Almost ready to dogfood CoreDNS

March 28, 2016

dns

CoreDNS is gaining more and more features, and bug #15, allowing CoreDNS to replace BIND9 in my home setup, is almost attainable. With a pre-signed DNSSEC zone (I just use CRON, don’t do key rollovers) and the following Corefile, CoreDNS is acting standards compliant already:

.:1053 {
    errors stdout
    log stdout
    file miek.nl.signed miek.nl {
        transfer out
    }

Start it, query it:

% dig @localhost -p 1053 SOA miek.nl +short
linode.atoom.net. miek.miek.nl. 1459138381 14400 3600 604800 14400

And! DNSSEC:

dig @localhost -p 1053 SOA miek.nl +short +dnssec
linode.atoom.net. miek.miek.nl. 1459051981 14400 3600 604800 14400
SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy......1dc=

This works for SERVFAIL, NODATA, but not for NXDOMAIN yet.

And I’ve also implemented AXFR, so this works as well. Notifies still needs to be implemented, but that is not really that difficult (compared to NXDOMAIN in DNSSEC).

Without DNSSEC it should already be a decent nameserver (if you still have zonefiles on disk that is).

% dig @localhost -p 1053 axfr miek.nl

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost -p 1053 axfr miek.nl
; (1 server found)
;; global options: +cmd
miek.nl.		1800	IN	SOA	linode.atoom.net. miek.miek.nl. 1459051981 14400 3600 604800 14400
...
...
...
miek.nl.		1800	IN	SOA	linode.atoom.net. miek.miek.nl. 1459051981 14400 3600 604800 14400
;; Query time: 2 msec
;; SERVER: 127.0.0.1#1053(127.0.0.1)
;; WHEN: Mon Mar 28 22:13:42 BST 2016
;; XFR size: 43 records (messages 28, bytes 5407)

Some other ideas include abstracting away the “file” interface and allowing anything to be a backend, so you can use a database, etcd, or whatever to store your zone’s content.

I’m expecting to trial run CoreDNS on my homeserver, early next week.

CoreDNS  DNS  DNSSEC  Progress