mirror of
https://github.com/miekg/dns.git
synced 2025-08-10 03:26:57 +02:00
DNS library in Go
50fbccd204
* Allow use of fs.FS for $INCLUDE and wrap errors This adds ZoneParser.SetIncludeAllowedFS, to specify an fs.FS when enabling support for $INCLUDE, for reading included files from somewhere other than the local filesystem. I've also modified ParseError to support wrapping another error, such as errors encountered while opening the $INCLUDE target. This allows for much more robust handling, using errors.Is() instead of testing for particular strings (which may not be identical between fs.FS implementations). ParseError was being constructed in a lot of places using positional instead of named members. Updating ParseError initialization after the new member field was added makes this change seem a lot larger than it actually is. The changes here should be completely backwards compatible. The ParseError change should be invisible to anyone not trying to unwrap it, and ZoneParser will continue to use os.Open if the existing SetIncludeAllowed method is called instead of the new SetIncludeAllowedFS method. * Don't duplicate SetIncludeAllowed; clarify edge cases Rather than duplicate functionality between SetIncludeAllowed and SetIncludeAllowedFS, have a method SetIncludeFS, which only sets the fs.FS. I've improved the documentation to point out some considerations for users hoping to use fs.FS as a security boundary. Per the fs.ValidPath documentation, fs.FS implementations must use path (not filepath) semantics, with slash as a separator (even on Windows). Some, like os.DirFS, also require all paths to be relative. I've clarified this in the documentation, made the includePath manipulation more robust to edge cases, and added some additional tests for relative and absolute paths. |
||
|---|---|---|
| .github | ||
| dnsutil | ||
| .codecov.yml | ||
| .gitignore | ||
| acceptfunc_test.go | ||
| acceptfunc.go | ||
| AUTHORS | ||
| client_test.go | ||
| client.go | ||
| clientconfig_test.go | ||
| clientconfig.go | ||
| CODEOWNERS | ||
| CONTRIBUTORS | ||
| COPYRIGHT | ||
| dane.go | ||
| defaults.go | ||
| dns_bench_test.go | ||
| dns_test.go | ||
| dns.go | ||
| dnssec_keygen.go | ||
| dnssec_keyscan.go | ||
| dnssec_privkey.go | ||
| dnssec_test.go | ||
| dnssec.go | ||
| doc.go | ||
| duplicate_generate.go | ||
| duplicate_test.go | ||
| duplicate.go | ||
| dyn_test.go | ||
| edns_test.go | ||
| edns.go | ||
| example_test.go | ||
| format_test.go | ||
| format.go | ||
| fuzz_test.go | ||
| fuzz.go | ||
| generate_test.go | ||
| generate.go | ||
| go.mod | ||
| go.sum | ||
| hash.go | ||
| issue_test.go | ||
| labels_test.go | ||
| labels.go | ||
| leak_test.go | ||
| length_test.go | ||
| LICENSE | ||
| listen_no_reuseport.go | ||
| listen_reuseport.go | ||
| Makefile.fuzz | ||
| Makefile.release | ||
| msg_generate.go | ||
| msg_helpers_test.go | ||
| msg_helpers.go | ||
| msg_test.go | ||
| msg_truncate_test.go | ||
| msg_truncate.go | ||
| msg.go | ||
| nsecx_test.go | ||
| nsecx.go | ||
| parse_test.go | ||
| privaterr_test.go | ||
| privaterr.go | ||
| README.md | ||
| reverse.go | ||
| rr_test.go | ||
| sanitize_test.go | ||
| sanitize.go | ||
| scan_rr.go | ||
| scan_test.go | ||
| scan.go | ||
| serve_mux_test.go | ||
| serve_mux.go | ||
| server_test.go | ||
| server.go | ||
| sig0_test.go | ||
| sig0.go | ||
| smimea.go | ||
| svcb_test.go | ||
| svcb.go | ||
| tlsa.go | ||
| tmpdir_darwin_test.go | ||
| tmpdir_test.go | ||
| tools.go | ||
| tsig_test.go | ||
| tsig.go | ||
| types_generate.go | ||
| types_test.go | ||
| types.go | ||
| udp_test.go | ||
| udp_windows.go | ||
| udp.go | ||
| update_test.go | ||
| update.go | ||
| version_test.go | ||
| version.go | ||
| xfr_test.go | ||
| xfr.go | ||
| zduplicate.go | ||
| zmsg.go | ||
| ztypes.go | ||
Alternative (more granular) approach to a DNS library
Less is more.
Complete and usable DNS library. All Resource Records are supported, including the DNSSEC types. It follows a lean and mean philosophy. If there is stuff you should know as a DNS programmer there isn't a convenience function for it. Server side and client side programming is supported, i.e. you can build servers and resolvers with it.
We try to keep the "master" branch as sane as possible and at the bleeding edge of standards, avoiding breaking changes wherever reasonable. We support the last two versions of Go.
Goals
- KISS;
- Fast;
- Small API. If it's easy to code in Go, don't make a function for it.
