pending-dns 1.1.1 → 1.2.1

package/.github/workflows/deploy.yml

@@ -0,0 +1,37 @@
+on:
+    push:
+        branches:
+            - master
+
+name: Deploy instance
+
+jobs:
+    deploy:
+        name: Deploy
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout
+              uses: actions/checkout@v2
+
+            - name: Install SSH key
+              uses: shimataro/ssh-key-action@v2
+              with:
+                  key: ${{ secrets.SSH_KEY }}
+                  known_hosts: ${{ secrets.KNOWN_HOSTS }}
+
+            - name: Deploy to server
+              env:
+                  TARGET_HOST_01: dns-01.emailengine.app
+                  TARGET_HOST_02: dns-02.emailengine.app
+                  NODE_ENV: production
+                  SERVICE_NAME: pending-dns
+              id: deploy
+              run: |
+                  echo $GITHUB_SHA > commit.txt
+                  npm install --production
+                  tar czf /tmp/${SERVICE_NAME}.tar.gz --exclude .git .
+                  scp /tmp/${SERVICE_NAME}.tar.gz deploy@${TARGET_HOST_01}:
+                  scp /tmp/${SERVICE_NAME}.tar.gz deploy@${TARGET_HOST_02}:
+                  ssh deploy@$TARGET_HOST_01 "/opt/deploy.sh ${SERVICE_NAME}"
+                  ssh deploy@$TARGET_HOST_02 "/opt/deploy.sh ${SERVICE_NAME}"

package/README.md

@@ -1,6 +1,6 @@
 # PendingDNS
 
-Lightweight API driven Authoritative DNS server. Extracted from [Project Pending](https://projectpending.com/).
+Lightweight API driven Authoritative DNS server.
 
 ## Features
 

package/bin/pending-dns.js

@@ -0,0 +1,49 @@
+#!/usr/bin/env node
+/* eslint global-require: 0 */
+'use strict';
+
+const packageData = require('../package.json');
+const fs = require('fs');
+const pathlib = require('path');
+const argv = require('minimist')(process.argv.slice(2));
+
+function run() {
+    let cmd = ((argv._ && argv._[0]) || '').toLowerCase();
+    if (!cmd) {
+        if (argv.version || argv.v) {
+            cmd = 'version';
+        }
+
+        if (argv.help || argv.h) {
+            cmd = 'help';
+        }
+    }
+
+    switch (cmd) {
+        case 'help':
+            // Show version
+            fs.readFile(pathlib.join(__dirname, '..', 'help.txt'), (err, helpText) => {
+                if (err) {
+                    console.error('Failed to load help information');
+                    console.error(err);
+                    return process.exit(1);
+                }
+                console.error(helpText.toString().trim());
+                console.error('');
+                process.exit();
+            });
+            break;
+
+        case 'version':
+            // Show version
+            console.log(`EmailEngine v${packageData.version} (${packageData.license})`);
+            return process.exit();
+
+        default:
+            // run normally
+            require('../server');
+            break;
+    }
+}
+
+run();

package/config/default.toml

@@ -1,143 +1,143 @@
 
 [log]
-    level = "trace"
+level = "trace"
 
 [dbs]
 
-    # By default all redis commands are sent against the same instance
-    redis = "redis://127.0.0.1:6379/2"
+# By default all redis commands are sent against the same instance
+redis = "redis://127.0.0.1:6379/2"
 
-    # Alternatively you can separate write and read tasks
-    # by writing to master and reading from a closer replica
+# Alternatively you can separate write and read tasks
+# by writing to master and reading from a closer replica
 
-    # Redis master
-    #redisRead = "redis://127.0.0.1:6379/2"
+# Redis master
+#redisRead = "redis://127.0.0.1:6379/2"
 
-    # Redis replica, preferrably localhost for fastest responses
-    #redisWrite = "redis://127.0.0.1:6379/2"
+# Redis replica, preferrably localhost for fastest responses
+#redisWrite = "redis://127.0.0.1:6379/2"
 
 [api]
-    # If enabled=false then API server is not started and configuration is not used
-    enabled = true
-    workers = 2
+# If enabled=false then API server is not started and configuration is not used
+enabled = true
+workers = 1
 
-    # You want to keep this local or firewalled otherwise anyone would be able to change DNS records
-    # Do not use ports 80 or 443 as these are needed for the redirect interface
-    port = 5080
-    host = "127.0.0.1"
+# You want to keep this local or firewalled otherwise anyone would be able to change DNS records
+# Do not use ports 80 or 443 as these are needed for the redirect interface
+port = 5080
+host = "127.0.0.1"
 
 [dns]
-    # If enabled=false then DNS server is not started and configuration is not used
-    enabled = true
-    workers = 2
+# If enabled=false then DNS server is not started and configuration is not used
+enabled = true
+workers = 2
 
