rubydns 0.6.0 → 2.0.0

data/bin/rubydns-check

@@ -0,0 +1,374 @@
+#!/usr/bin/env ruby
+# Copyright, 2009, 2012, by Samuel G. D. Williams. <http://www.codeotaku.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+# Pulls down DNS data from old-dns
+# rd-dns-check -s old-dns.mydomain.com -d mydomain.com. -f old-dns.yml
+
+# Check data against old-dns
+# rd-dns-check -s old-dns.mydomain.com -d mydomain.com. -c old-dns.yml
+
+# Check data against new DNS server
+# rd-dns-check -s 10.0.0.36 -d mydomain.com. -c old-dns.yml
+
+require 'yaml'
+require 'optparse'
+require 'set'
+
+class DNSRecord
+	def initialize(arr)
+		@record = arr
+		normalize
+	end
+  
+	def normalize
+		@record[0] = @record[0].downcase
+		@record[1] = @record[1].upcase
+		@record[2] = @record[2].upcase
+		@record[3] = @record[3].downcase
+	end
+  
+	def hostname
+		@record[0]
+	end
+  
+	def klass
+		@record[1]
+	end
+  
+	def type
+		@record[2]
+	end
+  
+	def value
+		@record[3]
+	end
+  
+	def is_address?
+		["A", "AAAA"].include?(type)
+	end
+  
+	def is_cname?
+		return type == "CNAME"
+	end
+  
+	def to_s
+		"#{hostname.ljust(50)} #{klass.rjust(4)} #{type.rjust(5)} #{value}"
+	end
+  
+	def key
+		"#{hostname}:#{klass}:#{type}".downcase
+	end
+  
+	def to_a
+		@record
+	end
+  
+	def == other
+		return @record == other.to_a
+	end
+end
+
+def dig(dns_server, cmd, exclude = ["TXT", "HINFO", "SOA", "NS"])
+	records = []
+	
+	IO.popen("dig @#{dns_server} +nottlid +nocmd +noall +answer " + cmd) do |p|
+		p.each do |line|
+			r = line.chomp.split(/\s/, 4)
+			
+			next if exclude.include?(r[2])
+      
+			records << DNSRecord.new(r)
+		end
+	end
+	
+	return records
+end
+
+def retrieve_records(dns_server, dns_root)
+	return dig(dns_server, "#{dns_root} AXFR")
+end
+
+def resolve_hostname(dns_server, hostname)
+	return dig(dns_server, "#{hostname} A").first
+end
+
+def resolve_address(dns_server, address)
+	return dig(dns_server, "-x #{address}").first
+end
+
+def print_summary(records, errors, okay, &block)
+	puts "[ Summary ]".center(72, "=")
+	puts "Checked #{records.size} record(s). #{errors} errors."
+	if errors == 0
+		puts "Everything seemed okay."
+	else
+		puts "The following records are okay:"
+		okay.each do |r|
+			if block_given?
+				yield r
+			else
+				puts "".rjust(12) + r.to_s
+			end
+		end
+	end
+end
+
+# Resolve hostnames to IP address "A" or "AAAA" records.
+# Works through CNAME records in order to find out the final
+# address if possible. Checks for loops in CNAME records.
+def resolve_addresses(records)
+	addresses = {}
+	cnames = {}
+  
+	# Extract all hostname -> ip address mappings
+	records.each do |r|
+		if r.is_address?
+			addresses[r.hostname] = r
+		elsif r.is_cname?
+			cnames[r.hostname] = r
+		end
+	end
+  
+	cnames.each do |hostname, r|
+		q = r
+		trail = []
+		failed = false
+    
+		# Keep track of CNAME records to avoid loops
+		while q.is_cname?
+			trail << q
+			q = cnames[q.value] || addresses[q.value]
+      
+			# Q could be nil at this point, which means there was no address record
+			# Q could be already part of the trail, which means there was a loop
+			if q == nil || trail.include?(q)
+				failed = true
+				break
+			end
+		end
+    
+		if failed
+			q = trail.last
+			puts "*** Warning: CNAME record #{hostname} does not point to actual address!"
+			trail.each_with_index do |r, idx|
+				puts idx.to_s.rjust(10) + ": " + r.to_s
+			end
+		end
+    
+		addresses[r.hostname] = q
+	end
+  
+	return addresses, cnames
+end
+
+def check_reverse(records, dns_server)
+	errors = 0
+	okay = []
+  
+	puts "[ Checking Reverse Lookups ]".center(72, "=")
+  
+	records.each do |r|
+		next unless r.is_address?
+    
+		sr = resolve_address(dns_server, r.value)
+    
+		if sr == nil
+			puts "*** Could not resolve host"
+			puts "".rjust(12) + r.to_s
+			errors += 1
+		elsif r.hostname != sr.value
+			puts "*** Hostname does not match"
+			puts "Primary: ".rjust(12) + r.to_s
+			puts "Secondary: ".rjust(12) + sr.to_s
+			errors += 1
+		else
+			okay << [r, sr]
+		end
+	end
+  
+	print_summary(records, errors, okay) do |r|
+		puts "Primary:".rjust(12) + r[0].to_s
+		puts "Secondary:".rjust(12) + r[1].to_s
+	end
+end
+
+def ping_records(records)
+	addresses, cnames = resolve_addresses(records)
+
+	errors = 0
+	okay = []
+
+	puts "[ Pinging Records ]".center(72, "=")
+  
+	addresses.each do |hostname, r|
