6.2.1

changelog.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## 2024-09-21 - 6.2.1 - fix(core)
+Fixing issues with keywords and readme formatting.
+
+- Synchronized keywords field between npmextra.json and package.json.
+- Updated readme.md to fix formatting issues and added new sections.
+
+## 2024-09-19 - 6.2.0 - feat(dnssec)
+Introduced DNSSEC support with ECDSA algorithm
+
+- Added `DnsSec` class for handling DNSSEC operations.
+- Updated `DnsServer` to support DNSSEC with ECDSA.
+- Shifted DNS-related helper functions to `DnsServer` class.
+- Integrated parsing and handling of DNSKEY and RRSIG records in `DnsServer`.
+
+## 2024-09-19 - 6.1.1 - fix(ts_server)
+Update DnsSec class to fully implement key generation and DNSKEY record creation.
+
+- Added complete support for ECDSA and ED25519 algorithms in the DnsSec class.
+- Implemented DNSKEY generation and KeyTag computation methods.
+- Improved error handling and initialized the appropriate cryptographic instances based on the algorithm.
+
 ## 2024-09-18 - 6.1.0 - feat(smartdns)
 Add DNS Server and DNSSEC tools with comprehensive unit tests
 

npmextra.json

@@ -9,14 +9,17 @@
       "npmPackagename": "@push.rocks/smartdns",
       "license": "MIT",
       "keywords": [
-        "DNS",
         "TypeScript",
+        "DNS",
+        "DNS records",
+        "DNS resolution",
+        "DNS management",
+        "DNSSEC",
         "Node.js",
         "Google DNS",
         "Cloudflare",
-        "DNS records",
-        "DNS resolution",
-        "DNSSEC"
+        "UDP DNS",
+        "HTTPS DNS"
       ]
     }
   },

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@push.rocks/smartdns",
-  "version": "6.1.0",
+  "version": "6.2.1",
   "private": false,
   "description": "A TypeScript library for smart DNS methods, supporting various DNS records and providers.",
   "exports": {
@@ -18,14 +18,17 @@
     "url": "https://code.foss.global/push.rocks/smartdns.git"
   },
   "keywords": [
-    "DNS",
     "TypeScript",
+    "DNS",
+    "DNS records",
+    "DNS resolution",
+    "DNS management",
+    "DNSSEC",
     "Node.js",
     "Google DNS",
     "Cloudflare",
-    "DNS records",
-    "DNS resolution",
-    "DNSSEC"
+    "UDP DNS",
+    "HTTPS DNS"
   ],
   "author": "Lossless GmbH",
   "license": "MIT",

readme.md

@@ -1,6 +1,5 @@
 # @push.rocks/smartdns
-
-smart dns methods written in TypeScript
+A TypeScript library for smart DNS methods, supporting various DNS records and providers.
 
 ## Install
 
@@ -39,6 +38,8 @@ Often, the need arises to fetch various DNS records for a domain. `@push.rocks/s
 To fetch an "A" record for a domain:
 
 ```typescript
+import { Smartdns } from '@push.rocks/smartdns';
+
 const dnsManager = new Smartdns({});
 const aRecords = await dnsManager.getRecordsA('example.com');
 console.log(aRecords);
@@ -53,6 +54,15 @@ const aaaaRecords = await dnsManager.getRecordsAAAA('example.com');
 console.log(aaaaRecords);
 ```
 
+#### Fetching TXT Records
+
+For "TXT" records:
+
+```typescript
+const txtRecords = await dnsManager.getRecordsTxt('example.com');
+console.log(txtRecords);
+```
+
 ### Advanced DNS Management
 
 Beyond simple queries, `@push.rocks/smartdns` offers functionalities suitable for more complex DNS management scenarios.
@@ -94,6 +104,258 @@ if (featureFlags['NewFeature']) {
 }
 ```
 
+### DNS Server Implementation
+
+To implement a DNS server, `@push.rocks/smartdns` includes classes and methods to set up a UDP and HTTPS DNS server supporting DNSSEC.
+
+#### Basic DNS Server Example
+
+Here's a basic example of a UDP/HTTPS DNS server:
+
+```typescript
+import { DnsServer } from '@push.rocks/smartdns';
+
+const dnsServer = new DnsServer({
+  httpsKey: 'path/to/key.pem',
+  httpsCert: 'path/to/cert.pem',
+  httpsPort: 443,
+  udpPort: 53,
+  dnssecZone: 'example.com',
+});
+
+dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+  name: question.name,
+  type: 'A',
+  class: 'IN',
+  ttl: 300,
+  data: '127.0.0.1',
+}));
+
+dnsServer.start().then(() => console.log('DNS Server started'));
+```
+
+### DNSSEC Support
+
+`@push.rocks/smartdns` provides support for DNSSEC, including the generation, signing, and validation of DNS records.
