Core on Miek Gieben

Caddy DNS update

Thu, 17 Mar 2016 22:13:29 +0000

My “Port Caddy to be a DNS server”-project is alive and kicking. Code will be published soon-ish, mostly waiting for actually naming the bloody thing. Code is also littered with TODOs.

I’ve implemented the following middlewares, the all need tests and actual use, but here we go:

log, for logging (as in Caddy)
error, for error logging (as in Caddy). These both include the {{placeholder}} syntax, so you can use {{port}} and even {>} for logging header bits.
file, really, really stupid zone file backed zone implementation, more a proof of concept
reflect, reflect (test) middleware
proxy, proxy requests to an upstream nameserver/resolver

I also want to add a rewrite middleware that will, for instance, rewrite ANY queries to HINFO ones.

First Light

Mon, 14 Mar 2016 21:31:01 +0000

So I did fork Caddy, and converted it into something that almost resembles a DNS server.

This is Caddy DNS (need an name!) without any configuration, i.e. an empty Caddyfile. It will then fallback and be a reflection server (couldn’t think of something better…). It will respond to queries that ask for who.<name> and will respond with your IP, port and transport.

So the first light query and answer would be:

dig @localhost -p 1053 A who.miek.nl

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62561
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;who.miek.nl.			IN	A

;; ANSWER SECTION:
who.miek.nl.		0	IN	AAAA	::1

;; ADDITIONAL SECTION:
who.miek.nl.		0	IN	TXT	"Port: 1234 (udp)"

And slightly later with the port number properly fixed:

Caddy DNS

Thu, 10 Mar 2016 21:41:08 +0000

Lately I’m thinking to use Go DNS to create a DNS server that is completely modelled after Caddy.

There is no code and no name, nothing. Just an idea.

So this magical new DNS server would be billed similar to Caddy, which has the tag line “Serve The Web Like It’s 2016”. Caddy for instance will automatically fetch certs from Let’s Encrypt and configure HTTP/2 and HTTPS. In the case of a DNS server that would translate to good core functionally, support for DNSSEC and key rotation, ala Knot DNS. Also note that now that DNS over TLS is a thing one could even image this server doing the exact same thing as Caddy and automatically getting certs from Let’s Encrypt. Same thing for the above mentioned DNSSEC key maintenance, <unamed server> will take care of it. (This is a non-trivial amount of work, I might add)