ECN>> dnscache>> 返回
项目作者: vi

项目描述 :
Simple DNS proxy with forced caching
高级语言: Rust
项目地址: git://github.com/vi/dnscache.git
创建时间: 2017-12-16T21:54:50Z
项目社区:https://github.com/vi/dnscache
开源协议:
下载


Dnscache

Simple DNS proxy supporting one upstream.
Designed for using slow and unreliable upstream DNS servers like Tor’s DNS resolver.
Trades consistency for availability. Not for serious use.

License = MIT or Apache 2.0

There are some pre-built versions on Github releases. Versions older than 0.3.1 depend on buggy rusy-leveldb and may sporadically panic.

DNSCache can also be used as a library (with your own database and network abstraction, but with DNS packets still as byte blobs).

  1. dnscache 0.1.3
  2. Vitaly _Vi Shukela <vi0oss@gmail.com>
  3. Simple DNS cacher.
  5. USAGE:
  6.     dnscache [OPTIONS] <listen_addr> <upstream_addr> <db>
  8. FLAGS:
  9.     -h, --help       Prints help information
  10.     -V, --version    Prints version information
  12. OPTIONS:
  13.         --max-ttl <max_ttl>    Maximum TTL of A or AAAA entry, seconds [default: 4294967295]
  14.         --min-ttl <min_ttl>    Minimum TTL of A or AAAA entry, seconds [default: 0]
  15.         --neg-ttl <neg_ttl>    Negative reply TTL, seconds [default: 30]
  17. ARGS:
  18.     <listen_addr>      Listen address and port
  19.     <upstream_addr>    Upstream DNS server address and port
  20.     <db>               Path to LevelDB database directory
  23. $ dnscache --neg-ttl 7200 127.0.0.1:53 127.0.0.1:6053 db --min-ttl 7200
  24. A    users.rust-lang.org  cached
  25. AAAA    users.rust-lang.org  cached
  26. A    google.com  queued
  27.   upstream
  28.   saved to database: google.com
  29.   replied...
  30. A    www.google.com  cached, but refreshing
  31.   upstream
  32.   refusing to forget A entries
  33.   saved to database: www.google.com
  34. A    google.com  cached, negative 31.
  35. AAAA    vi-notebook  cached, negative 6600.
  36. AAAA    vi-notebook  cached, negative 6601.
  37. A    users.rust-lang.org  cached
  38. AAAA    users.rust-lang.org  cached
  39. ...

Features:

  • IPv6 AAAA records
  • Forwarding of trickier queries as is
  • Multi-question queries
  • Minimal protection from poisoning by filtering domain names in replies
  • Always tries to immediately return some A or AAAA records for client to try, no waiting for refreshing.
  • Clamping TTL betwen user-specified min and max (the cache contains unmodified value).

Notes:

  • It does not construct DNS requests on its own, it reuses client-constructed packets
  • Uncached queries (non-A, non-AAAA or non-IN) are forwarded based in ID
  • TTL may be 0 in replies
  • Single threaded, single UDP socket
  • If all A or AAAA entries disappear in reply, cached ones retain instead. AAAA resolution sometimes works in Tor DNS resolver, sometimes not.
  • CNAMEs are resolved recursively into A/AAAA entries and are not persisted
  • Unsupported queries (MX, All) are forwarded as-is based on ID only
  • Entire dnscache is case-sensitive. google.com and Google.com are queried and cached separately.

Concerns:

  • Entries are never deleted from cache
  • If data is stale, it first replies with TTL 0, then re-checks in upstream
  • The used LevelDB implementation is not recommended for serious use yet.
  • The same socket used both for client and for upstream communication. Can’t listen only on 127.0.0.1, but rely on 8.8.8.8.
  • There are no timeouts or timekeeping. Unreplied requests may stay in memory indefinitely. There may be a lot of unsolicited reply for ... log entries because of replies for retries.

Database format: LevelDB database with domain names like internals.rust-lang.org as keys and CBOR as values. Sample value:

  1. {"a4": {"t": 1513810855, "a": [{"ttl": 599, "ip": h'4047a8d3'}]}, "a6": {"t": 1513810855, "a": [{"ttl": 599, "ip": h'20010470000103a80000000000000211'}]}}
  3. 00000000  a2 62 61 34 a2 61 74 1a  5a 3a eb a7 61 61 81 a2  |.ba4.at.Z:..aa..|
  4. 00000010  63 74 74 6c 19 02 57 62  69 70 44 40 47 a8 d3 62  |cttl..WbipD@G..b|
  5. 00000020  61 36 a2 61 74 1a 5a 3a  eb a7 61 61 81 a2 63 74  |a6.at.Z:..aa..ct|
  6. 00000030  74 6c 19 02 57 62 69 70  50 20 01 04 70 00 01 03  |tl..WbipP ..p...|
  7. 00000040  a8 00 00 00 00 00 00 02  11                       |.........|
  8. 00000049

Simple description:

  1. {"a4": {"t": timestamp_unix, "a":[IPv4/TTL pairs list]}, "a6": null (for never requested values)}
  2. {"t": ..., "a":[(empty list)]} means negatively cached

The format is subject to change and is other than one used by pre-build 1.2 binaries.