_or(0) as u16;
let target = data.get("target").and_then(|v| v.as_str()).unwrap_or("");
encode_srv(priority, weight, port, target)
}
QType::SOA => {
let mname = data.get("mname").and_then(|v| v.as_str()).unwrap_or("");
let rname = data.get("rname").and_then(|v| v.as_str()).unwrap_or("");
let serial = data.get("serial").and_then(|v| v.as_u64()).unwrap_or(0) as u32;
let refresh = data.get("refresh").and_then(|v| v.as_u64()).unwrap_or(3600) as u32;
let retry = data.get("retry").and_then(|v| v.as_u64()).unwrap_or(600) as u32;
let expire = data.get("expire").and_then(|v| v.as_u64()).unwrap_or(604800) as u32;
let minimum = data.get("minimum").and_then(|v| v.as_u64()).unwrap_or(86400) as u32;
encode_soa(mname, rname, serial, refresh, retry, expire, minimum)
}
_ => {
// For unknown types, try to interpret as raw base64
if let Some(b64) = data.as_str() {
base64_decode(b64).unwrap_or_default()
} else {
vec![]
}
}
}
}
/// Convert questions to IPC format.
pub fn questions_to_ipc(questions: &[DnsQuestion]) -> Vec<IpcDnsQuestion> {
questions
.iter()
.map(|q| IpcDnsQuestion {
name: q.name.clone(),
qtype: q.qtype.as_str().to_string(),
class: "IN".to_string(),
})
.collect()
}
}
fn base64_decode(input: &str) -> Result<Vec<u8>, String> {
use base64::Engine;
base64::engine::general_purpose::STANDARD
.decode(input)
.map_err(|e| e.to_string())
}

123
test/example.primaryns.ts Normal file
View File

@@ -0,0 +1,123 @@
import * as smartdns from '../ts_server/index.js';
// Example: Using custom primary nameserver
async function exampleCustomNameserver() {
const dnsServer = new smartdns.DnsServer({
httpsKey: 'your-https-key',
httpsCert: 'your-https-cert',
httpsPort: 8443,
udpPort: 8053,
dnssecZone: 'example.com',
// Custom primary nameserver for SOA records
primaryNameserver: 'ns-primary.example.com',
});
// Register some handlers
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns-primary.example.com',
};
});
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns-secondary.example.com',
};
});
await dnsServer.start();
console.log('DNS server started with custom primary nameserver');
// SOA records will now use 'ns-primary.example.com' instead of 'ns1.example.com'
}
// Example: DNSSEC with multiple records (proper RRset signing)
async function exampleDnssecMultipleRecords() {
const dnsServer = new smartdns.DnsServer({
httpsKey: 'your-https-key',
httpsCert: 'your-https-cert',
httpsPort: 8443,
udpPort: 8053,
dnssecZone: 'secure.example.com',
});
// Register multiple A records for round-robin
const ips = ['192.168.1.10', '192.168.1.11', '192.168.1.12'];
for (const ip of ips) {
dnsServer.registerHandler('www.secure.example.com', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: ip,
};
});
}
await dnsServer.start();
console.log('DNS server started with DNSSEC and multiple A records');
// When queried with DNSSEC enabled, all 3 A records will be signed together
// as a single RRset with one RRSIG record (not 3 separate RRSIGs)
}
// Example: Multiple TXT records for various purposes
async function exampleMultipleTxtRecords() {
const dnsServer = new smartdns.DnsServer({
httpsKey: 'your-https-key',
httpsCert: 'your-https-cert',
httpsPort: 8443,
udpPort: 8053,
dnssecZone: 'example.com',
});
// SPF record
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 3600,
data: ['v=spf1 include:_spf.google.com ~all'],
};
});
// DKIM record
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 3600,
data: ['v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4...'],
};
});
// Domain verification
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 3600,
data: ['google-site-verification=1234567890abcdef'],
};
});
await dnsServer.start();
console.log('DNS server started with multiple TXT records');
// All TXT records will be returned when queried
}
// Export examples for reference
export { exampleCustomNameserver, exampleDnssecMultipleRecords, exampleMultipleTxtRecords };

147
test/test.client.ts Normal file
View File

@@ -0,0 +1,147 @@
import { expect, tap } from '@git.zone/tstest/tapbundle';
import * as smartdns from '../ts_client/index.js';
let testDnsClient: smartdns.Smartdns;
tap.test('should create an instance of Smartdns', async () => {
testDnsClient = new smartdns.Smartdns({});
expect(testDnsClient).toBeInstanceOf(smartdns.Smartdns);
});
tap.test('should get an A DNS Record (system)', async () => {
const records = await testDnsClient.getRecordsA('google.com');
expect(records).toBeInstanceOf(Array);
expect(records.length).toBeGreaterThan(0);
expect(records[0]).toHaveProperty('name', 'google.com');
expect(records[0]).toHaveProperty('type', 'A');
expect(records[0]).toHaveProperty('value');
expect(records[0]).toHaveProperty('dnsSecEnabled');
});
tap.test('should get an AAAA Record (system)', async () => {
const records = await testDnsClient.getRecordsAAAA('google.com');
expect(records).toBeInstanceOf(Array);
expect(records.length).toBeGreaterThan(0);
expect(records[0]).toHaveProperty('name', 'google.com');
expect(records[0]).toHaveProperty('type', 'AAAA');
expect(records[0]).toHaveProperty('value');
expect(records[0]).toHaveProperty('dnsSecEnabled');
});
tap.test('should get a txt record (system)', async () => {
const records = await testDnsClient.getRecordsTxt('google.com');
expect(records).toBeInstanceOf(Array);
expect(records.length).toBeGreaterThan(0);
expect(records[0]).toHaveProperty('name', 'google.com');
expect(records[0]).toHaveProperty('type', 'TXT');
expect(records[0]).toHaveProperty('value');
expect(records[0]).toHaveProperty('dnsSecEnabled');
});
tap.test('should get a mx record for a domain (system)', async () => {
const res = await testDnsClient.getRecords('bleu.de', 'MX');
console.log(res);
});
tap.test('should check until DNS is available', async () => {
const records = await testDnsClient.getRecordsTxt('google.com');
if (records.length > 0) {
const result = await testDnsClient.checkUntilAvailable('google.com', 'TXT', records[0].value);
expect(result).toBeTrue();
}
});
tap.test('should check until DNS is available and return false if it fails', async () => {
return expect(
await testDnsClient.checkUntilAvailable('google.com', 'TXT', 'this-txt-record-does-not-exist')
).toBeFalse();
});
tap.test('should check until DNS is available and return false if it fails', async () => {
return expect(
await testDnsClient.checkUntilAvailable('nonexistent.example.com', 'TXT', 'sometext_txt2')
).toBeFalse();
});
tap.test('should get name server for hostname', async () => {
let result = await testDnsClient.getNameServers('bleu.de');
console.log(result);
});
tap.test('should detect DNSSEC via DoH (Rust)', async () => {
const dohClient = new smartdns.Smartdns({ strategy: 'doh' });
const result = await dohClient.getRecordsA('lossless.com');
console.log(result[0]);
expect(result[0].dnsSecEnabled).toBeTrue();
dohClient.destroy();
});
// ── New tests for UDP and Rust-based resolution ──────────────────
tap.test('should resolve A record via UDP (Rust)', async () => {
const udpClient = new smartdns.Smartdns({ strategy: 'udp' });
const records = await udpClient.getRecordsA('google.com');
expect(records).toBeInstanceOf(Array);
expect(records.length).toBeGreaterThan(0);
expect(records[0]).toHaveProperty('name', 'google.com');
expect(records[0]).toHaveProperty('type', 'A');
expect(records[0]).toHaveProperty('value');
console.log('UDP A record:', records[0]);
udpClient.destroy();
});
tap.test('should resolve AAAA record via UDP (Rust)', async () => {
const udpClient = new smartdns.Smartdns({ strategy: 'udp' });
const records = await udpClient.getRecordsAAAA('google.com');
expect(records).toBeInstanceOf(Array);
expect(records.length).toBeGreaterThan(0);
expect(records[0]).toHaveProperty('type', 'AAAA');
console.log('UDP AAAA record:', records[0]);
udpClient.destroy();
});
tap.test('should resolve TXT record via DoH (Rust)', async () => {
const dohClient = new smartdns.Smartdns({ strategy: 'doh' });
const records = await dohClient.getRecordsTxt('google.com');
expect(records).toBeInstanceOf(Array);
expect(records.length).toBeGreaterThan(0);
expect(records[0]).toHaveProperty('type', 'TXT');
expect(records[0]).toHaveProperty('value');
console.log('DoH TXT record:', records[0]);
dohClient.destroy();
});
tap.test('should resolve with prefer-udp strategy', async () => {
const client = new smartdns.Smartdns({ strategy: 'prefer-udp' });
const records = await client.getRecordsA('google.com');
expect(records).toBeInstanceOf(Array);
expect(records.length).toBeGreaterThan(0);
expect(records[0]).toHaveProperty('type', 'A');
console.log('prefer-udp A record:', records[0]);
client.destroy();
});
tap.test('should detect DNSSEC AD flag via UDP (Rust)', async () => {
const udpClient = new smartdns.Smartdns({ strategy: 'udp' });
const records = await udpClient.getRecordsA('lossless.com');
expect(records.length).toBeGreaterThan(0);
// Note: AD flag from upstream depends on upstream resolver behavior
// Cloudflare 1.1.1.1 sets AD for DNSSEC-signed domains
console.log('UDP DNSSEC:', records[0]);
udpClient.destroy();
});
tap.test('should cleanup via destroy()', async () => {
const client = new smartdns.Smartdns({ strategy: 'udp' });
// Trigger bridge spawn
await client.getRecordsA('google.com');
// Destroy should not throw
client.destroy();
});
tap.test('cleanup default client', async () => {
testDnsClient.destroy();
});
export default tap.start();

1
test/test.d.ts vendored
View File

@@ -1 +0,0 @@
import 'typings-test';

373
test/test.dnssec.rrset.ts Normal file
View File

@@ -0,0 +1,373 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Port management for tests
let nextHttpsPort = 8500;
let nextUdpPort = 8501;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
await server.stop();
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
}
}
tap.test('DNSSEC should sign entire RRset together, not individual records', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple NS record handlers
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns1.example.com',
};
});
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns2.example.com',
};
});
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns3.example.com',
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
// Create query with DNSSEC requested
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'NS',
class: 'IN',
},
],
additionals: [
{
name: '.',
type: 'OPT',
ttl: 0,
flags: 0x8000, // DO bit set for DNSSEC
data: Buffer.alloc(0),
} as any,
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
// Count NS and RRSIG records
const nsAnswers = dnsResponse.answers.filter(a => a.type === 'NS');
const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG');
console.log('NS records returned:', nsAnswers.length);
console.log('RRSIG records returned:', rrsigAnswers.length);
// Should have 3 NS records and only 1 RRSIG for the entire RRset
expect(nsAnswers.length).toEqual(3);
expect(rrsigAnswers.length).toEqual(1);
// Verify RRSIG covers NS type
const rrsigData = (rrsigAnswers[0] as any).data;
expect(rrsigData.typeCovered).toEqual('NS');
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('SOA records should be properly serialized and returned', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
// Query for a non-existent subdomain to trigger SOA response
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
// Should have SOA record in response
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
const soaData = (soaAnswers[0] as any).data;
console.log('SOA record:', soaData);
expect(soaData.mname).toEqual('ns1.example.com');
expect(soaData.rname).toEqual('hostmaster.example.com');
expect(typeof soaData.serial).toEqual('number');
expect(soaData.refresh).toEqual(3600);
expect(soaData.retry).toEqual(600);
expect(soaData.expire).toEqual(604800);
expect(soaData.minimum).toEqual(86400);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('Primary nameserver should be configurable', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
primaryNameserver: 'custom-ns.example.com',
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
// Query for SOA record
const query = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'SOA',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
// Should have SOA record with custom nameserver
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
const soaData = (soaAnswers[0] as any).data;
console.log('SOA mname:', soaData.mname);
// Should use the custom primary nameserver
expect(soaData.mname).toEqual('custom-ns.example.com');
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('Multiple A records should have single RRSIG when DNSSEC is enabled', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple A records for round-robin
const ips = ['10.0.0.1', '10.0.0.2', '10.0.0.3'];
for (const ip of ips) {
dnsServer.registerHandler('www.example.com', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: ip,
};
});
}
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 4,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'www.example.com',
type: 'A',
class: 'IN',
},
],
additionals: [
{
name: '.',
type: 'OPT',
ttl: 0,
flags: 0x8000, // DO bit set for DNSSEC
data: Buffer.alloc(0),
} as any,
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
const aAnswers = dnsResponse.answers.filter(a => a.type === 'A');
const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG');
console.log('A records:', aAnswers.length);
console.log('RRSIG records:', rrsigAnswers.length);
// Should have 3 A records and only 1 RRSIG
expect(aAnswers.length).toEqual(3);
expect(rrsigAnswers.length).toEqual(1);
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