-    # Default TTL value for all records
-    ttl = 300 # 5 min
+# Default TTL value for all records
+ttl = 300 # 5 min
 
-    # Use 53 on production.
-    # This port is used both for TCP and UDP so make sure both are allowed by the firewall
-    #    ufw allow 53/tcp
-    #    ufw allow 53/udp
-    port = 5053
+# Use 53 on production.
+# This port is used both for TCP and UDP so make sure both are allowed by the firewall
+#    ufw allow 53/tcp
+#    ufw allow 53/udp
+port = 5053
 
-    # In most cases you have to set actual interface IP address here
-    # instead of using 0.0.0.0 as there might be already some other DNS
-    # handlers running (eg. SystemD stub resolver) on some local address
-    host = "127.0.0.1"
+# In most cases you have to set actual interface IP address here
+# instead of using 0.0.0.0 as there might be already some other DNS
+# handlers running (eg. SystemD stub resolver) on some local address
+host = "127.0.0.1"
 
 # List of Name Servers running this system
 # 1) ACME certificates are created only for domains that have NS records set to these values
 # 2) These values are reported as NS records for all domains
 [[ns]]
-    # First NS in the list is also reported as the master in SOA record
-    domain = "testdns01.pendingdns.com"
-    ip = "188.165.168.22"
+# First NS in the list is also reported as the master in SOA record
+domain = "testdns01.pendingdns.com"
+ip = "188.165.168.22"
 [[ns]]
-    domain = "testdns02.pendingdns.com"
-    ip = "51.38.177.242"
+domain = "testdns02.pendingdns.com"
+ip = "51.38.177.242"
 
 # SOA info
 # 1) This is reported as the SOA record for all domains
 [soa]
-    admin = "hostmaster.pendingdns.com"
-    serial = 2020050501
-    refresh = 3600
-    retry = 600
-    expiration = 604800
-    minimum = 60
+admin = "hostmaster.pendingdns.com"
+serial = 2020050501
+refresh = 3600
+retry = 600
+expiration = 604800
+minimum = 60
 
 # Resolver for external DNS queries, set ns=false to use system default
 # Mostly used for ANAME resolving
 [resolver]
-    ns = ["8.8.8.8", "1.1.1.1"]
+ns = ["8.8.8.8", "1.1.1.1"]
 
 # Settings for Let's Encrypt certificate generation
 [acme]
-    # Local identifier for the ACME account
-    key = "staging"
-    # Defaults to Let's Encrypt staging environment
-    directoryUrl = "https://acme-staging-v02.api.letsencrypt.org/directory"
-    
-    #key = "production"
-    #directoryUrl = "https://acme-v02.api.letsencrypt.org/directory"
-    
-    # Email address to recive account related notifications
-    # This value must be set as this is the person who agrees to LE TOS
-    #email = "hostmaster@example.com"
-    email = ""
+# Local identifier for the ACME account
+key = "staging"
+# Defaults to Let's Encrypt staging environment
+directoryUrl = "https://acme-staging-v02.api.letsencrypt.org/directory"
+
+#key = "production"
+#directoryUrl = "https://acme-v02.api.letsencrypt.org/directory"
+
+# Email address to recive account related notifications
+# This value must be set as this is the person who agrees to LE TOS
+#email = "hostmaster@example.com"
+email = ""
 
