6.2.1

changelog.md

@@ -0,0 +1,116 @@
+# Changelog
+
+## 2024-09-21 - 6.2.1 - fix(core)
+Fixing issues with keywords and readme formatting.
+
+- Synchronized keywords field between npmextra.json and package.json.
+- Updated readme.md to fix formatting issues and added new sections.
+
+## 2024-09-19 - 6.2.0 - feat(dnssec)
+Introduced DNSSEC support with ECDSA algorithm
+
+- Added `DnsSec` class for handling DNSSEC operations.
+- Updated `DnsServer` to support DNSSEC with ECDSA.
+- Shifted DNS-related helper functions to `DnsServer` class.
+- Integrated parsing and handling of DNSKEY and RRSIG records in `DnsServer`.
+
+## 2024-09-19 - 6.1.1 - fix(ts_server)
+Update DnsSec class to fully implement key generation and DNSKEY record creation.
+
+- Added complete support for ECDSA and ED25519 algorithms in the DnsSec class.
+- Implemented DNSKEY generation and KeyTag computation methods.
+- Improved error handling and initialized the appropriate cryptographic instances based on the algorithm.
+
+## 2024-09-18 - 6.1.0 - feat(smartdns)
+Add DNS Server and DNSSEC tools with comprehensive unit tests
+
+- Updated package dependencies to the latest versions
+- Introduced DnsServer class for handling DNS requests over both HTTPS and UDP with support for custom handlers
+- Added DnsSec class for generating and managing DNSSEC keys and DS records
+- Implemented unit tests for DnsServer and Smartdns classes
+
+## 2024-06-02 - 6.0.0 - server/client
+Main description here
+
+- **Breaking Change:** Move from client only to server + client exports.
+
+## 2024-03-30 - 5.0.4 - maintenance
+Range contains relevant changes
+
+- Switch to new org scheme
+
+## 2023-04-08 - 5.0.4 - core
+Main description here
+
+- Core update
+- Fixes applied to the system
+
+## 2022-07-27 - 5.0.0 - core
+Update contains relevant changes
+
+- **Breaking Change:** Major update and core changes
+- Fixes and updates applied
+
+## 2022-07-27 - 4.0.11 - core
+Range contains relevant changes
+
+- **Breaking Change:** Core update and changes applied
+
+## 2021-08-24 - 4.0.10 - core
+Range contains relevant changes
+
+- Fixes applied to the core functionalities
+
+## 2021-01-23 - 4.0.8 - core
+Range contains relevant changes
+
+- Updates and fixes to the core components
+
+## 2020-08-05 - 4.0.4 - core
+Range contains relevant changes
+
+- Multiple core fixes applied
+
+## 2020-02-15 - 4.0.0 - core
+Main description here
+
+- Core updates
+- Fixes applied across the system
+
+## 2020-02-15 - 3.0.8 - core
+Core updates with major changes
+
+- **Breaking Change:** Now uses Google DNS HTTPS API and handles DNSSEC validation
+
+## 2019-01-07 - 3.0.6 - core
+Range contains relevant changes
+
+- Fixes and updates applied to the core
+
+## 2018-05-13 - 3.0.4 - core
+Range contains relevant changes
+
+- Fixes applied, including `fix .checkUntilAvailable` error
+
+## 2018-05-13 - 3.0.0 - ci
+Main description here
+
+- CI changes and updates to the access level and global packages
+
+## 2017-07-31 - 2.0.10 - package
+Update to new package name and improved record retrieval
+
+- **Breaking Change:** Package name update and record retrieval improvements
+
+## 2017-01-27 - 2.0.1 - maintenance
+Multiple fixes and merges
+
+## 2017-01-27 - 2.0.0 - core
+Fix typings and update to better API
+
+## 2016-11-15 - 1.0.7 - initial
+Initial setup and improvements
+
+- Initial deployment
+- README improvements
+

npmextra.json

@@ -9,14 +9,17 @@
       "npmPackagename": "@push.rocks/smartdns",
       "license": "MIT",
       "keywords": [
-        "DNS",
         "TypeScript",
+        "DNS",
+        "DNS records",
+        "DNS resolution",
+        "DNS management",
+        "DNSSEC",
         "Node.js",
         "Google DNS",
         "Cloudflare",
-        "DNS records",
-        "DNS resolution",
-        "DNSSEC"
+        "UDP DNS",
+        "HTTPS DNS"
       ]
     }
   },

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartdns",
-  "version": "6.0.0",
+  "version": "6.2.1",
   "private": false,
   "description": "A TypeScript library for smart DNS methods, supporting various DNS records and providers.",
   "exports": {
@@ -18,14 +18,17 @@
     "url": "https://code.foss.global/push.rocks/smartdns.git"
   },
   "keywords": [
-    "DNS",
     "TypeScript",
+    "DNS",
+    "DNS records",
+    "DNS resolution",
+    "DNS management",
+    "DNSSEC",
     "Node.js",
     "Google DNS",
     "Cloudflare",
-    "DNS records",
-    "DNS resolution",
-    "DNSSEC"
+    "UDP DNS",
+    "HTTPS DNS"
   ],
   "author": "Lossless GmbH",
   "license": "MIT",
@@ -36,18 +39,21 @@
   "dependencies": {
     "@push.rocks/smartdelay": "^3.0.1",
     "@push.rocks/smartenv": "^5.0.5",
-    "@push.rocks/smartpromise": "^4.0.2",
+    "@push.rocks/smartpromise": "^4.0.4",
     "@push.rocks/smartrequest": "^2.0.15",
-    "@tsclass/tsclass": "^4.0.54",
+    "@tsclass/tsclass": "^4.1.2",
     "@types/dns-packet": "^5.6.5",
-    "dns-packet": "^5.6.1"
+    "@types/elliptic": "^6.4.18",
+    "dns-packet": "^5.6.1",
+    "elliptic": "^6.5.7",
+    "minimatch": "^10.0.1"
   },
   "devDependencies": {
-    "@git.zone/tsbuild": "^2.1.66",
-    "@git.zone/tsrun": "^1.2.44",
+    "@git.zone/tsbuild": "^2.1.84",
+    "@git.zone/tsrun": "^1.2.49",
     "@git.zone/tstest": "^1.0.77",
-    "@push.rocks/tapbundle": "^5.0.8",
-    "@types/node": "^20.13.0"
+    "@push.rocks/tapbundle": "^5.2.0",
+    "@types/node": "^22.5.5"
   },
   "files": [
     "ts/**/*",

readme.md

@@ -1,6 +1,5 @@
 # @push.rocks/smartdns
-
-smart dns methods written in TypeScript
+A TypeScript library for smart DNS methods, supporting various DNS records and providers.
 
