okturtles / dnschain Goto Github PK

View Code? Open in Web Editor NEW

1.7K 1.7K 168.0 1.83 MB

A blockchain-based DNS + HTTP server that fixes HTTPS security, and more!

Home Page: https://okturtles.com

License: Other

CoffeeScript 100.00%

dnschain's People

Contributors

Stargazers

Watchers

Forkers

wartron rakoo blastarindia moodoo-sh prodigeni josuecau martindale twilli incorpusyehtee thatchristoph sreeramaraju li-ch radoraykov idealarifi davey824 alihalabyah derekrose minkstole oasisfleeting mdw klolos charapod mhluongo joshbedo vegetableman wemeetagain 10xengineer gitter-badger bradparks toenu23 melroy89 mrkebubun fi3 cnbird1999 nkaul rope93 wheelcomplex shanyechen channingma handlemail sxhao djgrasss ksmaheshkumar loqu8 foundationawesome oztc paulcharlton satindergrewal bumi maxihatop theexiledmonk dotmacro rvaughan gluegl ben-haim cloudxtreme bamcdougall aldarchan sahwar reelsense junjie0510 cypherhat sbwdlihao devopsbox mrudtf wujcheng digideskio madmax983 jhayes14 piandpower rdewilde agiza hbxc0re ngmlab wujf iotcloudlab sigint kustomzone horacio yut148 dreganism mrsinguyen triplekill cuulee hurryon quinndiggity dgotrik uniquesb 453483289 thurday mertaytore boohyung awesome-security awesome-javascript awesome-p2p 9cat neilbryant devslashnull olivierh59500 krodyx

dnschain's Issues

Support combined TCP + UDP mode

See also corresponding native-dns issue: tjfontaine/node-dns#70

Specific configuration can still crash dnschain 0.1.1

oldDNSMethod=2 seems to work as expected in 0.1.1 and thank you for that!

However when oldDNSMethod is 2 then the oldDNS settings are used when the .bit domain delegates to regular Name Servers and if that oldDNS times out dnschain will crash.

Config to reproduce (127.0.0.2:54 has nothing running on it so it simulates a timeout)

[dns]
port=5333
oldDNSMethod=2
oldDNS.address=127.0.0.2
oldDNS.port=54

This will work, because namecoin maps it directly to an IP
$ dig a b.bit @127.0.0.1 -p 5333

This will crash after timeout because namecoin maps it to NS and dnschain is trying to ask oldDNSes for that: (provided dnschain is running on 127.0.0.1:5333):
$ dig a soltysiak.bit @127.0.0.1 -p 5333

The crash is a timeout:

2014-04-25T07:12:49.584Z - warn: [DNS] request failed
{ fn: 'ResolverStreamendCb',
  err: {},
  req:
   { question:
      { name: 'dc1.soltysiak.com',
        type: 1,
        class: 1 },
     server:
      { address: '127.0.0.2',
        port: 54,
        type: 'udp' },
     timeout: 4000,
     try_edns: false,
     fired: true,
     id: 44785,
     cache: false,
     _events:
      { message: [Function],
        timeout: [Function],
        error: [Function],
        end: [Function] },
     rsReqID: 0,
     timer_:
      { _idleTimeout: -1,
        _idlePrev: null,
        _idleNext: null,
        _idleStart: 1398409965583,
        _onTimeout: null,
        _repeat: false,
        ontimeout: null } } }

events.js:72
        throw er; // Unhandled 'error' event
              ^
Error: timeout for '"dc1.soltysiak.com"': {"question":{"name":"dc1.soltysiak.com","type":1,"class":1},"server":{"address":"127.0.0.2","port":54,"type":"udp"},"timeout":4000,"try_edns":false,"fired":false,"id":44785,"cache":false,"_events":{},"rsReqID":0,"timer_":{"_idleTimeout":4000,"_idlePrev":null,"_idleNext":null,"_idleStart":1398409965583,"_repeat":false}}
  at [object Object].<anonymous> (/usr/lib/node_modules/dnschain/src/lib/resolver-stream.coffee:78:30)
  at [object Object].EventEmitter.emit (events.js:92:17)
  at [object Object].Request.handleTimeout (/usr/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:110:10)
  at [object Object].<anonymous> (/usr/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:149:10)
  at Timer.listOnTimeout [as ontimeout] (timers.js:110:15)

