push.rocks/smartdns
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: push.rocks:v4.0.11
Branches Tags
push.rocks:master
push.rocks:v6.2.1
push.rocks:v6.2.0
push.rocks:v6.1.1
push.rocks:v6.1.0
push.rocks:v6.0.0
push.rocks:v5.0.4
push.rocks:v5.0.3
push.rocks:v5.0.2
push.rocks:v5.0.1
push.rocks:v5.0.0
push.rocks:v4.0.11
push.rocks:v4.0.10
push.rocks:v4.0.9
push.rocks:v4.0.8
push.rocks:v4.0.7
push.rocks:v4.0.6
push.rocks:v4.0.5
push.rocks:v4.0.4
push.rocks:v4.0.3
push.rocks:v4.0.2
push.rocks:v4.0.1
push.rocks:v4.0.0
push.rocks:v3.0.8
push.rocks:v3.0.7
push.rocks:v3.0.6
push.rocks:v3.0.5
push.rocks:v3.0.4
push.rocks:v3.0.3
push.rocks:v3.0.2
push.rocks:v3.0.1
push.rocks:v3.0.0
push.rocks:v2.0.10
push.rocks:v2.0.9
push.rocks:v2.0.8
push.rocks:v2.0.7
push.rocks:v2.0.6
push.rocks:v2.0.5
push.rocks:v2.0.4
push.rocks:v2.0.3
push.rocks:v2.0.2
push.rocks:v2.0.1
push.rocks:v2.0.0
push.rocks:v1.0.7
push.rocks:v1.0.6
push.rocks:v1.0.5
push.rocks:v1.0.4
push.rocks:v1.0.3
push.rocks:v1.0.2
push.rocks:v1.0.1
..
compare: push.rocks:master
Branches Tags
push.rocks:master
push.rocks:v6.2.1
push.rocks:v6.2.0
push.rocks:v6.1.1
push.rocks:v6.1.0
push.rocks:v6.0.0
push.rocks:v5.0.4
push.rocks:v5.0.3
push.rocks:v5.0.2
push.rocks:v5.0.1
push.rocks:v5.0.0
push.rocks:v4.0.11
push.rocks:v4.0.10
push.rocks:v4.0.9
push.rocks:v4.0.8
push.rocks:v4.0.7
push.rocks:v4.0.6
push.rocks:v4.0.5
push.rocks:v4.0.4
push.rocks:v4.0.3
push.rocks:v4.0.2
push.rocks:v4.0.1
push.rocks:v4.0.0
push.rocks:v3.0.8
push.rocks:v3.0.7
push.rocks:v3.0.6
push.rocks:v3.0.5
push.rocks:v3.0.4
push.rocks:v3.0.3
push.rocks:v3.0.2
push.rocks:v3.0.1
push.rocks:v3.0.0
push.rocks:v2.0.10
push.rocks:v2.0.9
push.rocks:v2.0.8
push.rocks:v2.0.7
push.rocks:v2.0.6
push.rocks:v2.0.5
push.rocks:v2.0.4
push.rocks:v2.0.3
push.rocks:v2.0.2
push.rocks:v2.0.1
push.rocks:v2.0.0
push.rocks:v1.0.7
push.rocks:v1.0.6
push.rocks:v1.0.5
push.rocks:v1.0.4
push.rocks:v1.0.3
push.rocks:v1.0.2
push.rocks:v1.0.1

27 Commits
v4.0.11 ... master

Author SHA1 Message Date
Philipp Kunz
7997e9dc94 update 2025-03-21 18:21:47 +00:00
Philipp Kunz
9bc8278464 6.2.1 2024-09-21 22:56:28 +02:00
Philipp Kunz
58f02cc0c0 fix(core): Fixing issues with keywords and readme formatting. 2024-09-21 22:56:27 +02:00
Philipp Kunz
566a78cee4 6.2.0 2024-09-19 18:51:34 +02:00
Philipp Kunz
74ac0c1287 feat(dnssec): Introduced DNSSEC support with ECDSA algorithm 2024-09-19 18:51:34 +02:00
Philipp Kunz
5278c2ce78 6.1.1 2024-09-19 18:23:42 +02:00
Philipp Kunz
439d08b023 fix(ts_server): Update DnsSec class to fully implement key generation and DNSKEY record creation. 2024-09-19 18:23:42 +02:00
Philipp Kunz
1536475306 6.1.0 2024-09-18 19:28:29 +02:00
Philipp Kunz
5c06ae1edb feat(smartdns): Add DNS Server and DNSSEC tools with comprehensive unit tests 2024-09-18 19:28:28 +02:00
Philipp Kunz
2cfecab96f 6.0.0 2024-06-02 15:34:20 +02:00
Philipp Kunz
7eb8a46c7c BREAKING CHANGE(server/client): move from client only to server + client exports 2024-06-02 15:34:19 +02:00
Philipp Kunz
c56e732d6d update description 2024-05-29 14:12:42 +02:00
Philipp Kunz
aff5f2e7d9 update tsconfig 2024-04-14 17:30:20 +02:00
Philipp Kunz
6c38ff36d7 update npmextra.json: githost 2024-04-01 21:34:39 +02:00
Philipp Kunz
b45cda5084 update npmextra.json: githost 2024-04-01 19:58:04 +02:00
Philipp Kunz
dedd3a3f82 update npmextra.json: githost 2024-03-30 21:47:01 +01:00
Philipp Kunz
f2dffb6e88 switch to new org scheme 2023-07-10 02:48:43 +02:00
Philipp Kunz
2a1fbeb183 5.0.4 2023-04-08 11:30:49 +02:00
Philipp Kunz
a6a47d2e96 fix(core): update 2023-04-08 11:30:48 +02:00
Philipp Kunz
84ad6bbcd6 5.0.3 2023-03-23 01:41:35 +01:00
Philipp Kunz
4102c3a692 fix(core): update 2023-03-23 01:41:35 +01:00
Philipp Kunz
6281ab0c80 5.0.2 2022-07-27 11:42:02 +02:00
Philipp Kunz
622c65291e fix(core): update 2022-07-27 11:42:01 +02:00
Philipp Kunz
dd8c97b99a 5.0.1 2022-07-27 09:15:28 +02:00
Philipp Kunz
9c56dc51e3 fix(core): update 2022-07-27 09:15:28 +02:00
Philipp Kunz
45cbd3a953 5.0.0 2022-07-27 09:00:00 +02:00
Philipp Kunz
d3e2655212 BREAKING CHANGE(core): update 2022-07-27 09:00:00 +02:00
20 changed files with 12538 additions and 15182 deletions
Show Stats Expand all files Collapse all files

128
.gitlab-ci.yml
View File

@ -1,128 +0,0 @@
# gitzone ci_default
image: registry.gitlab.com/hosttoday/ht-docker-node:npmci
cache:
paths:
- .npmci_cache/
key: '$CI_BUILD_STAGE'
stages:
- security
- test
- release
- metadata
before_script:
- npm install -g @shipzone/npmci
# ====================
# security stage
# ====================
auditProductionDependencies:
image: registry.gitlab.com/hosttoday/ht-docker-node:npmci
stage: security
script:
- npmci npm prepare
- npmci command npm install --production --ignore-scripts
- npmci command npm config set registry https://registry.npmjs.org
- npmci command npm audit --audit-level=high --only=prod --production
tags:
- docker
allow_failure: true
auditDevDependencies:
image: registry.gitlab.com/hosttoday/ht-docker-node:npmci
stage: security
script:
- npmci npm prepare
- npmci command npm install --ignore-scripts
- npmci command npm config set registry https://registry.npmjs.org
- npmci command npm audit --audit-level=high --only=dev
tags:
- docker
allow_failure: true
# ====================
# test stage
# ====================
testStable:
stage: test
script:
- npmci npm prepare
- npmci node install stable
- npmci npm install
- npmci npm test
coverage: /\d+.?\d+?\%\s*coverage/
tags:
- docker
testBuild:
stage: test
script:
- npmci npm prepare
- npmci node install stable
- npmci npm install
- npmci command npm run build
coverage: /\d+.?\d+?\%\s*coverage/
tags:
- docker
release:
stage: release
script:
- npmci node install stable
- npmci npm publish
only:
- tags
tags:
- lossless
- docker
- notpriv
# ====================
# metadata stage
# ====================
codequality:
stage: metadata
allow_failure: true
only:
- tags
script:
- npmci command npm install -g typescript
- npmci npm prepare
- npmci npm install
tags:
- lossless
- docker
- priv
trigger:
stage: metadata
script:
- npmci trigger
only:
- tags
tags:
- lossless
- docker
- notpriv
pages:
stage: metadata
script:
- npmci node install stable
- npmci npm prepare
- npmci npm install
- npmci command npm run buildDocs
tags:
- lossless
- docker
- notpriv
only:
- tags
artifacts:
expire_in: 1 week
paths:
- public
allow_failure: true