 ## Install
 
@@ -16,7 +15,7 @@ Or with `yarn`:
 yarn add @push.rocks/smartdns
 ```
 
-Make sure you have a TypeScript environment setup to utilize the library effectively.
+Make sure you have a TypeScript environment set up to utilize the library effectively.
 
 ## Usage
 
@@ -39,6 +38,8 @@ Often, the need arises to fetch various DNS records for a domain. `@push.rocks/s
 To fetch an "A" record for a domain:
 
 ```typescript
+import { Smartdns } from '@push.rocks/smartdns';
+
 const dnsManager = new Smartdns({});
 const aRecords = await dnsManager.getRecordsA('example.com');
 console.log(aRecords);
@@ -53,6 +54,15 @@ const aaaaRecords = await dnsManager.getRecordsAAAA('example.com');
 console.log(aaaaRecords);
 ```
 
+#### Fetching TXT Records
+
+For "TXT" records:
+
+```typescript
+const txtRecords = await dnsManager.getRecordsTxt('example.com');
+console.log(txtRecords);
+```
+
 ### Advanced DNS Management
 
 Beyond simple queries, `@push.rocks/smartdns` offers functionalities suitable for more complex DNS management scenarios.
@@ -94,6 +104,258 @@ if (featureFlags['NewFeature']) {
 }
 ```
 
+### DNS Server Implementation
+
+To implement a DNS server, `@push.rocks/smartdns` includes classes and methods to set up a UDP and HTTPS DNS server supporting DNSSEC.
+
+#### Basic DNS Server Example
+
+Here's a basic example of a UDP/HTTPS DNS server:
+
+```typescript
+import { DnsServer } from '@push.rocks/smartdns';
+
+const dnsServer = new DnsServer({
+  httpsKey: 'path/to/key.pem',
+  httpsCert: 'path/to/cert.pem',
+  httpsPort: 443,
+  udpPort: 53,
+  dnssecZone: 'example.com',
+});
+
+dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+  name: question.name,
+  type: 'A',
+  class: 'IN',
+  ttl: 300,
+  data: '127.0.0.1',
+}));
+
+dnsServer.start().then(() => console.log('DNS Server started'));
+```
+
+### DNSSEC Support
+
+`@push.rocks/smartdns` provides support for DNSSEC, including the generation, signing, and validation of DNS records.
+
+#### DNSSEC Configuration
+
+To configure DNSSEC for your DNS server:
+
+```typescript
+import { DnsServer } from '@push.rocks/smartdns';
+
+const dnsServer = new DnsServer({
+  httpsKey: 'path/to/key.pem',
+  httpsCert: 'path/to/cert.pem',
+  httpsPort: 443,
+  udpPort: 53,
+  dnssecZone: 'example.com',
+});
+
+dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+  name: question.name,
+  type: 'A',
+  class: 'IN',
+  ttl: 300,
+  data: '127.0.0.1',
+}));
+
+dnsServer.start().then(() => console.log('DNS Server with DNSSEC started'));
+```
+
+This setup ensures that DNS records are signed and can be verified for authenticity.
+
+### Handling DNS Queries Over Different Protocols
+
+The library supports handling DNS queries over UDP and HTTPS.
+
+#### Handling UDP Queries
+
+UDP is the traditional means of DNS query transport. 
+
+```typescript
+import { DnsServer } from '@push.rocks/smartdns';
+import dgram from 'dgram';
+
+dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+  name: question.name,
+  type: 'A',
+  class: 'IN',
+  ttl: 300,
+  data: '127.0.0.1',
+}));
+
+dnsServer.start().then(() => {
+  console.log('UDP DNS Server started on port', dnsServer.getOptions().udpPort);
+});
+
+const client = dgram.createSocket('udp4');
+
+client.on('message', (msg, rinfo) => {
+  console.log(`Received ${msg} from ${rinfo.address}:${rinfo.port}`);
+});
+
+client.send(Buffer.from('example DNS query'), dnsServer.getOptions().udpPort, 'localhost');
+```
+
+#### Handling HTTPS Queries
+
+DNS over HTTPS (DoH) is increasingly adopted for privacy and security.
+
+```typescript
+import { DnsServer } from '@push.rocks/smartdns';
+import https from 'https';
+import fs from 'fs';
+
+const dnsServer = new DnsServer({
+  httpsKey: fs.readFileSync('path/to/key.pem'),
+  httpsCert: fs.readFileSync('path/to/cert.pem'),
+  httpsPort: 443,
+  udpPort: 53,
+  dnssecZone: 'example.com',
+});
+
+dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+  name: question.name,
+  type: 'A',
+  class: 'IN',
+  ttl: 300,
+  data: '127.0.0.1',
+}));
+
+dnsServer.start().then(() => console.log('HTTPS DNS Server started'));
+
+const client = https.request({
+  hostname: 'localhost',
+  port: 443,
+  path: '/dns-query',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/dns-message'
+  }
+}, (res) => {
+  res.on('data', (d) => {
+    process.stdout.write(d);
+  });
+});
+
+client.on('error', (e) => {
+  console.error(e);
+});
+
+client.write(Buffer.from('example DNS query'));
+client.end();
+```
+
+### Testing
+
+To ensure that the DNS server behaves as expected, it is important to write tests for various scenarios.
+
+#### DNS Server Tests
+
+Here is an example of how to test the DNS server with TAP:
+
+```typescript
+import { expect, tap } from '@push.rocks/tapbundle';
+
+import { DnsServer } from '@push.rocks/smartdns';
+
+let dnsServer: DnsServer;
+
+tap.test('should create an instance of DnsServer', async () => {
+  dnsServer = new DnsServer({
+    httpsKey: 'path/to/key.pem',
+    httpsCert: 'path/to/cert.pem',
+    httpsPort: 443,
+    udpPort: 53,
+    dnssecZone: 'example.com',
+  });
+  expect(dnsServer).toBeInstanceOf(DnsServer);
+});
+
+tap.test('should start the server', async () => {
+  await dnsServer.start();
+  expect(dnsServer.isRunning()).toBeTrue();
+});
+
+tap.test('should add a DNS handler', async () => {
+  dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+    name: question.name,
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    data: '127.0.0.1',
+  }));
+
+  const response = dnsServer.processDnsRequest({
+    type: 'query',
+    id: 1,
+    flags: 0,
+    questions: [
+      {
+        name: 'test.example.com',
+        type: 'A',
+        class: 'IN',
+      },
+    ],
+    answers: [],
+  });
+
+  expect(response.answers[0]).toEqual({
+    name: 'test.example.com',
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    data: '127.0.0.1',
+  });
+});
+
+tap.test('should query the server over HTTP', async () => {
+  // Assuming fetch or any HTTP client is available
+  const query = dnsPacket.encode({
+    type: 'query',
+    id: 2,
+    flags: dnsPacket.RECURSION_DESIRED,
+    questions: [
+      {
+        name: 'test.example.com',
+        type: 'A',
+        class: 'IN',
+      },
+    ],
+  });
+
+  const response = await fetch('https://localhost:443/dns-query', {
+    method: 'POST',
+    body: query,
+    headers: {
+      'Content-Type': 'application/dns-message',
+    }
+  });
+
+  expect(response.status).toEqual(200);
+
+  const responseData = await response.arrayBuffer();
+  const dnsResponse = dnsPacket.decode(Buffer.from(responseData));
+
+  expect(dnsResponse.answers[0]).toEqual({
+    name: 'test.example.com',
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    data: '127.0.0.1',
+  });
+});
+
+tap.test('should stop the server', async () => {
+  await dnsServer.stop();
+  expect(dnsServer.isRunning()).toBeFalse();
+});
+
+await tap.start();
+```
+
 ### Conclusion
 
