Miek Gieben
b1c0a306b0
All checks were successful
/ test (push) Successful in 3m21s
Signed-off-by: Miek Gieben <miek@miek.nl> |
||
|---|---|---|
| .forgejo/workflows | ||
| cmd | ||
| deleg | ||
| dnsconf | ||
| dnshttp | ||
| dnstest | ||
| dnsutil | ||
| internal | ||
| pool | ||
| rdata | ||
| svcb | ||
| testdata | ||
| .changelog.go.tmpl | ||
| bench_test.go | ||
| CHANGELOG.md | ||
| ci_test.go | ||
| client.go | ||
| client_test.go | ||
| clone_generate.go | ||
| compare_generate.go | ||
| CONTRIBUTORS | ||
| COPYRIGHT | ||
| dane.go | ||
| dns.go | ||
| dnssec.go | ||
| dnssec_keygen.go | ||
| dnssec_keyscan.go | ||
| dnssec_privkey.go | ||
| dnssec_signer.go | ||
| dnssec_test.go | ||
| dnstest_generate.go | ||
| dnsutil_generate.go | ||
| doc.go | ||
| dso_types.go | ||
| dsolen_generate.go | ||
| dsorr_generate.go | ||
| edns_types.go | ||
| ednsrr_generate.go | ||
| errors.go | ||
| generate.go | ||
| go.mod | ||
| go.sum | ||
| headerpack.go | ||
| len_generate.go | ||
| LICENSE | ||
| listen_no_socket_options.go | ||
| listen_socket_options.go | ||
| Makefile.release | ||
| msg.go | ||
| msg_generate.go | ||
| msg_test.go | ||
| nsecpack.go | ||
| opt.go | ||
| optpack.go | ||
| pack_generate.go | ||
| parse_generate.go | ||
| parse_test.go | ||
| rdata_generate.go | ||
| README-dev.md | ||
| README-diff-with-v1.md | ||
| README.md | ||
| response.go | ||
| reverse.go | ||
| router | ||
| rr_generate.go | ||
| rr_test.go | ||
| scan.go | ||
| scan_ednsrr.go | ||
| scan_rr.go | ||
| scan_test.go | ||
| serve_mux.go | ||
| serve_mux_test.go | ||
| server.go | ||
| server_no_recvmmsg.go | ||
| server_recvmmsg.go | ||
| server_test.go | ||
| sig0.go | ||
| sig0_signer.go | ||
| smimea.go | ||
| sort.go | ||
| sort_rdata.go | ||
| sort_test.go | ||
| string.go | ||
| tlsa.go | ||
| transfer.go | ||
| transfer_test.go | ||
| transport.go | ||
| tsig.go | ||
| tsig_signer.go | ||
| tsig_test.go | ||
| types.go | ||
| types_test.go | ||
| udp.go | ||
| udp_darwin.go | ||
| udp_no_control.go | ||
| udp_session.go | ||
| udp_unix.go | ||
| version.go | ||
| zclone.go | ||
| zcompare.go | ||
| zdnstest.go | ||
| zdnsutil.go | ||
| zdsolen.go | ||
| zdsorr.go | ||
| zednspack.go | ||
| zednsrr.go | ||
| zlen.go | ||
| zmsg.go | ||
| zonemd.go | ||
| zonemd_test.go | ||
| zpack.go | ||
| zparse.go | ||
| zrdata.go | ||
| zrr.go | ||
Even more alternative approach to a DNS library (version 2)
Status
Less is more.
Complete and usable DNS library. All Resource Records are supported, including the DNSSEC types. It follows a lean and mean philosophy. Server side and client side programming is supported, i.e. you can build servers and resolvers with it.
Many convenience functions are included in dns, dnstest or otherwise in dnsutils.
We try to keep the "main" branch as sane as possible and at the bleeding edge of standards, avoiding breaking changes wherever reasonable. But because this version is young, we allow ourselves some more headroom.
Example programs are included and benchmarked in cmd,
cmd/atomdns which is a full blown
production ready name server.
The naming of types follows the RFCs. EDNS0 types are similarly named, for instance, DHU (Ds Hash Understood). If there is a clash between an actual RR's and an EDNS0 one, the EDNS0 type will get an 'E' as prefix, e.g. EDHU. This will also be done if the RR was named later than the EDNS0 option! The same is the for DSO (DNS Stateful Operations), when clashing those types will be prefixed with a 'D'. If EDNS0 and DSO clash, EDNS0 wins. See PADDING and DPADDING as an example.
Everything from https://github.com/miekg/dns works. See README-diff-with-v1.md for the differences, if you are porting your application.
For developers please read the developer README.
Goals
- KISS.
- Everything is an resource record.
- Easy way to access RR's header and resource data (rdata).
- Small API.
- Package dnsutil contains functions that help programmers, but are not nessecarily in scope the the dns package.
- Package dnstest contains functions and types that help you test, similar to the httptest package.
- Package svcb holds all details of the SVCB/HTTPS record.
- Pacakge deleg holds details for the DELEG record.
- Many helper/debug functions are moved into internal packages, making the top-level much, much cleaner.
- Fast.
- recvmmsg(2) and TCP pipeling suppport.
- The
cmd/reflectserver does ~370/300K UDP/TCP respectively on the right hardware. - Since
a46996cI can get ~370K (UDP) qps on my laptop (M2/Asahi Linux), also see1766e44. - On my Dell XPS 17 (Intel) it is similar.
- On Intel/AMD it is lower (~200K (UDP) qps) - yet to understand why.
- See
cmd/reflectand do ago build; make new.txt. Requiresdnsperfto be installed.