133
changelog.md Normal file
View File

@ -0,0 +1,133 @@
# Changelog
## 2025-03-21 - 6.3.0 - feat(dns-server)
Enhance DNS server functionality with advanced DNSSEC signing (supporting both ECDSA and ED25519), improved SSL certificate retrieval using Let's Encrypt, and refined handler management for cleaner shutdowns.
- Updated package metadata with expanded keywords and revised dependency versions
- Improved DNSSEC signing logic to support both ECDSA and ED25519 algorithms
- Added unregisterHandler method for cleaner handler lifecycle management
- Enhanced SSL certificate retrieval workflow with better DNS challenge handling
- Refined test utilities for more robust DNS operations
## 2025-03-21 - 6.3.0 - feat(dns-server)
Enhance DNS server functionality with advanced DNSSEC signing (including ED25519 support), improved certificate retrieval using Let's Encrypt, updated package metadata, and refined test utilities for more robust DNS operations.
- Updated package.json and npmextra.json with expanded keywords and revised dependency versions
- Improved DNSSEC signing logic to support both ECDSA and ED25519 algorithms
- Added unregisterHandler method and enhanced server stop logic for cleaner shutdowns
- Enhanced SSL certificate retrieval workflow with better challenge handling and test support
## 2024-09-21 - 6.2.1 - fix(core)
Fixing issues with keywords and readme formatting.
- Synchronized keywords field between npmextra.json and package.json.
- Updated readme.md to fix formatting issues and added new sections.
## 2024-09-19 - 6.2.0 - feat(dnssec)
Introduced DNSSEC support with ECDSA algorithm
- Added `DnsSec` class for handling DNSSEC operations.
- Updated `DnsServer` to support DNSSEC with ECDSA.
- Shifted DNS-related helper functions to `DnsServer` class.
- Integrated parsing and handling of DNSKEY and RRSIG records in `DnsServer`.
## 2024-09-19 - 6.1.1 - fix(ts_server)
Update DnsSec class to fully implement key generation and DNSKEY record creation.
- Added complete support for ECDSA and ED25519 algorithms in the DnsSec class.
- Implemented DNSKEY generation and KeyTag computation methods.
- Improved error handling and initialized the appropriate cryptographic instances based on the algorithm.
## 2024-09-18 - 6.1.0 - feat(smartdns)
Add DNS Server and DNSSEC tools with comprehensive unit tests
- Updated package dependencies to the latest versions
- Introduced DnsServer class for handling DNS requests over both HTTPS and UDP with support for custom handlers
- Added DnsSec class for generating and managing DNSSEC keys and DS records
- Implemented unit tests for DnsServer and Smartdns classes
## 2024-06-02 - 6.0.0 - server/client
Main description here
- **Breaking Change:** Move from client only to server + client exports.
## 2024-03-30 - 5.0.4 - maintenance
Range contains relevant changes
- Switch to new org scheme
## 2023-04-08 - 5.0.4 - core
Main description here
- Core update
- Fixes applied to the system
## 2022-07-27 - 5.0.0 - core
Update contains relevant changes
- **Breaking Change:** Major update and core changes
- Fixes and updates applied
## 2022-07-27 - 4.0.11 - core
Range contains relevant changes
- **Breaking Change:** Core update and changes applied
## 2021-08-24 - 4.0.10 - core
Range contains relevant changes
- Fixes applied to the core functionalities
## 2021-01-23 - 4.0.8 - core
Range contains relevant changes
- Updates and fixes to the core components
## 2020-08-05 - 4.0.4 - core
Range contains relevant changes
- Multiple core fixes applied
## 2020-02-15 - 4.0.0 - core
Main description here
- Core updates
- Fixes applied across the system
## 2020-02-15 - 3.0.8 - core
Core updates with major changes
- **Breaking Change:** Now uses Google DNS HTTPS API and handles DNSSEC validation
## 2019-01-07 - 3.0.6 - core
Range contains relevant changes
- Fixes and updates applied to the core
## 2018-05-13 - 3.0.4 - core
Range contains relevant changes
- Fixes applied, including `fix .checkUntilAvailable` error
## 2018-05-13 - 3.0.0 - ci
Main description here
- CI changes and updates to the access level and global packages
## 2017-07-31 - 2.0.10 - package
Update to new package name and improved record retrieval
- **Breaking Change:** Package name update and record retrieval improvements
## 2017-01-27 - 2.0.1 - maintenance
Multiple fixes and merges
## 2017-01-27 - 2.0.0 - core
Fix typings and update to better API
## 2016-11-15 - 1.0.7 - initial
Initial setup and improvements
- Initial deployment
- README improvements

32
npmextra.json
View File

@ -2,17 +2,39 @@
"gitzone": {
"projectType": "npm",
"module": {
"githost": "gitlab.com",
"gitscope": "pushrocks",
"githost": "code.foss.global",
"gitscope": "push.rocks",
"gitrepo": "smartdns",
"description": "smart dns methods written in TypeScript",
"npmPackagename": "@pushrocks/smartdns",
"license": "MIT"
"description": "A robust TypeScript library providing advanced DNS management and resolution capabilities including support for DNSSEC, custom DNS servers, and integration with various DNS providers.",
"npmPackagename": "@push.rocks/smartdns",
"license": "MIT",
"keywords": [
"TypeScript",
"DNS",
"DNS records",
"DNS resolution",
"DNS management",
"DNSSEC",
"Node.js",
"Google DNS",
"Cloudflare",
"UDP DNS",
"HTTPS DNS",
"ACME",
"Let's Encrypt",
"SSL Certificates",
"Feature Flagging",
"Domain Propagation",
"DNS Server"
]
}
},
"npmci": {
"npmGlobalTools": [],
"npmAccessLevel": "public",
"npmRegistryUrl": "registry.npmjs.org"
},
"tsdoc": {
"legal": "\n## License and Legal Information\n\nThis repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. \n\n**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.\n\n### Trademarks\n\nThis project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.\n\n### Company Information\n\nTask Venture Capital GmbH \nRegistered at District court Bremen HRB 35230 HB, Germany\n\nFor any legal inquiries or if you require further information, please contact us via email at hello@task.vc.\n\nBy using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.\n"
}
}

14936
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

67
package.json
View File

@ -1,45 +1,66 @@
{
"name": "@pushrocks/smartdns",
"version": "4.0.11",
"name": "@push.rocks/smartdns",
"version": "6.2.1",
"private": false,
"description": "smart dns methods written in TypeScript",
"main": "dist_ts/index.js",
"typings": "dist_ts/index.d.ts",
"description": "A robust TypeScript library providing advanced DNS management and resolution capabilities including support for DNSSEC, custom DNS servers, and integration with various DNS providers.",
"exports": {
".": "./dist_ts_server/index.js",
"./server": "./dist_ts_server/index.js",
"./client": "./dist_ts_client/index.js"
},
"scripts": {
"test": "(tstest test/)",
"build": "(tsbuild --web)",
"build": "(tsbuild tsfolders --web --allowimplicitany)",
"buildDocs": "tsdoc"
},
"repository": {
"type": "git",
"url": "git+ssh://git@gitlab.com/pushrocks/dnsly.git"
"url": "https://code.foss.global/push.rocks/smartdns.git"
},
"keywords": [
"dns",
"google dns",
"dns record"
"TypeScript",
"DNS",
"DNS records",
"DNS resolution",
"DNS management",
"DNSSEC",
"Node.js",
"Google DNS",
"Cloudflare",
"UDP DNS",
"HTTPS DNS",
"ACME",
"Let's Encrypt",
"SSL Certificates",
"Feature Flagging",
"Domain Propagation",
"DNS Server"
],
"author": "Lossless GmbH",
"license": "MIT",
"bugs": {
"url": "https://gitlab.com/pushrocks/dnsly/issues"
},
"homepage": "https://gitlab.com/pushrocks/dnsly#README",
"homepage": "https://code.foss.global/push.rocks/smartdns",
"dependencies": {
"@pushrocks/smartdelay": "^2.0.13",
"@pushrocks/smartenv": "^5.0.2",
"@pushrocks/smartpromise": "^3.1.7",
"@pushrocks/smartrequest": "^1.1.56",
"@tsclass/tsclass": "^4.0.17",
"dns2": "^2.0.5"
"@push.rocks/smartdelay": "^3.0.1",
"@push.rocks/smartenv": "^5.0.5",
"@push.rocks/smartpromise": "^4.2.3",
"@push.rocks/smartrequest": "^2.0.23",
"@tsclass/tsclass": "^5.0.0",
"@types/dns-packet": "^5.6.5",
"@types/elliptic": "^6.4.18",
"acme-client": "^5.4.0",
"dns-packet": "^5.6.1",
"elliptic": "^6.6.1",
"minimatch": "^10.0.1"
},
"devDependencies": {
"@gitzone/tsbuild": "^2.1.63",
"@gitzone/tstest": "^1.0.72",
"@pushrocks/tapbundle": "^5.0.4",
"@types/node": "^18.6.1",
"tslint": "^6.1.3",
"tslint-config-prettier": "^1.18.0"
"@git.zone/tsbuild": "^2.2.7",
"@git.zone/tsrun": "^1.3.3",
"@git.zone/tstest": "^1.0.96",
"@push.rocks/tapbundle": "^5.6.0",
"@types/node": "^22.13.10"
},
"files": [
"ts/**/*",