 `@push.rocks/smartdns` offers a versatile set of tools for DNS querying and management, tailored for applications at any scale. The examples provided illustrate the library's potential use cases, highlighting its applicability in various scenarios from basic lookups to facilitating complex application features through DNS.
@@ -102,8 +364,6 @@ For the full spectrum of functionalities, including detailed method documentatio
 
 Remember, DNS changes might take time to propagate worldwide, and the utility methods provided by `@push.rocks/smartdns` for checking record availability will be invaluable in managing these changes seamlessly.
 
-
-
 ## License and Legal Information
 
 This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. 

test/test.server.ts

@@ -0,0 +1,163 @@
+import { expect, tap } from '@push.rocks/tapbundle';
+import { tapNodeTools } from '@push.rocks/tapbundle/node';
+
+import * as dnsPacket from 'dns-packet';
+import * as https from 'https';
+import * as dgram from 'dgram';
+
+import * as smartdns from '../ts_server/index.js';
+
+let dnsServer: smartdns.DnsServer;
+
+tap.test('should create an instance of DnsServer', async () => {
+  // Use valid options
+  const httpsData = await tapNodeTools.createHttpsCert();
+  dnsServer = new smartdns.DnsServer({
+    httpsKey: httpsData.key,
+    httpsCert: httpsData.cert,
+    httpsPort: 8080,
+    udpPort: 8081,
+  });
+  expect(dnsServer).toBeInstanceOf(smartdns.DnsServer);
+});
+
+tap.test('should start the server', async () => {
+  await dnsServer.start();
+  // @ts-ignore
+  expect(dnsServer.httpsServer).toBeDefined();
+});
+
+tap.test('lets add a handler', async () => {
+  dnsServer.registerHandler('*.bleu.de', ['A'], (question) => {
+    return {
+      name: question.name,
+      type: 'A',
+      class: 'IN',
+      ttl: 300,
+      data: '127.0.0.1',
+    };
+  });
+
+  // @ts-ignore
+  const response = dnsServer.processDnsRequest({
+    type: 'query',
+    id: 1,
+    flags: 0,
+    questions: [
+      {
+        name: 'dnsly_a.bleu.de',
+        type: 'A',
+        class: 'IN',
+      },
+    ],
+    answers: [],
+  });
+  expect(response.answers[0]).toEqual({
+    name: 'dnsly_a.bleu.de',
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    data: '127.0.0.1',
+  });
+});
+
+tap.test('lets query over https', async () => {
+  const query = dnsPacket.encode({
+    type: 'query',
+    id: 2,
+    flags: dnsPacket.RECURSION_DESIRED,
+    questions: [
+      {
+        name: 'dnsly_a.bleu.de',
+        type: 'A',
+        class: 'IN',
+      },
+    ],
+  });
+
+  const response = await fetch('https://localhost:8080/dns-query', {
+    method: 'POST',
+    body: query,
+    headers: {
+      'Content-Type': 'application/dns-message',
+    }
+  });
+
+  expect(response.status).toEqual(200);
+
+  const responseData = await response.arrayBuffer();
+  const dnsResponse = dnsPacket.decode(Buffer.from(responseData));
+
+  console.log(dnsResponse.answers[0]);
+
+  expect(dnsResponse.answers[0]).toEqual({
+    name: 'dnsly_a.bleu.de',
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    flush: false,
+    data: '127.0.0.1',
+  });
+});
+
+tap.test('lets query over udp', async () => {
+  const client = dgram.createSocket('udp4');
+
+  const query = dnsPacket.encode({
+    type: 'query',
+    id: 3,
+    flags: dnsPacket.RECURSION_DESIRED,
+    questions: [
+      {
+        name: 'dnsly_a.bleu.de',
+        type: 'A',
+        class: 'IN',
+      },
+    ],
+  });
+
+  const responsePromise = new Promise<dnsPacket.Packet>((resolve, reject) => {
+    client.on('message', (msg) => {
+      const dnsResponse = dnsPacket.decode(msg);
+      resolve(dnsResponse);
+      client.close();
+    });
+
+    client.on('error', (err) => {
+      reject(err);
+      client.close();
+    });
+
+    client.send(query, 8081, 'localhost', (err) => {
+      if (err) {
+        reject(err);
+        client.close();
+      }
+    });
+  });
+
+  const dnsResponse = await responsePromise;
+
+  console.log(dnsResponse.answers[0]);
+
+  expect(dnsResponse.answers[0]).toEqual({
+    name: 'dnsly_a.bleu.de',
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    flush: false,
+    data: '127.0.0.1',
+  });
+});
+
+tap.test('should run for a while', async (toolsArg) => {
+  await toolsArg.delayFor(1000);
+});
+
+tap.test('should stop the server', async () => {
+  await dnsServer.stop();
+  // @ts-ignore
+  expect(dnsServer.httpsServer).toBeFalsy();
+});
+
+await tap.start();