+
+#### DNSSEC Configuration
+
+To configure DNSSEC for your DNS server:
+
+```typescript
+import { DnsServer } from '@push.rocks/smartdns';
+
+const dnsServer = new DnsServer({
+  httpsKey: 'path/to/key.pem',
+  httpsCert: 'path/to/cert.pem',
+  httpsPort: 443,
+  udpPort: 53,
+  dnssecZone: 'example.com',
+});
+
+dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+  name: question.name,
+  type: 'A',
+  class: 'IN',
+  ttl: 300,
+  data: '127.0.0.1',
+}));
+
+dnsServer.start().then(() => console.log('DNS Server with DNSSEC started'));
+```
+
+This setup ensures that DNS records are signed and can be verified for authenticity.
+
+### Handling DNS Queries Over Different Protocols
+
+The library supports handling DNS queries over UDP and HTTPS.
+
+#### Handling UDP Queries
+
+UDP is the traditional means of DNS query transport. 
+
+```typescript
+import { DnsServer } from '@push.rocks/smartdns';
+import dgram from 'dgram';
+
+dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+  name: question.name,
+  type: 'A',
+  class: 'IN',
+  ttl: 300,
+  data: '127.0.0.1',
+}));
+
+dnsServer.start().then(() => {
+  console.log('UDP DNS Server started on port', dnsServer.getOptions().udpPort);
+});
+
+const client = dgram.createSocket('udp4');
+
+client.on('message', (msg, rinfo) => {
+  console.log(`Received ${msg} from ${rinfo.address}:${rinfo.port}`);
+});
+
+client.send(Buffer.from('example DNS query'), dnsServer.getOptions().udpPort, 'localhost');
+```
+
+#### Handling HTTPS Queries
+
+DNS over HTTPS (DoH) is increasingly adopted for privacy and security.
+
+```typescript
+import { DnsServer } from '@push.rocks/smartdns';
+import https from 'https';
+import fs from 'fs';
+
+const dnsServer = new DnsServer({
+  httpsKey: fs.readFileSync('path/to/key.pem'),
+  httpsCert: fs.readFileSync('path/to/cert.pem'),
+  httpsPort: 443,
+  udpPort: 53,
+  dnssecZone: 'example.com',
+});
+
+dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+  name: question.name,
+  type: 'A',
+  class: 'IN',
+  ttl: 300,
+  data: '127.0.0.1',
+}));
+
+dnsServer.start().then(() => console.log('HTTPS DNS Server started'));
+
+const client = https.request({
+  hostname: 'localhost',
+  port: 443,
+  path: '/dns-query',
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/dns-message'
+  }
+}, (res) => {
+  res.on('data', (d) => {
+    process.stdout.write(d);
+  });
+});
+
+client.on('error', (e) => {
+  console.error(e);
+});
+
+client.write(Buffer.from('example DNS query'));
+client.end();
+```
+
+### Testing
+
+To ensure that the DNS server behaves as expected, it is important to write tests for various scenarios.