+		ping = "ping -c 5 -t 5 -i 1 -o #{r.value} > /dev/null"
+    
+		system(ping)
+    
+		if $?.exitstatus == 0
+			okay << r
+		else
+			puts "*** Could not ping host #{hostname.dump}: #{ping.dump}"
+			puts "".rjust(12) + r.to_s
+			errors += 1
+		end
+	end
+  
+	print_summary(records, errors, okay)
+end
+
+def query_records(primary, secondary_server)
+	addresses, cnames = resolve_addresses(primary)
+  
+	okay = []
+	errors = 0
+  
+	primary.each do |r|
+		sr = resolve_hostname(secondary_server, r.hostname)
+    
+		if sr == nil
+			puts "*** Could not resolve hostname #{r.hostname.dump}"
+			puts "Primary: ".rjust(12) + r.to_s
+      
+			rsr = resolve_address(secondary_server, (addresses[r.value] || r).value)
+			puts "Address: ".rjust(12) + rsr.to_s if rsr
+      
+			errors += 1
+		elsif sr.value != r.value
+			ra = addresses[r.value] if r.is_cname?
+			sra = addresses[sr.value] if sr.is_cname?
+      
+			if (sra || sr).value != (ra || r).value
+				puts "*** IP Address does not match"
+				puts "Primary: ".rjust(12) + r.to_s
+				puts "Resolved: ".rjust(12) + ra.to_s if ra
+				puts "Secondary: ".rjust(12) + sr.to_s
+				puts "Resolved: ".rjust(12) + sra.to_s if sra
+				errors += 1
+			end
+		else
+			okay << r
+		end
+	end
+  
+	print_summary(primary, errors, okay)
+end
+
+def check_records(primary, secondary)
+	s = {}
+	okay = []
+	errors = 0
+  
+	secondary.each do |r|
+		s[r.key] = r
+	end
+
+	puts "[ Checking Records ]".center(72, "=")
+
+	primary.each do |r|
+		sr = s[r.key]
+    
+		if sr == nil
+			puts "*** Could not find record"
+			puts "Primary: ".rjust(12) + r.to_s
+			errors += 1
+		elsif sr != r
+			puts "*** Records are different"
+			puts "Primary: ".rjust(12) + r.to_s
+			puts "Secondary: ".rjust(12) + sr.to_s
+			errors += 1
+		else
+			okay << r
+		end
+	end
+  
+	print_summary(primary, errors, okay)
+end
+
+OPTIONS = {
+	:DNSServer => nil,
+	:DNSRoot => ".",
+}
+
+ARGV.options do |o|
+	script_name = File.basename($0)
+  
+	o.set_summary_indent('  ')
+	o.banner = "Usage: #{script_name} [options]"
+	o.define_head "This script is designed to test and check DNS servers."
+  
+	o.on("-s ns.my.domain.", "--server ns.my.domain.", String, "The DNS server to query.") { |host| OPTIONS[:DNSServer] = host }
+	o.on("-d my.domain.", "--domain my.domain.", String, "The DNS zone to transfer/test.") { |host| OPTIONS[:DNSRoot] = host }
+  
+	o.on("-f output.yml", "--fetch output.yml", String, "Pull down a list of hosts. Filters TXT and HINFO records. DNS transfers must be enabled.") { |f|
+		records = retrieve_records(OPTIONS[:DNSServer], OPTIONS[:DNSRoot])
+    
+		output = (f ? File.open(f, "w") : STDOUT)
+    
+		output.write(YAML::dump(records))
+    
+		puts "#{records.size} record(s) retrieved."
+	}
+  
+	o.on("-c input.yml", "--check input.yml", String, "Check that the DNS server returns results as specified by the file.") { |f|
+		input = (f ? File.open(f) : STDIN)
+    
+		master_records = YAML::load(input.read)
+		secondary_records = retrieve_records(OPTIONS[:DNSServer], OPTIONS[:DNSRoot])
+    
+		check_records(master_records, secondary_records)
+	}
+  
+	o.on("-q input.yml", "--query input.yml", String, "Query the remote DNS server with all hostnames in the given file, and checks the IP addresses are consistent.") { |f|
+		input = (f ? File.open(f) : STDIN)
+    
+		master_records = YAML::load(input.read)
+    
+		query_records(master_records, OPTIONS[:DNSServer])
+	}
+  
+	o.on("-p input.yml", "--ping input.yml", String, "Ping all hosts to check if they are available or not.") { |f|
+		input = (f ? File.open(f) : STDIN)
+    
+		master_records = YAML::load(input.read)
+    
+		ping_records(master_records)
+	}
+  
+	o.on("-r input.yml", "--reverse input.yml", String, "Check that all address records have appropriate reverse entries.") { |f|
+		input = (f ? File.open(f) : STDIN)
+    
+		master_records = YAML::load(input.read)
+    
+		check_reverse(master_records, OPTIONS[:DNSServer])
+	}
+  
+	o.separator ""
+	o.separator "Help and Copyright information"
+  
+	o.on_tail("--copy", "Display copyright information") {
+		puts "#{script_name}. Copyright (c) 2009, 2011 Samuel Williams. Released under the MIT license."
+		puts "See http://www.oriontransfer.co.nz/ for more information."
+		exit
+	}
+  
+	o.on_tail("-h", "--help", "Show this help message.") { puts o; exit }
+end.parse!