ts_client/classes.dnsclient.ts

@@ -24,7 +24,7 @@ export const makeNodeProcessUseDnsProvider = (providerArg: TDnsProvider) => {
 
 export interface ISmartDnsConstructorOptions {}
 
-export interface IGoogleDNSHTTPSResponse {
+export interface IDnsJsonResponse {
   Status: number;
   TC: boolean;
   RD: boolean;
@@ -135,14 +135,14 @@ export class Smartdns {
   ): Promise<plugins.tsclass.network.IDnsRecord[]> {
     const requestUrl = `https://cloudflare-dns.com/dns-query?name=${recordNameArg}&type=${recordTypeArg}&do=1`;
     const returnArray: plugins.tsclass.network.IDnsRecord[] = [];
-    const getResponseBody = async (counterArg = 0): Promise<IGoogleDNSHTTPSResponse> => {
+    const getResponseBody = async (counterArg = 0): Promise<IDnsJsonResponse> => {
       const response = await plugins.smartrequest.request(requestUrl, {
         method: 'GET',
         headers: {
           accept: 'application/dns-json',
         },
       });
-      const responseBody: IGoogleDNSHTTPSResponse = response.body;
+      const responseBody: IDnsJsonResponse = response.body;
       if (responseBody?.Status !== 0 && counterArg < retriesCounterArg) {
         await plugins.smartdelay.delayFor(500);
         return getResponseBody(counterArg++);

ts_client/dnsly.plugins.ts

@@ -16,7 +16,3 @@ export { smartdelay, smartenv, smartpromise, smartrequest };
 import * as tsclass from '@tsclass/tsclass';
 
 export { tsclass };
-
-// third party scope
-const dns2 = smartenvInstance.getSafeNodeModule('dns2');
-export { dns2 };