+
+#### DNS Server Tests
+
+Here is an example of how to test the DNS server with TAP:
+
+```typescript
+import { expect, tap } from '@push.rocks/tapbundle';
+
+import { DnsServer } from '@push.rocks/smartdns';
+
+let dnsServer: DnsServer;
+
+tap.test('should create an instance of DnsServer', async () => {
+  dnsServer = new DnsServer({
+    httpsKey: 'path/to/key.pem',
+    httpsCert: 'path/to/cert.pem',
+    httpsPort: 443,
+    udpPort: 53,
+    dnssecZone: 'example.com',
+  });
+  expect(dnsServer).toBeInstanceOf(DnsServer);
+});
+
+tap.test('should start the server', async () => {
+  await dnsServer.start();
+  expect(dnsServer.isRunning()).toBeTrue();
+});
+
+tap.test('should add a DNS handler', async () => {
+  dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
+    name: question.name,
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    data: '127.0.0.1',
+  }));
+
+  const response = dnsServer.processDnsRequest({
+    type: 'query',
+    id: 1,
+    flags: 0,
+    questions: [
+      {
+        name: 'test.example.com',
+        type: 'A',
+        class: 'IN',
+      },
+    ],
+    answers: [],
+  });
+
+  expect(response.answers[0]).toEqual({
+    name: 'test.example.com',
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    data: '127.0.0.1',
+  });
+});
+
+tap.test('should query the server over HTTP', async () => {
+  // Assuming fetch or any HTTP client is available
+  const query = dnsPacket.encode({
+    type: 'query',
+    id: 2,
+    flags: dnsPacket.RECURSION_DESIRED,
+    questions: [
+      {
+        name: 'test.example.com',
+        type: 'A',
+        class: 'IN',
+      },
+    ],
+  });
+
+  const response = await fetch('https://localhost:443/dns-query', {
+    method: 'POST',
+    body: query,
+    headers: {
+      'Content-Type': 'application/dns-message',
+    }
+  });
+
+  expect(response.status).toEqual(200);
+
+  const responseData = await response.arrayBuffer();
+  const dnsResponse = dnsPacket.decode(Buffer.from(responseData));
+
+  expect(dnsResponse.answers[0]).toEqual({
+    name: 'test.example.com',
+    type: 'A',
+    class: 'IN',
+    ttl: 300,
+    data: '127.0.0.1',
+  });
+});
+
+tap.test('should stop the server', async () => {
+  await dnsServer.stop();
+  expect(dnsServer.isRunning()).toBeFalse();
+});
+
+await tap.start();
+```
+
 ### Conclusion
 
 `@push.rocks/smartdns` offers a versatile set of tools for DNS querying and management, tailored for applications at any scale. The examples provided illustrate the library's potential use cases, highlighting its applicability in various scenarios from basic lookups to facilitating complex application features through DNS.
@@ -102,8 +364,6 @@ For the full spectrum of functionalities, including detailed method documentatio
 
 Remember, DNS changes might take time to propagate worldwide, and the utility methods provided by `@push.rocks/smartdns` for checking record availability will be invaluable in managing these changes seamlessly.
 
-
-
 ## License and Legal Information
 
 This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. 

ts_server/classes.dnssec.ts

@@ -0,0 +1,172 @@
+// Import necessary plugins from plugins.ts
+import * as plugins from './plugins.js';
+
+interface DnssecZone {
+  zone: string;
+  algorithm: 'ECDSA' | 'ED25519' | 'RSA';
+  keySize: number;
+  days: number;
+}
+
+interface DnssecKeyPair {
+  privateKey: string;
+  publicKey: string;
+}
+
+export class DnsSec {
+  private zone: DnssecZone;
+  private keyPair: DnssecKeyPair;
+  private ec?: plugins.elliptic.ec; // For ECDSA algorithms
+  private eddsa?: plugins.elliptic.eddsa; // For EdDSA algorithms
+
+  constructor(zone: DnssecZone) {
+    this.zone = zone;
+
+    // Initialize the appropriate cryptographic instance based on the algorithm
+    switch (this.zone.algorithm) {
+      case 'ECDSA':
+        this.ec = new plugins.elliptic.ec('p256'); // Use P-256 curve for ECDSA
+        break;
+      case 'ED25519':
+        this.eddsa = new plugins.elliptic.eddsa('ed25519');
+        break;
+      case 'RSA':
+        // RSA implementation would go here
+        throw new Error('RSA algorithm is not yet implemented.');
+      default:
+        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
+    }
+
+    // Generate the key pair
+    this.keyPair = this.generateKeyPair();
+  }
+
+  private generateKeyPair(): DnssecKeyPair {
+    let privateKey: string;
+    let publicKey: string;
+
+    switch (this.zone.algorithm) {
+      case 'ECDSA':
+        if (!this.ec) throw new Error('EC instance is not initialized.');
+        const ecKeyPair = this.ec.genKeyPair();
+        privateKey = ecKeyPair.getPrivate('hex');
+        publicKey = ecKeyPair.getPublic(false, 'hex'); // Uncompressed format
+        break;
+      case 'ED25519':
+        if (!this.eddsa) throw new Error('EdDSA instance is not initialized.');
+        const secret = plugins.crypto.randomBytes(32);
+        const edKeyPair = this.eddsa.keyFromSecret(secret);
+        privateKey = edKeyPair.getSecret('hex');
+        publicKey = edKeyPair.getPublic('hex');
+        break;
+      case 'RSA':
+        // RSA key generation would be implemented here
+        throw new Error('RSA key generation is not yet implemented.');
+      default:
+        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
+    }
+
+    return { privateKey, publicKey };
+  }
+
+  public getAlgorithmNumber(): number {
+    switch (this.zone.algorithm) {
+      case 'ECDSA':
+        return 13; // ECDSAP256SHA256
+      case 'ED25519':
+        return 15;
+      case 'RSA':
+        return 8; // RSASHA256
+      default:
+        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
+    }
+  }
+
+  public signData(data: Buffer): Buffer {
+    // Sign the data using the private key
+    const keyPair = this.ec!.keyFromPrivate(this.keyPair.privateKey, 'hex');
+    const signature = keyPair.sign(plugins.crypto.createHash('sha256').update(data).digest());
+    return Buffer.from(signature.toDER());
+  }
+
+  private generateDNSKEY(): Buffer {
+    const flags = 256; // 256 indicates a Zone Signing Key (ZSK)
+    const protocol = 3; // Must be 3 according to RFC
+    const algorithm = this.getAlgorithmNumber();
+
+    let publicKeyData: Buffer;
+
+    switch (this.zone.algorithm) {
+      case 'ECDSA':
+        if (!this.ec) throw new Error('EC instance is not initialized.');
+        const ecPublicKey = this.ec.keyFromPublic(this.keyPair.publicKey, 'hex').getPublic();
+        const x = ecPublicKey.getX().toArrayLike(Buffer, 'be', 32);
+        const y = ecPublicKey.getY().toArrayLike(Buffer, 'be', 32);
+        publicKeyData = Buffer.concat([x, y]);
+        break;
+      case 'ED25519':
+        publicKeyData = Buffer.from(this.keyPair.publicKey, 'hex');
+        break;
+      case 'RSA':
+        // RSA public key extraction would go here
+        throw new Error('RSA public key extraction is not yet implemented.');
+      default:
+        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
+    }
+
+    // Construct the DNSKEY RDATA
+    const dnskeyRdata = Buffer.concat([
+      Buffer.from([flags >> 8, flags & 0xff]), // Flags (2 bytes)
+      Buffer.from([protocol]), // Protocol (1 byte)
+      Buffer.from([algorithm]), // Algorithm (1 byte)
+      publicKeyData, // Public Key
+    ]);
+
+    return dnskeyRdata;
+  }
+
+  private computeKeyTag(dnskeyRdata: Buffer): number {
+    // Key Tag calculation as per RFC 4034, Appendix B
+    let acc = 0;
+    for (let i = 0; i < dnskeyRdata.length; i++) {
+      acc += i & 1 ? dnskeyRdata[i] : dnskeyRdata[i] << 8;
+    }
+    acc += (acc >> 16) & 0xffff;
+    return acc & 0xffff;
+  }
+
+  private getDNSKEYRecord(): string {
+    const dnskeyRdata = this.generateDNSKEY();
+    const flags = 256;
+    const protocol = 3;
+    const algorithm = this.getAlgorithmNumber();
+    const publicKeyData = dnskeyRdata.slice(4); // Skip flags, protocol, algorithm bytes
+    const publicKeyBase64 = publicKeyData.toString('base64');
+
+    return `${this.zone.zone}. IN DNSKEY ${flags} ${protocol} ${algorithm} ${publicKeyBase64}`;
+  }
+
+  public getDSRecord(): string {
+    const dnskeyRdata = this.generateDNSKEY();
+    const keyTag = this.computeKeyTag(dnskeyRdata);
+    const algorithm = this.getAlgorithmNumber();
+    const digestType = 2; // SHA-256
+    const digest = plugins.crypto
+      .createHash('sha256')