Users
A not-so-up-to-date-list-that-may-be-actually-current:
- https://github.com/coredns/coredns
- https://github.com/abh/geodns
- https://github.com/baidu/bfe
- http://www.statdns.com/
- http://www.dnsinspect.com/
- https://github.com/chuangbo/jianbing-dictionary-dns
- http://www.dns-lg.com/
- https://github.com/fcambus/rrda
- https://github.com/kenshinx/godns
- https://github.com/skynetservices/skydns
- https://github.com/hashicorp/consul
- https://github.com/DevelopersPL/godnsagent
- https://github.com/duedil-ltd/discodns
- https://github.com/StalkR/dns-reverse-proxy
- https://github.com/tianon/rawdns
- https://mesosphere.github.io/mesos-dns/
- https://github.com/fcambus/statzone
- https://github.com/benschw/dns-clb-go
- https://github.com/corny/dnscheck for http://public-dns.info/
- https://github.com/miekg/unbound
- https://github.com/miekg/exdns
- https://dnslookup.org
- https://github.com/looterz/grimd
- https://github.com/phamhongviet/serf-dns
- https://github.com/mehrdadrad/mylg
- https://github.com/bamarni/dockness
- https://github.com/fffaraz/microdns
- https://github.com/ipdcode/hades https://jd.com
- https://github.com/StackExchange/dnscontrol/
- https://www.dnsperf.com/
- https://dnssectest.net/
- https://github.com/oif/apex
- https://github.com/jedisct1/dnscrypt-proxy
- https://github.com/jedisct1/rpdns
- https://github.com/xor-gate/sshfp
- https://github.com/rs/dnstrace
- https://blitiri.com.ar/p/dnss (github mirror)
- https://render.com
- https://github.com/peterzen/goresolver
- https://github.com/folbricht/routedns
- https://domainr.com/
- https://zonedb.org/
- https://router7.org/
- https://github.com/fortio/dnsping
- https://github.com/Luzilla/dnsbl_exporter
- https://github.com/bodgit/tsig
- https://github.com/v2fly/v2ray-core (test only)
- https://kuma.io/
- https://www.misaka.io/services/dns
- https://ping.sx/dig
- https://fleetdeck.io/
- https://github.com/markdingo/autoreverse
- https://github.com/slackhq/nebula
- https://addr.tools/
- https://dnscheck.tools/
- https://github.com/egbakou/domainverifier
- https://github.com/semihalev/sdns
- https://github.com/wintbiit/NineDNS
Send pull request if you want to be listed here.
Features
- UDP/TCP queries, IPv4 and IPv6
- RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported
- Fast
- Server side programming (mimicking the net/http package)
- Client side programming
- DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519
- EDNS0, NSID, Cookies
- AXFR/IXFR
- TSIG, SIG(0)
- DNS over TLS (DoT): encrypted connection between client and server over TCP
- DNS name compression
Have fun!
Miek Gieben - 2010-2012 - miek@miek.nl DNS Authors 2012-
Building
This library uses Go modules and uses semantic versioning. Building is done with the go tool, so
the following should work:
go get github.com/miekg/dns
go build github.com/miekg/dns
Examples
A short "how to use the API" is at the beginning of doc.go (this also will show when you call godoc github.com/miekg/dns).
Example programs can be found in the github.com/miekg/exdns repository.
Supported RFCs
all of them
- 103{4,5} - DNS standard
- 1348 - NSAP record (removed the record)
- 1982 - Serial Arithmetic
- 1876 - LOC record
- 1995 - IXFR
- 1996 - DNS notify
- 2136 - DNS Update (dynamic updates)
- 2181 - RRset definition - there is no RRset type though, just []RR
- 2537 - RSAMD5 DNS keys
- 2065 - DNSSEC (updated in later RFCs)
- 2671 - EDNS record
- 2782 - SRV record
- 2845 - TSIG record
- 2915 - NAPTR record
- 2929 - DNS IANA Considerations
- 3110 - RSASHA1 DNS keys
- 3123 - APL record
- 3225 - DO bit (DNSSEC OK)
- 340{1,2,3} - NAPTR record
- 3445 - Limiting the scope of (DNS)KEY
- 3597 - Unknown RRs
- 4025 - A Method for Storing IPsec Keying Material in DNS
- 403{3,4,5} - DNSSEC + validation functions
- 4255 - SSHFP record
- 4343 - Case insensitivity
- 4408 - SPF record
- 4509 - SHA256 Hash in DS
- 4592 - Wildcards in the DNS
- 4635 - HMAC SHA TSIG
- 4701 - DHCID
- 4892 - id.server
- 5001 - NSID
- 5155 - NSEC3 record
- 5205 - HIP record
- 5702 - SHA2 in the DNS
- 5936 - AXFR
- 5966 - TCP implementation recommendations
- 6605 - ECDSA
- 6725 - IANA Registry Update
- 6742 - ILNP DNS
- 6840 - Clarifications and Implementation Notes for DNS Security
- 6844 - CAA record
- 6891 - EDNS0 update
- 6895 - DNS IANA considerations
- 6944 - DNSSEC DNSKEY Algorithm Status
- 6975 - Algorithm Understanding in DNSSEC
- 7043 - EUI48/EUI64 records
- 7314 - DNS (EDNS) EXPIRE Option
- 7477 - CSYNC RR
- 7828 - edns-tcp-keepalive EDNS0 Option
- 7553 - URI record
- 7858 - DNS over TLS: Initiation and Performance Considerations
- 7871 - EDNS0 Client Subnet
- 7873 - Domain Name System (DNS) Cookies
- 8080 - EdDSA for DNSSEC
- 8499 - DNS Terminology
- 8659 - DNS Certification Authority Authorization (CAA) Resource Record
- 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery
- 8914 - Extended DNS Errors
- 8976 - Message Digest for DNS Zones (ZONEMD RR)
Loosely Based Upon
- ldns - https://nlnetlabs.nl/projects/ldns/about/
- NSD - https://nlnetlabs.nl/projects/nsd/about/
- Net::DNS - http://www.net-dns.org/
- GRONG - https://github.com/bortzmeyer/grong