10197
pnpm-lock.yaml generated Normal file
View File

File diff suppressed because it is too large Load Diff

1
readme.hints.md Normal file
View File

@ -0,0 +1 @@

429
readme.md
View File

@ -1,53 +1,404 @@
# @pushrocks/smartdns
smart dns methods written in TypeScript
# @push.rocks/smartdns
## Availabililty and Links
* [npmjs.org (npm package)](https://www.npmjs.com/package/@pushrocks/smartdns)
* [gitlab.com (source)](https://gitlab.com/pushrocks/smartdns)
* [github.com (source mirror)](https://github.com/pushrocks/smartdns)
* [docs (typedoc)](https://pushrocks.gitlab.io/smartdns/)
A TypeScript library for smart DNS methods, supporting various DNS records and providers.
## Status for master
## Install
Status Category | Status Badge
-- | --
GitLab Pipelines | [![pipeline status](https://gitlab.com/pushrocks/smartdns/badges/master/pipeline.svg)](https://lossless.cloud)
GitLab Pipline Test Coverage | [![coverage report](https://gitlab.com/pushrocks/smartdns/badges/master/coverage.svg)](https://lossless.cloud)
npm | [![npm downloads per month](https://badgen.net/npm/dy/@pushrocks/smartdns)](https://lossless.cloud)
Snyk | [![Known Vulnerabilities](https://badgen.net/snyk/pushrocks/smartdns)](https://lossless.cloud)
TypeScript Support | [![TypeScript](https://badgen.net/badge/TypeScript/>=%203.x/blue?icon=typescript)](https://lossless.cloud)
node Support | [![node](https://img.shields.io/badge/node->=%2010.x.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
Code Style | [![Code Style](https://badgen.net/badge/style/prettier/purple)](https://lossless.cloud)
PackagePhobia (total standalone install weight) | [![PackagePhobia](https://badgen.net/packagephobia/install/@pushrocks/smartdns)](https://lossless.cloud)
PackagePhobia (package size on registry) | [![PackagePhobia](https://badgen.net/packagephobia/publish/@pushrocks/smartdns)](https://lossless.cloud)
BundlePhobia (total size when bundled) | [![BundlePhobia](https://badgen.net/bundlephobia/minzip/@pushrocks/smartdns)](https://lossless.cloud)
Platform support | [![Supports Windows 10](https://badgen.net/badge/supports%20Windows%2010/yes/green?icon=windows)](https://lossless.cloud) [![Supports Mac OS X](https://badgen.net/badge/supports%20Mac%20OS%20X/yes/green?icon=apple)](https://lossless.cloud)
To install `@push.rocks/smartdns`, use the following command with npm:
```bash
npm install @push.rocks/smartdns --save
```
Or with `yarn`:
```bash
yarn add @push.rocks/smartdns
```
Make sure you have a TypeScript environment set up to utilize the library effectively.
## Usage
Use TypeScript for best in class instellisense.
`@push.rocks/smartdns` is a comprehensive library aimed at facilitating smart DNS operations, leveraging TypeScript for enhanced development experience. This section aims to cover several real-world scenarios demonstrating the library's capabilities, from basic DNS lookups to more advanced DNS management tasks.
### Getting Started
First, ensure you import the module into your TypeScript project:
```typescript
const mySmartDns = new smartdns.SmartDns(); // uses Google DNS Https API
const demoRecord = await mySmartDns.getRecord('example.com', 'AAAA'); // returns promise
/*
demoRecord looks like this:
{
name: 'example.com',
type: 'A',
dnsSecEnabled: true,
value: '104.24.103.243'
}
*/
import { Smartdns } from '@push.rocks/smartdns';
```
## Contribution
### Basic DNS Record Lookup
We are always happy for code contributions. If you are not the code contributing type that is ok. Still, maintaining Open Source repositories takes considerable time and thought. If you like the quality of what we do and our modules are useful to you we would appreciate a little monthly contribution: You can [contribute one time](https://lossless.link/contribute-onetime) or [contribute monthly](https://lossless.link/contribute). :)
Often, the need arises to fetch various DNS records for a domain. `@push.rocks/smartdns` simplifies this by providing intuitive methods. A DNS record is essentially a map from a domain name to information about that domain, such as its IP address, mail exchange server, etc.
For further information read the linked docs at the top of this readme.
#### Fetching A Records
> MIT licensed | **©** [Lossless GmbH](https://lossless.gmbh)
| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy)
To fetch an "A" record for a domain, which resolves the domain to an IPv4 address, use the following approach:
[![repo-footer](https://lossless.gitlab.io/publicrelations/repofooter.svg)](https://maintainedby.lossless.com)
```typescript
import { Smartdns } from '@push.rocks/smartdns';
const dnsManager = new Smartdns({});
const aRecords = await dnsManager.getRecordsA('example.com');
console.log(aRecords);
```
This will return an array of records that include the IPv4 addresses mapped to the domain `example.com`.
#### Fetching AAAA Records
For resolving a domain to an IPv6 address, you can fetch "AAAA" records in a similar manner:
```typescript
const aaaaRecords = await dnsManager.getRecordsAAAA('example.com');
console.log(aaaaRecords);
```
These queries are quite common where IPv6 addresses have been prevalent due to the scarcity of IPv4 addresses.
#### Fetching TXT Records
TXT records store arbitrary text data associated with a domain. They are often used to hold information such as SPF records for email validation or Google site verification token.
```typescript
const txtRecords = await dnsManager.getRecordsTxt('example.com');
console.log(txtRecords);
```
TXT records have increasingly become significant with the growth of security features and integrations that require domain verification.
### Advanced DNS Management
The `@push.rocks/smartdns` doesn't just stop at querying— it offers more advanced DNS management utilities, which are crucial for real-world applications involving DNS operations.
#### Checking DNS Propagation
When changing DNS records, ensuring that the new records have propagated fully is crucial. `@push.rocks/smartdns` facilitates this with a method to check if a DNS record is available globally. This can be critical for ensuring that users worldwide are able to access your updated records in a consistent manner.
```typescript
const recordType = 'TXT'; // Record type: A, AAAA, CNAME, TXT etc.
const expectedValue = 'your_expected_value';
const isAvailable = await dnsManager.checkUntilAvailable('example.com', recordType, expectedValue);
if (isAvailable) {
console.log('Record propagated successfully.');
} else {
console.log('Record propagation failed or timed out.');
}
```
This method repeatedly queries DNS servers until the expected DNS record appears, making sure that the changes made are visible globally.
### Leveraging DNS for Application Logic
DNS records can function beyond their typical usage of domain-to-IP resolution. They can be extremely useful in application logic such as feature flagging or environment-specific configurations.
#### Example: Feature Flagging via TXT Records
One such advanced use case is using TXT records for enabling or disabling features dynamically without needing to redeploy or change the actual application code:
```typescript
const txtRecords = await dnsManager.getRecordsTxt('features.example.com');
const featureFlags = txtRecords.reduce((acc, record) => {
const [flag, isEnabled] = record.value.split('=');
acc[flag] = isEnabled === 'true';
return acc;
}, {});
if (featureFlags['NewFeature']) {
// Logic to enable the new feature
console.log('New Feature enabled');
}
```
This approach enables applications to be more flexible and responsive to business needs as feature toggles can be managed through DNS.
### DNS Server Implementation
`@push.rocks/smartdns` includes powerful features that allow you to implement your very own DNS server, complete with UDP and HTTPS protocols support and DNSSEC compliance.
#### Basic DNS Server Example
Implementing a DNS server involves setting it up to respond to various DNS queries. Here's how you can set up a basic DNS server using UDP and HTTPS protocols:
```typescript
import { DnsServer } from '@push.rocks/smartdns';
const dnsServer = new DnsServer({
httpsKey: 'path/to/key.pem',
httpsCert: 'path/to/cert.pem',
httpsPort: 443,
udpPort: 53,
dnssecZone: 'example.com',
});
dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
}));
dnsServer.start().then(() => console.log('DNS Server started'));
```
This sets up a basic DNS server responding to A records for the domain `example.com` and mirrors the common structure used in production applications.
### DNSSEC Support
DNS Security Extensions (DNSSEC) adds an additional layer of security to DNS, protecting against various types of attacks. With `@push.rocks/smartdns`, setting up a DNS server with DNSSEC is straightforward.
#### DNSSEC Configuration
To configure DNSSEC for your DNS server, youll need to establish DNSSEC parameters including zone signatures and enabling key management. This setup ensures that DNS records are signed and can be verified for authenticity.
```typescript
import { DnsServer } from '@push.rocks/smartdns';
const dnsServer = new DnsServer({
httpsKey: 'path/to/key.pem',
httpsCert: 'path/to/cert.pem',
httpsPort: 443,
udpPort: 53,
dnssecZone: 'example.com',
});
dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
}));
dnsServer.start().then(() => console.log('DNS Server with DNSSEC started'));
```
### Handling DNS Queries Over Different Protocols
The library supports handling DNS queries over UDP and HTTPS. This functionality allows for the flexible use and management of DNS inquiries and resolves, accommodating various protocol needs.
#### Handling UDP Queries
UDP is the traditional DNS protocol used for quick, non-persistent queries. Heres how you can set up a DNS server to respond to UDP queries:
```typescript
import { DnsServer } from '@push.rocks/smartdns';
import dgram from 'dgram';
const dnsServer = new DnsServer({
udpPort: 53,
httpsPort: 443,
});
dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
}));
dnsServer.start().then(() => {
console.log('UDP DNS Server started on port', dnsServer.getOptions().udpPort);
});
const client = dgram.createSocket('udp4');
client.on('message', (msg, rinfo) => {
console.log(`Received ${msg} from ${rinfo.address}:${rinfo.port}`);
});
client.send(Buffer.from('example DNS query'), dnsServer.getOptions().udpPort, 'localhost');
```
This segment of code creates a UDP server that listens for incoming DNS requests and responds accordingly.
#### Handling HTTPS Queries
DNS over HTTPS (DoH) offers a heightened level of privacy and security, where DNS queries are transmitted over HTTPS to prevent eavesdropping and man-in-the-middle attacks.
```typescript
import { DnsServer } from '@push.rocks/smartdns';
import https from 'https';
import fs from 'fs';
const dnsServer = new DnsServer({
httpsKey: fs.readFileSync('path/to/key.pem'),
httpsCert: fs.readFileSync('path/to/cert.pem'),
httpsPort: 443,
udpPort: 53,
dnssecZone: 'example.com',
});
dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
}));
dnsServer.start().then(() => console.log('HTTPS DNS Server started'));
const client = https.request({
hostname: 'localhost',
port: 443,
path: '/dns-query',
method: 'POST',
headers: {
'Content-Type': 'application/dns-message'
}
}, (res) => {
res.on('data', (d) => {
process.stdout.write(d);
});
});
client.on('error', (e) => {
console.error(e);
});
client.write(Buffer.from('example DNS query'));
client.end();
```
This ensures that DNS requests can be securely transmitted over the web, maintaining privacy for the clients querying the DNS server.
### Testing
Like any crucial application component, DNS servers require thorough testing to ensure reliability and correctness in different scenarios. Here we use TAP (Test Anything Protocol) to test various functionalities.
#### DNS Server Tests
`@push.rocks/smartdns` integrates seamlessly with TAP, allowing for comprehensive testing of server functionalities.
Here's an example of how you might set up tests for your DNS server:
```typescript
import { expect, tap } from '@push.rocks/tapbundle';
import { DnsServer } from '@push.rocks/smartdns';
let dnsServer: DnsServer;
tap.test('should create an instance of DnsServer', async () => {
dnsServer = new DnsServer({
httpsKey: 'path/to/key.pem',
httpsCert: 'path/to/cert.pem',
httpsPort: 443,
udpPort: 53,
dnssecZone: 'example.com',
});
expect(dnsServer).toBeInstanceOf(DnsServer);
});
tap.test('should start the server', async () => {
await dnsServer.start();
expect(dnsServer.isRunning()).toBeTrue();
});
tap.test('should add a DNS handler', async () => {
dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
}));
const response = dnsServer.processDnsRequest({
type: 'query',
id: 1,
flags: 0,
questions: [
{
name: 'test.example.com',
type: 'A',
class: 'IN',
},
],
answers: [],
});
expect(response.answers[0]).toEqual({
name: 'test.example.com',
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
});
});
tap.test('should query the server over HTTP', async () => {
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'test.example.com',
type: 'A',
class: 'IN',
},
],
});
const response = await fetch('https://localhost:443/dns-query', {
method: 'POST',
body: query,
headers: {
'Content-Type': 'application/dns-message',
}
});
expect(response.status).toEqual(200);
const responseData = await response.arrayBuffer();
const dnsResponse = dnsPacket.decode(Buffer.from(responseData));
expect(dnsResponse.answers[0]).toEqual({
name: 'test.example.com',
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
});
});
tap.test('should stop the server', async () => {
await dnsServer.stop();
expect(dnsServer.isRunning()).toBeFalse();
});
await tap.start();
```
The above tests ensure that the DNS server setup, query handling, and proper stopping of the server are all functioning as intended.
In a realistic production environment, additional tests would include edge cases such as malformed requests, large queries, concurrent access handling, and integration tests with various DNS resolvers. These tests ensure robustness and reliability of DNS services provided by the server.
This comprehensive guide demonstrates how to implement, manage, and test a DNS server using `@push.rocks/smartdns`, making it an ideal tool for developers tasked with handling DNS management and setup in TypeScript projects. The library supports the full scope of DNS operations needed for modern applications, from basic record query to full-scale DNS server operations with advanced security extensions.
## License and Legal Information
This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.
**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
### Trademarks
This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.
### Company Information
Task Venture Capital GmbH
Registered at District court Bremen HRB 35230 HB, Germany
For any legal inquiries or if you require further information, please contact us via email at hello@task.vc.
By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