+      .update(dnskeyRdata)
+      .digest('hex')
+      .toUpperCase();
+
+    return `${this.zone.zone}. IN DS ${keyTag} ${algorithm} ${digestType} ${digest}`;
+  }
+
+  public getKeyPair(): DnssecKeyPair {
+    return this.keyPair;
+  }
+
+  public getDsAndKeyPair(): { keyPair: DnssecKeyPair; dsRecord: string; dnskeyRecord: string } {
+    const dsRecord = this.getDSRecord();
+    const dnskeyRecord = this.getDNSKEYRecord();
+    return { keyPair: this.keyPair, dsRecord, dnskeyRecord };
+  }
+}

ts_server/classes.dnsserver.ts

@@ -1,16 +1,46 @@
 import * as plugins from './plugins.js';
+import { DnsSec } from './classes.dnssec.js';
+import * as dnsPacket from 'dns-packet';
 
 interface IDnsServerOptions {
   httpsKey: string;
   httpsCert: string;
   httpsPort: number;
   udpPort: number;
+  dnssecZone: string;
+}
+
+interface DnsAnswer {
+  name: string;
+  type: string;
+  class: string | number;
+  ttl: number;
+  data: any;
 }
 
 interface IDnsHandler {
   domainPattern: string;
   recordTypes: string[];
-  handler: (question: plugins.dnsPacket.Question) => plugins.dnsPacket.Answer | null;
+  handler: (question: dnsPacket.Question) => DnsAnswer | null;
+}
+
+// Define types for DNSSEC records if not provided
+interface DNSKEYData {
+  flags: number;
+  algorithm: number;
+  key: Buffer;
+}
+
+interface RRSIGData {
+  typeCovered: string; // Changed to string to match dns-packet expectations
+  algorithm: number;
+  labels: number;
+  originalTTL: number;
+  expiration: number;
+  inception: number;
+  keyTag: number;
+  signerName: string;
+  signature: Buffer;
 }
 
 export class DnsServer {
@@ -18,30 +48,75 @@ export class DnsServer {
   private httpsServer: plugins.https.Server;
   private handlers: IDnsHandler[] = [];
 
-  constructor(private options: IDnsServerOptions) {}
+  // DNSSEC related properties
+  private dnsSec: DnsSec;
+  private dnskeyRecord: DNSKEYData;
+  private keyTag: number;
+
+  constructor(private options: IDnsServerOptions) {
+    // Initialize DNSSEC
+    this.dnsSec = new DnsSec({
+      zone: options.dnssecZone,
+      algorithm: 'ECDSA', // You can change this based on your needs
+      keySize: 256,
+      days: 365,
+    });
+
+    // Generate DNSKEY and DS records
+    const { dsRecord, dnskeyRecord } = this.dnsSec.getDsAndKeyPair();
+
+    // Parse DNSKEY record into dns-packet format
+    this.dnskeyRecord = this.parseDNSKEYRecord(dnskeyRecord);
+    this.keyTag = this.computeKeyTag(this.dnskeyRecord);
+  }
 
   public registerHandler(
     domainPattern: string,
     recordTypes: string[],
-    handler: (question: plugins.dnsPacket.Question) => plugins.dnsPacket.Answer | null
+    handler: (question: dnsPacket.Question) => DnsAnswer | null
   ): void {
     this.handlers.push({ domainPattern, recordTypes, handler });
   }
 
-  private processDnsRequest(request: plugins.dnsPacket.Packet): plugins.dnsPacket.Packet {
-    const response: plugins.dnsPacket.Packet = {
+  private processDnsRequest(request: dnsPacket.Packet): dnsPacket.Packet {
+    const response: dnsPacket.Packet = {
       type: 'response',
       id: request.id,
-      flags: plugins.dnsPacket.RECURSION_DESIRED | plugins.dnsPacket.RECURSION_AVAILABLE,
+      flags:
+        dnsPacket.AUTHORITATIVE_ANSWER |
+        dnsPacket.RECURSION_AVAILABLE |
+        (request.flags & dnsPacket.RECURSION_DESIRED ? dnsPacket.RECURSION_DESIRED : 0),
       questions: request.questions,
       answers: [],
+      additionals: [],
     };
 
+    const dnssecRequested = this.isDnssecRequested(request);
+
     for (const question of request.questions) {
       console.log(`Query for ${question.name} of type ${question.type}`);
 
       let answered = false;
 
+      // Handle DNSKEY queries if DNSSEC is requested
+      if (dnssecRequested && question.type === 'DNSKEY' && question.name === this.options.dnssecZone) {
+        const dnskeyAnswer: DnsAnswer = {
+          name: question.name,
+          type: 'DNSKEY',
+          class: 'IN',
+          ttl: 3600,
+          data: this.dnskeyRecord,
+        };
+        response.answers.push(dnskeyAnswer as plugins.dnsPacket.Answer);
+
+        // Sign the DNSKEY RRset