 [public]
-    # If enabled=false then URL redirect server is not started and configuration is not used
-    enabled = true
-    server = "PendingDNS/1.0"
-    workers = 2
-    
-    # path to error files, you can use your own error pages instead of the default ones
-    # make sure though that the service user is able to read these
-    # 1) All paths are relative to working directory, eg. /opt/pending-dns
-    [public.errors]
-        error404 = "./views/errors/404.hbs"
-        error500 = "./views/errors/500.hbs"
-
-    [public.http]
-        # URL record handling over HTTP
-        # Set to 80 in production
-        port = 6080
-        host = "0.0.0.0"
-
-    [public.https]
-        # URL record handling over HTTPS/HTTP2
-        # Set to 443 in production
-        port = 6443
-        host = "0.0.0.0"
-
-        # Path to default certificate files
-        # These are used only for unknown domains, so can leave as is to use self-signed certs
-        #key = "/path/to/default-privkey.pem"
-        #cert = "/path/to/default-cert.pem"
-        
-        # Path to dhparam file
-        # Generate using: openssl dhparam -out /path/to/dhparam.pem 4096
-        #dhParam = "/path/to/dhparam.pem"
-
-        # Allowed ciphers list. Leave empty for Node.js default set of ciphers
-        ciphers = "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
-
-    # List redirect server IP addresses here
-    # These are returned as A/AAAA query responses for the URL domain
-    # It should include the IP addresses for all servers where you have PendingDNS installed and "public.enabled=true"
-    [public.hosts]
-        A = ["127.0.0.1", "127.0.0.2"]
-        AAAA = []
+# If enabled=false then URL redirect server is not started and configuration is not used
+enabled = true
+server = "PendingDNS/1.0"
+workers = 2
+
+# path to error files, you can use your own error pages instead of the default ones
+# make sure though that the service user is able to read these
+# 1) All paths are relative to working directory, eg. /opt/pending-dns
+[public.errors]
+error404 = "./views/errors/404.hbs"
+error500 = "./views/errors/500.hbs"
+
+[public.http]
+# URL record handling over HTTP
+# Set to 80 in production
+port = 6080
+host = "0.0.0.0"
+
+[public.https]
+# URL record handling over HTTPS/HTTP2
+# Set to 443 in production
+port = 6443
+host = "0.0.0.0"
+
+# Path to default certificate files
+# These are used only for unknown domains, so can leave as is to use self-signed certs
+#key = "/path/to/default-privkey.pem"
+#cert = "/path/to/default-cert.pem"
+
+# Path to dhparam file
+# Generate using: openssl dhparam -out /path/to/dhparam.pem 4096
+#dhParam = "/path/to/dhparam.pem"
+
+# Allowed ciphers list. Leave empty for Node.js default set of ciphers
+ciphers = "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
+
+# List redirect server IP addresses here
+# These are returned as A/AAAA query responses for the URL domain
+# It should include the IP addresses for all servers where you have PendingDNS installed and "public.enabled=true"
+[public.hosts]
+A = ["127.0.0.1", "127.0.0.2"]
+AAAA = []
 
 [process]
-    # Change user for child processes once privileged ports have been bound
-    #user="www-data"
-    #group="www-data"
+# Change user for child processes once privileged ports have been bound
+#user="www-data"
+#group="www-data"
 
 [health]
-    enabled = true # If enabled=false then health checks are not performed
-    workers = 1
-    handlers = 1 # How many health checks to run in parallel
-    ttl = 30000 # Time in milliseconds until pending health check is considered failing
-    delay = 60000 # Time in milliseconds between health checks against same target
+enabled = true # If enabled=false then health checks are not performed
+workers = 1
+handlers = 1   # How many health checks to run in parallel
+ttl = 30000    # Time in milliseconds until pending health check is considered failing
+delay = 60000  # Time in milliseconds between health checks against same target

package/entitlements.mac.plist

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+  <dict>
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <key>com.apple.security.cs.disable-library-validation</key>
+    <true/>
+    <key>com.apple.security.network.client</key>
+    <true/>
+    <key>com.apple.security.network.server</key>
+    <true/>
+  </dict>
+</plist>

package/help.txt

@@ -0,0 +1,23 @@
+pending-dns [command] [options]
+
+Lightweight API driven Authoritative DNS server.
+
+Commands:
+  pending-dns                   Run the application
+  pending-dns help              Show this information
+
+Options:
+  -h, --help     Show help 
+  
+  General options:
+  --dbs.redis               Database connection URL                      [string]
+  --log.level               Log level                 [string] [default: "trace"]
+
+  API options:
+  --api.host                Host to bind to       [string] [default: "127.0.0.1"]
+  --api.port                Port to bind to              [number] [default: 5080]
+
+  DNS options:
+  --dns.host                Host to bind to       [string] [default: "127.0.0.1"]
+  --dns.port                Port to bind to              [number] [default: 5053]
+

package/lib/api-server.js

@@ -18,28 +18,26 @@ const hostnameSchema = Joi.string().hostname({
     minDomainSegments: 1
 });
 
-const subdomainValidator = opts => {
-    return (value, helpers) => {
-        if (!value) {
-            return value;
-        }
+const subdomainValidator = opts => (value, helpers) => {
+    if (!value) {
+        return value;
+    }
 
-        let valueToCheck = value;
-        if (opts.allowUnderscore) {
-            valueToCheck = valueToCheck.replace(/\b_/g, 'x');
-        }
+    let valueToCheck = value;
+    if (opts.allowUnderscore) {
+        valueToCheck = valueToCheck.replace(/\b_/g, 'x');
+    }
 
-        if (opts.allowWildcard) {
-            valueToCheck = valueToCheck.replace(/^\*\./, 'x.');
-        }
+    if (opts.allowWildcard) {
+        valueToCheck = valueToCheck.replace(/^\*\./, 'x.');
+    }
 
-        let result = hostnameSchema.validate(valueToCheck);
-        if (result.error) {
-            return helpers.error('any.invalid');
-        }
+    let result = hostnameSchema.validate(valueToCheck);
+    if (result.error) {
+        return helpers.error('any.invalid');
+    }
 