Can we handle a timeout more gracefully without shutting down dnschain?

only do NMC lookups in existing namespaces

no reason to lookup /favicon.ico in the blockchain...

problems following setup guide

Any idea what's going on here? Not recognizing coffeescript syntax. This is when I try "sudo grunt example"

/root/dnschain/src/example/example.coffee:1
(function (exports, require, module, __filename, __dirname) { die = ->
                                                                     ^
    SyntaxError: Unexpected token >
    at Module._compile (module.js:439:25)
    at Object.Module._extensions..js (module.js:474:10)
    at Module.load (module.js:356:32)
    at Function.Module._load (module.js:312:12)
    at Function.Module.runMain (module.js:497:10)
    at startup (node.js:119:16)
    at node.js:902:3

Add TCP and IPv6 support

It's 2014 already and it's so easy to add support for it. The following things are on my TODO list:

DNS UDPv6
DNS TCPv4
DNS TCPv6
Unblock TCPv6

Switch to libcoind as default [$90 awarded]

Pretty much the title. JSON RPC can be used as it's currently done with namecoind, and search-based stuff can be done by direct sqlite access.

--- The **[$90 bounty](https://www.bountysource.com/issues/4294760-switch-to-libcoind-as-default?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** on this issue has been claimed at [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Merge our native-dns fork into native-dns and publish new version to NPM

What the title says. Also make sure it has all the latest commits, and don't forget about the submodules (like native-packet-dns) that we modified.

tjfontaine/node-dns#71

Unhandled exception [$30 awarded]

Using the latest in npm I noticed I got this unhandled exception. Does it make any sense? Need more info?

2014-08-05T22:39:40.207Z - warn: [DNS] dropping query, NMC NS ~= localhost! (dns-handlers.coffee:119)
{ q:
   { name: 'soltysiak.bit',
     type: 1,
     class: 1 },
  nsIP: '178.216.201.222',
  info:
   { info:
      { description: 'Maciej Soltysiak Crypto Services',
        registrar: 'http://dc1.soltysiak.com' },
     ns:
      [ 'dc1.soltysiak.com',
        'fns1.42.pl',
        'fns2.42.pl' ],
     map:
      { '':
         { ns:
            [ 'dc1.soltysiak.com',
              'fns1.42.pl',
              'fns2.42.pl' ] } },
     email: '[email protected]' } }

events.js:72
        throw er; // Unhandled 'error' event
              ^
Error: stream.push() after EOF
  at readableAddChunk (_stream_readable.js:146:15)
  at ResolverStream.Readable.push (_stream_readable.js:127:10)
  at ResolverStream.Transform.push (_stream_transform.js:140:32)
  at /usr/lib/node_modules/dnschain/src/lib/resolver-stream.coffee:97:55
  at Array.forEach (native)
  at [object Object].<anonymous> (/usr/lib/node_modules/dnschain/src/lib/resolver-stream.coffee:97:39)
  at [object Object].EventEmitter.emit (events.js:98:17)
  at [object Object].Request.handle (/usr/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:93:10)
  at [object Object].SocketQueue._onmessage (/usr/lib/node_modules/dnschain/node_modules/native-dns/lib/pending.js:154:9)
  at [object Object].EventEmitter.emit (events.js:98:17)
  at Socket.EventEmitter.emit (events.js:98:17)
  at UDP.onMessage (dgram.js:440:8)

--- The **[$30 bounty](https://www.bountysource.com/issues/3660846-unhandled-exception?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** on this issue has been claimed at [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Logging and comments related issues in #33

See:

Also some comment & logging related issues:

don't use console.log: https://github.com/okTurtles/dnschain/pull/33/files#discussion_r15192295
bind utility functions to class instances (unless better idea arises): https://github.com/okTurtles/dnschain/pull/33/files#discussion_r15192431

Create Threat Model documentation

Some important considerations:

Sybil attacks preventing seeing updates, e.g. revoked certs
- Mitgations: check network hash rate. Make sure we're actually getting blocks every X min (whatever the protocol specifies).
Everything here: https://en.bitcoin.it/wiki/Weaknesses#Might_be_a_problem

