Caddy DNS

March 10, 2016

dns

Lately I’m thinking to use Go DNS to create a DNS server that is completely modelled after Caddy.

There is no code and no name, nothing. Just an idea.

So this magical new DNS server would be billed similar to Caddy, which has the tag line “Serve The Web Like It’s 2016”. Caddy for instance will automatically fetch certs from Let’s Encrypt and configure HTTP/2 and HTTPS. In the case of a DNS server that would translate to good core functionally, support for DNSSEC and key rotation, ala Knot DNS. Also note that now that DNS over TLS is a thing one could even image this server doing the exact same thing as Caddy and automatically getting certs from Let’s Encrypt. Same thing for the above mentioned DNSSEC key maintenance, <unamed server> will take care of it. (This is a non-trivial amount of work, I might add)

What would set this server apart, would be simple configuration (I really like the simplicity of the Caddyfile) and possibility of adding Middleware to extend the functionality. Types of middleware could be, a monitoring middleware (just like in Caddy), or what about implementing a SkyDNS middleware? I.e. fetching records from etcd, instead of some file on disk.

In fact this DNS server would so much look like Caddy that I’m contemplating just forking that, ripping out (most of) the HTTP stuff and replacing it with the glorious protocol we all love and hate1.

Exploring this idea further, I will show some Caddyfile file snippets and document what effect these should have in <whatever-I-call-the-server>.

miek.nl db.miek.nl

Have one zone get the data for it from the file db.miek.nl.

miek.nl {
    file db.miek.nl
    dnssec
    key Kmiek.nl.something
}

Enable automatic DNSSEC, the only thing you should care about is the KSK, the rest… not so much. Maybe Xaddy can automatically upload the DNSKEY/DS record to (whatever) for you?

miek.nl {
    slave 10.0.0.1:53
}

Slave the zone from this master. This could already be a middleware, not something the core server should do.

miek.nl {
    etcd {
        localhost:2379
        # HTTPS params?
    }
    resolve 8.8.8.8
    log stderr
    errors stderr
}

Here we serve the zone miek.nl from etcd and we do the same style logging Caddy has. resolve would mean: forward things you don’t know to this server and proxy back the answers. This would implement almost all of the functionally of SkyDNS.

Well, it would be lots of work, but quite fun and probably pretty useful.


  1. I say “I” here, but of course I mean someone that will actually have the time to do this… [return]
DNS  Caddy  Server  core  coreDNS