28
test/test.ts → test/test.client.ts
View File

@ -1,6 +1,6 @@
import { expect, tap } from '@pushrocks/tapbundle';
import { expect, tap } from '@push.rocks/tapbundle';
import * as smartdns from '../ts/index.js';
import * as smartdns from '../ts_client/index.js';
let testDnsly: smartdns.Smartdns;
@ -10,7 +10,7 @@ tap.test('should create an instance of Dnsly', async () => {
});
tap.test('should get an A DNS Record', async () => {
return expect(await testDnsly.getRecordA('dnsly_a.bleu.de')).toEqual([
return expect(await testDnsly.getRecordsA('dnsly_a.bleu.de')).toEqual([
{
name: 'dnsly_a.bleu.de',
value: '127.0.0.1',
@ -21,7 +21,7 @@ tap.test('should get an A DNS Record', async () => {
});
tap.test('should get an AAAA Record', async () => {
return expect(await testDnsly.getRecordAAAA('dnsly_aaaa.bleu.de')).toEqual([
return expect(await testDnsly.getRecordsAAAA('dnsly_aaaa.bleu.de')).toEqual([
{
name: 'dnsly_aaaa.bleu.de',
value: '::1',
@ -32,7 +32,7 @@ tap.test('should get an AAAA Record', async () => {
});
tap.test('should get a txt record', async () => {
return expect(await testDnsly.getRecordTxt('dnsly_txt.bleu.de')).toEqual([
return expect(await testDnsly.getRecordsTxt('dnsly_txt.bleu.de')).toEqual([
{
name: 'dnsly_txt.bleu.de',
value: 'sometext_txt',
@ -43,29 +43,35 @@ tap.test('should get a txt record', async () => {
});
tap.test('should, get a mx record for a domain', async () => {
const res = await testDnsly.getRecord('bleu.de', 'MX');
const res = await testDnsly.getRecords('bleu.de', 'MX');
console.log(res);
});
tap.test('should check until DNS is available', async () => {
return expect(await testDnsly.checkUntilAvailable('dnsly_txt.bleu.de', 'TXT', 'sometext_txt')).toBeTrue();
return expect(
await testDnsly.checkUntilAvailable('dnsly_txt.bleu.de', 'TXT', 'sometext_txt')
).toBeTrue();
});
tap.test('should check until DNS is available an return false if it fails', async () => {
return expect(await testDnsly.checkUntilAvailable('dnsly_txt.bleu.de', 'TXT', 'sometext_txt2')).toBeFalse()
return expect(
await testDnsly.checkUntilAvailable('dnsly_txt.bleu.de', 'TXT', 'sometext_txt2')
).toBeFalse();
});
tap.test('should check until DNS is available an return false if it fails', async () => {
return expect(await testDnsly.checkUntilAvailable('dnsly_txtNotThere.bleu.de', 'TXT', 'sometext_txt2')).toBeFalse()
return expect(
await testDnsly.checkUntilAvailable('dnsly_txtNotThere.bleu.de', 'TXT', 'sometext_txt2')
).toBeFalse();
});
tap.test('should get name server for hostname', async () => {
let result = await testDnsly.getNameServer('bleu.de');
let result = await testDnsly.getNameServers('bleu.de');
console.log(result);
});
tap.test('should detect dns sec', async () => {
const result = await testDnsly.getRecordA('lossless.com');
const result = await testDnsly.getRecordsA('lossless.com');
console.log(result[0]);
expect(result[0].dnsSecEnabled).toBeTrue();
});

647
test/test.server.ts Normal file
View File

@ -0,0 +1,647 @@
import * as plugins from '../ts_server/plugins.js';
import { expect, tap } from '@push.rocks/tapbundle';
import { tapNodeTools } from '@push.rocks/tapbundle/node';
import { execSync } from 'child_process';
import * as dnsPacket from 'dns-packet';
import * as https from 'https';
import * as dgram from 'dgram';
import * as fs from 'fs';
import * as path from 'path';
import * as os from 'os';
import * as smartdns from '../ts_server/index.js';
// Generate a real self-signed certificate using OpenSSL
function generateSelfSignedCert() {
const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'cert-'));
const keyPath = path.join(tmpDir, 'key.pem');
const certPath = path.join(tmpDir, 'cert.pem');
try {
// Generate private key
execSync(`openssl genrsa -out "${keyPath}" 2048`);
// Generate self-signed certificate
execSync(
`openssl req -new -x509 -key "${keyPath}" -out "${certPath}" -days 365 -subj "/C=US/ST=State/L=City/O=Organization/CN=test.example.com"`
);
// Read the files
const privateKey = fs.readFileSync(keyPath, 'utf8');
const cert = fs.readFileSync(certPath, 'utf8');
return { key: privateKey, cert };
} catch (error) {
console.error('Error generating certificate:', error);
throw error;
} finally {
// Clean up temporary files
try {
if (fs.existsSync(keyPath)) fs.unlinkSync(keyPath);
if (fs.existsSync(certPath)) fs.unlinkSync(certPath);
if (fs.existsSync(tmpDir)) fs.rmdirSync(tmpDir);
} catch (err) {
console.error('Error cleaning up temporary files:', err);
}
}
}
// Cache the generated certificate for performance
let cachedCert = null;
// Helper function to get certificate
function getTestCertificate() {
if (!cachedCert) {
cachedCert = generateSelfSignedCert();
}
return cachedCert;
}
// Mock for acme-client directly imported as a module
const acmeClientMock = {
Client: class {
constructor() {}
createAccount() {
return Promise.resolve({});
}
createOrder() {
return Promise.resolve({
authorizations: ['auth1', 'auth2']
});
}
getAuthorizations() {
return Promise.resolve([
{
identifier: { value: 'test.bleu.de' },
challenges: [
{ type: 'dns-01', url: 'https://example.com/challenge' }
]
}
]);
}
getChallengeKeyAuthorization() {
return Promise.resolve('test_key_authorization');
}
completeChallenge() {
return Promise.resolve({});
}
waitForValidStatus() {
return Promise.resolve({});
}
finalizeOrder() {
return Promise.resolve({});
}
getCertificate() {
// Use a real certificate
const { cert } = getTestCertificate();
return Promise.resolve(cert);
}
},
forge: {
createCsr({commonName, altNames}) {
return Promise.resolve({
csr: Buffer.from('mock-csr-data')
});
}
},
directory: {
letsencrypt: {
staging: 'https://acme-staging-v02.api.letsencrypt.org/directory',
production: 'https://acme-v02.api.letsencrypt.org/directory'
}
}
};
// Override generateKeyPairSync to use our test key for certificate generation in tests
const originalGenerateKeyPairSync = plugins.crypto.generateKeyPairSync;
plugins.crypto.generateKeyPairSync = function(type, options) {
if (type === 'rsa' &&
options?.modulusLength === 2048 &&
options?.privateKeyEncoding?.type === 'pkcs8') {
// Get the test certificate key if we're in the retrieveSslCertificate method
try {
const stack = new Error().stack || '';
if (stack.includes('retrieveSslCertificate')) {
const { key } = getTestCertificate();
return { privateKey: key, publicKey: 'TEST_PUBLIC_KEY' };
}
} catch (e) {
// Fall back to original function if error occurs
}
}
// Use the original function for other cases
return originalGenerateKeyPairSync.apply(this, arguments);
};
let dnsServer: smartdns.DnsServer;
const testCertDir = path.join(process.cwd(), 'test-certs');
// Helper to clean up test certificate directory
function cleanCertDir() {
if (fs.existsSync(testCertDir)) {
const files = fs.readdirSync(testCertDir);
for (const file of files) {
fs.unlinkSync(path.join(testCertDir, file));
}
fs.rmdirSync(testCertDir);
}
}
// Port management for tests
let nextHttpsPort = 8080;
let nextUdpPort = 8081;
function getUniqueHttpsPort() {
return nextHttpsPort++;
}
function getUniqueUdpPort() {
return nextUdpPort++;
}
// Cleanup function for servers - more robust implementation
async function stopServer(server: smartdns.DnsServer | null | undefined) {
if (!server) {
return; // Nothing to do if server doesn't exist
}
try {
// Access private properties for checking before stopping
// @ts-ignore - accessing private properties for testing
const hasHttpsServer = server.httpsServer !== undefined && server.httpsServer !== null;
// @ts-ignore - accessing private properties for testing
const hasUdpServer = server.udpServer !== undefined && server.udpServer !== null;
// Only try to stop if there's something to stop
if (hasHttpsServer || hasUdpServer) {
await server.stop();
}
} catch (e) {
console.log('Handled error when stopping server:', e);
// Ignore errors during cleanup
}
}
// Setup and teardown
tap.test('setup', async () => {
cleanCertDir();
// Reset dnsServer to null at the start
dnsServer = null;
// Reset certificate cache
cachedCert = null;
});
tap.test('teardown', async () => {
// Stop the server if it exists
await stopServer(dnsServer);
dnsServer = null;
cleanCertDir();
// Reset certificate cache
cachedCert = null;
});
tap.test('should create an instance of DnsServer', async () => {
// Use valid options
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8080,
udpPort: 8081,
dnssecZone: 'example.com',
});
expect(dnsServer).toBeInstanceOf(smartdns.DnsServer);
});
tap.test('should start the server', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
});
await dnsServer.start();
// @ts-ignore - accessing private property for testing
expect(dnsServer.httpsServer).toBeDefined();
// Stop the server at the end of this test
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('lets add a handler', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8080,
udpPort: 8081,
dnssecZone: 'example.com',
});
dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
};
});
// @ts-ignore - accessing private method for testing
const response = dnsServer.processDnsRequest({
type: 'query',
id: 1,
flags: 0,
questions: [
{
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
},
],
answers: [],
});
expect(response.answers[0]).toEqual({
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
});
});
tap.test('should unregister a handler', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8080,
udpPort: 8081,
dnssecZone: 'example.com',
});
// Register handlers
dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
};
});
dnsServer.registerHandler('test.com', ['TXT'], (question) => {
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 300,
data: ['test'],
};
});
// Test unregistering
const result = dnsServer.unregisterHandler('*.bleu.de', ['A']);
expect(result).toEqual(true);
// Verify handler is removed
// @ts-ignore - accessing private method for testing
const response = dnsServer.processDnsRequest({
type: 'query',
id: 1,
flags: 0,
questions: [
{
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
},
],
answers: [],
});
// Should get SOA record instead of A record
expect(response.answers[0].type).toEqual('SOA');
});
tap.test('lets query over https', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const httpsPort = getUniqueHttpsPort();
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: httpsPort,
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
});
await dnsServer.start();
dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
};
});
// Skip SSL verification for self-signed cert in tests
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
const query = dnsPacket.encode({
type: 'query',
id: 2,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
},
],
});
const response = await fetch(`https://localhost:${httpsPort}/dns-query`, {
method: 'POST',
body: query,
headers: {
'Content-Type': 'application/dns-message',
}
});
expect(response.status).toEqual(200);
const responseData = await response.arrayBuffer();
const dnsResponse = dnsPacket.decode(Buffer.from(responseData));
console.log(dnsResponse.answers[0]);
expect(dnsResponse.answers[0]).toEqual({
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
ttl: 300,
flush: false,
data: '127.0.0.1',
});
// Reset TLS verification
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '1';
// Clean up server
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('lets query over udp', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const udpPort = getUniqueUdpPort();
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: udpPort,
dnssecZone: 'example.com',
});
await dnsServer.start();
dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
return {
name: question.name,
type: 'A',
class: 'IN',
ttl: 300,
data: '127.0.0.1',
};
});
const client = dgram.createSocket('udp4');
const query = dnsPacket.encode({
type: 'query',
id: 3,
flags: dnsPacket.RECURSION_DESIRED,
questions: [
{
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
},
],
});
const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
client.on('message', (msg) => {
const dnsResponse = dnsPacket.decode(msg);
resolve(dnsResponse);
client.close();
});
client.on('error', (err) => {
reject(err);
client.close();
});
client.send(query, udpPort, 'localhost', (err) => {
if (err) {
reject(err);
client.close();
}
});
});
const dnsResponse = await responsePromise;
console.log(dnsResponse.answers[0]);
expect(dnsResponse.answers[0]).toEqual({
name: 'dnsly_a.bleu.de',
type: 'A',
class: 'IN',
ttl: 300,
flush: false,
data: '127.0.0.1',
});
// Clean up server
await stopServer(dnsServer);
dnsServer = null;
});
tap.test('should filter authorized domains correctly', async () => {
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: 8080,
udpPort: 8081,
dnssecZone: 'example.com',
});
// Register handlers for specific domains
dnsServer.registerHandler('*.bleu.de', ['A'], () => null);
dnsServer.registerHandler('test.com', ['A'], () => null);
// Test filtering authorized domains
const authorizedDomains = dnsServer.filterAuthorizedDomains([
'test.com', // Should be authorized
'sub.test.com', // Should not be authorized
'*.bleu.de', // Pattern itself isn't a domain
'something.bleu.de', // Should be authorized via wildcard pattern
'example.com', // Should be authorized (dnssecZone)
'sub.example.com', // Should be authorized (within dnssecZone)
'othersite.org' // Should not be authorized
]);
// Using toContain with expect from tapbundle
expect(authorizedDomains.includes('test.com')).toEqual(true);
expect(authorizedDomains.includes('something.bleu.de')).toEqual(true);
expect(authorizedDomains.includes('example.com')).toEqual(true);
expect(authorizedDomains.includes('sub.example.com')).toEqual(true);
expect(authorizedDomains.includes('sub.test.com')).toEqual(false);
expect(authorizedDomains.includes('*.bleu.de')).toEqual(false);
expect(authorizedDomains.includes('othersite.org')).toEqual(false);
});
tap.test('should retrieve SSL certificate successfully', async () => {
// Clean up any existing server
await stopServer(dnsServer);
// Create a temporary directory for the certificate test
const tempCertDir = path.join(process.cwd(), 'temp-certs');
if (!fs.existsSync(tempCertDir)) {
fs.mkdirSync(tempCertDir, { recursive: true });
}
// Create a server with unique ports
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
});
// Register handlers for test domains
dnsServer.registerHandler('*.bleu.de', ['A'], () => null);
dnsServer.registerHandler('test.bleu.de', ['A'], () => null);
await dnsServer.start();
// Inject our mock for acme-client
(dnsServer as any).acmeClientOverride = acmeClientMock;
try {
// Request certificate for domains
const result = await dnsServer.retrieveSslCertificate(
['test.bleu.de', '*.bleu.de', 'unknown.org'],
{
email: 'test@example.com',
staging: true,
certDir: tempCertDir
}
);
console.log('Certificate retrieval result:', {
success: result.success,
certLength: result.cert.length,
keyLength: result.key.length,
});
expect(result.success).toEqual(true);
expect(result.cert.includes('BEGIN CERTIFICATE')).toEqual(true);
expect(typeof result.key === 'string').toEqual(true);
// Check that certificate directory was created
expect(fs.existsSync(tempCertDir)).toEqual(true);
// Verify TXT record handler was registered and then removed
// @ts-ignore - accessing private property for testing
const txtHandlerCount = dnsServer.handlers.filter(h =>
h.domainPattern.includes('_acme-challenge') &&
h.recordTypes.includes('TXT')
).length;
expect(txtHandlerCount).toEqual(0); // Should be removed after validation
} catch (err) {
console.error('Test error:', err);
throw err;
} finally {
// Clean up server and temporary cert directory
await stopServer(dnsServer);
dnsServer = null;
if (fs.existsSync(tempCertDir)) {
const files = fs.readdirSync(tempCertDir);
for (const file of files) {
fs.unlinkSync(path.join(tempCertDir, file));
}
fs.rmdirSync(tempCertDir);
}
}
});
tap.test('should run for a while', async (toolsArg) => {
await toolsArg.delayFor(1000);
});
tap.test('should stop the server', async () => {
// Clean up any existing server
await stopServer(dnsServer);
const httpsData = await tapNodeTools.createHttpsCert();
dnsServer = new smartdns.DnsServer({
httpsKey: httpsData.key,
httpsCert: httpsData.cert,
httpsPort: getUniqueHttpsPort(),
udpPort: getUniqueUdpPort(),
dnssecZone: 'example.com',
});
await dnsServer.start();
await dnsServer.stop();
// @ts-ignore - accessing private property for testing
expect(dnsServer.httpsServer).toEqual(null);
// Clear the reference
dnsServer = null;
});
await tap.start();