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/4703504-create-threat-model-documentation?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Following Import, also: other namespaces

Found this in my logs. d/id does an import from dd/domob and dd/domob has the ip mapping. I don't know about dd namespace, but should we respect a request to follow something like that?

solt@dc1:~$ namecoin/src/namecoind name_show d/id
{
    "name" : "d/id",
    "value" : "{\"import\":\"dd/domob\"}",
    "txid" : "21568e24fd223c9a7623b5b956a16e37267387ccfa063895afb2be6470398726",
    "address" : "N2BTuRpqtTYLsXBh3VseZAnSPoLVsYgvtt",
    "expires_in" : 19840
}
solt@dc1:~$ namecoin/src/namecoind name_show dd/domob
{
    "name" : "dd/domob",
    "value" : "{\"ip\":\"37.187.243.109\",\"map\":{\"*\":\"37.187.243.109\"},\"fingerprint\":[\"F3ABCF9B979CAAADD6E3B5E7674A886A25F3F0BB\"],\"tor\":\"wivfwn64tm3uaeig.onion\"}",
    "txid" : "4d74aed6252ebe69e174b71f8869e11292ec2ff32c71f69efd31327e1fa5dade",
    "address" : "N64kqoC78NbVy7ov125KUc4eGsw5ehzi2n",
    "expires_in" : 27076
}

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

IRC bot message on issues

Figure out the deal with GitHub's IRC integration, and maybe use their webhook API instead of the services (which doesn't seem to report anything about issues to the channel).

Documentation on how to use with PowerDNS

forum/wiki/readme

do TODO for `ip2type` in globals.coffee

And update all other files appropriately after the change is done.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1821216-do-todo-for-ip2type-in-globals-coffee?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

namecoin.dns resolves to internal ip address

Should gExternalIP return the server's public ip address or dnschain is supposed to work only in the same network of the server?

exception on timeout with unresponsive dns server

From http://pastebin.com/sdcw3am8:

Managed to crash dnschain 0.02 by setting oldDNS to a closed port and then doing: dig a lg.bit @127.0.0.1 -p 5333

It is a bit unexpected because it seems a .bit domain was going through oldDNS resolution instead of just Namecoin

.dnschain/dnschain.conf is:
[log]
level=info

[dns]
port=5333
#oldDNS.address=127.0.0.2
#oldDNS.port=54

[http]
port=8088
tlsPort=4443

dnschain crashes as follows:

events.js:72
        throw er; // Unhandled 'error' event
              ^
Error: timeout for '"ns0.web-sweet-web.net"': {"question":{"name":"ns0.web-sweet-web.net","type":1,"class":1},"server":{"address":"127.0.0.2","port":54,"type":"udp"},"timeout":4000,"try_edns":false,"fired":false,"id":23958,"cache":false,"_events":{},"rsReqID":0,"timer_":{"_idleTimeout":4000,"_idlePrev":null,"_idleNext":null,"_idleStart":1397637087079,"_repeat":false}}
  at [object Object].<anonymous> (/usr/lib/node_modules/dnschain/src/lib/resolver-stream.coffee:75:30)
  at [object Object].EventEmitter.emit (events.js:92:17)
  at [object Object].Request.handleTimeout (/usr/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:105:10)
  at [object Object].<anonymous> (/usr/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:144:10)
  at Timer.listOnTimeout [as ontimeout] (timers.js:110:15)

Fix these unhandled exceptions

/usr/local/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:493
throw e;
^
Error: Packet.write Unknown State: 43
at Function.Packet.write (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:487:17)
at [object Object].Packet.send (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/packet.js:43:16)
at [object Object].<anonymous> (/usr/local/lib/node_modules/dnschain/src/lib/dns.coffee:206:29)
at [object Object].EventEmitter.emit (events.js:92:17)
at [object Object].Request.done (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:103:8)
at [object Object].Request.handle (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:94:10)
at [object Object].SocketQueue._onmessage (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/pending.js:154:9)
at [object Object].EventEmitter.emit (events.js:98:17)
at Socket.EventEmitter.emit (events.js:98:17)
at UDP.onMessage (dgram.js:440:8)

And:

/usr/local/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:493
throw e;
^
Error: Packet.write Unknown State: 46
at Function.Packet.write (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:487:17)
at [object Object].Packet.send (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/packet.js:43:16)
at [object Object].<anonymous> (/usr/local/lib/node_modules/dnschain/src/lib/dns.coffee:206:29)
at [object Object].EventEmitter.emit (events.js:92:17)
at [object Object].Request.done (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:103:8)
at [object Object].Request.handle (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:94:10)
at [object Object].SocketQueue._onmessage (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/pending.js:154:9)
at [object Object].EventEmitter.emit (events.js:98:17)

And 48 as well. Ideally catch all exceptions for this event.