+        const rrsig = this.generateRRSIG('DNSKEY', [dnskeyAnswer], question.name);
+        response.answers.push(rrsig as plugins.dnsPacket.Answer);
+
+        answered = true;
+        continue;
+      }
+
       for (const handlerEntry of this.handlers) {
         if (
           plugins.minimatch.minimatch(question.name, handlerEntry.domainPattern) &&
@@ -49,7 +124,20 @@ export class DnsServer {
         ) {
           const answer = handlerEntry.handler(question);
           if (answer) {
-            response.answers.push(answer);
+            // Ensure the answer has ttl and class
+            const dnsAnswer: DnsAnswer = {
+              ...answer,
+              ttl: answer.ttl || 300,
+              class: answer.class || 'IN',
+            };
+            response.answers.push(dnsAnswer as plugins.dnsPacket.Answer);
+
+            if (dnssecRequested) {
+              // Sign the answer RRset
+              const rrsig = this.generateRRSIG(question.type, [dnsAnswer], question.name);
+              response.answers.push(rrsig as plugins.dnsPacket.Answer);
+            }
+
             answered = true;
             break;
           }
@@ -58,23 +146,193 @@ export class DnsServer {
 
       if (!answered) {
         console.log(`No handler found for ${question.name} of type ${question.type}`);
+        response.flags |= dnsPacket.AUTHORITATIVE_ANSWER;
+        const soaAnswer: DnsAnswer = {
+          name: question.name,
+          type: 'SOA',
+          class: 'IN',
+          ttl: 3600,
+          data: {
+            mname: `ns1.${this.options.dnssecZone}`,
+            rname: `hostmaster.${this.options.dnssecZone}`,
+            serial: Math.floor(Date.now() / 1000),
+            refresh: 3600,
+            retry: 600,
+            expire: 604800,
+            minimum: 86400,
+          },
+        };
+        response.answers.push(soaAnswer as plugins.dnsPacket.Answer);
       }
     }
 
     return response;
   }
 
+  private isDnssecRequested(request: dnsPacket.Packet): boolean {
+    if (!request.additionals) return false;
+    for (const additional of request.additionals) {
+      if (additional.type === 'OPT' && typeof additional.flags === 'number') {
+        // The DO bit is the 15th bit (0x8000)
+        if (additional.flags & 0x8000) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+
+  private generateRRSIG(
+    type: string,
+    rrset: DnsAnswer[],
+    name: string
+  ): DnsAnswer {
+    // Prepare RRSIG data
+    const algorithm = this.dnsSec.getAlgorithmNumber();
+    const keyTag = this.keyTag;
+    const signerName = this.options.dnssecZone.endsWith('.') ? this.options.dnssecZone : `${this.options.dnssecZone}.`;
+    const inception = Math.floor(Date.now() / 1000) - 3600; // 1 hour ago
+    const expiration = inception + 86400; // Valid for 1 day
+    const ttl = rrset[0].ttl || 300;
+
+    // Serialize the RRset in canonical form
+    const rrsetBuffer = this.serializeRRset(rrset);
+
+    // Sign the RRset
+    const signature = this.dnsSec.signData(rrsetBuffer);
+
+    // Construct the RRSIG record
+    const rrsig: DnsAnswer = {
+      name,
+      type: 'RRSIG',
+      class: 'IN',
+      ttl,
+      data: {
+        typeCovered: type, // Changed to type string
+        algorithm,
+        labels: name.split('.').length - 1,
+        originalTTL: ttl,
+        expiration,
+        inception,
+        keyTag,
+        signerName,
+        signature: signature,
+      },
+    };
+
+    return rrsig;
+  }
+
+  private serializeRRset(rrset: DnsAnswer[]): Buffer {
+    // Implement canonical DNS RRset serialization as per RFC 4034 Section 6
+    const buffers: Buffer[] = [];
+    for (const rr of rrset) {
+      if (rr.type === 'OPT') {
+        continue; // Skip OPT records
+      }
+
+      const name = rr.name.endsWith('.') ? rr.name : rr.name + '.';
+      const nameBuffer = this.nameToBuffer(name.toLowerCase());
+
+      const typeValue = this.qtypeToNumber(rr.type);
+      const typeBuffer = Buffer.alloc(2);
+      typeBuffer.writeUInt16BE(typeValue, 0);
+
+      const classValue = this.classToNumber(rr.class);
+      const classBuffer = Buffer.alloc(2);
+      classBuffer.writeUInt16BE(classValue, 0);
+
+      const ttlValue = rr.ttl || 300;