ts_server/classes.dnssec.ts

@@ -0,0 +1,172 @@
+// Import necessary plugins from plugins.ts
+import * as plugins from './plugins.js';
+
+interface DnssecZone {
+  zone: string;
+  algorithm: 'ECDSA' | 'ED25519' | 'RSA';
+  keySize: number;
+  days: number;
+}
+
+interface DnssecKeyPair {
+  privateKey: string;
+  publicKey: string;
+}
+
+export class DnsSec {
+  private zone: DnssecZone;
+  private keyPair: DnssecKeyPair;
+  private ec?: plugins.elliptic.ec; // For ECDSA algorithms
+  private eddsa?: plugins.elliptic.eddsa; // For EdDSA algorithms
+
+  constructor(zone: DnssecZone) {
+    this.zone = zone;
+
+    // Initialize the appropriate cryptographic instance based on the algorithm
+    switch (this.zone.algorithm) {
+      case 'ECDSA':
+        this.ec = new plugins.elliptic.ec('p256'); // Use P-256 curve for ECDSA
+        break;
+      case 'ED25519':
+        this.eddsa = new plugins.elliptic.eddsa('ed25519');
+        break;
+      case 'RSA':
+        // RSA implementation would go here
+        throw new Error('RSA algorithm is not yet implemented.');
+      default:
+        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
+    }
+
+    // Generate the key pair
+    this.keyPair = this.generateKeyPair();
+  }
+
+  private generateKeyPair(): DnssecKeyPair {
+    let privateKey: string;
+    let publicKey: string;
+
+    switch (this.zone.algorithm) {
+      case 'ECDSA':
+        if (!this.ec) throw new Error('EC instance is not initialized.');
+        const ecKeyPair = this.ec.genKeyPair();
+        privateKey = ecKeyPair.getPrivate('hex');
+        publicKey = ecKeyPair.getPublic(false, 'hex'); // Uncompressed format
+        break;
+      case 'ED25519':
+        if (!this.eddsa) throw new Error('EdDSA instance is not initialized.');
+        const secret = plugins.crypto.randomBytes(32);
+        const edKeyPair = this.eddsa.keyFromSecret(secret);
+        privateKey = edKeyPair.getSecret('hex');
+        publicKey = edKeyPair.getPublic('hex');
+        break;
+      case 'RSA':
+        // RSA key generation would be implemented here
+        throw new Error('RSA key generation is not yet implemented.');
+      default:
+        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
+    }
+
+    return { privateKey, publicKey };
+  }
+
+  public getAlgorithmNumber(): number {
+    switch (this.zone.algorithm) {
+      case 'ECDSA':
+        return 13; // ECDSAP256SHA256
+      case 'ED25519':
+        return 15;
+      case 'RSA':
+        return 8; // RSASHA256
+      default:
+        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
+    }
+  }
+
+  public signData(data: Buffer): Buffer {
+    // Sign the data using the private key
+    const keyPair = this.ec!.keyFromPrivate(this.keyPair.privateKey, 'hex');
+    const signature = keyPair.sign(plugins.crypto.createHash('sha256').update(data).digest());
+    return Buffer.from(signature.toDER());
+  }
+
+  private generateDNSKEY(): Buffer {
+    const flags = 256; // 256 indicates a Zone Signing Key (ZSK)
+    const protocol = 3; // Must be 3 according to RFC
+    const algorithm = this.getAlgorithmNumber();
+
+    let publicKeyData: Buffer;
+
+    switch (this.zone.algorithm) {
+      case 'ECDSA':
+        if (!this.ec) throw new Error('EC instance is not initialized.');
+        const ecPublicKey = this.ec.keyFromPublic(this.keyPair.publicKey, 'hex').getPublic();
+        const x = ecPublicKey.getX().toArrayLike(Buffer, 'be', 32);
+        const y = ecPublicKey.getY().toArrayLike(Buffer, 'be', 32);
+        publicKeyData = Buffer.concat([x, y]);
+        break;
+      case 'ED25519':
+        publicKeyData = Buffer.from(this.keyPair.publicKey, 'hex');
+        break;
+      case 'RSA':
+        // RSA public key extraction would go here
+        throw new Error('RSA public key extraction is not yet implemented.');
+      default:
+        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
+    }
+
+    // Construct the DNSKEY RDATA
+    const dnskeyRdata = Buffer.concat([
+      Buffer.from([flags >> 8, flags & 0xff]), // Flags (2 bytes)
+      Buffer.from([protocol]), // Protocol (1 byte)
+      Buffer.from([algorithm]), // Algorithm (1 byte)
+      publicKeyData, // Public Key
+    ]);
+
+    return dnskeyRdata;
+  }
+
+  private computeKeyTag(dnskeyRdata: Buffer): number {
+    // Key Tag calculation as per RFC 4034, Appendix B
+    let acc = 0;
+    for (let i = 0; i < dnskeyRdata.length; i++) {
+      acc += i & 1 ? dnskeyRdata[i] : dnskeyRdata[i] << 8;
+    }
+    acc += (acc >> 16) & 0xffff;
+    return acc & 0xffff;
+  }
+
+  private getDNSKEYRecord(): string {
+    const dnskeyRdata = this.generateDNSKEY();
+    const flags = 256;
+    const protocol = 3;
+    const algorithm = this.getAlgorithmNumber();
+    const publicKeyData = dnskeyRdata.slice(4); // Skip flags, protocol, algorithm bytes
+    const publicKeyBase64 = publicKeyData.toString('base64');
+
+    return `${this.zone.zone}. IN DNSKEY ${flags} ${protocol} ${algorithm} ${publicKeyBase64}`;
+  }
+
+  public getDSRecord(): string {
+    const dnskeyRdata = this.generateDNSKEY();
+    const keyTag = this.computeKeyTag(dnskeyRdata);
+    const algorithm = this.getAlgorithmNumber();
+    const digestType = 2; // SHA-256
+    const digest = plugins.crypto
+      .createHash('sha256')
+      .update(dnskeyRdata)
+      .digest('hex')
+      .toUpperCase();
+
+    return `${this.zone.zone}. IN DS ${keyTag} ${algorithm} ${digestType} ${digest}`;
+  }
+
+  public getKeyPair(): DnssecKeyPair {
+    return this.keyPair;
+  }
+
+  public getDsAndKeyPair(): { keyPair: DnssecKeyPair; dsRecord: string; dnskeyRecord: string } {
+    const dsRecord = this.getDSRecord();
+    const dnskeyRecord = this.getDNSKEYRecord();
+    return { keyPair: this.keyPair, dsRecord, dnskeyRecord };
+  }
+}

ts_server/classes.dnsserver.ts

@@ -1,98 +1,338 @@
 import * as plugins from './plugins.js';
+import { DnsSec } from './classes.dnssec.js';
+import * as dnsPacket from 'dns-packet';
 
 interface IDnsServerOptions {
   httpsKey: string;
   httpsCert: string;
   httpsPort: number;
   udpPort: number;
+  dnssecZone: string;
 }
 
-class DnsServer {
+interface DnsAnswer {
+  name: string;
+  type: string;
+  class: string | number;
+  ttl: number;
+  data: any;
+}
+
+interface IDnsHandler {
+  domainPattern: string;
+  recordTypes: string[];
+  handler: (question: dnsPacket.Question) => DnsAnswer | null;
+}
+
+// Define types for DNSSEC records if not provided
+interface DNSKEYData {
+  flags: number;
+  algorithm: number;
+  key: Buffer;
+}
+
+interface RRSIGData {
+  typeCovered: string; // Changed to string to match dns-packet expectations
+  algorithm: number;
+  labels: number;
+  originalTTL: number;
+  expiration: number;
+  inception: number;
+  keyTag: number;
+  signerName: string;
+  signature: Buffer;
+}
+
+export class DnsServer {
   private udpServer: plugins.dgram.Socket;
   private httpsServer: plugins.https.Server;
+  private handlers: IDnsHandler[] = [];
+
+  // DNSSEC related properties
+  private dnsSec: DnsSec;
+  private dnskeyRecord: DNSKEYData;
+  private keyTag: number;
 
   constructor(private options: IDnsServerOptions) {
-    this.udpServer = plugins.dgram.createSocket('udp4');
-    this.setupUdpServer();
+    // Initialize DNSSEC
+    this.dnsSec = new DnsSec({
+      zone: options.dnssecZone,
+      algorithm: 'ECDSA', // You can change this based on your needs
+      keySize: 256,
+      days: 365,
+    });
 