Massive cleanup

The DNSChain code could be cleaned up.

There's a lot of coupling, it could be made more modular. Variables have HUGE scopes, it opens the door to some really nasty bugs.

The codebase is built with the assumption that there will always be one core/one process. Fixing the problems above will make it possible to parallelize it, which in turn, will make it possible to do "code hotswap": basically applying updates live without dropping connections.

All these things together will make DNSChain a lot more solid. Right now, there's a lot of small problems (possible uncaught exceptions all over the place) that could bring down the whole server.

This is necessary before DNSChain can be used on servers resolving millions of requests/day : performance is just too unreliable and unpredictable otherwise.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/3216519-massive-cleanup?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Use ResolverStream instances statically

Instead of creating new ResolverStream instances for each blockchain request.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Fix and simplify Unblock http-proxy stuff

Fix HTTP proxying with okT extension, currently it's returning JSON for some reason
Fix HTTPS proxying w/okT extension, currently it's erroring
Simplify DNSChain's Unblock stuff, you don't need the two HTTP servers, just grab the data from the TLS socket and forward to http-proxy.

Identity solved.

See https://gitlab.okturtles.com/okturtles/dnschain/issues/3

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/3991097-identity-solved?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

[NMC] support "translate"

It's part of the spec.

Example domain d/aaronsw => {"translate":"aaronsw.com."}

Make sure we don't translate this if oldDNSMethod is set to NO_OLD_DNS_EVER.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

JSON API specs

I'd like to know the JSON specification if there is any. A JSON API to search for users based on their full name would also be nice.

okTurtles extension + Unblock integration

Tracking detailed discussion here.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/3234484-okturtles-extension-unblock-integration?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Update namecoin wiki links in readme.

they moved their wiki (again).

Feature Request: Pfsense Package

PFsense is the security conscious home router/firewall/dns server and so much more. Please create a package for DNSchain on PFsense it would instantly increase your user base and is a perfect fit.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/4383095-feature-request-pfsense-package?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

[DNS] exception in handler (dns.coffee:148)