-        return value;
-    };
+    return value;
 };
 
 const recordScheme = Joi.object({

package/lib/cached-resolver.js

@@ -2,7 +2,7 @@
 
 const config = require('wild-config');
 const db = require('./db');
-const punycode = require('punycode');
+const punycode = require('punycode/');
 const { Resolver } = require('dns').promises;
 const resolver = new Resolver();
 const logger = require('./logger').child({ component: 'cached-resolver' });

package/lib/certs.js

@@ -3,7 +3,7 @@
 const config = require('wild-config');
 const pkg = require('../package.json');
 const db = require('./db');
-const punycode = require('punycode');
+const punycode = require('punycode/');
 const { zoneStore } = require('./zone-store');
 const crypto = require('crypto');
 const { checkNSStatus, normalizeDomain } = require('./tools');
@@ -34,11 +34,9 @@ const acme = ACME.create({
     },
     dns01(query) {
         return localResolver.resolveTxt(query.dnsHost).then(records => ({
-            answer: records.map(rr => {
-                return {
-                    data: rr
-                };
-            })
+            answer: records.map(rr => ({
+                data: rr
+            }))
         }));
     }
 });

package/lib/dns-handler.js

@@ -2,12 +2,13 @@
 
 const config = require('wild-config');
 const dns2 = require('dns2');
-const punycode = require('punycode');
+const punycode = require('punycode/');
 const { zoneStore } = require('./zone-store');
 const cachedResolver = require('./cached-resolver');
 const ipaddr = require('ipaddr.js');
 const logger = require('./logger').child({ component: 'dns-handler' });
 const { normalizeDomain } = require('./tools');
+const { v4: uuidv4 } = require('uuid');
 
 // Split long string values into character chunks
 const formatTXTData = data => {
@@ -19,11 +20,7 @@ const formatTXTData = data => {
 };
 
 // Helps to convert DNS type integer into a string (0x01 -> 'A')
-const reversedTypes = new Map(
-    Object.keys(dns2.Packet.TYPE).map(key => {
-        return [dns2.Packet.TYPE[key], key];
-    })
-);
+const reversedTypes = new Map(Object.keys(dns2.Packet.TYPE).map(key => [dns2.Packet.TYPE[key], key]));
 
 const shuffle = array => {
     let currentIndex = array.length,
@@ -89,7 +86,7 @@ const processQuestion = async (response, question, domain, depth) => {
     let dnsEntries = (
         await Promise.all(
             Array.from(types).map(async type => {
-                let records = await zoneStore.resolve(domain, type, true);
+                let records = await zoneStore.resolve(domain, type, false);
                 if (records && records.length > 1) {
                     switch (type) {
                         case 'A':
@@ -187,7 +184,13 @@ const processQuestion = async (response, question, domain, depth) => {
                         break;
                 }
             } catch (err) {
-                logger.error({ msg: 'Failed resolving ANAME', domain: dnsEntry.domain, type: questionTypeStr, err });
+                logger.error({
+                    msg: 'Failed resolving ANAME',
+                    id: response._id,
+                    domain: dnsEntry.domain,
+                    type: questionTypeStr,
+                    err
+                });
             }
 
             [].concat(value || []).forEach(value => {
@@ -258,7 +261,12 @@ const processQuestion = async (response, question, domain, depth) => {
                 try {
                     entry.domain = punycode.toASCII(entry.domain);
                 } catch (err) {
-                    logger.error({ msg: 'Failed to punycode', domain: entry.domain, err });
+                    logger.error({
+                        msg: 'Failed to punycode',
+                        id: response._id,
+                        domain: entry.domain,
+                        err
+                    });
                 }
                 break;
 
@@ -267,7 +275,12 @@ const processQuestion = async (response, question, domain, depth) => {
                 try {
                     entry.ns = punycode.toASCII(entry.ns);
                 } catch (err) {
-                    logger.error({ msg: 'Failed to punycode', domain: entry.ns, err });
+                    logger.error({
+                        msg: 'Failed to punycode',
+                        id: response._id,
+                        domain: entry.ns,
+                        err
+                    });
                 }
                 break;
 
@@ -284,7 +297,12 @@ const processQuestion = async (response, question, domain, depth) => {
                 try {
                     entry.exchange = punycode.toASCII(entry.exchange);
                 } catch (err) {
-                    logger.error({ msg: 'Failed to punycode', domain: entry.exchange, err });
+                    logger.error({
+                        msg: 'Failed to punycode',
+                        id: response._id,
+                        domain: entry.exchange,
+                        err
+                    });
                 }
                 break;
 