Users
A not-so-up-to-date-list-that-may-be-actually-current:
- atomdns - included in cmd/atomdns - a high performance DNS server, based on the principles of CoreDNS, but faster and simpler.
- dnscrypt-proxy - a flexible DNS proxy, with support for encrypted DNS protocols such as DNSCrypt v2, DOH, Anonymized DNSCrypt and ODOH.
- DNSControl - DNSControl is an opinionated platform for seamlessly managing your DNS configuration across any number of DNS hosts, both in the cloud or in your own infrastructure.
Send pull request if you want to be listed here.
Comments
What users say:
miekg/dns is probably my favorite Go module in the open source ecosystem. It is very complete (every DNS rtype is defined) and strict (field names match the RFCs, etc). DNSControl has used miekg/dns since the first release.
Your library is a blast and I cannot thank you enough 🙏.
Features
- UDP/TCP queries, recvmmsg(2), TCP query-pipelining, IPv4 and IPv6.
- Fast.
- RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE - for all record types) is supported.
- Server side programming (mimicking the net/http package), with
dns.Handleanddns.HandleFuncallowing for middleware servers. - Client side programming.
- DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519.
- EDNS0, NSID, Cookies, etc, as pseudo RRs in the (fake) pseudo section.
- AXFR/IXFR.
- TSIG, SIG(0).
- DNS over TLS (DOT): encrypted connection between client and server over TCP.
- DNS over HTTP (DOH), see the dnshttp package.
- Improved naming by embracing sub-packages.
- Improved RRs, by having the rdata specified in an rdata package.
- Examples included the cmd/ directory.
- Escapes (\DDD and \x) in domain names is not supported (anymore) - the overhead (50-100%) was too high.
- Easy way for custom RRs and EDNS0 pseudo RRs.
Have fun!
Miek Gieben - 2026- - miek@miek.nl
See anonymous users asking for support on why these kind of requests/issues usually get closed pretty swiftly.
Building/developing
This library uses Go modules and uses semantic versioning. Getting the code and working with the library is done via:
git clone git@codeberg.org:miekg/dns # use https if you don't have a codeberg account
cd dns
# $EDTIOR *.go
If you want to use codeberg/miekg/dns in your own project, just do a go get codeberg.org/miekg/dns@latest
and import codeberg.org/miekg/dns in your Go files.
Examples
A short "how to use the API" is at the beginning of doc.go. The cmd/ directory contains a reflect example program that is used for benchmarking, and further has atomdns which is full fledged DNS server that is developed in tandem with the library.
Supported RFCs
all of them and then some
- 103{4,5} - DNS standard
- 1348 - NSAP record (removed the record)
- 1982 - Serial Arithmetic
- 1876 - LOC record
- 1995 - IXFR
- 1996 - DNS notify
- 2136 - DNS Update (dynamic updates)
- 2181 - RRset definition
- 2537 - RSAMD5 DNS keys
- 2065 - DNSSEC (updated in later RFCs)
- 2671 - EDNS record
- 2782 - SRV record
- 2845 - TSIG record
- 2915 - NAPTR record
- 2929 - DNS IANA Considerations
- 3110 - RSASHA1 DNS keys
- 3123 - APL record
- 3225 - DO bit (DNSSEC OK)
- 340{1,2,3} - NAPTR record
- 3445 - Limiting the scope of (DNS)KEY
- 3596 - AAAA record
- 3597 - Unknown RRs
- 4025 - A Method for Storing IPsec Keying Material in DNS
- 403{3,4,5} - DNSSEC
- 4255 - SSHFP record
- 4343 - Case insensitivity
- 4408 - SPF record
- 4509 - SHA256 Hash in DS
- 4592 - Wildcards in the DNS
- 4635 - HMAC SHA TSIG
- 4701 - DHCID
- 4892 - id.server
- 5001 - NSID
- 5155 - NSEC3 record
- 5205 - HIP record
- 5702 - SHA2 in the DNS
- 5936 - AXFR
- 5966 - TCP implementation recommendations
- 6605 - ECDSA
- 6672 - DNAME
- 6725 - IANA Registry Update
- 6742 - ILNP DNS
- 6840 - Clarifications and Implementation Notes for DNS Security
- 6844 - CAA record
- 6891 - EDNS0 update
- 6895 - DNS IANA considerations
- 6944 - DNSSEC DNSKEY Algorithm Status
- 6975 - Algorithm Understanding in DNSSEC
- 7043 - EUI48/EUI64 records
- 7314 - DNS (EDNS) EXPIRE Option
- 7477 - CSYNC RR
- 7828 - TCP-keepalive EDNS0 Option
- 7553 - URI record
- 7719 - DNS Terminology
- 7858 - DNS over TLS: Initiation and Performance Considerations
- 7871 - EDNS0 Client Subnet
- 7873 - Domain Name System (DNS) Cookies
- 8080 - EdDSA for DNSSEC
- 8482 - Minimal Answers for ANY
- 8484 - DOH
- 8499 - DNS Terminology
- 8659 - DNS Certification Authority Authorization (CAA) Resource Record
- 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery
- 8914 - Extended DNS Errors
- 8976 - Message Digest for DNS Zones (ZONEMD RR)
- 9250 - DOQ (not implemented, waiting until Go supports QUIC)
- 9461 - Service Binding Mapping for DNS Servers
- 9462 - Discovery of Designated Resolvers
- 9460 - SVCB and HTTPS Records
- 9499 - DNS Terminology
- 9567 - DNS Error Reporting
- 9606 - DNS Resolver Information
- 9660 - Zone version
- 9859 - DSYNC RR
- draft-ietf-compact-denial - CO bit
- draft-ietf-deleg - DELEG RR