Hi, noticed this is a reproducible crash. Just lookup t0rrent.bit

2014-06-12T11:02:44.183Z - debug: [DNS] received question
{ name: 't0rrent.bit',
  type: 1,
  class: 1 }
2014-06-12T11:02:44.184Z - debug: [DNS] resolving via nmc...
{ fn: 'cb|.bit',
  nmcDomain: 'd/t0rrent',
  q:
   { name: 't0rrent.bit',
     type: 1,
     class: 1 } }
2014-06-12T11:02:44.185Z - debug: [NMC]
{ fn: 'resolve', path: 'd/t0rrent' }
2014-06-12T11:02:44.193Z - debug: [DNS] nmc resolved query
{ fn: 'nmc_show|cb',
  q:
   { name: 't0rrent.bit',
     type: 1,
     class: 1 },
  d: 'd/t0rrent',
  result:
   { name: 'd/t0rrent',
     value: '{ "info": { "registrar": "dotbit.me", "registrar-email": "[email protected]" }, "ip": "178.63.16.21 ", "map": { "*": { "ip": "178.63.16.21" } } }',
     txid: '23ad1a0865c594e35ec897ebbf50370666f79e66676324fa8a171c1a76e094fb',
     address: 'MwAXsSANg3QHXPE4yiNGwd5Fi9PVixSYdY',
     expires_in: 1805 } }
2014-06-12T11:02:44.194Z - debug: [DNS] sending response!
{ fn: 'cb',
  res:
   { header:
      { id: 21328,
        qr: 1,
        opcode: 0,
        aa: 0,
        tc: 0,
        rd: 1,
        ra: 0,
        res1: 0,
        res2: 0,
        res3: 0,
        rcode: 0 },
     question:
      [ { name: 't0rrent.bit',
          type: 1,
          class: 1 } ],
     answer:
      [ { type: 1,
          class: 1,
          name: 't0rrent.bit',
          address: '178.63.16.21 ',
          ttl: 600 } ],
     authority: [],
     additional: [],
     edns_options: [],
     payload: undefined,
     address: undefined,
     send: [Function] } }
2014-06-12T11:02:44.312Z - error: [DNS] Error: ipaddr: the address has neither IPv6 nor IPv4 format
  at Object.ipaddr.parse (/usr/lib/node_modules/dnschain/node_modules/native-dns/node_modules/ipaddr.js/lib/ipaddr.js:387:13)
  at writeIp (/usr/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:266:16)
  at Function.Packet.write (/usr/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:455:19)
  at [object Object].Packet.send (/usr/lib/node_modules/dnschain/node_modules/native-dns/lib/packet.js:43:16)
  at /usr/lib/node_modules/dnschain/src/lib/dns.coffee:145:41
  at DNSServer.dnsTypeHandlers.namecoin.A (/usr/lib/node_modules/dnschain/src/lib/dns-handlers.coffee:119:21)
  at /usr/lib/node_modules/dnschain/src/lib/dns.coffee:140:37
  at IncomingMessage.<anonymous> (/usr/lib/node_modules/dnschain/node_modules/json-rpc2/src/client.js:275:15)
  at IncomingMessage.EventEmitter.emit (events.js:117:20)
  at _stream_readable.js:920:16
  at process._tickCallback (node.js:415:13)

2014-06-12T11:02:44.349Z - error: [DNS] exception in handler (dns.coffee:148)
{ q:
   { name: 't0rrent.bit',
     type: 1,
     class: 1 },
  result:
   { name: 'd/t0rrent',
     value:
      { info:
         { registrar: 'dotbit.me',
           'registrar-email': '[email protected]' },
        ip: [ '178.63.16.21 ' ],
        map: { '*': { ip: '178.63.16.21' } } },
     txid: '23ad1a0865c594e35ec897ebbf50370666f79e66676324fa8a171c1a76e094fb',
     address: 'MwAXsSANg3QHXPE4yiNGwd5Fi9PVixSYdY',
     expires_in: 1805 } }
2014-06-12T11:02:44.351Z - debug: [DNS]  (<sendErr> dns.coffee:234)
{ code: 2, name: 'SERVFAIL' }

/usr/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:497
        throw e;
              ^
Error: ipaddr: the address has neither IPv6 nor IPv4 format
  at Object.ipaddr.parse (/usr/lib/node_modules/dnschain/node_modules/native-dns/node_modules/ipaddr.js/lib/ipaddr.js:387:13)
  at writeIp (/usr/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:266:16)
  at Function.Packet.write (/usr/lib/node_modules/dnschain/node_modules/native-dns/node_modules/native-dns-packet/packet.js:455:19)
  at [object Object].Packet.send (/usr/lib/node_modules/dnschain/node_modules/native-dns/lib/packet.js:43:16)
  at DNSServer.sendErr (/usr/lib/node_modules/dnschain/src/lib/dns.coffee:235:17)
  at /usr/lib/node_modules/dnschain/src/lib/dns.coffee:149:37
  at IncomingMessage.<anonymous> (/usr/lib/node_modules/dnschain/node_modules/json-rpc2/src/client.js:275:15)
  at IncomingMessage.EventEmitter.emit (events.js:117:20)
  at _stream_readable.js:920:16
  at process._tickCallback (node.js:415:13)

Send a PR to namecoin to build namecoind on OS X

The title.

https://github.com/okTurtles/namecoin/tree/macosx

[NMC] support domain references and mappings

Handle "map", and magical references such as "", "." (?), "@" etc. See:

Consider that some sites still use legacy mapping format like {"map":{"":"74.207.231.13"}} (d/bluishcoder for example), but this is discouraged and will be obsoleted according to:

https://wiki.namecoin.info/index.php?title=Domain_Name_Specification#Legacy_support

Decide whether or not to support this legacy stuff (and if so, create another issue for that separately).