228
test/test.fixes.simple.ts Normal file
View File

@@ -0,0 +1,228 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Port management for tests
let nextHttpsPort = 8600;
let nextUdpPort = 8601;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
await server.stop();
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
}
}
tap.test('SOA records should be returned for non-existent domains', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('✅ SOA response received');
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
const soaData = (soaAnswers[0] as any).data;
console.log('✅ SOA mname:', soaData.mname);
console.log('✅ SOA rname:', soaData.rname);
expect(soaData.mname).toEqual('ns1.example.com');
expect(soaData.rname).toEqual('hostmaster.example.com');
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('Primary nameserver should be configurable', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
primaryNameserver: 'custom-ns.example.com',
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
const soaData = (soaAnswers[0] as any).data;
console.log('✅ Custom primary nameserver:', soaData.mname);
expect(soaData.mname).toEqual('custom-ns.example.com');
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('Default primary nameserver with FQDN', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
primaryNameserver: 'ns.example.com.', // FQDN with trailing dot
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
const soaData = (soaAnswers[0] as any).data;
console.log('✅ FQDN primary nameserver:', soaData.mname);
expect(soaData.mname).toEqual('ns.example.com');
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

30
test/test.js
View File

@@ -1,30 +0,0 @@
"use strict";
require("typings-test");
const should = require("should");
const dnsly = require("../dist/index");
let testDnsly;
describe('dnsly', function () {
it('should create an instance of Dnsly', function () {
testDnsly = new dnsly.Dnsly('google');
should(testDnsly).be.instanceOf(dnsly.Dnsly);
});
it('should, get a dns record for a domain', function (done) {
testDnsly.getRecord('google.com', 'A').then(res => {
console.log(res);
done();
}).catch(err => {
console.log(err);
done(err);
});
});
it('should, get a mx record for a domain', function (done) {
testDnsly.getRecord('google.com', 'MX').then(res => {
console.log(res);
done();
}).catch(err => {
console.log(err);
done(err);
});
});
});
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInRlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLHdCQUFxQjtBQUNyQixpQ0FBZ0M7QUFFaEMsdUNBQXNDO0FBRXRDLElBQUksU0FBc0IsQ0FBQTtBQUUxQixRQUFRLENBQUMsT0FBTyxFQUFFO0lBQ2QsRUFBRSxDQUFDLG9DQUFvQyxFQUFFO1FBQ3JDLFNBQVMsR0FBRyxJQUFJLEtBQUssQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUE7UUFDckMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFBO0lBQ2hELENBQUMsQ0FBQyxDQUFBO0lBRUYsRUFBRSxDQUFDLHVDQUF1QyxFQUFFLFVBQVUsSUFBSTtRQUN0RCxTQUFTLENBQUMsU0FBUyxDQUFDLFlBQVksRUFBRSxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsR0FBRztZQUMzQyxPQUFPLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFBO1lBQ2hCLElBQUksRUFBRSxDQUFBO1FBQ1YsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEdBQUc7WUFDUixPQUFPLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFBO1lBQ2hCLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQTtRQUNiLENBQUMsQ0FBQyxDQUFBO0lBRU4sQ0FBQyxDQUFDLENBQUE7SUFFRixFQUFFLENBQUMsc0NBQXNDLEVBQUUsVUFBVSxJQUFJO1FBQ3JELFNBQVMsQ0FBQyxTQUFTLENBQUMsWUFBWSxFQUFFLElBQUksQ0FBQyxDQUFDLElBQUksQ0FBQyxHQUFHO1lBQzVDLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUE7WUFDaEIsSUFBSSxFQUFFLENBQUE7UUFDVixDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsR0FBRztZQUNSLE9BQU8sQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUE7WUFDaEIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFBO1FBQ2IsQ0FBQyxDQUFDLENBQUE7SUFFTixDQUFDLENBQUMsQ0FBQTtBQUNOLENBQUMsQ0FBQyxDQUFBIn0=

485
test/test.multiplerecords.fixed.ts Normal file
View File

@@ -0,0 +1,485 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Port management for tests
let nextHttpsPort = 8300;
let nextUdpPort = 8301;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
const stopPromise = server.stop();
const timeoutPromise = new Promise((_, reject) => {
setTimeout(() => reject(new Error('Stop operation timed out')), 5000);
});
await Promise.race([stopPromise, timeoutPromise]);
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
// Force close if normal stop fails
try {
// @ts-ignore - accessing private properties for emergency cleanup
if (server.httpsServer) {
(server as any).httpsServer.close();
(server as any).httpsServer = null;
}
// @ts-ignore - accessing private properties for emergency cleanup
if (server.udpServer) {
(server as any).udpServer.close();
(server as any).udpServer = null;
}
} catch (forceError) {
console.log('Force cleanup error:', forceError.message || forceError);
}
}
}
tap.test('should now return multiple NS records after fix', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple NS record handlers for the same domain
dnsServer.registerHandler('example.com', ['NS'], (question) => {
console.log('First NS handler called');
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns1.example.com',
};
});
dnsServer.registerHandler('example.com', ['NS'], (question) => {
console.log('Second NS handler called');
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns2.example.com',
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'NS',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('Fixed behavior - NS records returned:', dnsResponse.answers.length);
console.log('NS records:', dnsResponse.answers.filter(a => a.type === 'NS').map(a => a.data));
// FIXED BEHAVIOR: Should now return both NS records
const nsAnswers = dnsResponse.answers.filter(a => a.type === 'NS');
expect(nsAnswers.length).toEqual(2);
expect(nsAnswers.map(a => a.data).sort()).toEqual(['ns1.example.com', 'ns2.example.com']);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should support round-robin DNS with multiple A records', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple A record handlers for round-robin DNS
const ips = ['10.0.0.1', '10.0.0.2', '10.0.0.3'];
for (const ip of ips) {
dnsServer.registerHandler('www.example.com', ['A'], (question) => {
console.log(`A handler for ${ip} called`);
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: ip,
};
});
}
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'www.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('Fixed behavior - A records returned:', dnsResponse.answers.length);
console.log('A records:', dnsResponse.answers.filter(a => a.type === 'A').map(a => a.data));
// FIXED BEHAVIOR: Should return all A records for round-robin
const aAnswers = dnsResponse.answers.filter(a => a.type === 'A');
expect(aAnswers.length).toEqual(3);
expect(aAnswers.map(a => a.data).sort()).toEqual(['10.0.0.1', '10.0.0.2', '10.0.0.3']);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should return multiple TXT records', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple TXT record handlers
const txtRecords = [
['v=spf1 include:_spf.example.com ~all'],
['v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNA...'],
['google-site-verification=1234567890abcdef']
];
for (const data of txtRecords) {
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
console.log(`TXT handler for ${data[0].substring(0, 20)}... called`);
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 3600,
data: data,
};
});
}
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'TXT',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('Fixed behavior - TXT records returned:', dnsResponse.answers.length);
const txtAnswers = dnsResponse.answers.filter(a => a.type === 'TXT');
console.log('TXT records count:', txtAnswers.length);
// FIXED BEHAVIOR: Should return all TXT records
expect(txtAnswers.length).toEqual(3);
// Check that all expected records are present
const txtData = txtAnswers.map(a => a.data[0].toString());
expect(txtData.some(d => d.includes('spf1'))).toEqual(true);
expect(txtData.some(d => d.includes('DKIM1'))).toEqual(true);
expect(txtData.some(d => d.includes('google-site-verification'))).toEqual(true);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should handle DNSSEC correctly with multiple records', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple NS record handlers
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns1.example.com',
};
});
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns2.example.com',
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
// Create query with DNSSEC requested
const query = dnsPacket.encode({
type: 'query',
id: 4,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'NS',
class: 'IN',
},
],
additionals: [
{
name: '.',
type: 'OPT',
ttl: 0,
flags: 0x8000, // DO bit set for DNSSEC
data: Buffer.alloc(0),
} as any,
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('DNSSEC response - total answers:', dnsResponse.answers.length);
const nsAnswers = dnsResponse.answers.filter(a => a.type === 'NS');
const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG');
console.log('NS records:', nsAnswers.length);
console.log('RRSIG records:', rrsigAnswers.length);
// With DNSSEC RRset signing, all NS records share ONE RRSIG (entire RRset signed together)
expect(nsAnswers.length).toEqual(2);
expect(rrsigAnswers.length).toEqual(1);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should not return duplicate records when same handler registered multiple times', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register the same handler multiple times (edge case)
const sameHandler = (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '10.0.0.1',
};
};
dnsServer.registerHandler('test.example.com', ['A'], sameHandler);
dnsServer.registerHandler('test.example.com', ['A'], sameHandler);
dnsServer.registerHandler('test.example.com', ['A'], sameHandler);
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 5,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'test.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
const aAnswers = dnsResponse.answers.filter(a => a.type === 'A');
console.log('Duplicate handler test - A records returned:', aAnswers.length);
// Even though handler is registered 3 times, we get 3 identical records
// This is expected behavior - the DNS server doesn't deduplicate
expect(aAnswers.length).toEqual(3);
expect(aAnswers.every(a => a.data === '10.0.0.1')).toEqual(true);
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

279
test/test.multiplerecords.simple.ts Normal file
View File

@@ -0,0 +1,279 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Port management for tests
let nextHttpsPort = 8400;
let nextUdpPort = 8401;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
await server.stop();
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
}
}
tap.test('Multiple NS records should work correctly', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple NS record handlers
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns1.example.com',
};
});
dnsServer.registerHandler('example.com', ['NS'], (question) => {
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns2.example.com',
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'NS',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('✅ NS records returned:', dnsResponse.answers.length);
console.log('✅ NS records:', dnsResponse.answers.map(a => (a as any).data));
// SUCCESS: Multiple NS records are now returned
expect(dnsResponse.answers.length).toEqual(2);
expect(dnsResponse.answers.map(a => (a as any).data).sort()).toEqual(['ns1.example.com', 'ns2.example.com']);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('Multiple A records for round-robin DNS', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple A records
const ips = ['10.0.0.1', '10.0.0.2', '10.0.0.3'];
for (const ip of ips) {
dnsServer.registerHandler('www.example.com', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: ip,
};
});
}
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'www.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('✅ A records returned:', dnsResponse.answers.length);
console.log('✅ A records:', dnsResponse.answers.map(a => (a as any).data));
// SUCCESS: All A records for round-robin DNS
expect(dnsResponse.answers.length).toEqual(3);
expect(dnsResponse.answers.map(a => (a as any).data).sort()).toEqual(['10.0.0.1', '10.0.0.2', '10.0.0.3']);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('Multiple TXT records', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple TXT records
const txtRecords = [
['v=spf1 include:_spf.example.com ~all'],
['v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNA...'],
['google-site-verification=1234567890abcdef']
];
for (const data of txtRecords) {
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 3600,
data: data,
};
});
}
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'TXT',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('✅ TXT records returned:', dnsResponse.answers.length);
// SUCCESS: All TXT records are returned
expect(dnsResponse.answers.length).toEqual(3);
const txtData = dnsResponse.answers.map(a => (a as any).data[0].toString());
expect(txtData.some(d => d.includes('spf1'))).toEqual(true);
expect(txtData.some(d => d.includes('DKIM1'))).toEqual(true);
expect(txtData.some(d => d.includes('google-site-verification'))).toEqual(true);
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

