first commit

Author: bortzmeyer

LICENSE

@@ -0,0 +1,29 @@
+[Executive summary: "BSD-3clause" license. Free software. See 
+<http://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses>]
+
+--------------------------------------------------------------------
+Copyright (c) 2009 Stéphane Bortzmeyer <[email protected]>
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. The name of the author may not be used to endorse or promote products
+   derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Makefile

@@ -0,0 +1,25 @@
+include $(GOROOT)/src/Make.$(GOARCH)
+
+TARBALL=/tmp/grong.tar.gz
+
+all: server
+
+test: server
+	./server -debug=4
+
+server.$O: responder.$O types.$O
+
+responder.$O: types.$O
+
+%.$O: %.go 
+	${GC} $<
+	gopack grc types.a types.8 # Workaround a bug in the linker
+
+server: server.$O
+	${LD} -o $@ server.$O
+
+dist: clean
+	(cd ..; tar czvf ${TARBALL} grong/*)
+
+clean:
+	rm -f server *~ *.$O *.a

README

@@ -0,0 +1,130 @@
+GRONG (Gross and ROugh Nameserver written in Go) is a DNS (Domain Name
+System) authoritative name server. It is intended as a research
+project and is *not* suitable for use on the wild Internet (for
+instance, it has little protection against rogue packets). 
+
+DO NOT USE ON A PRODUCTION SITE
+YOU HAVE BEEN WARNED!!!
+
+Disclaimer: I've never been to this city
+<http://en.wikipedia.org/wiki/Grong>
+
+GRONG can only be used as an authoritative name server (like, for
+instance, nsd), not as a recursive one.
+
+GRONG provides a general DNS engine, the front-end, which receives
+packets, parses them and sends a proper response, and several possible
+back-ends (named "responders") which generates a response, given the
+query. Some are provided with GRONG and you are welcome to write
+others.
+
+Usage
+*****
+
+./dnsserver [-address="[ADDRESS]:PORT"] [-debug=N]
+
+Run with -h to see the defaults.
+
+The -address option takes either a port (in the syntax ":NNN"), in
+that case GRONG listens on all IP addresses, or one address (in the
+syntax "x.y.z.T:NNN" for IPv4 and "[xxxx:yyyy::zzzz]:NNN" for
+IPv6). There is currently no way to listen on some (but not all) of the IP
+addresses.
+
+The back-end is choosen at compile-time only (I have no idea about the
+support for dynamic linking in Go)
+
+Among the provided responders:
+* rude-responder: responds REFUSED to every query
+* reflector-responder: for TXT requests, responds with the IP address of the client
+* as112: an AS 112 name server (see http://www.as112.net/)
+
+For the person who compiles
+**************************
+
+You need a working Go <http://golang.org> environment. Today, only the
+gc compiler is supported.
+
+To choose a responder (here, foobar-responder):
+
+make clean
+ln -sf foobar-responder.go responder.go
+make
+mv ./server /where/you/want/grong-foobar
+
+
+For the person who writes a responder
+************************************
+
+The interface of the responder is:
+
+It must be in package "responder" and imports package "types". Read
+"types.go" first, it contains useful constants (named from the RFC
+1035).
+
+The front-end checks that the request is a query and, if so, calls the
+responder. The prototype is:
+
+func Respond(query types.DNSquery) types.DNSresponse 
+
+In the DNSresponse, RRs (Resource Records) have to be in the wire
+format (the front-end does not know the format of the RR, to keep it
+generic). For instance, data in TXT RR has to be {length,
+value}. There are some utilities functions in types to help you to do
+so.
+
+Implementation notes
+********************
+
+One goroutine is run for every DNS request. Makes the code much
+simpler and easier to read but may explain the fact that performance
+are behind BIND.
+
+TODO
+****
+
+Put on github
+
+Debugging of Go runtime issues, queryperf loses too many packets
+
+Requests A and AAAA for the reflecting responder
+
+EDNS, specially for NSID (RFC 5001)
+
+Give the responder some global info such as the debug level and some
+per-query info such as the buffer size (512 by default)
+
+Pass unknown command-line options to the responder
+
+Hardening against rogue packets
+
+Use the log package
+
+Better handling of errors, an invalid packet should not stop the name
+server. Test with typing junk in telnet. Or learn Scapy, which seems
+more interesting. See for instance the example in
+<http://www.secdev.org/projects/scapy/demo.html>
+
+Finish the AS112 responder
+
+The abiity to listen to more than one address (but not all). Can I
+give several -address option to the flag module? If so, it probably
+just means firing several udpListeners and several tcpListeners
+
+Test with gccgo
+
+DNSSEC (no, I'm joking)
+
+
+Author
+******
+
+Stéphane Bortzmeyer <[email protected]>
+
+
+License
+*******
+
+This is free software. Free as in free speech, not as in free beer.
+
+See the actual license in LICENSE