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1738365-nmc-support-domain-references-and-mappings?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

No packet sent in 0.2.4

Client looks up A record for c.bit using dig. dnschain listening on port 5333.

$ dig c.bit a @178.216.201.222 -p 5333

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> c.bit a @178.216.201.222 -p 5333
;; global options: +cmd
;; connection timed out; no servers could be reached

As 178.216.201.222 is the local host, tcpdump listening on lo. It shows only packets sent by dig, no responses:

root@dc1:~# tcpdump -n -i lo port 5333
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
23:00:47.943322 IP 178.216.201.222.34716 > 178.216.201.222.5333: UDP, length 23
23:00:52.943447 IP 178.216.201.222.34716 > 178.216.201.222.5333: UDP, length 23
23:00:57.943562 IP 178.216.201.222.34716 > 178.216.201.222.5333: UDP, length 23

dnschain logs in debug mode:

2014-07-10T20:58:48.869Z - debug: [DNS] received question
{ name: 'c.bit',
  type: 1,
  class: 1 }
2014-07-10T20:58:48.870Z - debug: [DNS] resolving via nmc...
{ fn: 'cb|.bit',
  nmcDomain: 'd/c',
  q:
   { name: 'c.bit',
     type: 1,
     class: 1 } }
2014-07-10T20:58:48.871Z - debug: [NMC]
{ fn: 'resolve', path: 'd/c' }
2014-07-10T20:58:48.879Z - debug: [DNS] nmc resolved query
{ fn: 'nmc_show|cb',
  q:
   { name: 'c.bit',
     type: 1,
     class: 1 },
  d: 'd/c',
  result:
   { name: 'd/c',
     value: '{"info":{"registrar":"http://bitcoins.me"},"email": "[email protected]"}',
     txid: '98fae121d4c9f0ee90e151842bf007d33c432280dea8174f446b2ed4bc065fa1',
     address: 'Mxo94oEiyePyv5ffGE3fAtaQA9QvKmL7H3',
     expires_in: 28984 } }

3 times as dig attempts thrice.

Worked with 0.2.3. Doesn't with 0.2.4

My ~/.dnschain/dnschain.conf is:

[log]
level=debug

[dns]
port=5333
oldDNSMethod=NO_OLD_DNS
oldDNS.address=127.0.0.1
oldDNS.port=53

[http]
port=8088
tlsPort=4443

Any ideas?

Prevent DNS Amplification attacks [$90 awarded]

The DNSChain code right now is not production ready as it can be used for DDOS attacks by the thousands of automated scripts on the internet hunting for badly configured DNS Servers.

DNS lookups need to be throttled on a IP+Domain basis.

--- The **[$90 bounty](https://www.bountysource.com/issues/3216552-prevent-dns-amplification-attacks?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** on this issue has been claimed at [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

dnschain retries despite getting NXDOMAIN

got.bit has the value {"ns":["qwert"]}
obviously it's a globally non-resolvable NS for which an oldDNS will return NXDOMAIN (regardless if it's google or my dnsmasq)

When you ask dnschain for A on got.bit:
$ dig a got.bit @127.0.0.1 -p 5333
You will see that dnschain retries the same query:

2014-04-25T08:24:40.380Z - info: [DNS] {"ns":["qwert"]}
2014-04-25T08:24:45.380Z - info: [DNS] {"ns":["qwert"]}
2014-04-25T08:24:50.381Z - info: [DNS] {"ns":["qwert"]}

despite getting NXDOMAIN each time:

root@dev1:~# tcpdump -n -i lo port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
10:25:46.192655 IP 127.0.0.1.48479 > 127.0.0.1.53: 45319+ A? qwert. (23)
10:25:46.192806 IP 127.0.0.1.53 > 127.0.0.1.48479: 45319 NXDomain 0/0/0 (23)
10:25:51.195273 IP 127.0.0.1.48479 > 127.0.0.1.53: 38789+ A? qwert. (23)
10:25:51.195381 IP 127.0.0.1.53 > 127.0.0.1.48479: 38789 NXDomain 0/0/0 (23)
10:25:56.194094 IP 127.0.0.1.48479 > 127.0.0.1.53: 6786+ A? qwert. (23)
10:25:56.194200 IP 127.0.0.1.53 > 127.0.0.1.48479: 6786 NXDomain 0/0/0 (23)

I think it should pass the NXDOMAIN back to the client at first time.

