secureoperator

package module
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 31, 2017 License: Apache-2.0 Imports: 9 Imported by: 0

README

secureoperator

Build Status

A DNS-protocol proxy for Google's DNS-over-HTTPS: allows you to run a server on your local network which responds to DNS queries, but requests records across the internet using HTTPS.

Installation

You may retrieve binaries from the releases page, or install using go get:

go get -u github.com/fardog/secureoperator/cmd/secure-operator

Then either run the binary you downloaded, or the built package:

secure-operator

This will start a DNS server listening on TCP and UDP at :53. For usage information, run secure-operator --help.

Note: Running a service on port 53 requires administrative privileges on most systems.

Docker

There is a Docker image available for secureoperator:

docker pull fardog/secureoperator

The latest tag will always be the build from the master branch. If you wish to use one of the stable releases, use its version tag when pulling, e.g.:

docker pull fardog/secureoperator:v1.0.3

Version Compatibility

This package follows semver for its tagged releases. The master branch is always considered stable, but may break API compatibility. If you require API stability, either use the tagged releases or mirror on gopkg.in:

go get -u gopkg.in/fardog/secureoperator.v1

Security

Note that while DNS requests are made over HTTPS, this does not imply "secure"; consider the following:

  • You must trust Google with your requests, see their privacy statement for further details.
  • The initial lookup for the Google DNS endpoint happens over plain DNS using your locally configured DNS resolver; there are plans to mitigate this in the future, but at least one DNS request will be sent unsecured.

Caveats/TODO

  • Currently only the following records are supported: A, AAAA, CNAME, MX
  • More thorough tests should be written
  • No caching is implemented, and probably never will. If you need caching, put your secure-operator server behind another DNS server which provides caching.

Acknowledgments

This owes heavily to the following work:

License

   Copyright 2017 Nathan Wittstock

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

Documentation

Index

Constants

View Source 
const (
	// DNSNameMaxBytes is the maximum number of bytes a DNS name may contain
	DNSNameMaxBytes = 253
)

Variables

This section is empty.

Functions

This section is empty.

Types

type DNSQuestion 

type DNSQuestion struct {
	Name string `json:"name,omitempty"`
	Type uint16 `json:"type,omitempty"`
}

DNSQuestion represents a DNS question to be resolved by a DNS server

type DNSRR 

type DNSRR struct {
	Name string `json:"name,omitempty"`
	Type uint16 `json:"type,omitempty"`
	TTL  uint32 `json:"TTL,omitempty"`
	Data string `json:"data,omitempty"`
}

DNSRR represents a DNS record, part of a response to a DNSQuestion

func (DNSRR) RR 

func (r DNSRR) RR() dns.RR

RR transforms a DNSRR to a dns.RR. It does not support a full compliment of DNS records, although it will grow additional types as necessary. Currently it supports:

  • A
  • AAAA
  • CNAME
  • MX

Any unsupported type will be translated to an RFC3597 message.

Transforms from A, AAAA, and CNAME records are straightforward; the (DNSRR).Data fields are translated from strings to IP addresses (in the case of A, AAAA), or copied straight over (in the case of CNAME) to the dns.RR.

MX Records expect the Data field to be in the format of "10 whatever.com", where "10" is the unsigned integer priority, and "whatever.com" is the server expected to serve the request.

type DNSResponse 

type DNSResponse struct {
	Question           []DNSQuestion
	Answer             []DNSRR
	Authority          []DNSRR
	Extra              []DNSRR
	Truncated          bool
	RecursionDesired   bool
	RecursionAvailable bool
	AuthenticatedData  bool
	CheckingDisabled   bool
	ResponseCode       int
}

DNSResponse represents a complete DNS server response, to be served by the DNS server handler.

type GDNSProvider 

type GDNSProvider struct {
	Endpoint string
	Pad      bool
}

GDNSProvider is the Google DNS-over-HTTPS provider; it implements the Provider interface.

func (GDNSProvider) Query 

func (g GDNSProvider) Query(q DNSQuestion) (*DNSResponse, error)

Query sends a DNS question to Google, and returns the response

type GDNSQuestion 

type GDNSQuestion DNSQuestion

GDNSQuestion represents a question response item from Google's DNS service This is currently the same as DNSQuestion, our internal implementation, but since Google's API is in flux, we keep them separate

func (GDNSQuestion) DNSQuestion 

func (r GDNSQuestion) DNSQuestion() DNSQuestion

DNSQuestion transforms a GDNSQuestion to a DNSQuestion and returns it.

type GDNSQuestions 

type GDNSQuestions []GDNSQuestion

GDNSQuestions is a array of GDNSQuestion objects

func (GDNSQuestions) DNSQuestions 

func (rs GDNSQuestions) DNSQuestions() (rqs []DNSQuestion)

DNSQuestions transforms an array of GDNSQuestion objects to an array of DNSQuestion objects

type GDNSRR 

type GDNSRR DNSRR

GDNSRR represents a dns response record item from Google's DNS service. This is currently the same as DNSRR, our internal implementation, but since Google's API is in flux, we keep them separate

func (GDNSRR) DNSRR 

func (r GDNSRR) DNSRR() DNSRR

DNSRR transforms a GDNSRR to a DNSRR

type GDNSRRs 

type GDNSRRs []GDNSRR

GDNSRRs represents an array of GDNSRR objects

func (GDNSRRs) DNSRRs 

func (rs GDNSRRs) DNSRRs() (rrs []DNSRR)

DNSRRs transforms an array of GDNSRR objects to an array of DNSRR objects

type GDNSResponse 

type GDNSResponse struct {
	Status           int32         `json:"Status,omitempty"`
	TC               bool          `json:"TC,omitempty"`
	RD               bool          `json:"RD,omitempty"`
	RA               bool          `json:"RA,omitempty"`
	AD               bool          `json:"AD,omitempty"`
	CD               bool          `json:"CD,omitempty"`
	Question         GDNSQuestions `json:"Question,omitempty"`
	Answer           GDNSRRs       `json:"Answer,omitempty"`
	Authority        GDNSRRs       `json:"Authority,omitempty"`
	Additional       GDNSRRs       `json:"Additional,omitempty"`
	EDNSClientSubnet string        `json:"edns_client_subnet,omitempty"`
	Comment          string        `json:"Comment,omitempty"`
}

GDNSResponse represents a response from the Google DNS-over-HTTPS servers

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler represents a DNS handler

func NewHandler 

func NewHandler(provider Provider, options *HandlerOptions) *Handler

NewHandler creates a new Handler

func (*Handler) Handle 

func (h *Handler) Handle(w dns.ResponseWriter, r *dns.Msg)

Handle handles a DNS request

type HandlerOptions 

type HandlerOptions struct{}

HandlerOptions specifies options to be used when instantiating a handler

type Provider 

type Provider interface {
	Query(DNSQuestion) (*DNSResponse, error)
}

Provider is an interface representing a servicer of DNS queries.

Source Files

View all Source files

Directories

Path Synopsis
cmd
secure-operator

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.