@@ -316,6 +334,7 @@ const processQuestion = async (response, question, domain, depth) => {
 const dnsHandler = async request => {
     let startTime = Date.now();
     const response = new dns2.Packet(request);
+    request._id = response._id = uuidv4();
 
     response.header.qr = 1;
     response.header.aa = 1;
@@ -323,18 +342,25 @@ const dnsHandler = async request => {
     await Promise.all(
         request.questions.map(question => {
             logger.info({
+                id: request._id,
                 msg: 'DNS query',
                 type: request.source.type,
                 port: request.source.port,
                 address: request.source.address,
-                name: question.name,
+                question: question.name,
                 rr: reversedTypes.get(question.type) || question.type
             });
             return processQuestion(response, question);
         })
     );
 
-    logger.info({ msg: 'DNS response', dnsTime: Date.now() - startTime, questions: request.questions, answers: response.answers });
+    logger.info({
+        msg: 'DNS response',
+        id: request._id,
+        dnsTime: Date.now() - startTime,
+        questions: request.questions,
+        answers: response.answers
+    });
 
     // normalize answers for the DNS library
     response.answers.forEach(answer => {

package/lib/dns-server.js

@@ -15,7 +15,7 @@ const SUPPORTED_TYPES = new Set(
 
 const init = async () => {
     // create UDP server
-    createDNSUdpServer(function (request, send) {
+    createDNSUdpServer((request, send) => {
         // filter out unsupported requests (eg. EDNS)
         if (request.additionals && request.additionals.length) {
             request.additionals = request.additionals.filter(additional => SUPPORTED_TYPES.has(additional.type));
@@ -43,7 +43,7 @@ const init = async () => {
         });
 
     // create TCP server
-    createDNSTcpServer(function (request, send) {
+    createDNSTcpServer((request, send) => {
         // filter out unsupported requests (eg. EDNS)
         if (request.additionals && request.additionals.length) {
             request.additionals = request.additionals.filter(additional => SUPPORTED_TYPES.has(additional.type));

package/lib/dns-tcp-server.js

@@ -52,9 +52,7 @@ class DNSTcpServer extends EventEmitter {
                     port: socket.remotePort,
                     address: socket.remoteAddress
                 };
-                this.emit('request', request, message => {
-                    return this.send(socket, message);
-                });
+                this.emit('request', request, message => this.send(socket, message));
             };
 
             socket.on('readable', () => {

package/lib/health-worker.js

@@ -10,8 +10,8 @@ const tls = require('tls');
 const http = require('http');
 const https = require('https');
 
-const tcpHealthCheck = async url => {
-    return new Promise((resolve, reject) => {
+const tcpHealthCheck = async url =>
+    new Promise((resolve, reject) => {
         let connectTimeout;
 
         let conn;
@@ -57,10 +57,9 @@ const tcpHealthCheck = async url => {
         client.on('timeout', onTimeout);
         client.setTimeout(config.health.ttl);
     });
-};
 
-const httpHealthCheck = async url => {
-    return new Promise((resolve, reject) => {
+const httpHealthCheck = async url =>
+    new Promise((resolve, reject) => {
         let connectTimeout;
 
         let conn;
@@ -111,7 +110,6 @@ const httpHealthCheck = async url => {
         client.on('timeout', onTimeout);
         client.setTimeout(config.health.ttl);
     });
-};
 
 const healthCheck = async target => {
     try {

package/lib/public-server.js

@@ -17,7 +17,7 @@ const httpProxy = require('http-proxy');
 
 const proxyServer = httpProxy.createProxyServer({});
 
-proxyServer.on('proxyReq', function (proxyReq, req /*, res, options*/) {
+proxyServer.on('proxyReq', (proxyReq, req /*, res, options*/) => {
     proxyReq.setHeader('X-Forwarded-Proto', req.proto);
     proxyReq.setHeader('X-Connecting-IP', req.ip);
     proxyReq.setHeader('X-CDN-Loop', 'PendingDNS');
@@ -181,11 +181,7 @@ const handler = async (req, res) => {
     const url = new URL(req.url, `${req.proto}://${domain}/`);
     const route = url.pathname;
 
-    const target =
-        records &&
-        records.find(rr => {
-            return rr && rr.type === 'URL' && rr.value && rr.value.length;
-        });
+    const target = records && records.find(rr => rr && rr.type === 'URL' && rr.value && rr.value.length);
 
     if (target) {
         // redirect to target URL
@@ -238,8 +234,8 @@ const handler = async (req, res) => {
     );
 };
 
-const setupHttps = () => {
-    return new Promise((resolve, reject) => {
+const setupHttps = () =>
+    new Promise((resolve, reject) => {
         const server = https.createServer(
             {
                 key: defaultKey,
@@ -249,9 +245,7 @@ const setupHttps = () => {
                 allowHTTP1: true,
                 SNICallback(servername, cb) {
                     getSNIContext(servername)
-                        .then(ctx => {
-                            return cb(null, ctx || defaultCtx);
-                        })
+                        .then(ctx => cb(null, ctx || defaultCtx))
                         .catch(err => {
                             logger.error({ msg: 'SNI failed', servername, err });
                             return cb(null, defaultCtx);
@@ -325,10 +319,9 @@ const setupHttps = () => {
             reject(err);
         });
     });
-};
 
