resolved
resolved (pronounced "resolved", not "resolved") is a simple DNS server, and
associated tools, for home networks. To that end, it supports:
- Three modes of operation: as a recursive or forwarding nameserver (with caching) or as an authoritative nameserver for your specified domains only.
- Defining custom records in hosts files (to make existing DNS blacklists each to use) and in zone files.
- Listening on either IPv4 or IPv6, and communicating with upstream nameservers over both.
Usage
Install rustup, and then install the default toolchain:
rustup show
Then, compile in release mode;
cargo build --release
The DNS Server
resolved hasn't had any sort of security review, so be wary of exposing it on a public network.
Since resolved binds to port 53 (both UDP and TCP), it needs to be
run as root or to have the CAP_NET_BIND_SERVICE capability.
sudo ./target/release/resolved -Z config/zones
The config/zones directory contains standard configuration which you'll
usually want to have (such as the "root hints" file), so you would typically
either put your zone files in config/zones, or put them somewhere else and
pass a second -Z option like so:
sudo ./target/release/resolved -Z config/zones -Z /path/to/your/zone/files
See the CLI documentation for more.
The DNS Client
There is also a dnsq utility to resolve names based on the server
configuration directly. The main purpose of it is to test configuration
changes.
$ ./target/release/dnsq www.barrucadu.co.uk. AAAA -Z config/zones
;; QUESTION
www.barrucadu.co.uk. IN AAAA
;; ANSWER
www.barrucadu.co.uk. 300 IN CNAME barrucadu.co.uk.
barrucadu.co.uk. 300 IN AAAA 2a01:4f8:c0c:bfc1::
See the --help text for all options.
Other Tools
There are also four utility programs (htoh, htoz, ztoh, and ztoz) to
convert between hosts files and zone files.
They accept any syntactically valid file as input, and output it in a consistent
format regardless of how the input is structured, so htoh and ztoz can be
used to normalise existing files.
Development
Rust sources are in the crates/ directory. There are two shared libraries:
dns-types- basic types used in other packages (crate documentation)dns-resolver- the DNS resolvers (crate documentation)
And six binaries:
dnsq- utility to resolve DNS queries (crate documentation)resolved- the DNS server (crate documentation)htoh- utility to normalise hosts files (crate documentation)htoz- utility to convert hosts files to zone files (crate documentation)ztoh- utility to convert zone files to hosts files (crate documentation)ztoz- utility to normalise zone files (crate documentation)
Developing with nix
Open a development shell:
nix develop
And run cargo commands in there.
Testing
Run the unit tests with:
cargo test
There are also fuzz tests in the fuzz/ directory, using
cargo-fuzz:
cargo install cargo-fuzz
# list targets
cargo fuzz list
# run a target until it panics or is killed with ctrl-c
cargo fuzz run <target>
Supported standards
-
RFC 1034: Domain Names - Concepts and Facilities
Gives the basic semantics of DNS and the algorithms for recursive and non-recursive resolution.
-
RFC 1035: Domain Names - Implementation and Specification
Defines the wire format and discusses implementation concerns of the algorithms from RFC 1034.
-
RFC 2782: A DNS RR for specifying the location of services (DNS SRV)
Defines the
SRVrecord and query types. -
RFC 3596: DNS Extensions to Support IP Version 6
Defines the
AAAArecord and query types. -
RFC 4343: Domain Name System (DNS) Case Insensitivity Clarification
Clarifies that domain names are not ASCII, and yet for case insensitivity purposes are case-folded as ASCII is. And also that "case preservation", as required by other RFCs, is more or less meaningless.
-
RFC 6761: Special-Use Domain Names
Defines several zones with special behaviour. This is RFC implemented as configuration distributed with the DNS server (in
config/zones) not code. -
Defines the Linux hosts file format.