8
ts/00_commitinfo_data.ts
View File

@ -1,8 +0,0 @@
/**
* autocreated commitinfo by @pushrocks/commitinfo
*/
export const commitinfo = {
name: '@pushrocks/smartdns',
version: '4.0.11',
description: 'smart dns methods written in TypeScript'
}

8
ts_client/00_commitinfo_data.ts Normal file
View File

@ -0,0 +1,8 @@
/**
* autocreated commitinfo by @push.rocks/commitinfo
*/
export const commitinfo = {
name: '@push.rocks/smartdns',
version: '5.0.4',
description: 'smart dns methods written in TypeScript'
}

51
ts/index.ts → ts_client/classes.dnsclient.ts
View File

@ -2,7 +2,7 @@ import * as plugins from './dnsly.plugins.js';
export type TDnsProvider = 'google' | 'cloudflare';
export const makeNodeProcessUseDnsProvider = async (providerArg: TDnsProvider) => {
export const makeNodeProcessUseDnsProvider = (providerArg: TDnsProvider) => {
switch (providerArg) {
case 'cloudflare':
plugins.dns.setServers([
@ -24,7 +24,7 @@ export const makeNodeProcessUseDnsProvider = async (providerArg: TDnsProvider) =
export interface ISmartDnsConstructorOptions {}
export interface IGoogleDNSHTTPSResponse {
export interface IDnsJsonResponse {
Status: number;
TC: boolean;
RD: boolean;
@ -78,7 +78,7 @@ export class Smartdns {
try {
let myRecordArray: plugins.tsclass.network.IDnsRecord[];
if (runCycles % 2 === 0 || !plugins.dns) {
myRecordArray = await this.getRecord(recordNameArg, recordTypeArg);
myRecordArray = await this.getRecords(recordNameArg, recordTypeArg, 0);
} else {
myRecordArray = await this.getRecordWithNodeDNS(recordNameArg, recordTypeArg);
}
@ -110,37 +110,50 @@ export class Smartdns {
/**
* get A Dns Record
*/
public async getRecordA(recordNameArg: string): Promise<plugins.tsclass.network.IDnsRecord[]> {
return await this.getRecord(recordNameArg, 'A');
public async getRecordsA(recordNameArg: string): Promise<plugins.tsclass.network.IDnsRecord[]> {
return await this.getRecords(recordNameArg, 'A');
}
/**
* get AAAA Record
*/
public async getRecordAAAA(recordNameArg: string) {
return await this.getRecord(recordNameArg, 'AAAA');
public async getRecordsAAAA(recordNameArg: string) {
return await this.getRecords(recordNameArg, 'AAAA');
}
/**
* gets a txt record
*/
public async getRecordTxt(recordNameArg: string): Promise<plugins.tsclass.network.IDnsRecord[]> {
return await this.getRecord(recordNameArg, 'TXT');
public async getRecordsTxt(recordNameArg: string): Promise<plugins.tsclass.network.IDnsRecord[]> {
return await this.getRecords(recordNameArg, 'TXT');
}
public async getRecord(
public async getRecords(
recordNameArg: string,
recordTypeArg: plugins.tsclass.network.TDnsRecordType
recordTypeArg: plugins.tsclass.network.TDnsRecordType,
retriesCounterArg = 20
): Promise<plugins.tsclass.network.IDnsRecord[]> {
const requestUrl = `https://cloudflare-dns.com/dns-query?name=${recordNameArg}&type=${recordTypeArg}&do=1`;
const response = await plugins.smartrequest.request(requestUrl, {
method: 'GET',
headers: {
accept: 'application/dns-json',
},
});
const returnArray: plugins.tsclass.network.IDnsRecord[] = [];
const responseBody: IGoogleDNSHTTPSResponse = response.body;
const getResponseBody = async (counterArg = 0): Promise<IDnsJsonResponse> => {
const response = await plugins.smartrequest.request(requestUrl, {
method: 'GET',
headers: {
accept: 'application/dns-json',
},
});
const responseBody: IDnsJsonResponse = response.body;
if (responseBody?.Status !== 0 && counterArg < retriesCounterArg) {
await plugins.smartdelay.delayFor(500);
return getResponseBody(counterArg++);
} else {
return responseBody;
}
};
const responseBody = await getResponseBody();
if (!responseBody.Answer || !typeof responseBody.Answer[Symbol.iterator]) {
return returnArray;
}
for (const dnsEntry of responseBody.Answer) {
if (dnsEntry.data.startsWith('"') && dnsEntry.data.endsWith('"')) {
dnsEntry.data = dnsEntry.data.replace(/^"(.*)"$/, '$1');
@ -186,7 +199,7 @@ export class Smartdns {
return done.promise;
}
public async getNameServer(domainNameArg: string): Promise<string[]> {
public async getNameServers(domainNameArg: string): Promise<string[]> {
const done = plugins.smartpromise.defer<string[]>();
plugins.dns.resolveNs(domainNameArg, (err, result) => {
if (!err) {