-const setupHttp = () => {
-    return new Promise((resolve, reject) => {
+const setupHttp = () =>
+    new Promise((resolve, reject) => {
         const server = http.createServer((req, res) => {
             req.proto = 'http';
             middleware(req, res);
@@ -362,7 +355,6 @@ const setupHttp = () => {
             reject(err);
         });
     });
-};
 
 const init = async () => {
     await Promise.all([setupHttps(), setupHttp()]);

package/lib/tools.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const cachedResolver = require('./cached-resolver');
-const punycode = require('punycode');
+const punycode = require('punycode/');
 const Joi = require('@hapi/joi');
 
 const emailSchema = Joi.string().email({}).required();

package/lib/zone-store.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const punycode = require('punycode');
+const punycode = require('punycode/');
 const shortid = require('shortid');
 const db = require('./db');
 const logger = require('./logger').child({ component: 'zone-store' });
@@ -196,6 +196,7 @@ class ZoneStore {
             if (short) {
                 return {
                     id: this.getFullId(name, type, hid),
+                    zone: zoneDomain,
                     domain,
                     type,
                     value: JSON.parse(value)
@@ -225,9 +226,7 @@ class ZoneStore {
 
         return Object.keys(record)
             .map(key => [key, record[key]])
-            .sort((a, b) => {
-                return a[1].localeCompare(b[1]);
-            })
+            .sort((a, b) => a[1].localeCompare(b[1]))
             .map(entry => {
                 let hid = entry[0];
                 let value = entry[1];

package/package.json

@@ -1,12 +1,15 @@
 {
     "name": "pending-dns",
-    "version": "1.1.1",
+    "version": "1.2.1",
     "description": "Lightweight API driven DNS server",
     "main": "index.js",
     "scripts": {
         "start": "node server.js",
         "test": "grunt",
-        "licenses": "npm-license-crawler --production --csv ./licenses.csv"
+        "build-source": "rm -rf node_modules package-lock.json && npm install && npm run licenses && rm -rf node_modules package-lock.json && npm install --production && rm -rf package-lock.json",
+        "build-dist-fast": "npx pkg --debug package.json && rm -rf package-lock.json && npm install",
+        "build-dist": "npx pkg --compress Brotli package.json && rm -rf package-lock.json && npm install",
+        "licenses": "license-report --only=prod --output=table --config license-report-config.json > licenses.txt"
     },
     "repository": {
         "type": "git",
@@ -25,34 +28,55 @@
     },
     "homepage": "https://github.com/postalsys/pending-dns#readme",
     "devDependencies": {
-        "eslint": "7.1.0",
+        "eslint": "8.45.0",
         "eslint-config-nodemailer": "1.2.0",
-        "eslint-config-prettier": "6.11.0",
-        "grunt": "1.1.0",
-        "grunt-cli": "1.3.2",
-        "grunt-eslint": "23.0.0",
-        "npm-license-crawler": "0.2.1"
+        "eslint-config-prettier": "8.8.0",
+        "grunt": "1.6.1",
+        "grunt-cli": "1.4.3",
+        "grunt-eslint": "24.3.0",
+        "license-report": "6.4.0"
     },
     "dependencies": {
+        "@bugsnag/js": "^7.20.2",
         "@fidm/x509": "1.2.1",
-        "@hapi/boom": "9.1.0",
-        "@hapi/hapi": "19.1.1",
-        "@hapi/inert": "6.0.1",
+        "@hapi/boom": "10.0.1",
+        "@hapi/hapi": "21.3.2",
+        "@hapi/inert": "7.1.0",
         "@hapi/joi": "17.1.1",
-        "@hapi/vision": "6.0.0",
-        "@root/acme": "3.0.10",
+        "@hapi/vision": "7.0.2",
+        "@root/acme": "3.1.0",
         "@root/csr": "0.8.1",
-        "dns2": "1.3.2",
-        "hapi-pino": "8.0.1",
-        "hapi-swagger": "13.0.2",
+        "dns2": "2.1.0",
+        "handlebars": "4.7.7",
+        "hapi-pino": "12.1.0",
+        "hapi-swagger": "17.1.0",
         "http-proxy": "1.18.1",
-        "ioredfour": "1.0.2-ioredis-03",
-        "ioredis": "4.17.3",
-        "ipaddr.js": "1.9.1",
-        "node-rsa": "1.0.8",
+        "ioredfour": "1.2.0-ioredis-07",
+        "ioredis": "5.3.2",
+        "ipaddr.js": "2.1.0",
+        "minimist": "1.2.8",
+        "node-rsa": "1.1.1",
         "pem-jwk": "2.0.0",
-        "pino": "6.3.2",
-        "shortid": "2.2.15",
-        "wild-config": "1.5.1"
+        "pino": "8.14.1",
+        "punycode": "2.3.0",
+        "shortid": "2.2.16",
+        "uuid": "9.0.0",
+        "wild-config": "1.7.0"
+    },
+    "bin": {
+        "pending-dns": "bin/pending-dns.js"
+    },
+    "pkg": {
+        "assets": [
+            "licenses.txt",
+            "LICENSE.txt",
+            "help.txt"
+        ],
+        "targets": [
+            "node16-linux-x64",
+            "node16-macos-x64",
+            "node16-win-x64"
+        ],
+        "outputPath": "ee-dist"
     }
 }