as112.go

@@ -0,0 +1,140 @@
+/* A name server for the AS112 sink system. See http://www.as112.net/
+
+Stephane Bortzmeyer <[email protected]>
+
+*/
+
+package responder
+
+import (
+	"regexp"
+	"strings"
+	"os"
+	"fmt"
+	"./types"
+)
+
+var (
+	as112Domain, as112SubDomain *regexp.Regexp
+)
+
+const as112Regexp = "(168\\.192\\.in-addr\\.arpa|154\\.169\\.in-addr\\.arpa|16\\.172\\.in-addr\\.arpa|17\\.172\\.in-addr\\.arpa|18\\.172\\.in-addr\\.arpa|19\\.172\\.in-addr\\.arpa|20\\.172\\.in-addr\\.arpa|21\\.172\\.in-addr\\.arpa|22\\.172\\.in-addr\\.arpa|23\\.172\\.in-addr\\.arpa|24\\.172\\.in-addr\\.arpa|25\\.172\\.in-addr\\.arpa|26\\.172\\.in-addr\\.arpa|27\\.172\\.in-addr\\.arpa|28\\.172\\.in-addr\\.arpa|29\\.172\\.in-addr\\.arpa|30\\.172\\.in-addr\\.arpa|31\\.172\\.in-addr\\.arpa|10\\.in-addr\\.arpa)$"
+
+const defaultTtl = 3600
+
+// Answers to "TXT hostname.as112.net"
+var hostnameAnswers []string // Should be "const" but Go does not have const arrays :-(
+// So, see the body of init() for the values
+
+// Name servers of AS112, currently two (see init())
+var as112nameServers [2]string
+
+var hostnamesoa, as112soa types.SOArecord // See init() for the value
+
+func nsRecords(domain string) (result []types.RR) {
+	result = make([]types.RR, len(as112nameServers))
+	for i, text := range as112nameServers {
+		result[i].Name = domain
+		result[i].Ttl = defaultTtl
+		result[i].Tipe = types.NS
+		result[i].Class = types.IN
+		result[i].Data = types.Encode(text)
+	}
+	return
+}
+
+func soaRecord(domain string, soa types.SOArecord) (result types.RR) {
+	result.Name = domain
+	result.Ttl = defaultTtl
+	result.Tipe = types.SOA
+	result.Class = types.IN
+	result.Data = types.EncodeSOA(soa)
+	return
+}
+
+func Respond(query types.DNSquery) (result types.DNSresponse) {
+	result.Asection = nil
+	qname := strings.ToLower(query.Qname)
+	if query.Qclass == types.IN {
+		switch {
+		case as112Domain.Match(strings.Bytes(qname)):
+			result.Responsecode = types.NOERROR
+			switch {
+			case query.Qtype == types.NS:
+				result.Asection = nsRecords(qname)
+			case query.Qtype == types.SOA:
+				result.Asection = make([]types.RR, 1)
+				result.Asection[0] = soaRecord(qname, as112soa)
+			case true:
+				// Do nothing
+			}
+		case as112SubDomain.Match(strings.Bytes(qname)):
+			result.Responsecode = types.NXDOMAIN
+			// TODO: send the proper SOA in the authority section (so we
+			// must find which domain matched)
+		case qname == "hostname.as112.net":
+			result.Responsecode = types.NOERROR
+			switch { // TODO: handle ANY qtypes
+			case query.Qtype == types.TXT:
+				result.Asection = make([]types.RR, len(hostnameAnswers))
+				for i, text := range hostnameAnswers {
+					result.Asection[i].Name = "hostname.as112.net"
+					result.Asection[i].Ttl = defaultTtl
+					result.Asection[i].Tipe = types.TXT
+					result.Asection[i].Class = types.IN
+					result.Asection[i].Data = types.ToTXT(text)
+				}
+			case query.Qtype == types.NS:
+				result.Asection = nsRecords("hostname.as112.net")
+			case query.Qtype == types.SOA:
+				result.Asection = make([]types.RR, 1)
+				result.Asection[0] = soaRecord("hostname.as112.net", hostnamesoa)
+			case true:
+				// Do nothing
+			}
+		case true:
+			result.Responsecode = types.SERVFAIL
+		}
+	} else {
+		result.Responsecode = types.SERVFAIL
+	}
+	return result
+}
+
+func init() {
+	var (
+		error os.Error
+	)
+	// Do not forget to change the size in the call to make() if you add a
+	// string (yes, Go is painful in that respect)
+	hostnameAnswers = make([]string, 3)
+	hostnameAnswers[0] = "Unknown location on Earth."
+	hostnameAnswers[1] = "GRONG, name server written in Go."
+	hostnameAnswers[2] = "See http://as112.net/ for more information."
+	as112nameServers[0] = "blackhole-1.iana.org"
+	as112nameServers[1] = "blackhole-2.iana.org"
+	as112SubDomain, error = regexp.Compile(as112Regexp)
+	hostnamesoa.Mname = "NOT-CONFIGURED.as112.example.net" // Put the real host name
+	hostnamesoa.Rname = "UNKNOWN.as112.example.net"        // Put your email address (with @ replaced by .)
+	hostnamesoa.Serial = 2003030100
+	hostnamesoa.Refresh = 3600
+	hostnamesoa.Retry = 600
+	hostnamesoa.Expire = 2592000
+	hostnamesoa.Minimum = 15
+	as112soa.Mname = "prisoner.iana.org"
+	as112soa.Rname = "hostmaster.root-servers.org"
+	as112soa.Serial = 2002040800
+	as112soa.Refresh = 1800
+	as112soa.Retry = 900
+	as112soa.Expire = 604800
+	as112soa.Minimum = 604800
+	if error != nil {
+		fmt.Printf("Internal error: wrong regular expression: %s", error)
+		os.Exit(1)
+	}
+	as112Domain, error = regexp.Compile("^" + as112Regexp)
+	if error != nil {
+		fmt.Printf("Internal error: wrong regular expression: %s\n", error)
+		os.Exit(1)
+	}
+}