12
ts/dnsly.plugins.ts → ts_client/dnsly.plugins.ts
View File

@ -1,4 +1,4 @@
import * as smartenv from '@pushrocks/smartenv';
import * as smartenv from '@push.rocks/smartenv';
const smartenvInstance = new smartenv.Smartenv();
// node native scope
import type dnsType from 'dns';
@ -7,16 +7,12 @@ const dns: typeof dnsType = await smartenvInstance.getSafeNodeModule('dns');
export { dns };
// pushrocks scope
import * as smartdelay from '@pushrocks/smartdelay';
import * as smartpromise from '@pushrocks/smartpromise';
import * as smartrequest from '@pushrocks/smartrequest';
import * as smartdelay from '@push.rocks/smartdelay';
import * as smartpromise from '@push.rocks/smartpromise';
import * as smartrequest from '@push.rocks/smartrequest';
export { smartdelay, smartenv, smartpromise, smartrequest };
import * as tsclass from '@tsclass/tsclass';
export { tsclass };
// third party scope
const dns2 = smartenvInstance.getSafeNodeModule('dns2');
export { dns2 };

1
ts_client/index.ts Normal file
View File

@ -0,0 +1 @@
export * from './classes.dnsclient.js';

189
ts_server/classes.dnssec.ts Normal file
View File

@ -0,0 +1,189 @@
// Import necessary plugins from plugins.ts
import * as plugins from './plugins.js';
interface DnssecZone {
zone: string;
algorithm: 'ECDSA' | 'ED25519' | 'RSA';
keySize: number;
days: number;
}
interface DnssecKeyPair {
privateKey: string;
publicKey: string;
}
export class DnsSec {
private zone: DnssecZone;
private keyPair: DnssecKeyPair;
private ec?: plugins.elliptic.ec; // For ECDSA algorithms
private eddsa?: plugins.elliptic.eddsa; // For EdDSA algorithms
constructor(zone: DnssecZone) {
this.zone = zone;
// Initialize the appropriate cryptographic instance based on the algorithm
switch (this.zone.algorithm) {
case 'ECDSA':
this.ec = new plugins.elliptic.ec('p256'); // Use P-256 curve for ECDSA
break;
case 'ED25519':
this.eddsa = new plugins.elliptic.eddsa('ed25519');
break;
case 'RSA':
// RSA implementation would go here
throw new Error('RSA algorithm is not yet implemented.');
default:
throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
}
// Generate the key pair
this.keyPair = this.generateKeyPair();
}
private generateKeyPair(): DnssecKeyPair {
let privateKey: string;
let publicKey: string;
switch (this.zone.algorithm) {
case 'ECDSA':
if (!this.ec) throw new Error('EC instance is not initialized.');
const ecKeyPair = this.ec.genKeyPair();
privateKey = ecKeyPair.getPrivate('hex');
publicKey = ecKeyPair.getPublic(false, 'hex'); // Uncompressed format
break;
case 'ED25519':
if (!this.eddsa) throw new Error('EdDSA instance is not initialized.');
const secret = plugins.crypto.randomBytes(32);
const edKeyPair = this.eddsa.keyFromSecret(secret);
privateKey = edKeyPair.getSecret('hex');
publicKey = edKeyPair.getPublic('hex');
break;
case 'RSA':
// RSA key generation would be implemented here
throw new Error('RSA key generation is not yet implemented.');
default:
throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
}
return { privateKey, publicKey };
}
public getAlgorithmNumber(): number {
switch (this.zone.algorithm) {
case 'ECDSA':
return 13; // ECDSAP256SHA256
case 'ED25519':
return 15;
case 'RSA':
return 8; // RSASHA256
default:
throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
}
}
public signData(data: Buffer): Buffer {
switch (this.zone.algorithm) {
case 'ECDSA':
if (!this.ec) throw new Error('EC instance is not initialized.');
const ecKeyPair = this.ec.keyFromPrivate(this.keyPair.privateKey, 'hex');
const ecSignature = ecKeyPair.sign(plugins.crypto.createHash('sha256').update(data).digest());
return Buffer.from(ecSignature.toDER());
case 'ED25519':
if (!this.eddsa) throw new Error('EdDSA instance is not initialized.');
const edKeyPair = this.eddsa.keyFromSecret(Buffer.from(this.keyPair.privateKey, 'hex'));
// ED25519 doesn't need a separate hash function as it includes the hashing internally
const edSignature = edKeyPair.sign(data);
// Convert the signature to the correct format for Buffer.from
return Buffer.from(edSignature.toBytes());
case 'RSA':
throw new Error('RSA signing is not yet implemented.');
default:
throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
}
}
private generateDNSKEY(): Buffer {
const flags = 256; // 256 indicates a Zone Signing Key (ZSK)
const protocol = 3; // Must be 3 according to RFC
const algorithm = this.getAlgorithmNumber();
let publicKeyData: Buffer;
switch (this.zone.algorithm) {
case 'ECDSA':
if (!this.ec) throw new Error('EC instance is not initialized.');
const ecPublicKey = this.ec.keyFromPublic(this.keyPair.publicKey, 'hex').getPublic();
const x = ecPublicKey.getX().toArrayLike(Buffer, 'be', 32);
const y = ecPublicKey.getY().toArrayLike(Buffer, 'be', 32);
publicKeyData = Buffer.concat([x, y]);
break;
case 'ED25519':
publicKeyData = Buffer.from(this.keyPair.publicKey, 'hex');
break;
case 'RSA':
// RSA public key extraction would go here
throw new Error('RSA public key extraction is not yet implemented.');
default:
throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
}
// Construct the DNSKEY RDATA
const dnskeyRdata = Buffer.concat([
Buffer.from([flags >> 8, flags & 0xff]), // Flags (2 bytes)
Buffer.from([protocol]), // Protocol (1 byte)
Buffer.from([algorithm]), // Algorithm (1 byte)
publicKeyData, // Public Key
]);
return dnskeyRdata;
}
private computeKeyTag(dnskeyRdata: Buffer): number {
// Key Tag calculation as per RFC 4034, Appendix B
let acc = 0;
for (let i = 0; i < dnskeyRdata.length; i++) {
acc += i & 1 ? dnskeyRdata[i] : dnskeyRdata[i] << 8;
}
acc += (acc >> 16) & 0xffff;
return acc & 0xffff;
}
private getDNSKEYRecord(): string {
const dnskeyRdata = this.generateDNSKEY();
const flags = 256;
const protocol = 3;
const algorithm = this.getAlgorithmNumber();
const publicKeyData = dnskeyRdata.slice(4); // Skip flags, protocol, algorithm bytes
const publicKeyBase64 = publicKeyData.toString('base64');
return `${this.zone.zone}. IN DNSKEY ${flags} ${protocol} ${algorithm} ${publicKeyBase64}`;
}
public getDSRecord(): string {
const dnskeyRdata = this.generateDNSKEY();
const keyTag = this.computeKeyTag(dnskeyRdata);
const algorithm = this.getAlgorithmNumber();
const digestType = 2; // SHA-256
const digest = plugins.crypto
.createHash('sha256')
.update(dnskeyRdata)
.digest('hex')
.toUpperCase();
return `${this.zone.zone}. IN DS ${keyTag} ${algorithm} ${digestType} ${digest}`;
}
public getKeyPair(): DnssecKeyPair {
return this.keyPair;
}
public getDsAndKeyPair(): { keyPair: DnssecKeyPair; dsRecord: string; dnskeyRecord: string } {
const dsRecord = this.getDSRecord();
const dnskeyRecord = this.getDNSKEYRecord();
return { keyPair: this.keyPair, dsRecord, dnskeyRecord };
}
}