-    this.httpsServer = plugins.https.createServer(
-      {
-        key: plugins.fs.readFileSync(options.httpsKey),
-        cert: plugins.fs.readFileSync(options.httpsCert)
-      },
-      this.handleHttpsRequest.bind(this)
-    );
+    // Generate DNSKEY and DS records
+    const { dsRecord, dnskeyRecord } = this.dnsSec.getDsAndKeyPair();
+
+    // Parse DNSKEY record into dns-packet format
+    this.dnskeyRecord = this.parseDNSKEYRecord(dnskeyRecord);
+    this.keyTag = this.computeKeyTag(this.dnskeyRecord);
   }
 
-  private setupUdpServer(): void {
-    this.udpServer.on('message', (msg, rinfo) => {
-      const request = plugins.dnsPacket.decode(msg);
-      const response = {
-        type: 'response' as const,
-        id: request.id,
-        flags: plugins.dnsPacket.RECURSION_DESIRED | plugins.dnsPacket.RECURSION_AVAILABLE,
-        questions: request.questions,
-        answers: [] as plugins.dnsPacket.Answer[]
-      };
+  public registerHandler(
+    domainPattern: string,
+    recordTypes: string[],
+    handler: (question: dnsPacket.Question) => DnsAnswer | null
+  ): void {
+    this.handlers.push({ domainPattern, recordTypes, handler });
+  }
 
-      const question = request.questions[0];
-      console.log(`UDP query for ${question.name} of type ${question.type}`);
+  private processDnsRequest(request: dnsPacket.Packet): dnsPacket.Packet {
+    const response: dnsPacket.Packet = {
+      type: 'response',
+      id: request.id,
+      flags:
+        dnsPacket.AUTHORITATIVE_ANSWER |
+        dnsPacket.RECURSION_AVAILABLE |
+        (request.flags & dnsPacket.RECURSION_DESIRED ? dnsPacket.RECURSION_DESIRED : 0),
+      questions: request.questions,
+      answers: [],
+      additionals: [],
+    };
 
-      if (question.type === 'A') {
-        response.answers.push({
+    const dnssecRequested = this.isDnssecRequested(request);
+
+    for (const question of request.questions) {
+      console.log(`Query for ${question.name} of type ${question.type}`);
+
+      let answered = false;
+
+      // Handle DNSKEY queries if DNSSEC is requested
+      if (dnssecRequested && question.type === 'DNSKEY' && question.name === this.options.dnssecZone) {
+        const dnskeyAnswer: DnsAnswer = {
           name: question.name,
-          type: 'A',
+          type: 'DNSKEY',
           class: 'IN',
-          ttl: 300,
-          data: '127.0.0.1'
-        });
+          ttl: 3600,
+          data: this.dnskeyRecord,
+        };
+        response.answers.push(dnskeyAnswer as plugins.dnsPacket.Answer);
+
+        // Sign the DNSKEY RRset
+        const rrsig = this.generateRRSIG('DNSKEY', [dnskeyAnswer], question.name);
+        response.answers.push(rrsig as plugins.dnsPacket.Answer);
+
+        answered = true;
+        continue;
       }
 
-      const responseData = plugins.dnsPacket.encode(response);
-      this.udpServer.send(responseData, rinfo.port, rinfo.address);
-    });
+      for (const handlerEntry of this.handlers) {
+        if (
+          plugins.minimatch.minimatch(question.name, handlerEntry.domainPattern) &&
+          handlerEntry.recordTypes.includes(question.type)
+        ) {
+          const answer = handlerEntry.handler(question);
+          if (answer) {
+            // Ensure the answer has ttl and class
+            const dnsAnswer: DnsAnswer = {
+              ...answer,
+              ttl: answer.ttl || 300,
+              class: answer.class || 'IN',
+            };
+            response.answers.push(dnsAnswer as plugins.dnsPacket.Answer);
 
-    this.udpServer.on('error', (err) => {
-      console.error(`UDP Server error:\n${err.stack}`);
-      this.udpServer.close();
-    });
+            if (dnssecRequested) {
+              // Sign the answer RRset
+              const rrsig = this.generateRRSIG(question.type, [dnsAnswer], question.name);
+              response.answers.push(rrsig as plugins.dnsPacket.Answer);
+            }
 