package/server.js

@@ -7,6 +7,7 @@ const argv = process.argv.slice(2);
 const config = require('wild-config');
 const logger = require('./lib/logger').child({ component: 'server' });
 const pathlib = require('path');
+const packageData = require('./package.json');
 const { Worker, SHARE_ENV } = require('worker_threads');
 const { isemail } = require('./lib/tools');
 
@@ -15,6 +16,29 @@ if (!config.acme || !isemail(config.acme.email)) {
     process.exit(51);
 }
 
+const Bugsnag = require('@bugsnag/js');
+if (process.env.BUGSNAG_API_KEY) {
+    Bugsnag.start({
+        apiKey: process.env.BUGSNAG_API_KEY,
+        appVersion: packageData.version,
+        logger: {
+            debug(...args) {
+                logger.debug({ msg: args.shift(), worker: 'main', source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            info(...args) {
+                logger.debug({ msg: args.shift(), worker: 'main', source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            warn(...args) {
+                logger.warn({ msg: args.shift(), worker: 'main', source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            error(...args) {
+                logger.error({ msg: args.shift(), worker: 'main', source: 'bugsnag', args: args.length ? args : undefined });
+            }
+        }
+    });
+    logger.notifyError = Bugsnag.notify.bind(Bugsnag);
+}
+
 let closing = false;
 
 let workers = new Map();
@@ -67,17 +91,30 @@ if (config.health.enabled) {
     spawnWorker('health');
 }
 
-const closeProcess = code => {
+const closeProcess = (code, errType, err) => {
     if (closing) {
         return;
     }
     closing = true;
-    setTimeout(() => {
-        process.exit(code);
-    }, 10);
+
+    if (!code) {
+        return setTimeout(() => {
+            process.exit(code);
+        }, 10);
+    }
+
+    logger.fatal({
+        msg: errType,
+        _msg: errType,
+        err
+    });
+
+    if (!logger.notifyError) {
+        setTimeout(() => process.exit(code), 10);
+    }
 };
 
-process.on('uncaughtException', () => closeProcess(1));
-process.on('unhandledRejection', () => closeProcess(2));
+process.on('uncaughtException', err => closeProcess(1, 'uncaughtException', err));
+process.on('unhandledRejection', err => closeProcess(2, 'unhandledRejection', err));
 process.on('SIGTERM', () => closeProcess(0));
 process.on('SIGINT', () => closeProcess(0));

package/workers/api.js

@@ -9,18 +9,31 @@ const config = require('wild-config');
 const workerName = 'api';
 
 let closing = false;
-const closeProcess = code => {
+const closeProcess = (code, errType, err) => {
     if (closing) {
         return;
     }
     closing = true;
-    setTimeout(() => {
-        process.exit(code);
-    }, 10);
+
+    if (!code) {
+        return setTimeout(() => {
+            process.exit(code);
+        }, 10);
+    }
+
+    logger.fatal({
+        msg: errType,
+        _msg: errType,
+        err
+    });
+
+    if (!logger.notifyError) {
+        setTimeout(() => process.exit(code), 10);
+    }
 };
 
-process.on('uncaughtException', () => closeProcess(1));
-process.on('unhandledRejection', () => closeProcess(2));
+process.on('uncaughtException', err => closeProcess(1, 'uncaughtException', err));
+process.on('unhandledRejection', err => closeProcess(2, 'unhandledRejection', err));
 process.on('SIGTERM', () => closeProcess(0));
 process.on('SIGINT', () => closeProcess(0));
 

package/workers/dns.js

@@ -9,21 +9,58 @@ const config = require('wild-config');
 const workerName = 'dns';
 
 let closing = false;
-const closeProcess = code => {
+const closeProcess = (code, errType, err) => {
     if (closing) {
         return;
     }
     closing = true;
-    setTimeout(() => {
-        process.exit(code);
-    }, 10);
+
+    if (!code) {
+        return setTimeout(() => {
+            process.exit(code);
+        }, 10);
+    }
+
+    logger.fatal({
+        msg: errType,
+        _msg: errType,
+        err
+    });
+
+    if (!logger.notifyError) {
+        setTimeout(() => process.exit(code), 10);
+    }
 };
 