804
ts_server/classes.dnsserver.ts Normal file
View File

@ -0,0 +1,804 @@
import * as plugins from './plugins.js';
import { DnsSec } from './classes.dnssec.js';
import * as dnsPacket from 'dns-packet';
export interface IDnsServerOptions {
httpsKey: string;
httpsCert: string;
httpsPort: number;
udpPort: number;
dnssecZone: string;
}
export interface DnsAnswer {
name: string;
type: string;
class: string | number;
ttl: number;
data: any;
}
export interface IDnsHandler {
domainPattern: string;
recordTypes: string[];
handler: (question: dnsPacket.Question) => DnsAnswer | null;
}
// Define types for DNSSEC records if not provided
interface DNSKEYData {
flags: number;
algorithm: number;
key: Buffer;
}
interface RRSIGData {
typeCovered: string; // Changed to string to match dns-packet expectations
algorithm: number;
labels: number;
originalTTL: number;
expiration: number;
inception: number;
keyTag: number;
signerName: string;
signature: Buffer;
}
// Let's Encrypt related interfaces
interface LetsEncryptOptions {
email?: string;
staging?: boolean;
certDir?: string;
}
export class DnsServer {
private udpServer: plugins.dgram.Socket;
private httpsServer: plugins.https.Server;
private handlers: IDnsHandler[] = [];
// DNSSEC related properties
private dnsSec: DnsSec;
private dnskeyRecord: DNSKEYData;
private keyTag: number;
constructor(private options: IDnsServerOptions) {
// Initialize DNSSEC
this.dnsSec = new DnsSec({
zone: options.dnssecZone,
algorithm: 'ECDSA', // You can change this based on your needs
keySize: 256,
days: 365,
});
// Generate DNSKEY and DS records
const { dsRecord, dnskeyRecord } = this.dnsSec.getDsAndKeyPair();
// Parse DNSKEY record into dns-packet format
this.dnskeyRecord = this.parseDNSKEYRecord(dnskeyRecord);
this.keyTag = this.computeKeyTag(this.dnskeyRecord);
}
public registerHandler(
domainPattern: string,
recordTypes: string[],
handler: (question: dnsPacket.Question) => DnsAnswer | null
): void {
this.handlers.push({ domainPattern, recordTypes, handler });
}
// Unregister a specific handler
public unregisterHandler(domainPattern: string, recordTypes: string[]): boolean {
const initialLength = this.handlers.length;
this.handlers = this.handlers.filter(handler =>
!(handler.domainPattern === domainPattern &&
recordTypes.every(type => handler.recordTypes.includes(type)))
);
return this.handlers.length < initialLength;
}
/**
* Retrieve SSL certificate for specified domains using Let's Encrypt
* @param domainNames Array of domain names to include in the certificate
* @param options Configuration options for Let's Encrypt
* @returns Object containing certificate, private key, and success status
*/
public async retrieveSslCertificate(
domainNames: string[],
options: LetsEncryptOptions = {}
): Promise<{ cert: string; key: string; success: boolean }> {
// Default options
const opts = {
email: options.email || 'admin@example.com',
staging: options.staging !== undefined ? options.staging : false,
certDir: options.certDir || './certs'
};
// Create certificate directory if it doesn't exist
if (!plugins.fs.existsSync(opts.certDir)) {
plugins.fs.mkdirSync(opts.certDir, { recursive: true });
}
// Filter domains this server is authoritative for
const authorizedDomains = this.filterAuthorizedDomains(domainNames);
if (authorizedDomains.length === 0) {
console.error('None of the provided domains are authorized for this DNS server');
return { cert: '', key: '', success: false };
}
console.log(`Retrieving SSL certificate for domains: ${authorizedDomains.join(', ')}`);
try {
// Allow for override in tests
// @ts-ignore - acmeClientOverride is added for testing purposes
const acmeClient = this.acmeClientOverride || await import('acme-client');
// Generate or load account key
const accountKeyPath = plugins.path.join(opts.certDir, 'account.key');
let accountKey: Buffer;
if (plugins.fs.existsSync(accountKeyPath)) {
accountKey = plugins.fs.readFileSync(accountKeyPath);
} else {
// Generate new account key
const { privateKey } = plugins.crypto.generateKeyPairSync('rsa', {
modulusLength: 2048,
publicKeyEncoding: { type: 'spki', format: 'pem' },
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
});
accountKey = Buffer.from(privateKey);
plugins.fs.writeFileSync(accountKeyPath, accountKey);
}
// Initialize ACME client
const client = new acmeClient.Client({
directoryUrl: opts.staging
? acmeClient.directory.letsencrypt.staging
: acmeClient.directory.letsencrypt.production,
accountKey: accountKey
});
// Create or update account
await client.createAccount({
termsOfServiceAgreed: true,
contact: [`mailto:${opts.email}`]
});
// Create order for certificate
const order = await client.createOrder({
identifiers: authorizedDomains.map(domain => ({
type: 'dns',
value: domain
}))
});
// Get authorizations
const authorizations = await client.getAuthorizations(order);
// Track handlers to clean up later
const challengeHandlers: { domain: string; pattern: string }[] = [];
// Process each authorization
for (const auth of authorizations) {
const domain = auth.identifier.value;
// Get DNS challenge
const challenge = auth.challenges.find(c => c.type === 'dns-01');
if (!challenge) {
throw new Error(`No DNS-01 challenge found for ${domain}`);
}
// Get key authorization and DNS record value
const keyAuthorization = await client.getChallengeKeyAuthorization(challenge);
const recordValue = this.getDnsRecordValueForChallenge(keyAuthorization);
// Create challenge domain (where TXT record should be placed)
const challengeDomain = `_acme-challenge.${domain}`;
console.log(`Setting up TXT record for ${challengeDomain}: ${recordValue}`);
// Register handler for the TXT record
this.registerHandler(
challengeDomain,
['TXT'],
(question: dnsPacket.Question): DnsAnswer | null => {
if (question.name === challengeDomain && question.type === 'TXT') {
return {
name: question.name,
type: 'TXT',
class: 'IN',
ttl: 300,
data: [recordValue]
};
}
return null;
}
);
// Track the handler for cleanup
challengeHandlers.push({ domain, pattern: challengeDomain });
// Wait briefly for DNS propagation
await new Promise(resolve => setTimeout(resolve, 2000));
// Complete the challenge
await client.completeChallenge(challenge);
// Wait for verification
await client.waitForValidStatus(challenge);
console.log(`Challenge for ${domain} validated successfully!`);
}
// Generate certificate key
const domainKeyPath = plugins.path.join(opts.certDir, `${authorizedDomains[0]}.key`);
const { privateKey } = plugins.crypto.generateKeyPairSync('rsa', {
modulusLength: 2048,
publicKeyEncoding: { type: 'spki', format: 'pem' },
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
});
plugins.fs.writeFileSync(domainKeyPath, privateKey);
// Create CSR
// Define an interface for the expected CSR result structure
interface CSRResult {
csr: Buffer;
}
// Use the forge.createCsr method and handle typing with a more direct approach
const csrResult = await acmeClient.forge.createCsr({
commonName: authorizedDomains[0],
altNames: authorizedDomains
}) as unknown as CSRResult;
// Finalize the order with the CSR
await client.finalizeOrder(order, csrResult.csr);
// Get certificate
const certificate = await client.getCertificate(order);
// Save certificate
const certPath = plugins.path.join(opts.certDir, `${authorizedDomains[0]}.cert`);
plugins.fs.writeFileSync(certPath, certificate);
// Update HTTPS server with new certificate
this.options.httpsCert = certificate;
this.options.httpsKey = privateKey;
// Restart HTTPS server with new certificate
await this.restartHttpsServer();
// Clean up challenge handlers
for (const handler of challengeHandlers) {
this.unregisterHandler(handler.pattern, ['TXT']);
console.log(`Cleaned up challenge handler for ${handler.domain}`);
}
return {
cert: certificate,
key: privateKey,
success: true
};
} catch (error) {
console.error('Error retrieving SSL certificate:', error);
return { cert: '', key: '', success: false };
}
}
/**
* Create DNS record value for the ACME challenge
*/
private getDnsRecordValueForChallenge(keyAuthorization: string): string {
// Create SHA-256 digest of the key authorization
const digest = plugins.crypto
.createHash('sha256')
.update(keyAuthorization)
.digest('base64')
.replace(/\+/g, '-')
.replace(/\//g, '_')
.replace(/=/g, '');
return digest;
}
/**
* Restart the HTTPS server with the new certificate
*/
private async restartHttpsServer(): Promise<void> {
return new Promise<void>((resolve, reject) => {
// First check if the server exists
if (!this.httpsServer) {
console.log('No HTTPS server to restart');
resolve();
return;
}
this.httpsServer.close(() => {
try {
// Validate certificate and key before trying to create the server
if (!this.options.httpsCert || !this.options.httpsKey) {
throw new Error('Missing certificate or key for HTTPS server');
}
// For testing, check if we have a mock certificate
if (this.options.httpsCert.includes('MOCK_CERTIFICATE')) {
console.log('Using mock certificate in test mode');
// In test mode with mock cert, we can use the original cert
// @ts-ignore - accessing acmeClientOverride for testing
if (this.acmeClientOverride) {
this.httpsServer = plugins.https.createServer(
{
key: this.options.httpsKey,
cert: this.options.httpsCert,
},
this.handleHttpsRequest.bind(this)
);
this.httpsServer.listen(this.options.httpsPort, () => {
console.log(`HTTPS DNS server restarted on port ${this.options.httpsPort} with test certificate`);
resolve();
});
return;
}
}
// Create the new server with the updated certificate
this.httpsServer = plugins.https.createServer(
{
key: this.options.httpsKey,
cert: this.options.httpsCert,
},
this.handleHttpsRequest.bind(this)
);
this.httpsServer.listen(this.options.httpsPort, () => {
console.log(`HTTPS DNS server restarted on port ${this.options.httpsPort} with new certificate`);
resolve();
});
} catch (err) {
console.error('Error creating HTTPS server with new certificate:', err);
reject(err);
}
});
});
}
/**
* Filter domains to include only those the server is authoritative for
*/
public filterAuthorizedDomains(domainNames: string[]): string[] {
const authorizedDomains: string[] = [];
for (const domain of domainNames) {
// Handle wildcards (*.example.com)
if (domain.startsWith('*.')) {
const baseDomain = domain.substring(2);
if (this.isAuthorizedForDomain(baseDomain)) {
authorizedDomains.push(domain);
}
}
// Regular domains
else if (this.isAuthorizedForDomain(domain)) {
authorizedDomains.push(domain);
}
}
return authorizedDomains;
}
/**
* Check if the server is authoritative for a domain
*/
private isAuthorizedForDomain(domain: string): boolean {
// Check if any handler matches this domain
for (const handler of this.handlers) {
if (plugins.minimatch.minimatch(domain, handler.domainPattern)) {
return true;
}
}
// Also check if the domain is the DNSSEC zone itself
if (domain === this.options.dnssecZone || domain.endsWith(`.${this.options.dnssecZone}`)) {
return true;
}
return false;
}
public processDnsRequest(request: dnsPacket.Packet): dnsPacket.Packet {
const response: dnsPacket.Packet = {