-    this.udpServer.bind(this.options.udpPort, '0.0.0.0', () => {
-      console.log(`UDP DNS server running on port ${this.options.udpPort}`);
-    });
+            answered = true;
+            break;
+          }
+        }
+      }
+
+      if (!answered) {
+        console.log(`No handler found for ${question.name} of type ${question.type}`);
+        response.flags |= dnsPacket.AUTHORITATIVE_ANSWER;
+        const soaAnswer: DnsAnswer = {
+          name: question.name,
+          type: 'SOA',
+          class: 'IN',
+          ttl: 3600,
+          data: {
+            mname: `ns1.${this.options.dnssecZone}`,
+            rname: `hostmaster.${this.options.dnssecZone}`,
+            serial: Math.floor(Date.now() / 1000),
+            refresh: 3600,
+            retry: 600,
+            expire: 604800,
+            minimum: 86400,
+          },
+        };
+        response.answers.push(soaAnswer as plugins.dnsPacket.Answer);
+      }
+    }
+
+    return response;
+  }
+
+  private isDnssecRequested(request: dnsPacket.Packet): boolean {
+    if (!request.additionals) return false;
+    for (const additional of request.additionals) {
+      if (additional.type === 'OPT' && typeof additional.flags === 'number') {
+        // The DO bit is the 15th bit (0x8000)
+        if (additional.flags & 0x8000) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+
+  private generateRRSIG(
+    type: string,
+    rrset: DnsAnswer[],
+    name: string
+  ): DnsAnswer {
+    // Prepare RRSIG data
+    const algorithm = this.dnsSec.getAlgorithmNumber();
+    const keyTag = this.keyTag;
+    const signerName = this.options.dnssecZone.endsWith('.') ? this.options.dnssecZone : `${this.options.dnssecZone}.`;
+    const inception = Math.floor(Date.now() / 1000) - 3600; // 1 hour ago
+    const expiration = inception + 86400; // Valid for 1 day
+    const ttl = rrset[0].ttl || 300;
+
+    // Serialize the RRset in canonical form
+    const rrsetBuffer = this.serializeRRset(rrset);
+
+    // Sign the RRset
+    const signature = this.dnsSec.signData(rrsetBuffer);
+
+    // Construct the RRSIG record
+    const rrsig: DnsAnswer = {
+      name,
+      type: 'RRSIG',
+      class: 'IN',
+      ttl,
+      data: {
+        typeCovered: type, // Changed to type string
+        algorithm,
+        labels: name.split('.').length - 1,
+        originalTTL: ttl,
+        expiration,
+        inception,
+        keyTag,
+        signerName,
+        signature: signature,
+      },
+    };
+
+    return rrsig;
+  }
+
+  private serializeRRset(rrset: DnsAnswer[]): Buffer {
+    // Implement canonical DNS RRset serialization as per RFC 4034 Section 6
+    const buffers: Buffer[] = [];
+    for (const rr of rrset) {
+      if (rr.type === 'OPT') {
+        continue; // Skip OPT records
+      }
+
+      const name = rr.name.endsWith('.') ? rr.name : rr.name + '.';
+      const nameBuffer = this.nameToBuffer(name.toLowerCase());
+
+      const typeValue = this.qtypeToNumber(rr.type);
+      const typeBuffer = Buffer.alloc(2);
+      typeBuffer.writeUInt16BE(typeValue, 0);
+
+      const classValue = this.classToNumber(rr.class);
+      const classBuffer = Buffer.alloc(2);
+      classBuffer.writeUInt16BE(classValue, 0);
+
+      const ttlValue = rr.ttl || 300;
+      const ttlBuffer = Buffer.alloc(4);
+      ttlBuffer.writeUInt32BE(ttlValue, 0);
+
+      // Serialize the data based on the record type
+      const dataBuffer = this.serializeRData(rr.type, rr.data);
+
+      const rdLengthBuffer = Buffer.alloc(2);
+      rdLengthBuffer.writeUInt16BE(dataBuffer.length, 0);
+
+      buffers.push(Buffer.concat([nameBuffer, typeBuffer, classBuffer, ttlBuffer, rdLengthBuffer, dataBuffer]));
+    }
+    return Buffer.concat(buffers);
+  }
+
+  private serializeRData(type: string, data: any): Buffer {
+    // Implement serialization for each record type you support
+    switch (type) {
+      case 'A':
+        return Buffer.from(data.split('.').map((octet: string) => parseInt(octet, 10)));
+      case 'AAAA':
+        // Handle IPv6 addresses
+        return Buffer.from(data.split(':').flatMap((segment: string) => {
+          const num = parseInt(segment, 16);
+          return [num >> 8, num & 0xff];
+        }));
+      case 'DNSKEY':
+        const dnskeyData: DNSKEYData = data;
+        return Buffer.concat([
+          Buffer.from([dnskeyData.flags >> 8, dnskeyData.flags & 0xff]),
+          Buffer.from([3]), // Protocol field, always 3
+          Buffer.from([dnskeyData.algorithm]),
+          dnskeyData.key,
+        ]);
+      case 'SOA':
+        // Implement SOA record serialization if needed
+        // For now, return an empty buffer or handle as needed
+        return Buffer.alloc(0);
+      // Add cases for other record types as needed
+      default:
+        throw new Error(`Serialization for record type ${type} is not implemented.`);
+    }
+  }
+
+  private parseDNSKEYRecord(dnskeyRecord: string): DNSKEYData {
+    // Parse the DNSKEY record string into dns-packet format
+    const parts = dnskeyRecord.trim().split(/\s+/);
+    const flags = parseInt(parts[3], 10);
+    const algorithm = parseInt(parts[5], 10);
+    const publicKeyBase64 = parts.slice(6).join('');
+    const key = Buffer.from(publicKeyBase64, 'base64');
+
+    return {
+      flags,
+      algorithm,
+      key,
+    };
+  }
+
+  private computeKeyTag(dnskeyRecord: DNSKEYData): number {
+    // Compute key tag as per RFC 4034 Appendix B
+    const flags = dnskeyRecord.flags;
+    const algorithm = dnskeyRecord.algorithm;
+    const key = dnskeyRecord.key;
+
+    const dnskeyRdata = Buffer.concat([
+      Buffer.from([flags >> 8, flags & 0xff]),
+      Buffer.from([3]), // Protocol field, always 3
+      Buffer.from([algorithm]),
+      key,
+    ]);
+
+    let acc = 0;
+    for (let i = 0; i < dnskeyRdata.length; i++) {
+      acc += (i & 1) ? dnskeyRdata[i] : dnskeyRdata[i] << 8;
+    }
+    acc += (acc >> 16) & 0xffff;
+    return acc & 0xffff;
   }
 
   private handleHttpsRequest(req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse): void {
     if (req.method === 'POST' && req.url === '/dns-query') {
       let body: Buffer[] = [];
 