reflector-responder.go

@@ -0,0 +1,48 @@
+package responder
+
+import (
+	"net"
+	"./types"
+)
+
+func txtRecord(client net.Addr) []byte {
+	sclient := client.String()
+	return types.ToTXT(sclient)
+}
+
+func Respond(query types.DNSquery) types.DNSresponse {
+	var (
+		result types.DNSresponse
+	)
+	result.Asection = nil
+	switch {
+	case query.Qclass != types.IN:
+		result.Responsecode = types.SERVFAIL
+	case query.Qtype == types.TXT:
+		result.Responsecode = types.NOERROR
+		ancount := 1
+		result.Asection = make([]types.RR, ancount)
+		result.Asection[0].Name = query.Qname
+		result.Asection[0].Tipe = types.TXT
+		result.Asection[0].Class = types.IN
+		result.Asection[0].Ttl = 0
+		// TODO: better formatting, for instance allowing to have only the IP address
+		result.Asection[0].Data = txtRecord(query.Client)
+	case query.Qtype == types.ALL:
+		result.Responsecode = types.NOERROR
+		ancount := 1 // TODO: add an A or a AAAA
+		// TODO: reuse the code for the case of QTYPE=TXT
+		result.Asection = make([]types.RR, ancount)
+		result.Asection[0].Name = query.Qname
+		result.Asection[0].Tipe = types.TXT
+		result.Asection[0].Class = types.IN
+		result.Asection[0].Ttl = 0
+		result.Asection[0].Data = txtRecord(query.Client)
+		// TODO: handle A and AAAA QTYPEs
+	case true:
+		result.Responsecode = types.NOERROR
+	}
+	return result
+}
+
+func init() {}

responder.go

@@ -0,0 +1 @@
+reflector-responder.go

rude-responder.go

@@ -0,0 +1,15 @@
+package responder
+
+import (
+	"./types"
+)
+
+func Respond(query types.DNSquery) types.DNSresponse {
+	var (
+		result types.DNSresponse
+	)
+	result.Responsecode = types.REFUSED
+	return result
+}
+
+func init() {}