README
¶
veild
Stub resolver for routing DNS queries over TLS (DNS-over-TLS).
Thanks to the following sites/RFCs:
- https://tools.ietf.org/html/rfc1035
- https://tools.ietf.org/html/rfc7858
- https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers
Features
- Roundrobin of requests over each DNS server
- Caches responses and adhers to TTLs
- Blacklist domains using a supplied file (txt file of domains to block)
- Ability to define a list of resolvers in a YAML file
Install
Head on over to the latest releases page to pick up your release of choice :)
Usage
The quickest and easiest way to get started, assuming you've extracted the archieve and are in the directory:
sudo ./veild
This will start veild with caching on and a resolvers set to Cloudflare's 1.1.1.1 and 1.0.0.1.
Why do I need sudo?! Well, by default veild listens on port 53 (UDP) which is within the priveledged ports range... more on that here.
Hopefully you should see it startup with output similar to the following:
$ sudo ./veild
2018/09/06 16:59:03 Starting Veil
2018/09/06 16:59:03 [main] Outbound port set to 853
2018/09/06 16:59:03 [main] Listening on 127.0.0.1:53 (UDP)
If you do... good stuff!
Time to set your resolver to your nice, new, fresh super secure™ resolver.
When your OS is set to use veild you should start to see some activity in the console.
Resolvers
The resolvers.yml file which you'll see in the archieve also gives you the ability to enable/disable DNS resolvers as needed. I've added comments in there which should explain things.
Outbound port
You can specify an outbound port (instead of the default 853 DNS-over-TLS port) by using the -p flag when starting veild.
Using the -p flag filters down the resolvers in the resolvers.yml file to the specified port.
Blacklists
Blacklist support is also available to block ad domains etc. For that you'll need to head to Steven Black's repo where you can find multiple blacklists available for download.
Veild is happy working with the hosts file format, so, once you have a blacklist downloaded, simply add: -b blacklist.txt to the end of the command above.
I think that just about covers things... for a full set of the arguments that you can pass to veild run: ./veild --help
Todo
- Limit size of cache
- Add ability to remap domain requests
Documentation
¶
Overview ¶
Package veild is the main veil package for handling DNS to DNS-over-TLS connections.
Index ¶
Constants ¶
const ( // PacketLength is the maximum allowed packet length for a DNS packet. PacketLength int = 512 // HeaderLength is the length of a normal DNS request/response header (in bytes). HeaderLength int = 12 )
Variables ¶
var ( // ErrInvalidRType is returned when a mapping cannot be found between // the numeric representation of an RR type and it's string. ErrInvalidRType = errors.New("invalid rtype") )
Errors in the DNS parse phase.
var ( // ErrProblemParsingOffsets is returned when a TTL offset cannot be parsed. ErrProblemParsingOffsets = errors.New("problem parsing TTL offsets") )
Errors in the query cache.
var ResourceTypes = map[uint16]string{
1: "A",
2: "NS",
5: "CNAME",
6: "SOA",
12: "PTR",
15: "MX",
16: "TXT",
28: "AAAA",
33: "SRV",
257: "CAA",
}
ResourceTypes maps resource record (RR) types to string representations.
Functions ¶
Types ¶
type Blacklist ¶
type Blacklist struct {
// contains filtered or unexported fields
}
Blacklist represents a blacklist.
func NewBlacklist ¶
NewBlacklist creates a new Blacklist from a given hosts file.
type Config ¶
type Config struct {
ListenAddr string
Caching bool
OutboundPort uint
BlacklistFile string
ResolversFile string
}
Config represents the command line options.
type PConn ¶
type PConn struct {
// contains filtered or unexported fields
}
PConn holds persistent connections.
type Packet ¶
type Packet struct {
// contains filtered or unexported fields
}
Packet represents the structure of a client request.
type Pool ¶
type Pool struct {
// contains filtered or unexported fields
}
Pool represents a new connection pool.
func (*Pool) ConnectionManagement ¶
func (p *Pool) ConnectionManagement()
ConnectionManagement management handles reconnects.
func (*Pool) Dispatch ¶
func (p *Pool) Dispatch()
Dispatch handles dispatching requests to the underlying workers.
type Query ¶
type Query struct {
// contains filtered or unexported fields
}
Query holds the structure for the raw response data and offsets of TTLs.
type QueryCache ¶
type QueryCache struct {
// contains filtered or unexported fields
}
QueryCache holds the main structure of the query cache.
func NewQueryCache ¶
func NewQueryCache() *QueryCache
NewQueryCache handles QueryCache initialization.
func (*QueryCache) Get ¶
func (r *QueryCache) Get(key [sha1.Size]byte) (interface{}, bool)
Get gets an entry from the query cache.
func (*QueryCache) Put ¶
func (r *QueryCache) Put(key [sha1.Size]byte, value Query)
Put puts an entry into the query cache.
func (*QueryCache) Reaper ¶
func (r *QueryCache) Reaper()
Reaper ticks over every second and runs through the TTL decrements.
type RR ¶
type RR struct {
// contains filtered or unexported fields
}
RR represents a domain name and resource type.
type Resolvers ¶
type Resolvers struct {
Resolvers []Resolver
}
Resolvers implements a list of resolvers.
func NewResolvers ¶
NewResolvers loads of a list of resolvers from a file.
type ResponseCache ¶
type ResponseCache struct {
// contains filtered or unexported fields
}
ResponseCache represents a response cache.
func NewResponseCache ¶
func NewResponseCache() *ResponseCache
NewResponseCache handles ResponseCache initialization.
func (*ResponseCache) Get ¶
func (r *ResponseCache) Get(key uint16) (interface{}, bool)
Get gets an entry from the response cache.
func (*ResponseCache) Put ¶
func (r *ResponseCache) Put(key uint16, value Packet)
Put puts an entry into the response cache.
Source Files
Directories