+      const ttlBuffer = Buffer.alloc(4);
+      ttlBuffer.writeUInt32BE(ttlValue, 0);
+
+      // Serialize the data based on the record type
+      const dataBuffer = this.serializeRData(rr.type, rr.data);
+
+      const rdLengthBuffer = Buffer.alloc(2);
+      rdLengthBuffer.writeUInt16BE(dataBuffer.length, 0);
+
+      buffers.push(Buffer.concat([nameBuffer, typeBuffer, classBuffer, ttlBuffer, rdLengthBuffer, dataBuffer]));
+    }
+    return Buffer.concat(buffers);
+  }
+
+  private serializeRData(type: string, data: any): Buffer {
+    // Implement serialization for each record type you support
+    switch (type) {
+      case 'A':
+        return Buffer.from(data.split('.').map((octet: string) => parseInt(octet, 10)));
+      case 'AAAA':
+        // Handle IPv6 addresses
+        return Buffer.from(data.split(':').flatMap((segment: string) => {
+          const num = parseInt(segment, 16);
+          return [num >> 8, num & 0xff];
+        }));
+      case 'DNSKEY':
+        const dnskeyData: DNSKEYData = data;
+        return Buffer.concat([
+          Buffer.from([dnskeyData.flags >> 8, dnskeyData.flags & 0xff]),
+          Buffer.from([3]), // Protocol field, always 3
+          Buffer.from([dnskeyData.algorithm]),
+          dnskeyData.key,
+        ]);
+      case 'SOA':
+        // Implement SOA record serialization if needed
+        // For now, return an empty buffer or handle as needed
+        return Buffer.alloc(0);
+      // Add cases for other record types as needed
+      default:
+        throw new Error(`Serialization for record type ${type} is not implemented.`);
+    }
+  }
+
+  private parseDNSKEYRecord(dnskeyRecord: string): DNSKEYData {
+    // Parse the DNSKEY record string into dns-packet format
+    const parts = dnskeyRecord.trim().split(/\s+/);
+    const flags = parseInt(parts[3], 10);
+    const algorithm = parseInt(parts[5], 10);
+    const publicKeyBase64 = parts.slice(6).join('');
+    const key = Buffer.from(publicKeyBase64, 'base64');
+
+    return {
+      flags,
+      algorithm,
+      key,
+    };
+  }
+
+  private computeKeyTag(dnskeyRecord: DNSKEYData): number {
+    // Compute key tag as per RFC 4034 Appendix B
+    const flags = dnskeyRecord.flags;
+    const algorithm = dnskeyRecord.algorithm;
+    const key = dnskeyRecord.key;
+
+    const dnskeyRdata = Buffer.concat([
+      Buffer.from([flags >> 8, flags & 0xff]),
+      Buffer.from([3]), // Protocol field, always 3
+      Buffer.from([algorithm]),
+      key,
+    ]);
+
+    let acc = 0;
+    for (let i = 0; i < dnskeyRdata.length; i++) {
+      acc += (i & 1) ? dnskeyRdata[i] : dnskeyRdata[i] << 8;
+    }
+    acc += (acc >> 16) & 0xffff;
+    return acc & 0xffff;
+  }
+
   private handleHttpsRequest(req: plugins.http.IncomingMessage, res: plugins.http.ServerResponse): void {
     if (req.method === 'POST' && req.url === '/dns-query') {
       let body: Buffer[] = [];
 
-      req.on('data', chunk => {
+      req.on('data', (chunk) => {
         body.push(chunk);
       }).on('end', () => {
         const msg = Buffer.concat(body);
-        const request = plugins.dnsPacket.decode(msg);
+        const request = dnsPacket.decode(msg);
         const response = this.processDnsRequest(request);
-        const responseData = plugins.dnsPacket.encode(response);
+        const responseData = dnsPacket.encode(response);
         res.writeHead(200, { 'Content-Type': 'application/dns-message' });
         res.end(responseData);
       });
@@ -95,9 +353,9 @@ export class DnsServer {
 
     this.udpServer = plugins.dgram.createSocket('udp4');
     this.udpServer.on('message', (msg, rinfo) => {
-      const request = plugins.dnsPacket.decode(msg);
+      const request = dnsPacket.decode(msg);
       const response = this.processDnsRequest(request);
-      const responseData = plugins.dnsPacket.encode(response);
+      const responseData = dnsPacket.encode(response);
       this.udpServer.send(responseData, rinfo.port, rinfo.address);
     });
 
@@ -108,6 +366,7 @@ export class DnsServer {
 
     const udpListeningDeferred = plugins.smartpromise.defer<void>();
     const httpsListeningDeferred = plugins.smartpromise.defer<void>();