424
test/test.multiplerecords.ts Normal file
View File

@@ -0,0 +1,424 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Port management for tests
let nextHttpsPort = 8200;
let nextUdpPort = 8201;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
const stopPromise = server.stop();
const timeoutPromise = new Promise((_, reject) => {
setTimeout(() => reject(new Error('Stop operation timed out')), 5000);
});
await Promise.race([stopPromise, timeoutPromise]);
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
// Force close if normal stop fails
try {
// @ts-ignore - accessing private properties for emergency cleanup
if (server.httpsServer) {
(server as any).httpsServer.close();
(server as any).httpsServer = null;
}
// @ts-ignore - accessing private properties for emergency cleanup
if (server.udpServer) {
(server as any).udpServer.close();
(server as any).udpServer = null;
}
} catch (forceError) {
console.log('Force cleanup error:', forceError.message || forceError);
}
}
}
tap.test('should properly return multiple NS records', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple NS record handlers for the same domain
dnsServer.registerHandler('example.com', ['NS'], (question) => {
console.log('First NS handler called');
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns1.example.com',
};
});
dnsServer.registerHandler('example.com', ['NS'], (question) => {
console.log('Second NS handler called');
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: 'ns2.example.com',
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'NS',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('Current behavior - NS records returned:', dnsResponse.answers.length);
console.log('NS records:', dnsResponse.answers.map(a => (a as any).data));
// Should return all registered NS records
expect(dnsResponse.answers.length).toEqual(2);
const nsData = dnsResponse.answers.map(a => (a as any).data).sort();
expect(nsData).toEqual(['ns1.example.com', 'ns2.example.com']);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should properly return multiple A records for round-robin DNS', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple A record handlers for round-robin DNS
dnsServer.registerHandler('www.example.com', ['A'], (question) => {
console.log('First A handler called');
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '10.0.0.1',
};
});
dnsServer.registerHandler('www.example.com', ['A'], (question) => {
console.log('Second A handler called');
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '10.0.0.2',
};
});
dnsServer.registerHandler('www.example.com', ['A'], (question) => {
console.log('Third A handler called');
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '10.0.0.3',
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'www.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('Current behavior - A records returned:', dnsResponse.answers.length);
console.log('A records:', dnsResponse.answers.map(a => (a as any).data));
// Should return all registered A records for round-robin DNS
expect(dnsResponse.answers.length).toEqual(3);
const aData = dnsResponse.answers.map(a => (a as any).data).sort();
expect(aData).toEqual(['10.0.0.1', '10.0.0.2', '10.0.0.3']);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should properly return multiple TXT records', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register multiple TXT record handlers
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
console.log('SPF handler called');
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 3600,
data: ['v=spf1 include:_spf.example.com ~all'],
};
});
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
console.log('DKIM handler called');
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 3600,
data: ['v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNA...'],
};
});
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
console.log('Domain verification handler called');
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 3600,
data: ['google-site-verification=1234567890abcdef'],
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'TXT',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('Current behavior - TXT records returned:', dnsResponse.answers.length);
console.log('TXT records:', dnsResponse.answers.map(a => (a as any).data));
// Should return all registered TXT records
expect(dnsResponse.answers.length).toEqual(3);
const txtData = dnsResponse.answers.map(a => (a as any).data[0]).sort();
expect(txtData[0]).toInclude('google-site-verification');
expect(txtData[1]).toInclude('DKIM1');
expect(txtData[2]).toInclude('spf1');
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should rotate between records when using a single handler', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Pattern: Create an array to store NS records and rotate through them
const nsRecords = ['ns1.example.com', 'ns2.example.com'];
let nsIndex = 0;
// This pattern rotates between records on successive queries
dnsServer.registerHandler('example.com', ['NS'], (question) => {
const record = nsRecords[nsIndex % nsRecords.length];
nsIndex++;
return {
name: question.name,
type: 'NS',
class: 'IN',
ttl: 3600,
data: record,
};
});
await dnsServer.start();
// Make two queries to show the workaround behavior
const client1 = dgram.createSocket('udp4');
const client2 = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 4,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'NS',
class: 'IN',
},
],
});
const responsePromise1 = new Promise<dnsPacket.Packet>((resolve, reject) => {
client1.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client1.close();
});
client1.send(query, udpPort, 'localhost');
});
const responsePromise2 = new Promise<dnsPacket.Packet>((resolve, reject) => {
client2.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client2.close();
});
setTimeout(() => {
client2.send(query, udpPort, 'localhost');
}, 100);
});
const [response1, response2] = await Promise.all([responsePromise1, responsePromise2]);
console.log('First query NS:', (response1.answers[0] as any).data);
console.log('Second query NS:', (response2.answers[0] as any).data);
// This pattern rotates between records but returns one at a time per query
expect(response1.answers.length).toEqual(1);
expect(response2.answers.length).toEqual(1);
expect((response1.answers[0] as any).data).toEqual('ns1.example.com');
expect((response2.answers[0] as any).data).toEqual('ns2.example.com');
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

774
test/test.server.ts Normal file
View File

@@ -0,0 +1,774 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import { execSync } from 'child_process';
import * as dnsPacket from 'dns-packet';
import * as https from 'https';
import * as dgram from 'dgram';
import * as fs from 'fs';
import * as path from 'path';
import * as os from 'os';
import * as smartdns from '../ts_server/index.js';
// Generate a real self-signed certificate using OpenSSL
function generateSelfSignedCert() {
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'cert-'));
const keyPath = path.join(tmpDir, 'key.pem');
const certPath = path.join(tmpDir, 'cert.pem');
try {
// Generate private key
execSync(`openssl genrsa -out "${keyPath}" 2048`);
// Generate self-signed certificate
execSync(
`openssl req -new -x509 -key "${keyPath}" -out "${certPath}" -days 365 -subj "/C=US/ST=State/L=City/O=Organization/CN=test.example.com"`
);
// Read the files
const privateKey = fs.readFileSync(keyPath, 'utf8');
const cert = fs.readFileSync(certPath, 'utf8');
return { key: privateKey, cert };
} catch (error) {
console.error('Error generating certificate:', error);
throw error;
} finally {
// Clean up temporary files
try {
if (fs.existsSync(keyPath)) fs.unlinkSync(keyPath);
if (fs.existsSync(certPath)) fs.unlinkSync(certPath);
if (fs.existsSync(tmpDir)) fs.rmdirSync(tmpDir);
} catch (err) {
console.error('Error cleaning up temporary files:', err);
}
}
}
// Cache the generated certificate for performance
let cachedCert = null;
// Helper function to get certificate
function getTestCertificate() {
if (!cachedCert) {
cachedCert = generateSelfSignedCert();
}
return cachedCert;
}
// Mock for acme-client directly imported as a module
const acmeClientMock = {
Client: class {
constructor() {}
createAccount() {
return Promise.resolve({});
}
createOrder() {
return Promise.resolve({
authorizations: ['auth1', 'auth2']
});
}
getAuthorizations() {
return Promise.resolve([
{
identifier: { value: 'test.bleu.de' },
challenges: [
{ type: 'dns-01', url: 'https://example.com/challenge' }
]
}
]);
}
getChallengeKeyAuthorization() {
return Promise.resolve('test_key_authorization');
}
completeChallenge() {
return Promise.resolve({});
}
waitForValidStatus() {
return Promise.resolve({});
}
finalizeOrder() {
return Promise.resolve({});
}
getCertificate() {
// Use a real certificate
const { cert } = getTestCertificate();
return Promise.resolve(cert);
}
},
forge: {
createCsr({commonName, altNames}) {
return Promise.resolve({
csr: Buffer.from('mock-csr-data')
});
}
},
directory: {
letsencrypt: {
staging: 'https://acme-staging-v02.api.letsencrypt.org/directory',
production: 'https://acme-v02.api.letsencrypt.org/directory'
}
}
};
// Override generateKeyPairSync to use our test key for certificate generation in tests
const originalGenerateKeyPairSync = plugins.crypto.generateKeyPairSync;
plugins.crypto.generateKeyPairSync = function(type, options) {
if (type === 'rsa' &&
options?.modulusLength === 2048 &&
options?.privateKeyEncoding?.type === 'pkcs8') {
// Get the test certificate key if we're in the retrieveSslCertificate method
try {
const stack = new Error().stack || '';
if (stack.includes('retrieveSslCertificate')) {
const { key } = getTestCertificate();
return { privateKey: key, publicKey: 'TEST_PUBLIC_KEY' };
}
} catch (e) {
// Fall back to original function if error occurs
}
}
// Use the original function for other cases
return originalGenerateKeyPairSync.apply(this, arguments);
};
let dnsServer: smartdns.DnsServer;
const testCertDir = path.join(process.cwd(), 'test-certs');
// Helper to clean up test certificate directory
function cleanCertDir() {
if (fs.existsSync(testCertDir)) {
const files = fs.readdirSync(testCertDir);
for (const file of files) {
fs.unlinkSync(path.join(testCertDir, file));
}
fs.rmdirSync(testCertDir);
}
}
// Port management for tests
let nextHttpsPort = 8080;
let nextUdpPort = 8081;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers - more robust implementation
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return; // Nothing to do if server doesn't exist
}
try {
// Set a timeout for stop operation
const stopPromise = server.stop();
const timeoutPromise = new Promise((_, reject) => {
setTimeout(() => reject(new Error('Stop operation timed out')), 5000);
});
await Promise.race([stopPromise, timeoutPromise]);
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
// Force close if normal stop fails
try {
// @ts-ignore - accessing private properties for emergency cleanup
if (server.httpsServer) {
(server as any).httpsServer.close();
(server as any).httpsServer = null;
}
// @ts-ignore - accessing private properties for emergency cleanup
if (server.udpServer) {
(server as any).udpServer.close();
(server as any).udpServer = null;
}
} catch (forceError) {
console.log('Force cleanup error:', forceError.message || forceError);
}
}
}
// Setup and teardown
tap.test('setup', async () => {
cleanCertDir();
// Reset dnsServer to null at the start
dnsServer = null;
// Reset certificate cache
cachedCert = null;
});
tap.test('teardown', async () => {
// Stop the server if it exists
await stopServer(dnsServer);
dnsServer = null;
cleanCertDir();
// Reset certificate cache
cachedCert = null;
});
tap.test('should create an instance of DnsServer', async () => {
// Use valid options
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8080,
udpPort: 8081,
dnssecZone: 'example.com',
});
expect(dnsServer).toBeInstanceOf(smartdns.DnsServer);
});
tap.test('should start the server', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
});
await dnsServer.start();
// @ts-ignore - accessing private property for testing
expect(dnsServer.httpsServer).toBeDefined();
// Stop the server at the end of this test
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('lets add a handler', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8080,
udpPort: 8081,
dnssecZone: 'example.com',
});
dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
};
});
// @ts-ignore - accessing private method for testing
const response = dnsServer.resolveQuery({
correlationId: 'test-1',
questions: [
{
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
},
],
});
expect(response.answered).toEqual(true);
expect(response.answers[0]).toEqual({
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
});
});
tap.test('should unregister a handler', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8080,
udpPort: 8081,
dnssecZone: 'example.com',
});
// Register handlers
dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
};
});
dnsServer.registerHandler('test.com', ['TXT'], (question) => {
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 300,
data: ['test'],
};
});
// Test unregistering
const result = dnsServer.unregisterHandler('*.bleu.de', ['A']);
expect(result).toEqual(true);
// Verify handler is removed
// @ts-ignore - accessing private method for testing
const response = dnsServer.resolveQuery({
correlationId: 'test-2',
questions: [
{
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
},
],
});
// Should not find any handler match
expect(response.answered).toEqual(false);
expect(response.answers.length).toEqual(0);
});
tap.test('lets query over https', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const httpsPort = getUniqueHttpsPort();
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: httpsPort,
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
});
await dnsServer.start();
dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
};
});
// Skip SSL verification for self-signed cert in tests
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
},
],
});
const response = await fetch(`https://localhost:${httpsPort}/dns-query`, {
method: 'POST',
body: query,
headers: {
'Content-Type': 'application/dns-message',
}
});
expect(response.status).toEqual(200);
const responseData = await response.arrayBuffer();
const dnsResponse = dnsPacket.decode(Buffer.from(responseData));
console.log(dnsResponse.answers[0]);
expect(dnsResponse.answers[0]).toEqual({
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
ttl: 300,
flush: false,
data: '127.0.0.1',
});
// Reset TLS verification
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1';
// Clean up server
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('lets query over udp', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const udpPort = getUniqueUdpPort();
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
await dnsServer.start();
dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
};
});
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log(dnsResponse.answers[0]);
expect(dnsResponse.answers[0]).toEqual({
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
ttl: 300,
flush: false,
data: '127.0.0.1',
});
// Clean up server
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should filter authorized domains correctly', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8080,
udpPort: 8081,
dnssecZone: 'example.com',
});
// Register handlers for specific domains
dnsServer.registerHandler('*.bleu.de', ['A'], () => null);
dnsServer.registerHandler('test.com', ['A'], () => null);
// Test filtering authorized domains
const authorizedDomains = dnsServer.filterAuthorizedDomains([
'test.com', // Should be authorized
'sub.test.com', // Should not be authorized
'*.bleu.de', // Pattern itself isn't a domain
'something.bleu.de', // Should be authorized via wildcard pattern
'example.com', // Should be authorized (dnssecZone)
'sub.example.com', // Should be authorized (within dnssecZone)
'othersite.org' // Should not be authorized
]);
// Using toContain with expect from tapbundle
expect(authorizedDomains.includes('test.com')).toEqual(true);
expect(authorizedDomains.includes('something.bleu.de')).toEqual(true);
expect(authorizedDomains.includes('example.com')).toEqual(true);
expect(authorizedDomains.includes('sub.example.com')).toEqual(true);
expect(authorizedDomains.includes('sub.test.com')).toEqual(false);
expect(authorizedDomains.includes('*.bleu.de')).toEqual(false);
expect(authorizedDomains.includes('othersite.org')).toEqual(false);
});
tap.test('should retrieve SSL certificate successfully', async () => {
// Clean up any existing server
await stopServer(dnsServer);
// Create a temporary directory for the certificate test
const tempCertDir = path.join(process.cwd(), 'temp-certs');
if (!fs.existsSync(tempCertDir)) {
fs.mkdirSync(tempCertDir, { recursive: true });
}
// Create a server with unique ports
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
});
// Register handlers for test domains
dnsServer.registerHandler('*.bleu.de', ['A'], () => null);
dnsServer.registerHandler('test.bleu.de', ['A'], () => null);
await dnsServer.start();
// Inject our mock for acme-client
(dnsServer as any).acmeClientOverride = acmeClientMock;
try {
// Request certificate for domains
const result = await dnsServer.retrieveSslCertificate(
['test.bleu.de', '*.bleu.de', 'unknown.org'],
{
email: 'test@example.com',
staging: true,
certDir: tempCertDir
}
);
console.log('Certificate retrieval result:', {
success: result.success,
certLength: result.cert.length,
keyLength: result.key.length,
});
expect(result.success).toEqual(true);
expect(result.cert.includes('BEGIN CERTIFICATE')).toEqual(true);
expect(typeof result.key === 'string').toEqual(true);
// Check that certificate directory was created
expect(fs.existsSync(tempCertDir)).toEqual(true);
// Verify TXT record handler was registered and then removed
// @ts-ignore - accessing private property for testing
const txtHandlerCount = dnsServer.handlers.filter(h =>
h.domainPattern.includes('_acme-challenge') &&
h.recordTypes.includes('TXT')
).length;
expect(txtHandlerCount).toEqual(0); // Should be removed after validation
} catch (err) {
console.error('Test error:', err);
throw err;
} finally {
// Clean up server and temporary cert directory
await stopServer(dnsServer);
dnsServer = null;
if (fs.existsSync(tempCertDir)) {
const files = fs.readdirSync(tempCertDir);
for (const file of files) {
fs.unlinkSync(path.join(tempCertDir, file));
}
fs.rmdirSync(tempCertDir);
}
}
});
tap.test('should run for a while', async (toolsArg) => {
await toolsArg.delayFor(1000);
});
tap.test('should bind to localhost interface only', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
udpBindInterface: '127.0.0.1',
httpsBindInterface: '127.0.0.1'
});
// Add timeout to start operation
const startPromise = dnsServer.start();
const timeoutPromise = new Promise((_, reject) => {
setTimeout(() => reject(new Error('Start operation timed out')), 10000);
});
await Promise.race([startPromise, timeoutPromise]);
// @ts-ignore - accessing private property for testing
expect(dnsServer.httpsServer).toBeDefined();
// @ts-ignore - accessing private property for testing
expect(dnsServer.udpServer).toBeDefined();
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should reject invalid IP addresses', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
// Test invalid UDP interface
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
udpBindInterface: 'invalid-ip',
});
let error1 = null;
try {
await dnsServer.start();
} catch (err) {
error1 = err;
}
expect(error1).toBeDefined();
expect(error1.message).toContain('Invalid UDP bind interface');
// Test invalid HTTPS interface
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
httpsBindInterface: '999.999.999.999',
});
let error2 = null;
try {
await dnsServer.start();
} catch (err) {
error2 = err;
}
expect(error2).toBeDefined();
expect(error2.message).toContain('Invalid HTTPS bind interface');
dnsServer = null;
});
tap.test('should work with IPv6 localhost if available', async () => {
// Clean up any existing server
await stopServer(dnsServer);
// Skip IPv6 test if not supported
try {
const testSocket = require('dgram').createSocket('udp6');
testSocket.bind(0, '::1');
testSocket.close();
} catch (err) {
console.log('IPv6 not supported in this environment, skipping test');
return;
}
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
udpBindInterface: '::1',
httpsBindInterface: '::1'
});
try {
await dnsServer.start();
// @ts-ignore - accessing private property for testing
expect(dnsServer.httpsServer).toBeDefined();
await stopServer(dnsServer);
} catch (err) {
console.log('IPv6 binding failed:', err.message);
await stopServer(dnsServer);
throw err;
}
dnsServer = null;
});
tap.test('should stop the server', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
});
await dnsServer.start();
await dnsServer.stop();
// @ts-ignore - accessing private property for testing
expect(dnsServer.httpsServer).toEqual(null);
// Clear the reference
dnsServer = null;
});
export default tap.start();