data/examples/Gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+gem 'rubydns', path: '../'
+gem "process-daemon"
+gem 'nokogiri'
+gem 'http'
+gem 'geoip'

data/examples/README.md

@@ -0,0 +1,137 @@
+# RubyDNS Examples
+
+This directory contains several examples of customized RubyDNS servers,
+intended to demonstrate how RubyDNS can be easily customized to specific
+needs.
+
+## FlakeyDNS (flakey-dns.rb)
+
+A DNS server that selectively drops queries based on the requested domain name.  Queries for domains that match specified regular expressions (like 'microsoft.com' or 'sco.com') return NXDomain, while all other queries are passed to upstream resolvers.
+
+By default this server will listen for UDP requests on port 5300 and does not need to be started as root.
+
+To start the server, ensure that you're in the examples subdirectory and type
+
+    bundle
+    bundle exec ./flakey-dns.rb start
+
+To see it in action you can then query some domains.  For example,
+
+    dig @localhost -p 5300 slashdot.org -t A
+    dig @localhost -p 5300 www.hackernews.com -t A
+
+give the correct results. But
+
+    dig @localhost -p 5300 microsoft.com -t A
+    dig @localhost -p 5300 www.microsoft.com -t A
+    dig @localhost -p 5300 www.microsoft.com
+
+all give an NXDomain result.
+
+## FortuneDNS (fortune-dns.rb)
+
+A DNS server that allows a client to generate fortunes and fetch them with subsequent requests.  The server
+'remembers' the fortunes it generates, and can serve them to future requests. The reason for this is because most fortunes won't fit over UDP (maximum size 512 bytes) and the client will request the same fortune via TCP.
+
+You will need to have the `fortune` app installed on your system.  It comes installed by default on
+most Linux distributions, and can be installed on a Mac with Homebrew by typing:
+
+    # Homebrew
+    brew install fortune
+    # MacPorts
+    sudo port install fortune
+    # Arch Linux
+    sudo pacman -S fortune-mod
+
+By default this server will listen for UDP and TCP requests on port 53, and needs to be started as root.  It
+assumes the existence of a user 'daemon', as whom the process will run.  If such a user doesn't exist on your
+system, you will need to either create such a user or update the script to use a user that exists on your
+system.
+
+To start the server, ensure that you're in the examples subdirectory and type
+
+    bundle
+    sudo bundle exec ./fortune-dns.rb start
+
+To create a new fortune type
+
+    dig @localhost fortune -t TXT
+
+This will result in an DNS answer that looks something like this:
+
+    fortune.    0 IN  TXT "Text Size: 714 Byte Size: 714"
+    fortune.    0 IN  CNAME 32bf3bf2b0a2255f2df00ed9e95c8185.fortune.
+
+Take the CNAME from this result and query it.  For our example this would be:
+
+    dig @localhost 32bf3bf2b0a2255f2df00ed9e95c8185.fortune -t TXT
+
+And your answer will be a fortune.
+
+You can also generate a 'short' fortune by typing the following:
+
+    dig @localhost short.fortune -t TXT
+
+or view the fortune stats with:
+
+    dig @localhost stats.fortune -t TXT
+
+## GeoIPDNS (geoip-dns.rb)
+
+A sample DNS daemon that demonstrates how to use RubyDNS to build responses
+that vary based on the geolocation of the requesting peer.  Clients of this
