A DNS filesystem

December 4, 2010

dns

This is the second time I’m writing this, but now its much better then the previous attempt.

The idea is as follows, using Fuse and Perl this is an actual filesystem which maps the DNS to files and directories.

You can now mount the world! :-)

The following holds true for this filesystem:

  • Uppercase named directories are zone-cuts, or;
  • Uppercase named directories are labels;
  • Lowercase named files are rrtypes (like txt, soa, etc.);
  • The content of the files is the RRset for the name (current directory) and the type (the current filename). So /NL/MIEK/soa is the soa record of miek.nl;
  • TTL is encoded the {m,a}times (current time + TTL of the record).
  • For each directory the fs ask for ns a aaaa txt soa dnskey rrsig and ds to see if they exist.

So /NL/MIEK/A is the name a.miek.nl and /NL/MIEK/A/a is the A record for a.miek.nl. /NL/MIEK/soa is the SOA record for miek.nl (as said above).

Download this code, and use it as follows:

$ mkdir theworld
$ ./dns.pl theworld
# enter the brave new world
$ cd theworld

And then use it:

$ ls
dnskey  ns  rrsig  soa
# Lets look at the SOA record for the . zone
$ cat soa
.   84494   IN  SOA a.root-servers.net. nstld.verisign-grs.com. (
                2010120400  ; Serial
                1800    ; Refresh
                900 ; Retry
                604800  ; Expire
                86400 ) ; Minimum TTL

dig a a.miek.nl becomes:

$ cat NL/MIEK/A/a
A.MIEK.NL.  86400   IN  A   192.168.1.2
# Or only the interesting info:
$ cat NL/MIEK/A/a | awk  '{print $5}'
192.168.1.2
# or
$ cd NL/MIEK/A
$ ls
a
# only an `A` record
$ cat a
A.MIEK.NL.  86400   IN  A   192.168.1.2

Or some stuff in .nl:

$ cd NL
$ ls
dnskey  ds  ns  rrsig  soa  txt
# whoohoo, DNSSEC (the ds record should not be displayed)
# But lets look at the TXT record that is here
$ cat txt
NL. 1399    IN  TXT "NL zone update: 2010-12-04 16:00:01 +0100 (EPOCH 1291474801)"

NXDOMAIN becomes:

$ ls -l NL/ZZZZZZZZZZ
ls: cannot access NL/ZZZZZZZZZZ: No such file or directory

In short: dig can be implemented with awk, sh and cat.

If you are finished playing you can unmount the filesystem:

fusermount -u theworld

The following still needs to be implemented:

  • AXFR support
  • correct filesizes (now set to 512);
  • e_read() does not use offset;
  • Don’t display DS records in the Child zone;
  • CNAME handling (with symlinks of course!);
  • DNSSEC validation (should be possible, encoding in the permissions?).
None