361
test/test.soa.debug.ts Normal file
View File

@@ -0,0 +1,361 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Port management for tests
let nextHttpsPort = 8700;
let nextUdpPort = 8701;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
await server.stop();
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
}
}
tap.test('Direct SOA query should work without timeout', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register a SOA handler directly
dnsServer.registerHandler('example.com', ['SOA'], (question) => {
console.log('Direct SOA handler called for:', question.name);
return {
name: question.name,
type: 'SOA',
class: 'IN',
ttl: 3600,
data: {
mname: 'ns1.example.com',
rname: 'hostmaster.example.com',
serial: 2024010101,
refresh: 3600,
retry: 600,
expire: 604800,
minimum: 86400,
},
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'SOA',
class: 'IN',
},
],
});
console.log('Sending SOA query for example.com');
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out after 5 seconds'));
}, 5000);
client.on('message', (msg) => {
clearTimeout(timeout);
try {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
} catch (e) {
reject(new Error(`Failed to decode response: ${e.message}`));
}
client.close();
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
clearTimeout(timeout);
reject(err);
client.close();
}
});
});
try {
const dnsResponse = await responsePromise;
console.log('SOA response received:', dnsResponse.answers.length, 'answers');
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
const soaData = (soaAnswers[0] as any).data;
console.log('SOA data:', soaData);
expect(soaData.mname).toEqual('ns1.example.com');
expect(soaData.serial).toEqual(2024010101);
} catch (error) {
console.error('SOA query failed:', error);
throw error;
}
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('SOA query with DNSSEC should work', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.example.com',
type: 'A',
class: 'IN',
},
],
additionals: [
{
name: '.',
type: 'OPT',
ttl: 0,
flags: 0x8000, // DO bit set for DNSSEC
data: Buffer.alloc(0),
} as any,
],
});
console.log('Sending query for nonexistent domain with DNSSEC');
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out after 5 seconds'));
}, 5000);
client.on('message', (msg) => {
clearTimeout(timeout);
try {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
} catch (e) {
reject(new Error(`Failed to decode response: ${e.message}`));
}
client.close();
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
clearTimeout(timeout);
reject(err);
client.close();
}
});
});
try {
const dnsResponse = await responsePromise;
console.log('Response received with', dnsResponse.answers.length, 'answers');
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG');
console.log('SOA records found:', soaAnswers.length);
console.log('RRSIG records found:', rrsigAnswers.length);
// Must have exactly 1 SOA for the zone
expect(soaAnswers.length).toEqual(1);
// Must have at least 1 RRSIG covering the SOA
expect(rrsigAnswers.length).toBeGreaterThan(0);
// Verify RRSIG covers SOA type
const rrsigData = (rrsigAnswers[0] as any).data;
expect(rrsigData.typeCovered).toEqual('SOA');
// Verify SOA data fields are present and valid
const soaData = (soaAnswers[0] as any).data;
console.log('SOA data:', soaData);
expect(soaData.mname).toStartWith('ns'); // nameserver
expect(soaData.rname).toInclude('.'); // responsible party email
expect(typeof soaData.serial).toEqual('number');
expect(soaData.refresh).toBeGreaterThan(0);
expect(soaData.retry).toBeGreaterThan(0);
expect(soaData.expire).toBeGreaterThan(0);
expect(soaData.minimum).toBeGreaterThan(0);
} catch (error) {
console.error('SOA query with DNSSEC failed:', error);
throw error;
}
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('SOA serialization produces correct wire format', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'roundtrip.example.com',
});
// Register a handler with specific SOA data we can verify round-trips correctly
const expectedSoa = {
mname: 'ns1.roundtrip.example.com',
rname: 'admin.roundtrip.example.com',
serial: 2025020101,
refresh: 7200,
retry: 1800,
expire: 1209600,
minimum: 43200,
};
dnsServer.registerHandler('roundtrip.example.com', ['SOA'], (question) => {
return {
name: question.name,
type: 'SOA',
class: 'IN',
ttl: 3600,
data: expectedSoa,
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
// Plain UDP query without DNSSEC to test pure SOA serialization
const query = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'roundtrip.example.com',
type: 'SOA',
class: 'IN',
},
],
});
console.log('Sending plain SOA query for serialization round-trip test');
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out after 5 seconds'));
}, 5000);
client.on('message', (msg) => {
clearTimeout(timeout);
try {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
} catch (e) {
reject(new Error(`Failed to decode response: ${e.message}`));
}
client.close();
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
clearTimeout(timeout);
reject(err);
client.close();
}
});
});
try {
const dnsResponse = await responsePromise;
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
const soaData = (soaAnswers[0] as any).data;
console.log('Round-trip SOA data:', soaData);
// Verify all 7 SOA fields survived the full round-trip:
// handler → Rust encode_soa → wire → dns-packet decode
expect(soaData.mname).toEqual(expectedSoa.mname);
expect(soaData.rname).toEqual(expectedSoa.rname);
expect(soaData.serial).toEqual(expectedSoa.serial);
expect(soaData.refresh).toEqual(expectedSoa.refresh);
expect(soaData.retry).toEqual(expectedSoa.retry);
expect(soaData.expire).toEqual(expectedSoa.expire);
expect(soaData.minimum).toEqual(expectedSoa.minimum);
} catch (error) {
console.error('SOA serialization round-trip test failed:', error);
throw error;
}
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

271
test/test.soa.final.ts Normal file
View File

@@ -0,0 +1,271 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Port management for tests
let nextHttpsPort = 8900;
let nextUdpPort = 8901;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
await server.stop();
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
}
}
tap.test('SOA records work for all scenarios', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
primaryNameserver: 'ns.example.com',
});
// Register SOA handler for the zone
dnsServer.registerHandler('example.com', ['SOA'], (question) => {
console.log('SOA handler called for:', question.name);
return {
name: question.name,
type: 'SOA',
class: 'IN',
ttl: 3600,
data: {
mname: 'ns.example.com',
rname: 'admin.example.com',
serial: 2024010101,
refresh: 3600,
retry: 600,
expire: 604800,
minimum: 86400,
},
};
});
// Register some other records
dnsServer.registerHandler('example.com', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '192.168.1.1',
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
// Test 1: Direct SOA query
console.log('\n--- Test 1: Direct SOA query ---');
const soaQuery = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'SOA',
class: 'IN',
},
],
});
let response = await new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out'));
}, 2000);
client.on('message', (msg) => {
clearTimeout(timeout);
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.removeAllListeners();
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(soaQuery, udpPort, 'localhost');
});
console.log('Direct SOA query response:', response.answers.length, 'answers');
expect(response.answers.length).toEqual(1);
expect(response.answers[0].type).toEqual('SOA');
// Test 2: Non-existent domain query (should get SOA in authority)
console.log('\n--- Test 2: Non-existent domain query ---');
const nxQuery = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.example.com',
type: 'A',
class: 'IN',
},
],
});
response = await new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out'));
}, 2000);
client.on('message', (msg) => {
clearTimeout(timeout);
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.removeAllListeners();
});
client.send(nxQuery, udpPort, 'localhost');
});
console.log('Non-existent query response:', response.answers.length, 'answers');
const soaAnswers = response.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
// Test 3: SOA with DNSSEC
console.log('\n--- Test 3: SOA query with DNSSEC ---');
const dnssecQuery = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'SOA',
class: 'IN',
},
],
additionals: [
{
name: '.',
type: 'OPT',
ttl: 0,
flags: 0x8000, // DO bit
data: Buffer.alloc(0),
} as any,
],
});
response = await new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out'));
}, 2000);
client.on('message', (msg) => {
clearTimeout(timeout);
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.removeAllListeners();
});
client.send(dnssecQuery, udpPort, 'localhost');
});
console.log('DNSSEC SOA query response:', response.answers.length, 'answers');
console.log('Answer types:', response.answers.map(a => a.type));
expect(response.answers.length).toEqual(2); // SOA + RRSIG
expect(response.answers.some(a => a.type === 'SOA')).toEqual(true);
expect(response.answers.some(a => a.type === 'RRSIG')).toEqual(true);
client.close();
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('Configurable primary nameserver works correctly', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'test.com',
primaryNameserver: 'master.test.com',
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.test.com',
type: 'A',
class: 'IN',
},
],
});
const response = await new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out'));
}, 2000);
client.on('message', (msg) => {
clearTimeout(timeout);
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost');
});
const soaAnswers = response.answers.filter(a => a.type === 'SOA');
console.log('✅ Configured primary nameserver:', (soaAnswers[0] as any).data.mname);
expect((soaAnswers[0] as any).data.mname).toEqual('master.test.com');
client.close();
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

201
test/test.soa.simple.ts Normal file
View File

@@ -0,0 +1,201 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Port management for tests
let nextHttpsPort = 8800;
let nextUdpPort = 8801;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
await server.stop();
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
}
}
tap.test('Simple SOA query without DNSSEC', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
// Query for a non-existent domain WITHOUT DNSSEC
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.example.com',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out'));
}, 2000);
client.on('message', (msg) => {
clearTimeout(timeout);
try {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
} catch (e) {
reject(e);
}
client.close();
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
clearTimeout(timeout);
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('✅ SOA response without DNSSEC received');
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
const soaData = (soaAnswers[0] as any).data;
console.log('✅ SOA data:', soaData.mname);
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('Direct SOA query without DNSSEC', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = getUniqueUdpPort();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
// Register direct SOA handler
dnsServer.registerHandler('example.com', ['SOA'], (question) => {
return {
name: question.name,
type: 'SOA',
class: 'IN',
ttl: 3600,
data: {
mname: 'ns1.example.com',
rname: 'hostmaster.example.com',
serial: 2024010101,
refresh: 3600,
retry: 600,
expire: 604800,
minimum: 86400,
},
};
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'example.com',
type: 'SOA',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
reject(new Error('Query timed out'));
}, 2000);
client.on('message', (msg) => {
clearTimeout(timeout);
try {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
} catch (e) {
reject(e);
}
client.close();
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
clearTimeout(timeout);
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log('✅ Direct SOA query succeeded');
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
expect(soaAnswers.length).toEqual(1);
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