-      req.on('data', chunk => {
+      req.on('data', (chunk) => {
         body.push(chunk);
       }).on('end', () => {
         const msg = Buffer.concat(body);
-        const request = plugins.dnsPacket.decode(msg);
-        const response = {
-          type: 'response' as const,
-          id: request.id,
-          flags: plugins.dnsPacket.RECURSION_DESIRED | plugins.dnsPacket.RECURSION_AVAILABLE,
-          questions: request.questions,
-          answers: [] as plugins.dnsPacket.Answer[]
-        };
-
-        const question = request.questions[0];
-        console.log(`DoH query for ${question.name} of type ${question.type}`);
-
-        if (question.type === 'A') {
-          response.answers.push({
-            name: question.name,
-            type: 'A',
-            class: 'IN',
-            ttl: 300,
-            data: '127.0.0.1'
-          });
-        }
-
-        const responseData = plugins.dnsPacket.encode(response);
+        const request = dnsPacket.decode(msg);
+        const response = this.processDnsRequest(request);
+        const responseData = dnsPacket.encode(response);
         res.writeHead(200, { 'Content-Type': 'application/dns-message' });
         res.end(responseData);
       });
@@ -102,19 +342,110 @@ class DnsServer {
     }
   }
 
-  public start(): void {
-    this.httpsServer.listen(this.options.httpsPort, () => {
-      console.log(`DoH server running on port ${this.options.httpsPort}`);
+  public async start(): Promise<void> {
+    this.httpsServer = plugins.https.createServer(
+      {
+        key: this.options.httpsKey,
+        cert: this.options.httpsCert,
+      },
+      this.handleHttpsRequest.bind(this)
+    );
+
+    this.udpServer = plugins.dgram.createSocket('udp4');
+    this.udpServer.on('message', (msg, rinfo) => {
+      const request = dnsPacket.decode(msg);
+      const response = this.processDnsRequest(request);
+      const responseData = dnsPacket.encode(response);
+      this.udpServer.send(responseData, rinfo.port, rinfo.address);
     });
+
+    this.udpServer.on('error', (err) => {
+      console.error(`UDP Server error:\n${err.stack}`);
+      this.udpServer.close();
+    });
+
+    const udpListeningDeferred = plugins.smartpromise.defer<void>();
+    const httpsListeningDeferred = plugins.smartpromise.defer<void>();
+
+    try {
+      this.udpServer.bind(this.options.udpPort, '0.0.0.0', () => {
+        console.log(`UDP DNS server running on port ${this.options.udpPort}`);
+        udpListeningDeferred.resolve();
+      });
+
+      this.httpsServer.listen(this.options.httpsPort, () => {
+        console.log(`HTTPS DNS server running on port ${this.options.httpsPort}`);
+        httpsListeningDeferred.resolve();
+      });
+    } catch (err) {
+      console.error('Error starting DNS server:', err);
+      process.exit(1);
+    }
+    await Promise.all([udpListeningDeferred.promise, httpsListeningDeferred.promise]);
   }
 
-  public stop(): void {
+  public async stop(): Promise<void> {
+    const doneUdp = plugins.smartpromise.defer<void>();
+    const doneHttps = plugins.smartpromise.defer<void>();
     this.udpServer.close(() => {
       console.log('UDP DNS server stopped');
+      this.udpServer.unref();
+      this.udpServer = null;
+      doneUdp.resolve();
     });
 
     this.httpsServer.close(() => {
       console.log('HTTPS DNS server stopped');
+      this.httpsServer.unref();
+      this.httpsServer = null;
+      doneHttps.resolve();
     });
+
+    await Promise.all([doneUdp.promise, doneHttps.promise]);
   }
-}
+
+  // Helper methods
+
+  private qtypeToNumber(type: string): number {
+    const QTYPE_NUMBERS: { [key: string]: number } = {
+      'A': 1,
+      'NS': 2,
+      'CNAME': 5,
+      'SOA': 6,
+      'PTR': 12,
+      'MX': 15,
+      'TXT': 16,
+      'AAAA': 28,
+      'SRV': 33,
+      'DNSKEY': 48,
+      'RRSIG': 46,
+      // Add more as needed
+    };
+    return QTYPE_NUMBERS[type.toUpperCase()] || 0;
+  }
+
+  private classToNumber(cls: string | number): number {
+    const CLASS_NUMBERS: { [key: string]: number } = {
+      'IN': 1,
+      'CH': 3,
+      'HS': 4,
+      // Add more as needed
+    };
+    if (typeof cls === 'number') {
+      return cls;
+    }
+    return CLASS_NUMBERS[cls.toUpperCase()] || 1;
+  }
+
+  private nameToBuffer(name: string): Buffer {
+    const labels = name.split('.');
+    const buffers = labels.map(label => {
+      const len = Buffer.byteLength(label, 'utf8');
+      const buf = Buffer.alloc(1 + len);
+      buf.writeUInt8(len, 0);
+      buf.write(label, 1);
+      return buf;
+    });
+    return Buffer.concat([...buffers, Buffer.from([0])]); // Add root label
+  }
+}

ts_server/index.ts

@@ -0,0 +1 @@
+export * from './classes.dnsserver.js';

ts_server/plugins.ts

@@ -1,17 +1,32 @@
+// node native
+import crypto from 'crypto';
 import fs from 'fs';
 import http from 'http';
 import https from 'https';
 import dgram from 'dgram';
 
 export {
+  crypto,
   fs,
   http,
   https,
   dgram,
 }
 
-import * as dnsPacket from 'dns-packet';
+// @push.rocks scope
+import * as smartpromise from '@push.rocks/smartpromise';
 
 export {
-  dnsPacket
+  smartpromise,
+}
+
+// third party
+import elliptic from 'elliptic';
+import * as dnsPacket from 'dns-packet';
+import * as minimatch from 'minimatch';
+
+export {
+  dnsPacket,
+  elliptic,
+  minimatch,
 }