hickory-dns/README.md

121 lines
4.6 KiB
Markdown
Raw Normal View History

2015-11-16 04:57:59 +00:00
# trust-dns
[![Build Status](https://travis-ci.org/bluejekyll/trust-dns.svg?branch=master)](https://travis-ci.org/bluejekyll/trust-dns)
[![Coverage Status](https://coveralls.io/repos/bluejekyll/trust-dns/badge.svg?branch=master&service=github)](https://coveralls.io/github/bluejekyll/trust-dns?branch=master)
[![](http://meritbadge.herokuapp.com/trust-dns)](https://crates.io/crates/trust-dns)
2015-08-22 00:29:00 +00:00
A Rust based DNS client and server, built to be safe and secure from the
ground up.
2015-08-14 23:28:01 +00:00
# Goals
- Build a safe and secure DNS server and client with modern features.
2015-10-17 22:33:13 +00:00
- No panics, all code is guarded
2015-08-22 00:29:00 +00:00
- Use only safe Rust, and avoid all panics with proper Error handling
- Use only stable Rust
2015-08-14 23:28:01 +00:00
- Protect against DDOS attacks (to a degree)
2015-10-17 22:33:13 +00:00
- Support options for Global Load Balancing functions
- Make it dead simple to operate
2015-08-14 23:28:01 +00:00
# Status:
2015-10-17 22:33:13 +00:00
WARNING!!! Under active development!
2015-08-22 00:29:00 +00:00
2015-10-17 22:33:13 +00:00
The client now supports timeouts (thanks mio!). Currently hardcoded to 5 seconds,
I'll make this configurable if people ask for that, but this allows me to move on.
2015-08-14 23:28:01 +00:00
2015-11-16 04:57:59 +00:00
The server code is complete, the daemon supports IPv4 and IPv6, UDP and TCP.
There currently is no way to limit TCP and AXFR operations, so it is still not
recommended to put into production as TCP can be used to DOS the service.
Master file parsing is complete and supported. There is currently no forking
option, and the server is not yet threaded.
2015-08-22 00:29:00 +00:00
2015-10-17 22:33:13 +00:00
## RFC's implemented
2015-09-17 21:13:01 +00:00
2015-11-16 04:57:59 +00:00
### Basic operations
2015-10-18 20:45:31 +00:00
- [RFC 1035](https://tools.ietf.org/html/rfc1035): Base DNS spec (partial, caching not yet supported)
- [RFC 3596](https://tools.ietf.org/html/rfc3596): IPv6
2015-11-16 04:57:59 +00:00
- [RFC 2782](https://tools.ietf.org/html/rfc2782): Service location
### Update operations
2015-10-18 20:45:31 +00:00
- [RFC 2136](https://tools.ietf.org/html/rfc2136): Dynamic Update
2015-10-17 22:33:13 +00:00
## RFC's in progress or not yet implemented
2015-11-16 04:57:59 +00:00
### Basic operations
- [RFC 2308](https://tools.ietf.org/html/rfc2308): Negative Caching of DNS Queries
- [RFC 2317](https://tools.ietf.org/html/rfc2317): Classless IN-ADDR.ARPA delegation
- [RFC 6891](https://tools.ietf.org/html/rfc6891): Extension Mechanisms for DNS
### Update operations
2015-10-18 20:45:31 +00:00
- [RFC 1995](https://tools.ietf.org/html/rfc1995): Incremental Zone Transfer
- [RFC 1996](https://tools.ietf.org/html/rfc1996): Notify slaves of update
2015-11-16 04:57:59 +00:00
- [Update Leases](https://tools.ietf.org/html/draft-sekar-dns-ul-01): Dynamic DNS Update Leases
- [Long-Lived Queries](http://tools.ietf.org/html/draft-sekar-dns-llq-01): Notify with bells
### Secure DNS operations
2015-10-18 20:45:31 +00:00
- [RFC 3007](https://tools.ietf.org/html/rfc3007): Secure Dynamic Update
- [RFC 4034](https://tools.ietf.org/html/rfc4034): DNSSEC Resource Records
2015-11-16 04:57:59 +00:00
- [RFC 4035](https://tools.ietf.org/html/rfc4035): Protocol Modifications for DNSSEC
- [RFC 4509](https://tools.ietf.org/html/rfc4509): SHA-256 in DNSSEC Delegation Signer
- [RFC 5155](https://tools.ietf.org/html/rfc5155): DNSSEC Hashed Authenticated Denial of Existence
- [RFC 5702](https://tools.ietf.org/html/rfc5702): SHA-2 Algorithms with RSA in DNSKEY and RRSIG for DNSSEC
- [RFC 6840](https://tools.ietf.org/html/rfc6840): Clarifications and Implementation Notes for DNSSEC
- [RFC 6944](https://tools.ietf.org/html/rfc6944): DNSKEY Algorithm Implementation Status
2015-10-18 20:45:31 +00:00
- [DNSCrypt](https://dnscrypt.org): Trusted DNS queries
2015-10-17 22:33:13 +00:00
# Usage
2015-10-18 20:45:31 +00:00
This assumes that you have [Rust](https://www.rust-lang.org) stable installed. These
presume that the trust-dns repos have already been synced to the local system:
2015-10-18 20:51:12 +00:00
$ git clone https://github.com/bluejekyll/trust-dns.git
$ cd trust-dns
2015-10-18 20:45:31 +00:00
## Testing
- Unit tests
These are good for running on local systems. They will create sockets for
local tests, but will not attempt to access remote systems.
2015-10-18 20:51:12 +00:00
$ cargo test
2015-10-18 20:45:31 +00:00
- Functional tests
These will try to use some local system tools for compatibility testing,
and also make some remote requests to verify compatibility with other DNS
systems. These can not currently be run on Travis for example.
2015-10-18 20:51:12 +00:00
$ cargo test --features=ftest
2015-10-18 20:45:31 +00:00
- Benchmarks
Waiting on benchmarks to stabilize in mainline Rust.
## Building
- Production build
2015-10-18 20:51:12 +00:00
$ cargo build --release
2015-10-18 20:45:31 +00:00
## Running
Warning: Trust-DNS is still under development, running in production is not
recommended. The server is currently only single-threaded, it is non-blocking
so this should allow it to work with most internal loads.
- Verify the version
2015-10-18 20:51:12 +00:00
$ target/release/named --version
2015-10-18 20:45:31 +00:00
- Get help
2015-10-18 20:51:12 +00:00
$ target/release/named --help
2015-08-14 23:28:01 +00:00
# FAQ
2015-10-18 20:51:12 +00:00
- Why are you building another DNS server?
2015-08-14 23:28:01 +00:00
2015-11-16 04:57:59 +00:00
Because of all the security advisories out there for BIND.
2015-08-14 23:28:01 +00:00
Using Rust semantics it should be possible to develop a high performance and
safe DNS Server that is more resilient to attacks.