237
test/test.soa.timeout.ts Normal file
View File

@@ -0,0 +1,237 @@
import { expect, tap } from '@git.zone/tstest/tapbundle';
import { tapNodeTools } from '@git.zone/tstest/tapbundle_serverside';
import * as dnsPacket from 'dns-packet';
import * as dgram from 'dgram';
import * as smartdns from '../ts_server/index.js';
let dnsServer: smartdns.DnsServer;
// Cleanup function for servers
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return;
}
try {
await server.stop();
} catch (e) {
console.log('Handled error when stopping server:', e.message || e);
}
}
tap.test('Test SOA with DNSSEC timing', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = 8754;
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8755,
udpPort: udpPort,
dnssecZone: 'example.com',
});
await dnsServer.start();
const client = dgram.createSocket('udp4');
// Test with DNSSEC enabled
const query = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.example.com',
type: 'A',
class: 'IN',
},
],
additionals: [
{
name: '.',
type: 'OPT',
ttl: 0,
flags: 0x8000, // DO bit set for DNSSEC
data: Buffer.alloc(0),
} as any,
],
});
const startTime = Date.now();
console.log('Sending DNSSEC query for nonexistent domain...');
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
const elapsed = Date.now() - startTime;
reject(new Error(`Query timed out after ${elapsed}ms`));
}, 3000);
client.on('message', (msg) => {
clearTimeout(timeout);
const elapsed = Date.now() - startTime;
console.log(`Response received in ${elapsed}ms`);
try {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
} catch (e) {
reject(new Error(`Failed to decode response: ${e.message}`));
}
client.close();
});
client.on('error', (err) => {
clearTimeout(timeout);
const elapsed = Date.now() - startTime;
console.error(`Error after ${elapsed}ms:`, err);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
clearTimeout(timeout);
reject(err);
client.close();
}
});
});
try {
const dnsResponse = await responsePromise;
console.log('Response details:');
console.log('- Answers:', dnsResponse.answers.length);
console.log('- Answer types:', dnsResponse.answers.map(a => a.type));
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG');
console.log('- SOA records:', soaAnswers.length);
console.log('- RRSIG records:', rrsigAnswers.length);
// Must have exactly 1 SOA for the zone
expect(soaAnswers.length).toEqual(1);
// Must have at least 1 RRSIG covering the SOA
expect(rrsigAnswers.length).toBeGreaterThan(0);
// Verify RRSIG covers SOA type
const rrsigData = (rrsigAnswers[0] as any).data;
expect(rrsigData.typeCovered).toEqual('SOA');
} catch (error) {
console.error('DNSSEC SOA query failed:', error);
throw error;
}
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('DNSSEC signing completes within reasonable time', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
const udpPort = 8756;
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8757,
udpPort: udpPort,
dnssecZone: 'perf.example.com',
});
// No handlers registered — server returns SOA for nonexistent domain
await dnsServer.start();
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'nonexistent.perf.example.com',
type: 'A',
class: 'IN',
},
],
additionals: [
{
name: '.',
type: 'OPT',
ttl: 0,
flags: 0x8000, // DO bit set for DNSSEC
data: Buffer.alloc(0),
} as any,
],
});
const startTime = Date.now();
console.log('Sending DNSSEC query for performance test...');
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
const timeout = setTimeout(() => {
client.close();
const elapsed = Date.now() - startTime;
reject(new Error(`Query timed out after ${elapsed}ms — exceeds 2s budget`));
}, 2000);
client.on('message', (msg) => {
clearTimeout(timeout);
const elapsed = Date.now() - startTime;
console.log(`DNSSEC response received in ${elapsed}ms`);
try {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
} catch (e) {
reject(new Error(`Failed to decode response: ${e.message}`));
}
client.close();
});
client.on('error', (err) => {
clearTimeout(timeout);
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
clearTimeout(timeout);
reject(err);
client.close();
}
});
});
try {
const dnsResponse = await responsePromise;
const elapsed = Date.now() - startTime;
// Response must arrive within 2 seconds (generous for CI)
expect(elapsed).toBeLessThan(2000);
// Verify correctness: SOA + RRSIG present
const soaAnswers = dnsResponse.answers.filter(a => a.type === 'SOA');
const rrsigAnswers = dnsResponse.answers.filter(a => a.type === 'RRSIG');
expect(soaAnswers.length).toEqual(1);
expect(rrsigAnswers.length).toBeGreaterThan(0);
const rrsigData = (rrsigAnswers[0] as any).data;
expect(rrsigData.typeCovered).toEqual('SOA');
console.log(`DNSSEC signing performance OK: ${elapsed}ms`);
} catch (error) {
console.error('DNSSEC performance test failed:', error);
throw error;
}
await stopServer(dnsServer);
dnsServer = null;
});
export default tap.start();

35
test/test.ts
View File

@@ -1,35 +0,0 @@
import 'typings-test'
import * as should from 'should'
import * as dnsly from '../dist/index'
let testDnsly: dnsly.Dnsly
describe('dnsly', function () {
it('should create an instance of Dnsly', function () {
testDnsly = new dnsly.Dnsly('google')
should(testDnsly).be.instanceOf(dnsly.Dnsly)
})
it('should, get a dns record for a domain', function (done) {
testDnsly.getRecord('google.com', 'A').then(res => {
console.log(res)
done()
}).catch(err => {
console.log(err)
done(err)
})
})
it('should, get a mx record for a domain', function (done) {
testDnsly.getRecord('google.com', 'MX').then(res => {
console.log(res)
done()
}).catch(err => {
console.log(err)
done(err)
})
})
})

8
ts/00_commitinfo_data.ts Normal file
View File

@@ -0,0 +1,8 @@
/**
* autocreated commitinfo by @push.rocks/commitinfo
*/
export const commitinfo = {
name: '@push.rocks/smartdns',
version: '7.9.0',
description: 'A robust TypeScript library providing advanced DNS management and resolution capabilities including support for DNSSEC, custom DNS servers, and integration with various DNS providers.'
}

8
ts/dnsly.plugins.ts
View File

@@ -1,8 +0,0 @@
import 'typings-global'
import * as beautylog from 'beautylog'
import * as dns from 'dns'
export {
beautylog,
dns
}

57
ts/index.ts
View File

@@ -1,55 +1,4 @@
import * as q from 'q'
import * as plugins from './dnsly.plugins'
import * as dnsClientMod from '../dist_ts_client/index.js';
import * as dnsServerMod from '../dist_ts_server/index.js';
export type TDnsProvider = 'google'
export type TDnsRecordType = 'A'
| 'AAAA'
| 'CNAME'
| 'PTR'
| 'MX'
| 'NAPTR'
| 'NS'
| 'SOA'
| 'SRV'
| 'TXT'
/**
* class dnsly offers methods for working with dns from a dns provider like Google DNS
*/
export class Dnsly {
dnsServerIp: string
dnsServerPort: number
/**
* constructor for class dnsly
*/
constructor(dnsProviderArg: TDnsProvider) {
this._setDnsProvider(dnsProviderArg)
}
/**
* gets a record
*/
getRecord(recordNameArg: string, recordTypeArg: TDnsRecordType) {
let done = q.defer()
plugins.dns.resolve(recordNameArg,recordTypeArg, (err, addresses) => {
if (err) {
done.reject(err)
}
done.resolve(addresses)
})
return done.promise
}
/**
* set the DNS provider
*/
private _setDnsProvider(dnsProvider: TDnsProvider) {
if (dnsProvider === 'google') {
this.dnsServerIp = '8.8.8.8'
this.dnsServerPort = 53
plugins.dns.setServers(['8.8.8.8','8.8.4.4'])
} else {
throw new Error('unknown dns provider')
}
}
}
export { dnsClientMod, dnsServerMod };

47
ts/readme.md Normal file
View File

@@ -0,0 +1,47 @@
# @push.rocks/smartdns
Unified entry point that re-exports both the DNS client and DNS server modules.
## Import
```typescript
import { dnsClientMod, dnsServerMod } from '@push.rocks/smartdns';
```
## Modules
| Module | Description |
|---|---|
| `dnsClientMod` | DNS resolution — system, UDP, DoH strategies via `Smartdns` class |
| `dnsServerMod` | Authoritative DNS server — UDP, HTTPS, DNSSEC, ACME via `DnsServer` class |
## Usage
```typescript
import { dnsClientMod, dnsServerMod } from '@push.rocks/smartdns';
// Client
const client = new dnsClientMod.Smartdns({ strategy: 'prefer-udp' });
const records = await client.getRecordsA('example.com');
client.destroy();
// Server
const server = new dnsServerMod.DnsServer({
udpPort: 5333,
httpsPort: 8443,
httpsKey: '...',
httpsCert: '...',
dnssecZone: 'example.com',
});
server.registerHandler('example.com', ['A'], (q) => ({
name: q.name, type: 'A', class: 'IN', ttl: 300, data: '93.184.215.14',
}));
await server.start();
```
For direct imports, use the sub-module paths:
```typescript
import { Smartdns } from '@push.rocks/smartdns/client';
import { DnsServer } from '@push.rocks/smartdns/server';
```

3
ts/tspublish.json Normal file
View File

@@ -0,0 +1,3 @@
{
"order": 3
}

8
ts_client/00_commitinfo_data.ts Normal file
View File

@@ -0,0 +1,8 @@
/**
* autocreated commitinfo by @push.rocks/commitinfo
*/
export const commitinfo = {
name: '@push.rocks/smartdns',
version: '5.0.4',
description: 'smart dns methods written in TypeScript'
}

