Philipp Kunz
b87cbbee5c
- Fix DNSSEC to properly sign entire RRsets together instead of individual records - Implement proper SOA record serialization according to RFC 1035 - Add primaryNameserver option to IDnsServerOptions for customizable SOA mname field - Add comprehensive tests for DNSSEC RRset signing and SOA record handling - Update documentation with v7.4.3 improvements Co-Authored-By: User <user@example.com>
123 lines
3.2 KiB
TypeScript
123 lines
3.2 KiB
TypeScript
import * as smartdns from '../ts_server/index.js';
|
|
|
|
// Example: Using custom primary nameserver
|
|
async function exampleCustomNameserver() {
|
|
const dnsServer = new smartdns.DnsServer({
|
|
httpsKey: 'your-https-key',
|
|
httpsCert: 'your-https-cert',
|
|
httpsPort: 8443,
|
|
udpPort: 8053,
|
|
dnssecZone: 'example.com',
|
|
// Custom primary nameserver for SOA records
|
|
primaryNameserver: 'ns-primary.example.com',
|
|
});
|
|
|
|
// Register some handlers
|
|
dnsServer.registerHandler('example.com', ['NS'], (question) => {
|
|
return {
|
|
name: question.name,
|
|
type: 'NS',
|
|
class: 'IN',
|
|
ttl: 3600,
|
|
data: 'ns-primary.example.com',
|
|
};
|
|
});
|
|
|
|
dnsServer.registerHandler('example.com', ['NS'], (question) => {
|
|
return {
|
|
name: question.name,
|
|
type: 'NS',
|
|
class: 'IN',
|
|
ttl: 3600,
|
|
data: 'ns-secondary.example.com',
|
|
};
|
|
});
|
|
|
|
await dnsServer.start();
|
|
console.log('DNS server started with custom primary nameserver');
|
|
|
|
// SOA records will now use 'ns-primary.example.com' instead of 'ns1.example.com'
|
|
}
|
|
|
|
// Example: DNSSEC with multiple records (proper RRset signing)
|
|
async function exampleDnssecMultipleRecords() {
|
|
const dnsServer = new smartdns.DnsServer({
|
|
httpsKey: 'your-https-key',
|
|
httpsCert: 'your-https-cert',
|
|
httpsPort: 8443,
|
|
udpPort: 8053,
|
|
dnssecZone: 'secure.example.com',
|
|
});
|
|
|
|
// Register multiple A records for round-robin
|
|
const ips = ['192.168.1.10', '192.168.1.11', '192.168.1.12'];
|
|
for (const ip of ips) {
|
|
dnsServer.registerHandler('www.secure.example.com', ['A'], (question) => {
|
|
return {
|
|
name: question.name,
|
|
type: 'A',
|
|
class: 'IN',
|
|
ttl: 300,
|
|
data: ip,
|
|
};
|
|
});
|
|
}
|
|
|
|
await dnsServer.start();
|
|
console.log('DNS server started with DNSSEC and multiple A records');
|
|
|
|
// When queried with DNSSEC enabled, all 3 A records will be signed together
|
|
// as a single RRset with one RRSIG record (not 3 separate RRSIGs)
|
|
}
|
|
|
|
// Example: Multiple TXT records for various purposes
|
|
async function exampleMultipleTxtRecords() {
|
|
const dnsServer = new smartdns.DnsServer({
|
|
httpsKey: 'your-https-key',
|
|
httpsCert: 'your-https-cert',
|
|
httpsPort: 8443,
|
|
udpPort: 8053,
|
|
dnssecZone: 'example.com',
|
|
});
|
|
|
|
// SPF record
|
|
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
|
|
return {
|
|
name: question.name,
|
|
type: 'TXT',
|
|
class: 'IN',
|
|
ttl: 3600,
|
|
data: ['v=spf1 include:_spf.google.com ~all'],
|
|
};
|
|
});
|
|
|
|
// DKIM record
|
|
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
|
|
return {
|
|
name: question.name,
|
|
type: 'TXT',
|
|
class: 'IN',
|
|
ttl: 3600,
|
|
data: ['v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4...'],
|
|
};
|
|
});
|
|
|
|
// Domain verification
|
|
dnsServer.registerHandler('example.com', ['TXT'], (question) => {
|
|
return {
|
|
name: question.name,
|
|
type: 'TXT',
|
|
class: 'IN',
|
|
ttl: 3600,
|
|
data: ['google-site-verification=1234567890abcdef'],
|
|
};
|
|
});
|
|
|
|
await dnsServer.start();
|
|
console.log('DNS server started with multiple TXT records');
|
|
|
|
// All TXT records will be returned when queried
|
|
}
|
|
|
|
// Export examples for reference
|
|
export { exampleCustomNameserver, exampleDnssecMultipleRecords, exampleMultipleTxtRecords }; |