Running CoreDNS

April 3, 2016

dns

CoreDNS is now running on linode.atoom.net on port 1053 (yes not yet on 53..). It should implement most protocol features and allows for AXFR (to everyone) and is able to act as a secondary. Not bad after ~2 weeks of programming. ;-)

Recipe for writing a DNS server in 2 weeks:

  1. Study the DNS for 15+ years.
  2. Start an easy to use DNS library 5 years ago.
  3. Write DNS server in ~2 weeks.

The current version of CoreDNS works, but isn’t fully standards compliant (in a few corner cases, mostly DNSSEC related). It is also optimistic about operational errors, i.e. it assumes everything will work as expected.

So to further test CoreDNS it is now running on port 1053 on linode.atoom.net, both on v4 and v6 obviously, not completely sure how exactly testing will look like.

It is running 10 primary zones, of which 3 (miek.nl, dnssex.nl and atoom.net) are DNSSEC signed (with NSEC). The rest is plain DNS. Two zones are transferred from a primary. The full Corefile can be found below - its a bit verbose, not sure if I want to change that are just keep it like this.

The transfer to/from syntax is deliberately verbose, because we need to add TSIG information to that as well. Of course comments, improvements and PRs are welcome.

miek.nl:1053 {
    file /var/lib/bind/miek.nl.signed {
        transfer to *
    }
    errors stdout
    log stdout
}

dnssex.nl:1053 {
    file /var/lib/bind/dnssex.nl.signed {
        transfer to *
    }
    errors stdout
    log stdout
}

atoom.net:1053 {
    file /var/lib/bind/atoom.net.signed {
        transfer to *
    }
    errors stdout
    log stdout
}

dns.miek.nl:1053 {
    file /etc/bind/dns.miek.nl {
        transfer to *
    }
    errors stdout
    log stdout
}

nlgids.london:1053 {
    file /etc/bind/nlgids.london {
        transfer to *
    }
    errors stdout
    log stdout
}

berkestoffering.nl:1053 {
    file /etc/bind/berkestoffering.nl {
        transfer to *
    }
    errors stdout
    log stdout
}

isitinfra.net:1053 {
    file /etc/bind/isitinfra.net {
        transfer to *
    }
    errors stdout
    log stdout
}

# Note: wereldstadSgidsen.com
wereldstadsgidsen.com:1053 {
    file /etc/bind/wereldstadgidsen {
        transfer to *
    }
    errors stdout
    log stdout
}
wereldstadgidsen.nl:1053 {
    file /etc/bind/wereldstadgidsen {
        transfer to *
    }
    errors stdout
    log stdout
}
wereldstadgidsen.be:1053 {
    file /etc/bind/wereldstadgidsen {
        transfer to *
    }
    errors stdout
    log stdout
}

# secondaries

graat.org:1053 {
    secondary {
        transfer to *
        transfer from 82.161.180.170
    }
    errors stdout
    log stdout
}

rikribbers.nl:1053 {
    secondary {
        transfer to *
        transfer from 92.63.172.25
        transfer from 2a00:f10:121:400:252b:5421:6ba3:3d10
    }
    errors stdout
    log stdout
}
DNS  CoreDNS  testing