312
ts_client/classes.dnsclient.ts Normal file
View File

@@ -0,0 +1,312 @@
import * as plugins from './plugins.js';
import { RustDnsClientBridge } from './classes.rustdnsclientbridge.js';
export type TDnsProvider = 'google' | 'cloudflare';
export const makeNodeProcessUseDnsProvider = (providerArg: TDnsProvider) => {
switch (providerArg) {
case 'cloudflare':
plugins.dns.setServers([
'1.1.1.1',
'1.0.0.1',
'[2606:4700:4700::1111]',
'[2606:4700:4700::1001]',
]);
break;
case 'google':
plugins.dns.setServers([
'8.8.8.8',
'8.8.4.4',
'[2001:4860:4860::8888]',
'[2606:4700:4700::1001]',
]);
}
};
export type TResolutionStrategy = 'doh' | 'udp' | 'system' | 'prefer-system' | 'prefer-udp';
export interface ISmartDnsConstructorOptions {
strategy?: TResolutionStrategy; // default: 'prefer-system'
allowDohFallback?: boolean; // allow fallback to DoH if system fails (default: true)
timeoutMs?: number; // optional per-query timeout
}
/**
* Smartdns offers methods for working with DNS resolution.
* Supports system resolver, UDP wire-format, and DoH (DNS-over-HTTPS) via a Rust binary.
*/
export class Smartdns {
private strategy: TResolutionStrategy = 'prefer-system';
private allowDohFallback = true;
private timeoutMs: number | undefined;
private rustBridge: RustDnsClientBridge | null = null;
public dnsTypeMap: { [key: string]: number } = {
A: 1,
NS: 2,
CNAME: 5,
SOA: 6,
PTR: 12,
MX: 15,
TXT: 16,
AAAA: 28,
SRV: 33,
};
constructor(optionsArg: ISmartDnsConstructorOptions) {
this.strategy = optionsArg?.strategy || 'prefer-system';
this.allowDohFallback =
optionsArg?.allowDohFallback === undefined ? true : optionsArg.allowDohFallback;
this.timeoutMs = optionsArg?.timeoutMs;
}
private getRustBridge(): RustDnsClientBridge {
if (!this.rustBridge) {
this.rustBridge = new RustDnsClientBridge();
}
return this.rustBridge;
}
/**
* check a dns record until it has propagated
*/
public async checkUntilAvailable(
recordNameArg: string,
recordTypeArg: plugins.tsclass.network.TDnsRecordType,
expectedValue: string,
cyclesArg: number = 50,
intervalArg: number = 500
) {
let runCycles = 0;
const doCheck = async () => {
if (runCycles < cyclesArg) {
runCycles++;
try {
let myRecordArray: plugins.tsclass.network.IDnsRecord[];
if (runCycles % 2 === 0 || !plugins.dns) {
myRecordArray = await this.getRecords(recordNameArg, recordTypeArg, 0);
} else {
myRecordArray = await this.getRecordWithNodeDNS(recordNameArg, recordTypeArg);
}
const myRecord = myRecordArray[0].value;
if (myRecord === expectedValue) {
console.log(
`smartdns: .checkUntilAvailable() verified that wanted >>>${recordTypeArg}<<< record exists for >>>${recordNameArg}<<< with value >>>${expectedValue}<<<`
);
return true;
} else {
await plugins.smartdelay.delayFor(intervalArg);
return await doCheck();
}
} catch (err) {
await plugins.smartdelay.delayFor(intervalArg);
return await doCheck();
}
} else {
console.log(
`smartdns: .checkUntilAvailable() failed permanently for ${recordNameArg} with value ${recordTypeArg} - ${expectedValue}...`
);
return false;
}
};
return await doCheck();
}
/**
* get A Dns Record
*/
public async getRecordsA(recordNameArg: string): Promise<plugins.tsclass.network.IDnsRecord[]> {
return await this.getRecords(recordNameArg, 'A');
}
/**
* get AAAA Record
*/
public async getRecordsAAAA(recordNameArg: string) {
return await this.getRecords(recordNameArg, 'AAAA');
}
/**
* gets a txt record
*/
public async getRecordsTxt(recordNameArg: string): Promise<plugins.tsclass.network.IDnsRecord[]> {
return await this.getRecords(recordNameArg, 'TXT');
}
public async getRecords(
recordNameArg: string,
recordTypeArg: plugins.tsclass.network.TDnsRecordType,
retriesCounterArg = 20
): Promise<plugins.tsclass.network.IDnsRecord[]> {
const trySystem = async (): Promise<plugins.tsclass.network.IDnsRecord[]> => {
// Prefer dns.lookup for A/AAAA so hosts file and OS resolver are honored
if (recordTypeArg === 'A' || recordTypeArg === 'AAAA') {
const family = recordTypeArg === 'A' ? 4 : 6;
const addresses = await new Promise<{ address: string }[]>((resolve, reject) => {
const timer = this.timeoutMs
? setTimeout(() => reject(new Error('system lookup timeout')), this.timeoutMs)
: null;
plugins.dns.lookup(
recordNameArg,
{ family, all: true },
(err, result) => {
if (timer) clearTimeout(timer as any);
if (err) return reject(err);
resolve(result || []);
}
);
});
return addresses.map((a) => ({
name: recordNameArg,
type: recordTypeArg,
dnsSecEnabled: false,
value: a.address,
}));
}
if (recordTypeArg === 'TXT') {
const records = await new Promise<string[][]>((resolve, reject) => {
const timer = this.timeoutMs
? setTimeout(() => reject(new Error('system resolveTxt timeout')), this.timeoutMs)
: null;
plugins.dns.resolveTxt(recordNameArg, (err, res) => {
if (timer) clearTimeout(timer as any);
if (err) return reject(err);
resolve(res || []);
});
});
return records.map((chunks) => ({
name: recordNameArg,
type: 'TXT' as plugins.tsclass.network.TDnsRecordType,
dnsSecEnabled: false,
value: chunks.join(''),
}));
}
return [];
};
const tryRust = async (protocol: 'udp' | 'doh'): Promise<plugins.tsclass.network.IDnsRecord[]> => {
const bridge = this.getRustBridge();
const result = await bridge.resolve(
recordNameArg,
recordTypeArg,
protocol,
undefined,
undefined,
this.timeoutMs
);
return result.answers.map((answer) => ({
name: answer.name,
type: this.convertDnsTypeNameToCanonical(answer.type) || recordTypeArg,
dnsSecEnabled: result.adFlag,
value: answer.value,
}));
};
try {
if (this.strategy === 'system') {
return await trySystem();
}
if (this.strategy === 'doh') {
return await tryRust('doh');
}
if (this.strategy === 'udp') {
return await tryRust('udp');
}
if (this.strategy === 'prefer-udp') {
try {
const udpRes = await tryRust('udp');
if (udpRes.length > 0) return udpRes;
return await tryRust('doh');
} catch (err) {
return await tryRust('doh');
}
}
// prefer-system (default)
try {
const sysRes = await trySystem();
if (sysRes.length > 0) return sysRes;
return this.allowDohFallback ? await tryRust('doh') : [];
} catch (err) {
return this.allowDohFallback ? await tryRust('doh') : [];
}
} catch (finalErr) {
return [];
}
}
/**
* gets a record using nodejs dns resolver
*/
public async getRecordWithNodeDNS(
recordNameArg: string,
recordTypeArg: plugins.tsclass.network.TDnsRecordType
): Promise<plugins.tsclass.network.IDnsRecord[]> {
const done = plugins.smartpromise.defer<plugins.tsclass.network.IDnsRecord[]>();
plugins.dns.resolve(recordNameArg, recordTypeArg, (err, recordsArg) => {
if (err) {
done.reject(err);
return;
}
const returnArray: plugins.tsclass.network.IDnsRecord[] = [];
for (const recordKey in recordsArg) {
returnArray.push({
name: recordNameArg,
value: recordsArg[recordKey][0],
type: recordTypeArg,
dnsSecEnabled: false,
});
}
done.resolve(returnArray);
});
return done.promise;
}
public async getNameServers(domainNameArg: string): Promise<string[]> {
const done = plugins.smartpromise.defer<string[]>();
plugins.dns.resolveNs(domainNameArg, (err, result) => {
if (!err) {
done.resolve(result);
} else {
console.log(err);
done.reject(err);
}
});
return await done.promise;
}
public convertDnsTypeNameToTypeNumber(dnsTypeNameArg: string): number {
return this.dnsTypeMap[dnsTypeNameArg];
}
public convertDnsTypeNumberToTypeName(
dnsTypeNumberArg: number
): plugins.tsclass.network.TDnsRecordType {
for (const key in this.dnsTypeMap) {
if (this.dnsTypeMap[key] === dnsTypeNumberArg) {
return key as plugins.tsclass.network.TDnsRecordType;
}
}
return null;
}
/**
* Convert a DNS type string from Rust (e.g. "A", "AAAA") to the canonical TDnsRecordType.
*/
private convertDnsTypeNameToCanonical(typeName: string): plugins.tsclass.network.TDnsRecordType | null {
const upper = typeName.toUpperCase();
if (upper in this.dnsTypeMap) {
return upper as plugins.tsclass.network.TDnsRecordType;
}
return null;
}
/**
* Destroy the Rust client bridge and free resources.
*/
public destroy(): void {
if (this.rustBridge) {
this.rustBridge.kill();
this.rustBridge = null;
}
}
}

168
ts_client/classes.rustdnsclientbridge.ts Normal file
View File

@@ -0,0 +1,168 @@
import * as plugins from './plugins.js';
// IPC command map for type-safe bridge communication
export type TClientDnsCommands = {
resolve: {
params: IResolveParams;
result: IResolveResult;
};
ping: {
params: Record<string, never>;
result: { pong: boolean };
};
};
export interface IResolveParams {
name: string;
recordType: string;
protocol: 'udp' | 'doh';
serverAddr?: string;
dohUrl?: string;
timeoutMs?: number;
}
export interface IClientDnsAnswer {
name: string;
type: string;
ttl: number;
value: string;
}
export interface IResolveResult {
answers: IClientDnsAnswer[];
adFlag: boolean;
rcode: number;
}
/**
* Bridge to the Rust DNS client binary via smartrust IPC.
*/
export class RustDnsClientBridge {
private bridge: InstanceType<typeof plugins.smartrust.RustBridge<TClientDnsCommands>>;
private spawnPromise: Promise<boolean> | null = null;
constructor() {
const packageDir = plugins.path.resolve(
plugins.path.dirname(new URL(import.meta.url).pathname),
'..'
);
// Determine platform suffix for dist_rust binaries (matches tsrust naming)
const platformSuffix = getPlatformSuffix();
const localPaths: string[] = [];
// dist_rust/ candidates (tsrust cross-compiled output, platform-specific)
if (platformSuffix) {
localPaths.push(plugins.path.join(packageDir, 'dist_rust', `rustdns-client_${platformSuffix}`));
}
// dist_rust/ without suffix (native build)
localPaths.push(plugins.path.join(packageDir, 'dist_rust', 'rustdns-client'));
// Local dev build paths
localPaths.push(plugins.path.join(packageDir, 'rust', 'target', 'release', 'rustdns-client'));
localPaths.push(plugins.path.join(packageDir, 'rust', 'target', 'debug', 'rustdns-client'));
this.bridge = new plugins.smartrust.RustBridge<TClientDnsCommands>({
binaryName: 'rustdns-client',
cliArgs: ['--management'],
requestTimeoutMs: 30_000,
readyTimeoutMs: 10_000,
localPaths,
searchSystemPath: false,
});
this.bridge.on('stderr', (line: string) => {
if (line.trim()) {
console.log(`[rustdns-client] ${line}`);
}
});
}
/**
* Lazily spawn the Rust binary. Only spawns once, caches the promise.
*/
public async ensureSpawned(): Promise<void> {
if (!this.spawnPromise) {
this.spawnPromise = this.bridge.spawn();
}
const ok = await this.spawnPromise;
if (!ok) {
this.spawnPromise = null;
throw new Error('Failed to spawn rustdns-client binary');
}
}
/**
* Resolve a DNS query through the Rust binary.
*/
public async resolve(
name: string,
recordType: string,
protocol: 'udp' | 'doh',
serverAddr?: string,
dohUrl?: string,
timeoutMs?: number
): Promise<IResolveResult> {
await this.ensureSpawned();
const params: IResolveParams = {
name,
recordType,
protocol,
};
if (serverAddr) params.serverAddr = serverAddr;
if (dohUrl) params.dohUrl = dohUrl;
if (timeoutMs) params.timeoutMs = timeoutMs;
return this.bridge.sendCommand('resolve', params);
}
/**
* Ping the Rust binary for health check.
*/
public async ping(): Promise<boolean> {
await this.ensureSpawned();
const result = await this.bridge.sendCommand('ping', {} as Record<string, never>);
return result.pong;
}
/**
* Kill the Rust process.
*/
public kill(): void {
this.bridge.kill();
this.spawnPromise = null;
}
/**
* Whether the bridge is running.
*/
public get running(): boolean {
return this.bridge.running;
}
}
/**
* Get the tsrust platform suffix for the current platform.
*/
function getPlatformSuffix(): string | null {
const platform = process.platform;
const arch = process.arch;
const platformMap: Record<string, string> = {
'linux': 'linux',
'darwin': 'macos',
'win32': 'windows',
};
const archMap: Record<string, string> = {
'x64': 'amd64',
'arm64': 'arm64',
};
const p = platformMap[platform];
const a = archMap[arch];
if (p && a) {
return `${p}_${a}`;
}
return null;
}

2
ts_client/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from './classes.dnsclient.js';
export * from './classes.rustdnsclientbridge.js';

25
ts_client/plugins.ts Normal file
View File

@@ -0,0 +1,25 @@
import * as smartenv from '@push.rocks/smartenv';
const smartenvInstance = new smartenv.Smartenv();
// node native scope
import type dnsType from 'dns';
const dns: typeof dnsType = await smartenvInstance.getSafeNodeModule('dns');
export { dns };
// node native scope
import * as path from 'path';
import { EventEmitter } from 'events';
export { path };
export const events = { EventEmitter };
// pushrocks scope
import * as smartdelay from '@push.rocks/smartdelay';
import * as smartpromise from '@push.rocks/smartpromise';
import * as smartrust from '@push.rocks/smartrust';
export { smartdelay, smartenv, smartpromise, smartrust };
import * as tsclass from '@tsclass/tsclass';
export { tsclass };

94
ts_client/readme.md Normal file
View File

@@ -0,0 +1,94 @@
# @push.rocks/smartdns/client
DNS client module for `@push.rocks/smartdns` — provides DNS record resolution via system resolver, raw UDP wire-format queries, and DNS-over-HTTPS (RFC 8484), with UDP and DoH powered by a Rust binary for performance.
## Import
```typescript
import { Smartdns, makeNodeProcessUseDnsProvider } from '@push.rocks/smartdns/client';
```
## Architecture
The client routes queries through one of three backends depending on the configured strategy:
- **System** — Uses Node.js `dns` module (`dns.lookup` / `dns.resolveTxt`). Honors `/etc/hosts`. No external binary.
- **UDP** — Sends raw DNS wire-format queries to upstream resolvers (default: Cloudflare 1.1.1.1) via the `rustdns-client` Rust binary over IPC.
- **DoH** — Sends RFC 8484 wire-format POST requests to a DoH endpoint (default: `https://cloudflare-dns.com/dns-query`) via the same Rust binary.
The Rust binary is spawned **lazily** — only when the first UDP or DoH query is made. The binary stays alive for connection pooling (DoH) and is killed via `destroy()`.
## Classes & Functions
### `Smartdns`
The main DNS client class. Supports five resolution strategies:
| Strategy | Behavior |
|---|---|
| `prefer-system` | Try OS resolver first, fall back to Rust DoH |
| `system` | Use only Node.js system resolver |
| `doh` | Use only Rust DoH (RFC 8484 wire format) |
| `udp` | Use only Rust UDP to upstream resolver |
| `prefer-udp` | Try Rust UDP first, fall back to Rust DoH |
```typescript
const dns = new Smartdns({
strategy: 'prefer-udp',
allowDohFallback: true,
timeoutMs: 5000,
});
```
#### Key Methods
| Method | Description |
|---|---|
| `getRecordsA(domain)` | Resolve A records (IPv4) |
| `getRecordsAAAA(domain)` | Resolve AAAA records (IPv6) |
| `getRecordsTxt(domain)` | Resolve TXT records |
| `getRecords(domain, type, retries?)` | Generic query — supports A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV |
| `getNameServers(domain)` | Resolve NS records |
| `checkUntilAvailable(domain, type, value, cycles?, interval?)` | Poll until a record propagates |
| `destroy()` | Kill the Rust client binary and free resources |
All query methods return `IDnsRecord[]`:
```typescript
interface IDnsRecord {
name: string;
type: string;
dnsSecEnabled: boolean; // true if upstream AD flag was set
value: string;
}
```
### `RustDnsClientBridge`
Low-level IPC bridge to the `rustdns-client` binary. Used internally by `Smartdns` — typically not imported directly. Provides:
- `ensureSpawned()` — lazy spawn of the Rust binary
- `resolve(name, type, protocol, ...)` — send a resolve command via IPC
- `ping()` — health check
- `kill()` — terminate the binary
### `makeNodeProcessUseDnsProvider(provider)`
Configures the global Node.js DNS resolver to use a specific provider:
```typescript
makeNodeProcessUseDnsProvider('cloudflare'); // 1.1.1.1
makeNodeProcessUseDnsProvider('google'); // 8.8.8.8
```
## Supported Record Types
A, AAAA, CNAME, MX, TXT, NS, SOA, PTR, SRV
## Dependencies
- `@push.rocks/smartrust` — TypeScript-to-Rust IPC bridge
- `@push.rocks/smartrequest` — HTTP client (used by legacy paths)
- `@push.rocks/smartdelay` — delay utility for retry logic
- `@push.rocks/smartpromise` — deferred promise helper
- `@tsclass/tsclass` — DNS record type definitions