+
     try {
       this.udpServer.bind(this.options.udpPort, '0.0.0.0', () => {
         console.log(`UDP DNS server running on port ${this.options.udpPort}`);
@@ -144,4 +403,49 @@ export class DnsServer {
 
     await Promise.all([doneUdp.promise, doneHttps.promise]);
   }
+
+  // Helper methods
+
+  private qtypeToNumber(type: string): number {
+    const QTYPE_NUMBERS: { [key: string]: number } = {
+      'A': 1,
+      'NS': 2,
+      'CNAME': 5,
+      'SOA': 6,
+      'PTR': 12,
+      'MX': 15,
+      'TXT': 16,
+      'AAAA': 28,
+      'SRV': 33,
+      'DNSKEY': 48,
+      'RRSIG': 46,
+      // Add more as needed
+    };
+    return QTYPE_NUMBERS[type.toUpperCase()] || 0;
+  }
+
+  private classToNumber(cls: string | number): number {
+    const CLASS_NUMBERS: { [key: string]: number } = {
+      'IN': 1,
+      'CH': 3,
+      'HS': 4,
+      // Add more as needed
+    };
+    if (typeof cls === 'number') {
+      return cls;
+    }
+    return CLASS_NUMBERS[cls.toUpperCase()] || 1;
+  }
+
+  private nameToBuffer(name: string): Buffer {
+    const labels = name.split('.');
+    const buffers = labels.map(label => {
+      const len = Buffer.byteLength(label, 'utf8');
+      const buf = Buffer.alloc(1 + len);
+      buf.writeUInt8(len, 0);
+      buf.write(label, 1);
+      return buf;
+    });
+    return Buffer.concat([...buffers, Buffer.from([0])]); // Add root label
+  }
 }

ts_server/classes.dnstools.ts

@@ -1,83 +0,0 @@
-import * as plugins from './plugins.js';
-
-interface DnssecZone {
-  zone: string;
-  algorithm: string;
-  keySize: number;
-  days: number;
-}
-
-interface DnssecKeyPair {
-  private: string;
-  public: string;
-}
-
-class DnsSec {
-  private zone: DnssecZone;
-  private keyPair: DnssecKeyPair;
-  private ec: any; // declare the ec instance
-
-  constructor(zone: DnssecZone) {
-    this.zone = zone;
-    this.ec = new plugins.elliptic.ec('secp256k1'); // Create an instance of the secp256k1 curve
-    this.keyPair = this.generateKeyPair();
-  }
-
-  private generateKeyPair(): DnssecKeyPair {
-    const key = this.ec.genKeyPair();
-    const privatePem = key.getPrivate().toString('hex'); // get private key in hex format
-    // @ts-ignore
-    const publicPem = key.getPublic().toString('hex'); // get public key in hex format
-
-    return {
-      private: privatePem,
-      public: publicPem
-    };
-  }
-
-  private formatPEM(pem: string, type: string): string {
-    const start = `-----BEGIN ${type}-----`;
-    const end = `-----END ${type}-----`;
-
-    const formatted = [start];
-    for (let i = 0; i < pem.length; i += 64) {
-      formatted.push(pem.slice(i, i + 64));
-    }
-    formatted.push(end);
-    return formatted.join('\n');
-  }
-
-  public getDSRecord(): string {
-    const publicPem = this.keyPair.public;
-    const publicKey = this.ec.keyFromPublic(publicPem); // Create a public key from the publicPEM
-
-    const digest = publicKey.getPublic(); // get public point
-    return `DS {id} 8 {algorithm} {digest} {hash-algorithm}\n`
-      .replace('{id}', '256') // zone hash
-      .replace('{algorithm}', this.getAlgorithm())
-      .replace('{digest}', `0x${digest.getX()}${digest.getY()}`)
-      .replace('{hash-algorithm}', '2');
-  }
-
-  private getAlgorithm(): string {
-    switch (this.zone.algorithm) {
-      case 'ECDSA':
-        return '8';
-      case 'ED25519':
-        return '15';
-      case 'RSA':
-        return '1';
-      default:
-        throw new Error(`Unsupported algorithm: ${this.zone.algorithm}`);
-    }
-  }
-
-  public getKeyPair(): DnssecKeyPair {
-    return this.keyPair;
-  }
-
-  public getDsAndKeyPair(): [DnssecKeyPair, string] {
-    const dsRecord = this.getDSRecord();
-    return [this.keyPair, dsRecord];
-  }
-}

ts_server/plugins.ts

@@ -1,10 +1,12 @@
 // node native
+import crypto from 'crypto';
 import fs from 'fs';
 import http from 'http';
 import https from 'https';
 import dgram from 'dgram';
 
 export {
+  crypto,
   fs,
   http,
   https,
@@ -19,7 +21,7 @@ export {
 }
 
 // third party
-import * as elliptic from 'elliptic';
+import elliptic from 'elliptic';
 import * as dnsPacket from 'dns-packet';
 import * as minimatch from 'minimatch';