Sign in Subscribe
Newsletter

Introducing new DNS Diagnostics Tooling

Team NLnet Labs

3 min read
Introducing new DNS Diagnostics Tooling
Photo by Austin D / Unsplash

In this DNS-centric edition of “Of Trees and Tries” we’re excited to share what we’ve been working on over the last few months.

Before we get started, we have something special to share. Frances Brazier, legendary computer scientist and one of the founders of NLnet Labs, received a Knighthood in the Order of the Dutch Lion in recognition of her outstanding academic career and her commitment to the emancipation of women in computer science and engineering. We're so proud!

Now, there's lots more we'd like to tell you about.

A Massive Release for ‘domain’

Thanks to the funding we’ve received from the Sovereign Tech Fund, this year we can have three full-time developers working on expanding our ‘domain’ library for Rust. The work done in the first quarter of the year has culminated in version 0.10.0 which – among a mountain of breaking changes and bug fixes – has three major new features.

Client Transport

The first of these new features is unstable-client-transport, which adds the client side of sending DNS messages over UDP, TCP, and TLS. These transports can either be used individually or combined into a “redundant transport” that tries and picks the best available destination.

Server Transport

The second feature is unstable-server-transport. This is the server counterpart and provides the ability to receive and process DNS requests. It is built on a Service concept that should sound familiar if you’ve used Hyper before. It also provides a configurable middleware that lets you choose which server features you want to support.

Representing DNS Zones

Finally, we have the unstable-zonetree feature which provides the machinery for representing DNS zones, as well as an in-memory representation of a zone. Such a zone can be loaded from a zonefile – although we don’t have implementations for all record types yet – and can be used with the server transport to implement a simple authoritative server.

The team is now working on DNSSEC validation and zone transfers, which are scheduled to be released over the next few weeks.

Introducing dnsi, our DNS Investigation Tool

The milestones we committed to for our 'domain' project include diagnostics tooling. Instead of simply reimplementing dig in Rust, we wanted to rethink what operators would want from such a command line tool. To kick off this project, we've released version 0.1.0 of dnsi.

For now, it dnsi contains the query and lookup subcommands, providing basic functionality to get things started.

$ dnsi query -s 9.9.9.9 nlnetlabs.nl AAAA
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 29112
;; flags: QR RD RA; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version 0; flags: false; udp: 1232
;; QUESTION SECTION:; nlnetlabs.nl.	AAAA	IN

;; ANSWER SECTION:
nlnetlabs.nl. 240 IN AAAA 2a04:b900::1:0:0:10

;; Query time: 13 msec
;; SERVER: 9.9.9.9#53 (UDP)
;; WHEN: Wed May 15 11:33:03 +02:00 2024
;; MSG SIZE  rcvd: 69

An example of the query command.

$ dnsi lookup ietf.org 2a04:b900::1:0:0:10 foo.bar 192.0.2.1
ietf.org
  2606:4700::6810:2c63
  2606:4700::6810:2d63
  104.16.44.99
  104.16.45.99

2a04:b900::1:0:0:10
  dicht.nlnetlabs.nl

foo.bar
  <no addresses found>

192.0.2.1
  <no hosts found>

An example of the lookup command.

Currently, you can only install dnsi using Cargo, but we'll make sure to publish packages for the next release.

🕵️‍♀️
We're eager to hear what kind of functionality you'd like to see in dnsi! Don't hesitate to create an issue on GitHub with a feature request or bug report, or contribute with a pull request.

🗞 From the News Desk

  • We released Unbound 1.20.0. It contains a fix for the DNSBomb issue CVE-2024-33655, which has a low-severity impact on Unbound, up to and including 1.19.3.
  • We released NSD 4.9.0, adding support for DNS Catalog Zones version "2", as descibed in RFC 9432.
  • Patrick Fedick from DENIC published some encouraging test results running the Release Candidate of NSD 4.10.0, which adds our new SIMD-capable zonefile parser.
  • We hosted the DNS-OARC staff and board retreat at the NLnet Labs office, spending long days of thinking about opportunities and new directions for the OARC organisation and community.
  • For the second year, we're proud to have co-hosted and helped organise RustNL, with 425 attendees attending two days of talks and workshops about the Rust programming language.
  • At RIPE88 in Krakow, Poland, Willem will be co-chairing the DNS working group, and you can catch up with Jasper on the progress on our modular BGP engine, Rotonda.

Thanks for reading, until next time!

Love from the NLnet Labs crew

Sign up for more like this.

Enter your email
Subscribe