+server who request A records will get an answer IP address based on the 
+continent of the client IP address.
+
+Please note that use of this example requires that the peer have a public
+IP address.  IP addresses on private networks or the localhost IP (127.0.0.1)
+cannot be resolved to a location, and so will always yield the unknown result.
+
+This daemon requires the file downloaded from
+[MaxMind](http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz)
+For more information on the GeoIP library, please click [here](http://www.maxmind.com/en/geolite)
+or [here](https://github.com/cjheath/geoip).  This file should be unzipped and placed in the
+examples root directory, i.e. `examples/GeoLiteCountry.dat`.
+
+By default this server will listen for UDP requests on port 5300 and does not need to be started as root.
+
+To start the server, ensure that you're in the examples subdirectory and type
+
+    bundle
+    sudo bundle exec ./geoip-dns.rb start
+
+To see the behavior, run a DNS query against the server where you are running the GeoIPDNS
+daemon.  Depending on the continent to which the client machine's IP address is mapped,
+you will receive a different IP address in the answer section:
+
+    Africa - 1.1.1.1
+    Antarctica - 1.1.2.1
+    Asia - 1.1.3.1
+    Europe - 1.1.4.1
+    North America - 1.1.5.1
+    Oceania - 1.1.6.1
+    South America - 1.1.7.1
+
+## WikipediaDNS (wikipedia-dns.rb)
+
+A DNS server that queries Wikipedia and returns summaries for specifically crafted queries.
+
+By default this server will listen for UDP and TCP requests on port 53, and needs to be started as root.  It
+assumes the existence of a user 'daemon', as whom the process will run.  If such a user doesn't exist on your
+system, you will need to either create such a user or update the script to use a user that exists on your
+system.
+
+To start the server, ensure that you're in the examples subdirectory and type
+
+    bundle
+    sudo bundle exec ./wikipedia-dns.rb start
+
+To query Wikipedia, pick a term - say, 'helium' - and make a DNS query like
+
+    dig @localhost helium.wikipedia -t TXT
+
+The answer section should contain the summary for this topic from Wikipedia
+
+    helium.wikipedia. 86400 IN  TXT "Helium is a chemical element with symbol He and atomic number 2. It is a colorless, odorless, tasteless, non-toxic, inert, monatomic gas that heads the noble gas group in the periodic table. Its boiling and melting points are the lowest among the elements" " and it exists only as a gas except in extreme conditions."
+
+Long blocks of text cannot be easily replied in DNS as they must be chunked into segments at most 255 bytes. Long replies must be sent back using TCP.

data/examples/basic-dns.rb

@@ -0,0 +1,24 @@
+#!/usr/bin/env ruby
+require 'rubydns'
+
+INTERFACES = [
+	[:udp, "0.0.0.0", 5300],
+	[:tcp, "0.0.0.0", 5300],
+]
+
+IN = Resolv::DNS::Resource::IN
+
+# Use upstream DNS for name resolution.
+UPSTREAM = RubyDNS::Resolver.new([[:udp, "8.8.8.8", 53], [:tcp, "8.8.8.8", 53]])
+
+# Start the RubyDNS server
+RubyDNS::run_server(INTERFACES) do
+	match(%r{test.local}, IN::A) do |transaction|
+		transaction.respond!("10.0.0.80")
+	end
+
+	# Default DNS handler
+	otherwise do |transaction|
+		transaction.passthrough!(UPSTREAM)
+	end
+end