type: 'response',
id: request.id,
flags:
dnsPacket.AUTHORITATIVE_ANSWER |
dnsPacket.RECURSION_AVAILABLE |
(request.flags & dnsPacket.RECURSION_DESIRED ? dnsPacket.RECURSION_DESIRED : 0),
questions: request.questions,
answers: [],
additionals: [],
};
const dnssecRequested = this.isDnssecRequested(request);
for (const question of request.questions) {
console.log(`Query for ${question.name} of type ${question.type}`);
let answered = false;
// Handle DNSKEY queries if DNSSEC is requested
if (dnssecRequested && question.type === 'DNSKEY' && question.name === this.options.dnssecZone) {
const dnskeyAnswer: DnsAnswer = {
name: question.name,
type: 'DNSKEY',
class: 'IN',
ttl: 3600,
data: this.dnskeyRecord,
};
response.answers.push(dnskeyAnswer as plugins.dnsPacket.Answer);
// Sign the DNSKEY RRset
const rrsig = this.generateRRSIG('DNSKEY', [dnskeyAnswer], question.name);
response.answers.push(rrsig as plugins.dnsPacket.Answer);
answered = true;
continue;
}
for (const handlerEntry of this.handlers) {
if (
plugins.minimatch.minimatch(question.name, handlerEntry.domainPattern) &&
handlerEntry.recordTypes.includes(question.type)
) {
const answer = handlerEntry.handler(question);
if (answer) {
// Ensure the answer has ttl and class
const dnsAnswer: DnsAnswer = {
...answer,
ttl: answer.ttl || 300,
class: answer.class || 'IN',
};
response.answers.push(dnsAnswer as plugins.dnsPacket.Answer);
if (dnssecRequested) {
// Sign the answer RRset
const rrsig = this.generateRRSIG(question.type, [dnsAnswer], question.name);
response.answers.push(rrsig as plugins.dnsPacket.Answer);
}
answered = true;
break;
}
}
}
if (!answered) {
console.log(`No handler found for ${question.name} of type ${question.type}`);
response.flags |= dnsPacket.AUTHORITATIVE_ANSWER;
const soaAnswer: DnsAnswer = {
name: question.name,
type: 'SOA',
class: 'IN',
ttl: 3600,
data: {
mname: `ns1.${this.options.dnssecZone}`,
rname: `hostmaster.${this.options.dnssecZone}`,
serial: Math.floor(Date.now() / 1000),
refresh: 3600,
retry: 600,
expire: 604800,
minimum: 86400,
},
};
response.answers.push(soaAnswer as plugins.dnsPacket.Answer);
}
}
return response;
}
private isDnssecRequested(request: dnsPacket.Packet): boolean {
if (!request.additionals) return false;
for (const additional of request.additionals) {
if (additional.type === 'OPT' && typeof additional.flags === 'number') {
// The DO bit is the 15th bit (0x8000)
if (additional.flags & 0x8000) {
return true;
}
}
}
return false;
}
private generateRRSIG(
type: string,
rrset: DnsAnswer[],
name: string
): DnsAnswer {
// Prepare RRSIG data
const algorithm = this.dnsSec.getAlgorithmNumber();
const keyTag = this.keyTag;
const signerName = this.options.dnssecZone.endsWith('.') ? this.options.dnssecZone : `${this.options.dnssecZone}.`;
const inception = Math.floor(Date.now() / 1000) - 3600; // 1 hour ago
const expiration = inception + 86400; // Valid for 1 day
const ttl = rrset[0].ttl || 300;
// Serialize the RRset in canonical form
const rrsetBuffer = this.serializeRRset(rrset);
// Sign the RRset
const signature = this.dnsSec.signData(rrsetBuffer);
// Construct the RRSIG record
const rrsig: DnsAnswer = {
name,
type: 'RRSIG',
class: 'IN',
ttl,
data: {
typeCovered: type, // Changed to type string
algorithm,
labels: name.split('.').length - 1,
originalTTL: ttl,
expiration,
inception,
keyTag,
signerName,
signature: signature,
},
};
return rrsig;
}
private serializeRRset(rrset: DnsAnswer[]): Buffer {
// Implement canonical DNS RRset serialization as per RFC 4034 Section 6
const buffers: Buffer[] = [];
for (const rr of rrset) {
if (rr.type === 'OPT') {
continue; // Skip OPT records
}
const name = rr.name.endsWith('.') ? rr.name : rr.name + '.';
const nameBuffer = this.nameToBuffer(name.toLowerCase());
const typeValue = this.qtypeToNumber(rr.type);
const typeBuffer = Buffer.alloc(2);
typeBuffer.writeUInt16BE(typeValue, 0);
const classValue = this.classToNumber(rr.class);
const classBuffer = Buffer.alloc(2);
classBuffer.writeUInt16BE(classValue, 0);
const ttlValue = rr.ttl || 300;
const ttlBuffer = Buffer.alloc(4);
ttlBuffer.writeUInt32BE(ttlValue, 0);
// Serialize the data based on the record type
const dataBuffer = this.serializeRData(rr.type, rr.data);
const rdLengthBuffer = Buffer.alloc(2);
rdLengthBuffer.writeUInt16BE(dataBuffer.length, 0);
buffers.push(Buffer.concat([nameBuffer, typeBuffer, classBuffer, ttlBuffer, rdLengthBuffer, dataBuffer]));
}
return Buffer.concat(buffers);
}
private serializeRData(type: string, data: any): Buffer {
// Implement serialization for each record type you support
switch (type) {
case 'A':
return Buffer.from(data.split('.').map((octet: string) => parseInt(octet, 10)));
case 'AAAA':
// Handle IPv6 addresses
return Buffer.from(data.split(':').flatMap((segment: string) => {
const num = parseInt(segment, 16);
return [num >> 8, num & 0xff];
}));
case 'TXT':
// Handle TXT records for ACME challenges
if (Array.isArray(data)) {
// Combine all strings and encode as lengths and values
const buffers = data.map(str => {
const strBuf = Buffer.from(str);
const lenBuf = Buffer.alloc(1);
lenBuf.writeUInt8(strBuf.length, 0);
return Buffer.concat([lenBuf, strBuf]);
});
return Buffer.concat(buffers);
}
return Buffer.alloc(0);
case 'DNSKEY':
const dnskeyData: DNSKEYData = data;
return Buffer.concat([
Buffer.from([dnskeyData.flags >> 8, dnskeyData.flags & 0xff]),
Buffer.from([3]), // Protocol field, always 3
Buffer.from([dnskeyData.algorithm]),
dnskeyData.key,
]);
case 'SOA':
// Implement SOA record serialization if needed
// For now, return an empty buffer or handle as needed
return Buffer.alloc(0);
// Add cases for other record types as needed
default:
throw new Error(`Serialization for record type ${type} is not implemented.`);
}
}
private parseDNSKEYRecord(dnskeyRecord: string): DNSKEYData {
// Parse the DNSKEY record string into dns-packet format
const parts = dnskeyRecord.trim().split(/\s+/);
const flags = parseInt(parts[3], 10);
const algorithm = parseInt(parts[5], 10);
const publicKeyBase64 = parts.slice(6).join('');
const key = Buffer.from(publicKeyBase64, 'base64');
return {
flags,
algorithm,
key,
};
}
private computeKeyTag(dnskeyRecord: DNSKEYData): number {
// Compute key tag as per RFC 4034 Appendix B
const flags = dnskeyRecord.flags;
const algorithm = dnskeyRecord.algorithm;
const key = dnskeyRecord.key;
const dnskeyRdata = Buffer.concat([
Buffer.from([flags >> 8, flags & 0xff]),
Buffer.from([3]), // Protocol field, always 3
Buffer.from([algorithm]),
key,
]);
let acc = 0;
for (let i = 0; i < dnskeyRdata.length; i++) {
acc += (i & 1) ? dnskeyRdata[i] : dnskeyRdata[i] << 8;
}
acc += (acc >> 16) & 0xffff;
return acc & 0xffff;
}
private handleHttpsRequest(req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse): void {
if (req.method === 'POST' && req.url === '/dns-query') {
let body: Buffer[] = [];
req.on('data', (chunk) => {
body.push(chunk);
}).on('end', () => {
const msg = Buffer.concat(body);
const request = dnsPacket.decode(msg);
const response = this.processDnsRequest(request);
const responseData = dnsPacket.encode(response);
res.writeHead(200, { 'Content-Type': 'application/dns-message' });
res.end(responseData);
});
} else {
res.writeHead(404);
res.end();
}
}
public async start(): Promise<void> {
this.httpsServer = plugins.https.createServer(
{
key: this.options.httpsKey,
cert: this.options.httpsCert,
},
this.handleHttpsRequest.bind(this)
);
this.udpServer = plugins.dgram.createSocket('udp4');
this.udpServer.on('message', (msg, rinfo) => {
const request = dnsPacket.decode(msg);
const response = this.processDnsRequest(request);
const responseData = dnsPacket.encode(response);
this.udpServer.send(responseData, rinfo.port, rinfo.address);
});
this.udpServer.on('error', (err) => {
console.error(`UDP Server error:\n${err.stack}`);
this.udpServer.close();
});
const udpListeningDeferred = plugins.smartpromise.defer<void>();
const httpsListeningDeferred = plugins.smartpromise.defer<void>();
try {
this.udpServer.bind(this.options.udpPort, '0.0.0.0', () => {
console.log(`UDP DNS server running on port ${this.options.udpPort}`);
udpListeningDeferred.resolve();
});
this.httpsServer.listen(this.options.httpsPort, () => {
console.log(`HTTPS DNS server running on port ${this.options.httpsPort}`);
httpsListeningDeferred.resolve();
});
} catch (err) {
console.error('Error starting DNS server:', err);
process.exit(1);
}
await Promise.all([udpListeningDeferred.promise, httpsListeningDeferred.promise]);
}
public async stop(): Promise<void> {
const doneUdp = plugins.smartpromise.defer<void>();
const doneHttps = plugins.smartpromise.defer<void>();
if (this.udpServer) {
this.udpServer.close(() => {
console.log('UDP DNS server stopped');
if (this.udpServer) {
this.udpServer.unref();
this.udpServer = null;
}
doneUdp.resolve();
});
} else {
doneUdp.resolve();
}
if (this.httpsServer) {
this.httpsServer.close(() => {
console.log('HTTPS DNS server stopped');
if (this.httpsServer) {
this.httpsServer.unref();
this.httpsServer = null;
}
doneHttps.resolve();
});
} else {
doneHttps.resolve();
}
await Promise.all([doneUdp.promise, doneHttps.promise]);
}
// Helper methods
private qtypeToNumber(type: string): number {
const QTYPE_NUMBERS: { [key: string]: number } = {
'A': 1,
'NS': 2,
'CNAME': 5,
'SOA': 6,
'PTR': 12,
'MX': 15,
'TXT': 16,
'AAAA': 28,
'SRV': 33,
'DNSKEY': 48,
'RRSIG': 46,
// Add more as needed
};
return QTYPE_NUMBERS[type.toUpperCase()] || 0;
}
private classToNumber(cls: string | number): number {
const CLASS_NUMBERS: { [key: string]: number } = {
'IN': 1,
'CH': 3,
'HS': 4,
// Add more as needed
};
if (typeof cls === 'number') {
return cls;
}
return CLASS_NUMBERS[cls.toUpperCase()] || 1;
}
private nameToBuffer(name: string): Buffer {
const labels = name.split('.');
const buffers = labels.map(label => {
const len = Buffer.byteLength(label, 'utf8');
const buf = Buffer.alloc(1 + len);
buf.writeUInt8(len, 0);
buf.write(label, 1);
return buf;
});
return Buffer.concat([...buffers, Buffer.from([0])]); // Add root label
}
}

1
ts_server/index.ts Normal file
View File

@ -0,0 +1 @@
export * from './classes.dnsserver.js';

34
ts_server/plugins.ts Normal file
View File

@ -0,0 +1,34 @@
// node native
import crypto from 'crypto';
import dgram from 'dgram';
import fs from 'fs';
import http from 'http';
import https from 'https';
import * as path from 'path';
export {
crypto,
fs,
http,
https,
dgram,
path,
}
// @push.rocks scope
import * as smartpromise from '@push.rocks/smartpromise';
export {
smartpromise,
}
// third party
import elliptic from 'elliptic';
import * as dnsPacket from 'dns-packet';
import * as minimatch from 'minimatch';
export {
dnsPacket,
elliptic,
minimatch,
}

12
tsconfig.json
View File

@ -3,8 +3,12 @@
"experimentalDecorators": true,
"useDefineForClassFields": false,
"target": "ES2022",
"module": "ES2022",
"moduleResolution": "nodenext",
"esModuleInterop": true
}
"module": "NodeNext",
"moduleResolution": "NodeNext",
"esModuleInterop": true,
"verbatimModuleSyntax": true
},
"exclude": [
"dist_*/**/*.d.ts"
]
}