3
ts_client/tspublish.json Normal file
View File

@@ -0,0 +1,3 @@
{
"order": 2
}

510
ts_server/classes.dnsserver.ts Normal file
View File

@@ -0,0 +1,510 @@
import * as plugins from './plugins.js';
import { RustDnsBridge, type IDnsQueryEvent, type IIpcDnsAnswer, type IIpcDnsQuestion, type IRustDnsConfig } from './classes.rustdnsbridge.js';
export interface IDnsServerOptions {
httpsKey: string;
httpsCert: string;
httpsPort: number;
udpPort: number;
dnssecZone: string;
udpBindInterface?: string;
httpsBindInterface?: string;
// New options for independent manual socket control
manualUdpMode?: boolean;
manualHttpsMode?: boolean;
// Primary nameserver for SOA records (defaults to ns1.{dnssecZone})
primaryNameserver?: string;
// Local handling for RFC 6761 localhost (default: true)
enableLocalhostHandling?: boolean;
}
export interface DnsAnswer {
name: string;
type: string;
class: string | number;
ttl: number;
data: any;
}
export interface IDnsQuestion {
name: string;
type: string;
class?: string;
}
export interface IDnsHandler {
domainPattern: string;
recordTypes: string[];
handler: (question: IDnsQuestion) => DnsAnswer | null;
}
// Let's Encrypt related interfaces
interface LetsEncryptOptions {
email?: string;
staging?: boolean;
certDir?: string;
}
export interface IDnsQueryCompletedEvent {
/** The original questions from the query */
questions: IIpcDnsQuestion[];
/** Whether any handler answered the query */
answered: boolean;
/** How long handler resolution took (ms) */
responseTimeMs: number;
/** Timestamp of the query */
timestamp: number;
}
export class DnsServer extends plugins.events.EventEmitter {
private bridge: RustDnsBridge;
private handlers: IDnsHandler[] = [];
// Track initialization state
private bridgeSpawned: boolean = false;
// Legacy server references (kept for backward-compatible test access)
private httpsServer: any = null;
private udpServer: any = null;
constructor(private options: IDnsServerOptions) {
super();
this.bridge = new RustDnsBridge();
// Wire up the dnsQuery event to run TypeScript handlers
this.bridge.on('dnsQuery', async (event: IDnsQueryEvent) => {
try {
const startTime = Date.now();
const answers = this.resolveQuery(event);
const responseTimeMs = Date.now() - startTime;
this.emit('query', {
questions: event.questions,
answered: answers.answered,
responseTimeMs,
timestamp: startTime,
} satisfies IDnsQueryCompletedEvent);
await this.bridge.sendQueryResult(
event.correlationId,
answers.answers,
answers.answered
);
} catch (err) {
console.error('Error handling DNS query:', err);
try {
await this.bridge.sendQueryResult(event.correlationId, [], false);
} catch (sendErr) {
console.error('Error sending empty query result:', sendErr);
}
}
});
}
/**
* Register a DNS handler for a domain pattern and record types.
*/
public registerHandler(
domainPattern: string,
recordTypes: string[],
handler: (question: IDnsQuestion) => DnsAnswer | null
): void {
this.handlers.push({ domainPattern, recordTypes, handler });
}
/**
* Unregister a specific handler.
*/
public unregisterHandler(domainPattern: string, recordTypes: string[]): boolean {
const initialLength = this.handlers.length;
this.handlers = this.handlers.filter(handler =>
!(handler.domainPattern === domainPattern &&
recordTypes.every(type => handler.recordTypes.includes(type)))
);
return this.handlers.length < initialLength;
}
/**
* Start the DNS server.
*/
public async start(): Promise<void> {
// Validate interface addresses if provided
const udpInterface = this.options.udpBindInterface || '0.0.0.0';
const httpsInterface = this.options.httpsBindInterface || '0.0.0.0';
if (this.options.udpBindInterface && !this.isValidIpAddress(this.options.udpBindInterface)) {
throw new Error(`Invalid UDP bind interface: ${this.options.udpBindInterface}`);
}
if (this.options.httpsBindInterface && !this.isValidIpAddress(this.options.httpsBindInterface)) {
throw new Error(`Invalid HTTPS bind interface: ${this.options.httpsBindInterface}`);
}
// Spawn the Rust binary
if (!this.bridgeSpawned) {
const spawned = await this.bridge.spawn();
if (!spawned) {
throw new Error('Failed to spawn rustdns binary');
}
this.bridgeSpawned = true;
}
// Build config for Rust
const config: IRustDnsConfig = {
udpPort: this.options.udpPort,
httpsPort: this.options.httpsPort,
udpBindInterface: udpInterface,
httpsBindInterface: httpsInterface,
httpsKey: this.options.httpsKey || '',
httpsCert: this.options.httpsCert || '',
dnssecZone: this.options.dnssecZone,
dnssecAlgorithm: 'ECDSA',
primaryNameserver: this.options.primaryNameserver || `ns1.${this.options.dnssecZone}`,
enableLocalhostHandling: this.options.enableLocalhostHandling !== false,
manualUdpMode: this.options.manualUdpMode || false,
manualHttpsMode: this.options.manualHttpsMode || false,
};
await this.bridge.startServer(config);
// Set legacy markers for backward-compatible test checks
this.httpsServer = { _rustBridgeManaged: true };
this.udpServer = { _rustBridgeManaged: true };
const udpManual = this.options.manualUdpMode || false;
const httpsManual = this.options.manualHttpsMode || false;
if (udpManual && httpsManual) {
console.log('DNS server started in full manual mode - ready to accept connections');
} else if (udpManual && !httpsManual) {
console.log('DNS server started with manual UDP mode and automatic HTTPS binding');
} else if (!udpManual && httpsManual) {
console.log('DNS server started with automatic UDP binding and manual HTTPS mode');
} else {
console.log(`DNS server started (UDP: ${udpInterface}:${this.options.udpPort}, HTTPS: ${httpsInterface}:${this.options.httpsPort})`);
}
}
/**
* Stop the DNS server.
*/
public async stop(): Promise<void> {
if (this.bridgeSpawned) {
try {
await this.bridge.stopServer();
} catch (err) {
// Ignore errors during stop (process may have already exited)
}
this.bridge.kill();
this.bridgeSpawned = false;
}
this.httpsServer = null;
this.udpServer = null;
}
/**
* Initialize servers (no-op with Rust bridge, kept for API compatibility).
*/
public initializeServers(): void {
// No-op — Rust bridge handles server initialization via start()
}
/**
* Initialize UDP server (no-op with Rust bridge).
*/
public initializeUdpServer(): void {
// No-op
}
/**
* Initialize HTTPS server (no-op with Rust bridge).
*/
public initializeHttpsServer(): void {
// No-op
}
/**
* Handle a raw TCP socket for HTTPS/DoH.
* In Rust mode, this is not directly supported — use processRawDnsPacket instead.
*/
public handleHttpsSocket(socket: plugins.net.Socket): void {
console.warn('handleHttpsSocket: direct socket handling not available with Rust bridge. Use processRawDnsPacket instead.');
}
/**
* Handle a UDP message manually.
*/
public handleUdpMessage(
msg: Buffer,
rinfo: plugins.dgram.RemoteInfo,
responseCallback?: (response: Buffer, rinfo: plugins.dgram.RemoteInfo) => void
): void {
// Async processing via Rust bridge
this.processRawDnsPacketAsync(msg)
.then((responseData) => {
if (responseCallback) {
responseCallback(responseData, rinfo);
}
})
.catch((err) => {
console.error('Error processing UDP DNS request:', err);
});
}
/**
* Process a raw DNS packet asynchronously via Rust bridge.
*/
public async processRawDnsPacketAsync(packet: Buffer): Promise<Buffer> {
if (!this.bridgeSpawned) {
throw new Error('DNS server not started — call start() first');
}
return this.bridge.processPacket(packet);
}
/**
* Retrieve SSL certificate for specified domains using Let's Encrypt
*/
public async retrieveSslCertificate(
domainNames: string[],
options: LetsEncryptOptions = {}
): Promise<{ cert: string; key: string; success: boolean }> {
const opts = {
email: options.email || 'admin@example.com',
staging: options.staging !== undefined ? options.staging : false,
certDir: options.certDir || './certs'
};
if (!plugins.fs.existsSync(opts.certDir)) {
plugins.fs.mkdirSync(opts.certDir, { recursive: true });
}
const authorizedDomains = this.filterAuthorizedDomains(domainNames);
if (authorizedDomains.length === 0) {
console.error('None of the provided domains are authorized for this DNS server');
return { cert: '', key: '', success: false };
}
console.log(`Retrieving SSL certificate for domains: ${authorizedDomains.join(', ')}`);
try {
// @ts-ignore - acmeClientOverride is added for testing purposes
const acmeClient = this.acmeClientOverride || await import('acme-client');
const accountKeyPath = plugins.path.join(opts.certDir, 'account.key');
let accountKey: Buffer;
if (plugins.fs.existsSync(accountKeyPath)) {
accountKey = plugins.fs.readFileSync(accountKeyPath);
} else {
const { privateKey } = plugins.crypto.generateKeyPairSync('rsa', {
modulusLength: 2048,
publicKeyEncoding: { type: 'spki', format: 'pem' },
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
});
accountKey = Buffer.from(privateKey);
plugins.fs.writeFileSync(accountKeyPath, accountKey);
}
const client = new acmeClient.Client({
directoryUrl: opts.staging
? acmeClient.directory.letsencrypt.staging
: acmeClient.directory.letsencrypt.production,
accountKey: accountKey
});
await client.createAccount({
termsOfServiceAgreed: true,
contact: [`mailto:${opts.email}`]
});
const order = await client.createOrder({
identifiers: authorizedDomains.map(domain => ({
type: 'dns',
value: domain
}))
});
const authorizations = await client.getAuthorizations(order);
const challengeHandlers: { domain: string; pattern: string }[] = [];
for (const auth of authorizations) {
const domain = auth.identifier.value;
const challenge = auth.challenges.find((c: any) => c.type === 'dns-01');
if (!challenge) {
throw new Error(`No DNS-01 challenge found for ${domain}`);
}
const keyAuthorization = await client.getChallengeKeyAuthorization(challenge);
const recordValue = this.getDnsRecordValueForChallenge(keyAuthorization);
const challengeDomain = `_acme-challenge.${domain}`;
console.log(`Setting up TXT record for ${challengeDomain}: ${recordValue}`);
this.registerHandler(
challengeDomain,
['TXT'],
(question: IDnsQuestion): DnsAnswer | null => {
if (question.name === challengeDomain && question.type === 'TXT') {
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 300,
data: [recordValue]
};
}
return null;
}
);
challengeHandlers.push({ domain, pattern: challengeDomain });
await new Promise(resolve => setTimeout(resolve, 2000));
await client.completeChallenge(challenge);
await client.waitForValidStatus(challenge);
console.log(`Challenge for ${domain} validated successfully!`);
}
const domainKeyPath = plugins.path.join(opts.certDir, `${authorizedDomains[0]}.key`);
const { privateKey } = plugins.crypto.generateKeyPairSync('rsa', {
modulusLength: 2048,
publicKeyEncoding: { type: 'spki', format: 'pem' },
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
});
plugins.fs.writeFileSync(domainKeyPath, privateKey);
interface CSRResult {
csr: Buffer;
}
const csrResult = await acmeClient.forge.createCsr({
commonName: authorizedDomains[0],
altNames: authorizedDomains
}) as unknown as CSRResult;
await client.finalizeOrder(order, csrResult.csr);
const certificate = await client.getCertificate(order);
const certPath = plugins.path.join(opts.certDir, `${authorizedDomains[0]}.cert`);
plugins.fs.writeFileSync(certPath, certificate);
this.options.httpsCert = certificate;
this.options.httpsKey = privateKey;
// Update certs on Rust bridge if running
if (this.bridgeSpawned) {
try {
await this.bridge.updateCerts(privateKey, certificate);
} catch (err) {
console.error('Error updating certs on Rust bridge:', err);
}
}
for (const handler of challengeHandlers) {
this.unregisterHandler(handler.pattern, ['TXT']);
console.log(`Cleaned up challenge handler for ${handler.domain}`);
}
return {
cert: certificate,
key: privateKey,
success: true
};
} catch (error) {
console.error('Error retrieving SSL certificate:', error);
return { cert: '', key: '', success: false };
}
}
/**
* Filter domains to include only those the server is authoritative for.
*/
public filterAuthorizedDomains(domainNames: string[]): string[] {
const authorizedDomains: string[] = [];
for (const domain of domainNames) {
if (domain.startsWith('*.')) {
const baseDomain = domain.substring(2);
if (this.isAuthorizedForDomain(baseDomain)) {
authorizedDomains.push(domain);
}
} else if (this.isAuthorizedForDomain(domain)) {
authorizedDomains.push(domain);
}
}
return authorizedDomains;
}
// ── Private helpers ───────────────────────────────────────────────
/**
* Resolve a DNS query event from Rust using TypeScript handlers.
*/
private resolveQuery(event: IDnsQueryEvent): { answers: IIpcDnsAnswer[]; answered: boolean } {
const answers: IIpcDnsAnswer[] = [];
let answered = false;
for (const q of event.questions) {
const question: IDnsQuestion = {
name: q.name,
type: q.type,
class: q.class,
};
for (const handlerEntry of this.handlers) {
if (
plugins.minimatch.minimatch(q.name, handlerEntry.domainPattern) &&
handlerEntry.recordTypes.includes(q.type)
) {
const answer = handlerEntry.handler(question);
if (answer) {
answers.push({
name: answer.name,
type: answer.type,
class: typeof answer.class === 'number' ? 'IN' : (answer.class || 'IN'),
ttl: answer.ttl || 300,
data: answer.data,
});
answered = true;
}
}
}
}
return { answers, answered };
}
private getDnsRecordValueForChallenge(keyAuthorization: string): string {
const digest = plugins.crypto
.createHash('sha256')
.update(keyAuthorization)
.digest('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=/g, '');
return digest;
}
private isValidIpAddress(ip: string): boolean {
const ipv4Pattern = /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
const ipv6Pattern = /^(::1|::)$|^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$/;
return ipv4Pattern.test(ip) || ipv6Pattern.test(ip);
}
private isAuthorizedForDomain(domain: string): boolean {
for (const handler of this.handlers) {
if (plugins.minimatch.minimatch(domain, handler.domainPattern)) {
return true;
}
}
if (domain === this.options.dnssecZone || domain.endsWith(`.${this.options.dnssecZone}`)) {
return true;
}
return false;
}
}

