I am developing multiple TypeScript (NodeJS 14) client applications (all Dockerized). Most of the HTTP requests are made using axios, but not exclusively.
By default, all DNS queries resolve to IPv4 addresses, so all HTTP traffic is over IPv4 as well.
I could specify the exact IPv6 address for each and every one of the requests I make - but I'd like to find a way to have these apps opt for IPv6 DNS resolution, preferably with as little code changes as possible. Maybe a tsnode.json modification or some other flag that affects NodeJS at the "root" level?
Pretty sure You are looking for dns.setDefaultResultOrder(order)
which allows you to set dns lookup priority: ipv4first and verbatim.
https://nodejs.org/api/dns.html#dnssetdefaultresultorderorder
Related
Now that we have a dynamic DNS resolving Backend with Haproxy 1.6, i've been wondering whether I can make resolving to endpoint to dynamic backends. Here's what I would be looking for:
resolvers docker
nameserver dnsmasq 127.0.0.1:53
defaults
mode http
log global
option httplog
frontend f_myapp
bind :443
default_backend b_myapp
backend b_myapp
server services *:443 check resolvers docker resolve-prefer ipv4
OR
server services [%Host]:443 check resolvers docker resolve-prefer ipv4
Having this would allow me not to have to touch haproxy's configuration but only use DNS to update the backend-routing.
Thanks
Alessandro
A server declared in HAProxy is a single destination IP address. Even if that IP address is dynamic and can change, as is now possible in 1.6, a server is only/always/ever a single destination, not a target that changes with each request. What you are contemplating is not consistent with the design of HAProxy.
Your back-end servers must be declared in advance. You can create dummies and modify them via the stats socket, and dynamic configuration can be accomplished by scripting the configuration-file-generating process (using external tools) and then reloading HAProxy but... it has no internal concept matching what you are contemplating.
Additionally, of course, even if it did, is a problem with your plan -- it represents a potential security hole: if HAProxy were to interpret %[Host] (which I assume refers to %[req.hdr(host)]) as an IP address, no resolution would be needed and you've just given internal access to anyone who passed an IP address in the Host header.
I'm writing a small DNS proxy. It listens for incoming UDP messages on a port and resolves them using a specified DNS (e.g. google's DNS 8.8.8.8) and sends the response back to the client.
I would like to be able to detect the default DNS a machines uses. Every OS has an option to obtain the DNS server address automatically. I was wondering how this is done. Is there a protocol on top of UDP or TCP, or something else entirely?
I'm using C#, but the language isn't important.
Finding which DNS the current computer uses as default is highly dependent on both which OS you use and which language you use. If you use Java or .NET, or another platform independent language you might not need to worry about the OS bit though.
Client computers usually "auto-discover" which DNS to use in the DHCP response from the DHCP server. That is when they receive their IP address they also get which DNS server to use. They might also get addresses to WINS servers and a multitude of custom options.
You can find the DNS server by typing ipconfig/all in coand prompt. This will gove you the address of your DNS server.
I set up a netfilter rule that balances DNS requests using the random mode of the statistics module with some NAT rules. That part worked well however when a DNS client sends all its requests from the same source port the DNS requests all are balanced to the same backend server.
I'm assuming this happens because the connection tracking identifies all the UDP packets as part of the same UDP connection. I couldn't find an easy fix for this, is there one?
In the case there isn't I will have to write some code to make things behave how I'd like. What is the proper approach to doing this?
My first thought was to create something similar to ip_conntrack_ftp that identifies DNS connections by using the ip source/dest as well as the DNS sequence number.
You shouldn't need anything that complicated - you just need to find a way to make the load balancer work "per packet" instead of "per flow".
I'm trying to create and run a Node.JS proxy in a machine that has a pool of IPv6 addresses. I want the proxy to randomly choose one of these addresses for each request (making it difficult for the websites to track record of users' requests).
With wget I can achieve this by using the attribute --bind-address as following:
wget --bind-address OUTGOING_IP http://www.example.com/
Is there any way to achieve the same behavior using Node.JS?
If you want to make outbound HTTP requests from different IPs, have a look for "localAddress" option under "http.request":
http://nodejs.org/docs/latest/api/http.html#http_http_request_options_callback
If you want to start a TCP server to listen on a particular IP bound to your host, you would probably want to specify it when you create the server [i.e. server.listen(PORT, HOST)]:
http://nodejs.org/docs/latest/api/net.html#net_class_net_server
-- ab1
I am implementing a dns client, in which i try to connect to a local dns server, but the dns server is returning the message with an error code 5 , which means that its refusing the connection.
Any thoughts on why this might be happening ?? Thanks
DNS response error code 5 ("Refused") doesn't mean that the connection to the DNS server is refused.
It means that the DNS server refuses to provide whatever data you asked for, or to do whatever action you asked it to do (for example a dynamic update).
Since you mention a "connection", I assume that you are using TCP?
DNS primarilly uses UDP, and some DNS servers will refuse all requests over TCP.
So the solution might be as simple as switching to UDP.
Otherwise, assuming you are building your own DNS client from scratch, my first guess would be that you are formatting the request incorrectly. Eventhough the DNS protocol seems fairly simple, it is very easy to get this wrong.
Finally, the DNS server may of course simply be configured to refuse requests for whatever you are asking.
explicitly adding the network from which i wanted to allow-recursion fixed this problem for me:
these two lines added to /etc/bind/named.conf.options
recursion yes;
allow-recursion { 10.2.0.0/16; };
Policy enforcement?
The DNS server could be configured to accept only connections from certain hosts.
Hmm, if you're able to access StackOverflow you have a working DNS server SOMEwhere. Try doing
host -v stackoverflow.com
and look for messages like
Received 50 bytes from 192.168.1.1#53 in 75 ms
then pick the address out of that line and use THAT as your DNS - it's obviously willing to talk to you.
If you're on Windows, use NSLOOKUP for the same purpose. Your name server's address will be SOMEwhere in the output.
EDIT:
When I'm stuck for a DNS server, I use the one whose address I can remember most easily: 4.2.2.2 . See how that works for you.
You might try monitoring the conversation using WireShark. It can also decode the packets for you, which might help you determine if your client's packets are correctly encoded. Just filter on port 53 (DNS) to limit the packets captured by the trace.
Also, make sure you're using UDP and not TCP for queries; TCP should be used primarily for zone transfers, not queries.