-process.on('uncaughtException', () => closeProcess(1));
-process.on('unhandledRejection', () => closeProcess(2));
+process.on('uncaughtException', err => closeProcess(1, 'uncaughtException', err));
+process.on('unhandledRejection', err => closeProcess(2, 'unhandledRejection', err));
 process.on('SIGTERM', () => closeProcess(0));
 process.on('SIGINT', () => closeProcess(0));
 
+const packageData = require('../package.json');
+const Bugsnag = require('@bugsnag/js');
+if (process.env.BUGSNAG_API_KEY) {
+    Bugsnag.start({
+        apiKey: process.env.BUGSNAG_API_KEY,
+        appVersion: packageData.version,
+        logger: {
+            debug(...args) {
+                logger.debug({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            info(...args) {
+                logger.debug({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            warn(...args) {
+                logger.warn({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            error(...args) {
+                logger.error({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            }
+        }
+    });
+    logger.notifyError = Bugsnag.notify.bind(Bugsnag);
+}
+
 const run = () => {
     require(`../lib/${workerName}-server.js`)()
         .then(() => {

package/workers/health.js

@@ -9,21 +9,59 @@ const config = require('wild-config');
 const workerName = 'health';
 
 let closing = false;
-const closeProcess = code => {
+const closeProcess = (code, errType, err) => {
     if (closing) {
         return;
     }
     closing = true;
-    setTimeout(() => {
-        process.exit(code);
-    }, 10);
+
+    if (!code) {
+        return setTimeout(() => {
+            process.exit(code);
+        }, 10);
+    }
+
+    logger.fatal({
+        msg: errType,
+        _msg: errType,
+        err
+    });
+
+    if (!logger.notifyError) {
+        setTimeout(() => process.exit(code), 10);
+    }
 };
 
-process.on('uncaughtException', () => closeProcess(1));
-process.on('unhandledRejection', () => closeProcess(2));
+process.on('uncaughtException', err => closeProcess(1, 'uncaughtException', err));
+process.on('unhandledRejection', err => closeProcess(2, 'unhandledRejection', err));
 process.on('SIGTERM', () => closeProcess(0));
 process.on('SIGINT', () => closeProcess(0));
 
+const packageData = require('../package.json');
+const Bugsnag = require('@bugsnag/js');
+
+if (process.env.BUGSNAG_API_KEY) {
+    Bugsnag.start({
+        apiKey: process.env.BUGSNAG_API_KEY,
+        appVersion: packageData.version,
+        logger: {
+            debug(...args) {
+                logger.debug({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            info(...args) {
+                logger.debug({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            warn(...args) {
+                logger.warn({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            error(...args) {
+                logger.error({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            }
+        }
+    });
+    logger.notifyError = Bugsnag.notify.bind(Bugsnag);
+}
+
 const run = () => {
     require(`../lib/${workerName}-worker.js`)()
         .then(() => {

package/workers/public.js

@@ -9,21 +9,58 @@ const config = require('wild-config');
 const workerName = 'public';
 
 let closing = false;
-const closeProcess = code => {
+const closeProcess = (code, errType, err) => {
     if (closing) {
         return;
     }
     closing = true;
-    setTimeout(() => {
-        process.exit(code);
-    }, 10);
+
+    if (!code) {
+        return setTimeout(() => {
+            process.exit(code);
+        }, 10);
+    }
+
+    logger.fatal({
+        msg: errType,
+        _msg: errType,
+        err
+    });
+
+    if (!logger.notifyError) {
+        setTimeout(() => process.exit(code), 10);
+    }
 };
 
-process.on('uncaughtException', () => closeProcess(1));
-process.on('unhandledRejection', () => closeProcess(2));
+process.on('uncaughtException', err => closeProcess(1, 'uncaughtException', err));
+process.on('unhandledRejection', err => closeProcess(2, 'unhandledRejection', err));
 process.on('SIGTERM', () => closeProcess(0));
 process.on('SIGINT', () => closeProcess(0));
 
+const packageData = require('../package.json');
+const Bugsnag = require('@bugsnag/js');
+if (process.env.BUGSNAG_API_KEY) {
+    Bugsnag.start({
+        apiKey: process.env.BUGSNAG_API_KEY,
+        appVersion: packageData.version,
+        logger: {
+            debug(...args) {
+                logger.debug({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            info(...args) {
+                logger.debug({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            warn(...args) {
+                logger.warn({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            },
+            error(...args) {
+                logger.error({ msg: args.shift(), worker: workerName, source: 'bugsnag', args: args.length ? args : undefined });
+            }
+        }
+    });
+    logger.notifyError = Bugsnag.notify.bind(Bugsnag);
+}
+
 const run = () => {
     require(`../lib/${workerName}-server.js`)()
         .then(() => {