236
ts_server/classes.rustdnsbridge.ts Normal file
View File

@@ -0,0 +1,236 @@
import * as plugins from './plugins.js';
// IPC command map for type-safe bridge communication
export type TDnsCommands = {
start: {
params: { config: IRustDnsConfig };
result: Record<string, never>;
};
stop: {
params: Record<string, never>;
result: Record<string, never>;
};
dnsQueryResult: {
params: {
correlationId: string;
answers: IIpcDnsAnswer[];
answered: boolean;
};
result: { resolved: boolean };
};
updateCerts: {
params: { httpsKey: string; httpsCert: string };
result: Record<string, never>;
};
processPacket: {
params: { packet: string }; // base64-encoded DNS packet
result: { packet: string }; // base64-encoded DNS response
};
ping: {
params: Record<string, never>;
result: { pong: boolean };
};
};
export interface IRustDnsConfig {
udpPort: number;
httpsPort: number;
udpBindInterface: string;
httpsBindInterface: string;
httpsKey: string;
httpsCert: string;
dnssecZone: string;
dnssecAlgorithm: string;
primaryNameserver: string;
enableLocalhostHandling: boolean;
manualUdpMode: boolean;
manualHttpsMode: boolean;
}
export interface IIpcDnsQuestion {
name: string;
type: string;
class: string;
}
export interface IIpcDnsAnswer {
name: string;
type: string;
class: string;
ttl: number;
data: any;
}
export interface IDnsQueryEvent {
correlationId: string;
questions: IIpcDnsQuestion[];
dnssecRequested: boolean;
}
/**
* Bridge to the Rust DNS binary via smartrust IPC.
*/
export class RustDnsBridge extends plugins.events.EventEmitter {
private bridge: InstanceType<typeof plugins.smartrust.RustBridge<TDnsCommands>>;
constructor() {
super();
const packageDir = plugins.path.resolve(
plugins.path.dirname(new URL(import.meta.url).pathname),
'..'
);
// Determine platform suffix for dist_rust binaries (matches tsrust naming)
const platformSuffix = getPlatformSuffix();
const localPaths: string[] = [];
// dist_rust/ candidates (tsrust cross-compiled output, platform-specific)
if (platformSuffix) {
localPaths.push(plugins.path.join(packageDir, 'dist_rust', `rustdns_${platformSuffix}`));
}
// dist_rust/ without suffix (native build)
localPaths.push(plugins.path.join(packageDir, 'dist_rust', 'rustdns'));
// Local dev build paths
localPaths.push(plugins.path.join(packageDir, 'rust', 'target', 'release', 'rustdns'));
localPaths.push(plugins.path.join(packageDir, 'rust', 'target', 'debug', 'rustdns'));
this.bridge = new plugins.smartrust.RustBridge<TDnsCommands>({
binaryName: 'rustdns',
cliArgs: ['--management'],
requestTimeoutMs: 30_000,
readyTimeoutMs: 10_000,
localPaths,
searchSystemPath: false,
});
// Forward events from inner bridge
this.bridge.on('management:dnsQuery', (data: IDnsQueryEvent) => {
this.emit('dnsQuery', data);
});
this.bridge.on('management:started', () => {
this.emit('started');
});
this.bridge.on('management:stopped', () => {
this.emit('stopped');
});
this.bridge.on('management:error', (data: { message: string }) => {
this.emit('error', new Error(data.message));
});
this.bridge.on('stderr', (line: string) => {
// Forward Rust tracing output as debug logs
if (line.trim()) {
console.log(`[rustdns] ${line}`);
}
});
}
/**
* Spawn the Rust binary and wait for readiness.
*/
public async spawn(): Promise<boolean> {
return this.bridge.spawn();
}
/**
* Start the DNS server with given config.
*/
public async startServer(config: IRustDnsConfig): Promise<void> {
await this.bridge.sendCommand('start', { config });
}
/**
* Stop the DNS server.
*/
public async stopServer(): Promise<void> {
await this.bridge.sendCommand('stop', {});
}
/**
* Send a DNS query result back to Rust.
*/
public async sendQueryResult(
correlationId: string,
answers: IIpcDnsAnswer[],
answered: boolean
): Promise<void> {
await this.bridge.sendCommand('dnsQueryResult', {
correlationId,
answers,
answered,
});
}
/**
* Update TLS certificates.
*/
public async updateCerts(httpsKey: string, httpsCert: string): Promise<void> {
await this.bridge.sendCommand('updateCerts', { httpsKey, httpsCert });
}
/**
* Process a raw DNS packet via IPC (for manual/passthrough mode).
* Returns the DNS response as a Buffer.
*/
public async processPacket(packet: Buffer): Promise<Buffer> {
const result = await this.bridge.sendCommand('processPacket', {
packet: packet.toString('base64'),
});
return Buffer.from(result.packet, 'base64');
}
/**
* Ping the Rust binary for health check.
*/
public async ping(): Promise<boolean> {
const result = await this.bridge.sendCommand('ping', {});
return result.pong;
}
/**
* Kill the Rust process.
*/
public kill(): void {
this.bridge.kill();
}
/**
* Whether the bridge is running.
*/
public get running(): boolean {
return this.bridge.running;
}
}
/**
* Get the tsrust platform suffix for the current platform.
* Matches the naming convention used by @git.zone/tsrust.
*/
function getPlatformSuffix(): string | null {
const platform = process.platform;
const arch = process.arch;
const platformMap: Record<string, string> = {
'linux': 'linux',
'darwin': 'macos',
'win32': 'windows',
};
const archMap: Record<string, string> = {
'x64': 'amd64',
'arm64': 'arm64',
};
const p = platformMap[platform];
const a = archMap[arch];
if (p && a) {
return `${p}_${a}`;
}
return null;
}

2
ts_server/index.ts Normal file
View File

@@ -0,0 +1,2 @@
export * from './classes.dnsserver.js';
export * from './classes.rustdnsbridge.js';

31
ts_server/plugins.ts Normal file
View File

@@ -0,0 +1,31 @@
// node native
import crypto from 'crypto';
import dgram from 'dgram';
import { EventEmitter } from 'events';
import fs from 'fs';
import * as net from 'net';
import * as path from 'path';
export {
crypto,
dgram,
fs,
net,
path,
}
export const events = { EventEmitter };
// @push.rocks scope
import * as smartrust from '@push.rocks/smartrust';
export {
smartrust,
}
// third party
import * as minimatch from 'minimatch';
export {
minimatch,
}

110
ts_server/readme.md Normal file
View File

@@ -0,0 +1,110 @@
# @push.rocks/smartdns/server
DNS server module for `@push.rocks/smartdns` — a full-featured authoritative DNS server powered by a Rust backend with DNSSEC, DNS-over-HTTPS, and Let's Encrypt integration.
## Import
```typescript
import { DnsServer } from '@push.rocks/smartdns/server';
```
## Architecture
The server delegates network I/O, DNS packet parsing/encoding, and DNSSEC signing to a compiled **Rust binary** (`rustdns`). TypeScript retains the public API, handler registration, and ACME certificate orchestration.
Communication happens via JSON-over-stdin/stdout IPC using `@push.rocks/smartrust`'s `RustBridge`. DNS queries that need handler resolution are forwarded from Rust to TypeScript with correlation IDs, then results are sent back for response assembly and DNSSEC signing.
### Rust Crate Structure
| Crate | Purpose |
|---|---|
| `rustdns` | Main binary with IPC management loop |
| `rustdns-protocol` | DNS wire format parsing/encoding, RDATA encode/decode |
| `rustdns-server` | Async UDP + HTTPS servers (tokio, hyper, rustls) |
| `rustdns-dnssec` | ECDSA/ED25519 key generation and RRset signing |
## Classes
### `DnsServer`
The primary class. Manages handler registration, server lifecycle, and certificate retrieval.
```typescript
const server = new DnsServer({
udpPort: 53,
httpsPort: 443,
httpsKey: '...pem...',
httpsCert: '...pem...',
dnssecZone: 'example.com',
primaryNameserver: 'ns1.example.com',
});
```
#### Options
| Option | Type | Default | Description |
|---|---|---|---|
| `udpPort` | `number` | — | UDP DNS port |
| `httpsPort` | `number` | — | HTTPS DoH port |
| `httpsKey` | `string` | — | TLS private key (PEM) |
| `httpsCert` | `string` | — | TLS certificate (PEM) |
| `dnssecZone` | `string` | — | Zone to enable DNSSEC for |
| `primaryNameserver` | `string` | `ns1.{zone}` | SOA mname field |
| `udpBindInterface` | `string` | `0.0.0.0` | IP to bind UDP |
| `httpsBindInterface` | `string` | `0.0.0.0` | IP to bind HTTPS |
| `manualUdpMode` | `boolean` | `false` | Don't auto-bind UDP |
| `manualHttpsMode` | `boolean` | `false` | Don't auto-bind HTTPS |
| `enableLocalhostHandling` | `boolean` | `true` | Handle RFC 6761 localhost |
#### Key Methods
| Method | Description |
|---|---|
| `start()` | Spawn Rust binary and start listening |
| `stop()` | Gracefully shut down |
| `registerHandler(pattern, types, fn)` | Add a DNS handler (glob patterns via minimatch) |
| `unregisterHandler(pattern, types)` | Remove a handler |
| `handleUdpMessage(msg, rinfo, cb)` | Process a UDP message manually |
| `processRawDnsPacket(buf)` | Sync packet processing (TS fallback) |
| `processRawDnsPacketAsync(buf)` | Async packet processing (Rust bridge, includes DNSSEC) |
| `retrieveSslCertificate(domains, opts)` | ACME DNS-01 certificate retrieval |
| `filterAuthorizedDomains(domains)` | Filter domains the server is authoritative for |
### `RustDnsBridge`
Low-level IPC bridge to the `rustdns` binary. Used internally by `DnsServer` — typically not imported directly.
Emits events: `dnsQuery`, `started`, `stopped`, `error`.
## Handler System
Handlers use **glob patterns** (via `minimatch`) for domain matching. Multiple handlers can contribute records to a single response.
```typescript
server.registerHandler('*.example.com', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '10.0.0.1',
}));
```
When no handler matches, the server returns an automatic **SOA record** for the zone.
## DNSSEC
Enabled automatically with the `dnssecZone` option. Supports:
- **ECDSAP256SHA256** (13) — default
- **ED25519** (15)
- **RSASHA256** (8)
Key generation, DNSKEY/RRSIG/NSEC record creation is fully handled by the Rust backend.
## Dependencies
- `@push.rocks/smartrust` — TypeScript-to-Rust IPC bridge
- `dns-packet` — DNS wire format codec (used for TS fallback path)
- `minimatch` — glob pattern matching for handlers
- `acme-client` — Let's Encrypt ACME protocol

3
ts_server/tspublish.json Normal file
View File

@@ -0,0 +1,3 @@
{
"order": 1
}

14
tsconfig.json Normal file
View File

@@ -0,0 +1,14 @@
{
"compilerOptions": {
"experimentalDecorators": true,
"useDefineForClassFields": false,
"target": "ES2022",
"module": "NodeNext",
"moduleResolution": "NodeNext",
"esModuleInterop": true,
"verbatimModuleSyntax": true
},
"exclude": [
"dist_*/**/*.d.ts"
]
}

3
tslint.json
View File

@@ -1,3 +0,0 @@
{
"extends": "tslint-config-standard"
}