3

But please bear with me. I do not need help with ndns or JavaScript. I need help with DNS Resource Records.

I can already send resource records. I just need to know how to send the right ones for an Authoritative DNS Server.

I am writing the DNS server using ndns. Ndns is supposed to do the low level communications for me, but I still have to know the basics of DNS. Ndns is not documented except for this example. It is in JavaScript, but it should be pretty easy to read anyway. When a request is received, it adds a resource record to the response and sends the response

function handleDnsRequest(request, response) {
    response.addRR(
        ndns.ns_s.ar,  // Section AR
        'node.js',     // Name
        ndns.ns_t.txt, // Type TXT
        ndns.ns_c.in,  // Class IN
        1991,          // TTL
        'http://nodejs.org/' // Value
        );
    response.send();
}

So, no matter what the request, this handler adds a response record as follows

  • Section AR (Additional Records)
  • Name "node.js"
  • Type TXT (Text String)
  • Class IN (Internet)
  • TTL 1991 (~33 minutes)
  • Value (Text String)

Which gives this output on Windows nslookup

C:\>nslookup - 127.0.0.1
node.js text =

        "http://nodejs.org/"
Default Server:  UnKnown
Address:  127.0.0.1

> google.com
Server:  UnKnown
Address:  127.0.0.1

Name:    google.com

>

How can I send correct responses? I want to start off by sending a fixed IP address for all A records no matter what and to deny most everything else as unsupported or whatnot.

In a typical log in to nslookup, ask for an a record What would be the typical list of Resource Records that would come out of the DNS server?

700 Software
  • 85,281
  • 83
  • 234
  • 341
  • 1
    Can you please simplify your question _a lot_. I do DNS full time, but I can't figure out what you're actually asking, either of us, or your DNS server. Please get rid of the superfluous information and in simple terms explain what DNS query you're trying to send, and it should then become obvious what DNS answer you should produce. – Alnitak Apr 06 '11 at 15:16
  • p.s. also, please install `dig` for windows and show examples using that instead. `nslookup` is horrible. – Alnitak Apr 06 '11 at 15:17
  • @Alnitak: Sorry, I cut out most of the question. To start with, I want to know the typical questions and resource records for an A lookup – 700 Software Apr 06 '11 at 15:26
  • @Alnitak: Dig is installed. What command should I run? – 700 Software Apr 06 '11 at 15:31
  • `dig @server_ip some_domain_name` – Alnitak Apr 06 '11 at 15:40

1 Answers1

5

I want to start off by sending a fixed IP address for all A records no matter what and to deny most everything else as unsupported or whatnot.

Aha, now we're getting somewhere.

You need to return an RR in the answer section that has the same "owner name" as that in the (first) question, with the appropriate fields.

Try this:

function listener (req, res)
{
    res.addRR(
         ndns.ns_s.an,         // answer section
         req.question[0].name, // name
         ndns.ns_t.a,          // type
         ndns.ns_c.in,         // class
         3600,                 // TTL
         '127.0.0.1'           // RDATA
    );
    res.header.aa = 1;         // authoritative answer
    res.header.ra = 0;         // recursion not available
    res.send ();
}

This only handles the default response, and doesn't check whether the inbound query was for an A record or not.

To refuse other queries you'll want to check for:

req.question.length == 1
req.question[0].type == ndns.ns_t.a
req.question[0].class == ndns.ns_c.in

and then set res.header.rcode to something non-zero.

A real authoritative server would also send DNS server names in the authority section, but you should be able to get away without doing so here.

Alnitak
  • 334,560
  • 70
  • 407
  • 495
  • Thank you, I still have more questions, but this is a great starting place and I will formulate the other questions later. I think my problem was that I was not properly blocking non A requests which cause a failure whenever I touched the thing. What would be example `rcode`s? – 700 Software Apr 06 '11 at 15:53
  • that depends on whether the name is "valid" or not. if the name is valid but the type isn't, just return a response with no answer in it. If the name is invalid, return "refused" (5). – Alnitak Apr 06 '11 at 15:56
  • invalid name would be one that is not on our servers or one that has an invalid syntax? – 700 Software Apr 06 '11 at 22:04
  • One not on your servers. if the syntax is invalid you should return "formerr" instead. – Alnitak Apr 06 '11 at 22:11
  • The word 'class' is reserved in Javascript. How did you get the code above to run? – fadedbee Jan 30 '12 at 13:49
  • ah, that depends on the interpreter, and I _think_ is permitted in ES5 strict mode. On others you'd have to write `res.question[0]['class']` – Alnitak Jan 30 '12 at 13:53
  • alternatively, I was being lazy and didn't actually check whether that syntax worked in node.js ... I don't remember ;-) – Alnitak Jan 30 '12 at 13:54
  • just checked in node 0.6.7 - `a = {}; a.class = 'foo'` worked without complaint. – Alnitak Jan 30 '12 at 13:55