data/examples/cname.rb

@@ -0,0 +1,25 @@
+#!/usr/bin/env ruby
+
+require 'rubydns'
+require 'rubydns/system'
+ 
+INTERFACES = [
+	[:udp, "0.0.0.0", 5300],
+	[:tcp, "0.0.0.0", 5300]
+]
+
+Name = Resolv::DNS::Name
+IN = Resolv::DNS::Resource::IN
+
+UPSTREAM = RubyDNS::Resolver.new([[:udp, "8.8.8.8", 53], [:tcp, "8.8.8.8", 53]])
+	
+RubyDNS::run_server(INTERFACES) do
+	# How to respond to something other than what was requested.
+	match(//, IN::A) do |transaction|
+		transaction.respond!(Name.create('foo.bar'), resource_class: IN::CNAME)
+	end
+
+	otherwise do |transaction|
+		transaction.passthrough!(UPSTREAM)
+	end
+end

data/{test/examples/dropping-dns.rb → examples/flakey-dns.rb}

@@ -1,17 +1,17 @@
 #!/usr/bin/env ruby
 
 # Copyright, 2009, 2012, by Samuel G. D. Williams. <http://www.codeotaku.com>
-# 
+#
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
 # in the Software without restriction, including without limitation the rights
 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 # copies of the Software, and to permit persons to whom the Software is
 # furnished to do so, subject to the following conditions:
-# 
+#
 # The above copyright notice and this permission notice shall be included in
 # all copies or substantial portions of the Software.
-# 
+#
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@@ -20,56 +20,53 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-require 'rubygems'
+require 'process/daemon'
 
-require 'rexec'
-require 'rexec/daemon'
-
-require 'rubygems'
 require 'rubydns'
-
-require 'rubydns/resolver'
 require 'rubydns/system'
 
 INTERFACES = [
-	[:udp, "0.0.0.0", 5300]
+	[:udp, '0.0.0.0', 5300]
 ]
 
-class DroppingDaemon < RExec::Daemon::Base
-	# You can specify a specific directory to use for run-time information (pid, logs, etc):
-	# @@base_directory = File.expand_path("../", __FILE__)
-	# @@base_directory = "/var"
-
+# A DNS server that selectively drops queries based on the requested domain
+# name.  Queries for domains that match specified regular expresssions
+# (like 'microsoft.com' or 'sco.com') return NXDomain, while all other
+# queries are passed to upstream resolvers.
+class FlakeyDNS < Process::Daemon
 	Name = Resolv::DNS::Name
 	IN = Resolv::DNS::Resource::IN
-	R = RubyDNS::Resolver.new(RubyDNS::System::nameservers)
-	
-	def self.run
-		RubyDNS::run_server(:listen => INTERFACES) do
+
+	def startup
+		RubyDNS.run_server(INTERFACES) do
+			# Use a Celluloid supervisor so the system recovers if the actor dies
+			fallback_resolver_supervisor =
+			  RubyDNS::Resolver.supervise(RubyDNS::System.nameservers)
+
 			# Fail the resolution of certain domains ;)
 			match(/(m?i?c?r?o?s?o?f?t)/) do |transaction, match_data|
 				if match_data[1].size > 7
-					logger.info "Dropping domain MICROSOFT..."
-					transaction.failure!(:NXDomain)
+					logger.info 'Dropping domain MICROSOFT...'
+					transaction.fail!(:NXDomain)
 				else
-					# Pass the request to the otherwise handler
-					false
+					logger.info 'Passing DNS request upstream...'
+					transaction.passthrough!(fallback_resolver_supervisor.actors.first)
 				end
 			end
-			
+
 			# Hmm....
 			match(/^(.+\.)?sco\./) do |transaction|
-				logger.info "Dropping domain SCO..."
-				transaction.failure!(:NXDomain)
+				logger.info 'Dropping domain SCO...'
+				transaction.fail!(:NXDomain)
 			end
 
 			# Default DNS handler
 			otherwise do |transaction|
-				logger.info "Passing DNS request upstream..."
-				transaction.passthrough!(R)
+				logger.info 'Passing DNS request upstream...'
+				transaction.passthrough!(fallback_resolver_supervisor.actors.first)
 			end
 		end
-  end
+	end
 end
 
-DroppingDaemon.daemonize
+FlakeyDNS.daemonize