Dynamic nameserver provisioning with dns pkts

August 6, 2012


I’m writing a nameserver called fksd (Funkensturm daemon), which is currently in a prototype stage (but the code is available at github).

In this server I’m pursuing some interesting directions in nameserver development, such as the dynamic configuration as provided by BIND10.

BIND10 uses http(s), but I think using DNS packets is more in line with a nameserver, so I opted for that route.

With fksd you can use packets (which will be TSIG signed in the future tomorrow) to configure the server. The only configuration possible at the moment is adding a zone. Such a packet needs to have a TXT record like the following in its AUTHORITY SECTION:

ZONE.   IN  TXT "READ miek.nl. /path/to/zone"

Using the AUTH. section means we can re-use nsupdate (#win).

The current dev. version of fksd listens on port 1053 for real dns queries and on 8053 for configuration queries. Lets start the daemon and query for miek.nl MX:

$ ./fksd -log
<in other terminal>
$ dig @ -p 1053 mx miek.nl
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1945

Indeed, SERVFAIL, because miek.nl. isn’t loaded. Lets fix that (-vD is crucial otherwise it won’t work for some reason):

$ nsupdate -vD
> server 8053
> zone ZONE.
> update add ZONE. 60 IN TXT "READ miek.nl /home/miekg/g/src/dns/ex/fksd/z/miek.nl.db"
> send
; Communication with server failed: timed out

That last error is because I’m lame and do not send a reply message (will be done in the future). Meanwhile fksd logs:

2012/08/06 23:13:27 fksd: config commmand
2012/08/06 23:13:27 fksd: config: READ miek.nl. /home/miekg/g/src/dns/ex/fksd/z/miek.nl.db

When I now query for miek.nl MX, I get:

$ dig @ -p 1053 mx miek.nl
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31060
miek.nl.                345600  IN      MX      20 mail.atoom.net.
miek.nl.                345600  IN      MX      40 mx-ext.tjeb.nl.

miek.nl.                345600  IN      NS      ext.ns.whyscream.net.
miek.nl.                345600  IN      NS      open.nlnetlabs.nl.
miek.nl.                345600  IN      NS      omval.tednet.nl.
miek.nl.                345600  IN      NS      elektron.atoom.net.

The config will be put in some kind of journal in json format (just like BIND10…), which is also “a future todo”™. But for now: this seems to work very nice - now the only thing left is to implement the rest of this authoritative nameserver.