GPL incompatibility due to secondary license incompatibility

Because the secondary license clause was left in your license file, this code currently can't be used in *GPL greater works.

I recommend removing this section to ensure compatibility.

Add HTTPS web admin interface for configuration + stats [$300 awarded]

pretty graphs of DNS stats
be able to administrate server settings... restart the server, etc.

--- The **[$300 bounty](https://www.bountysource.com/issues/3136030-add-https-web-admin-interface-for-configuration-stats?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** on this issue has been claimed at [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Add sendmail-type support for reporting critical errors

Including collecting stats on number of failed queries (for example, send email if >30% of queries fail, etc.).

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1974985-add-sendmail-type-support-for-reporting-critical-errors?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Go through native-dns project's issues and close what you can

This one's easy: tjfontaine/node-dns#73 (comment)

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/2838763-go-through-native-dns-project-s-issues-and-close-what-you-can?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Implement (or incorporate) fast-packet relay in native-dns module

From tjfontaine/node-dns#67:

There are many ways to implement the following (and they should all be explored), but the main idea is that always having to parse and repack every packet creates a DNS library that unnecessarily slow when only a relay is desired.

The goal of this feature is to put as little latency on the receiving and sending of a DNS question/response when the goal is to simply act as a bridge/relay for another DNS server.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1771004-implement-or-incorporate-fast-packet-relay-in-native-dns-module?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Add `gLineInfo` to all logging

For code in #33.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/3228298-add-glineinfo-to-all-logging?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

Accept this PR for native-dns (or implement the fix)

tjfontaine/node-dns#63

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Get rid of callback hell with coroutines

And look! co supports 0.10.x via gnode!

Support multiple oldDNS resolvers

Allow an array of dns.oldDNS resolvers for redundancy purposes.

Dnschain crashing

/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/packet.js:381
        throw e;
              ^
Error: WTF No State While Writing
  at Function.Packet.write (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/packet.js:374:17)
  at [object Object].Packet.send (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/packet.js:64:16)
  at [object Object].<anonymous> (/usr/local/lib/node_modules/dnschain/src/lib/dns.coffee:92:29)
  at [object Object].EventEmitter.emit (events.js:92:17)
  at [object Object].Request.done (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:98:8)
  at [object Object].Request.handle (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/client.js:89:10)
  at [object Object].SocketQueue._onmessage (/usr/local/lib/node_modules/dnschain/node_modules/native-dns/lib/pending.js:154:9)
  at [object Object].EventEmitter.emit (events.js:98:17)
  at Socket.EventEmitter.emit (events.js:98:17)
  at UDP.onMessage (dgram.js:423:8)

Finish implementing code review suggestions

I thought you had done this, but after checking out the source I see many of the suggestions weren't implemented.

Please go through all of the comments, these are just a few (not all) that stood out:

API for fetching server's fingerprint

We want user's to be able to simply tap a button once to confirm the server's fingerprint instead of manually typing it.

Add okTurtles demo video to README.md

Video can be seen here: http://blog.okturtles.com/2014/07/okturtles-demo-at-soups-2014-eff-cup-crypto-usability-prize/

It's also hosted on Vimeo: https://vimeo.com/100433057

Host tunneling for Unblock

Just creating an issue for this (as I just also created the milestone). Let me know how I can help!

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Improve README

make more use of wiki to shorten it & organize it better
add links to third-party press / docs / tutorials
other ideas

Add stats via redis or memcached

It'd be nice to know:

How many requests are served in a 24 hour period
Requests/sec
Error rate
Country of origin (of course we won't store the IP, just the result of an IP2loc mapping).

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/1839841-add-stats-via-redis-or-memcached?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F528702&utm_medium=issues&utm_source=github).

TLSA / DANE support

Integrate code and comments from:

Add testing suite

Mocha or Vows.

okturtles / dnschain Goto Github PK

dnschain's People

Contributors

Stargazers

Watchers

Forkers

dnschain's Issues

Recommend Projects

Recommend Topics

Recommend Org