Could you please cite references/books for more details about Dynamic DNS? I've already tried Wikipedia, IEEE papers and RFCs for all those people rolling their eyes reading this. So please, any inputs are welcome. I need help implementing it in a project and would love to know more about it. Thanks.
Dynamic DNS is a concept of updating DNS records on-the-fly, as opposed to normal (static) DNS where change in a DNS records required manual intervention.
Dynamic DNS means that you have some DNS server, and you may programmatically update records on it. This can be achieved in different ways:
RFC 2136 dynamic DNS. It's an extension to good ol' DNS protocol which allows not obtaining DNS records, but updating them. Most DNS servers today (for example BIND9 and PowerDNS) support this protocol. Documentation sources: RFC 2136 defines the protocol. nsupdate is the command line tool which supports this protocol, read man nsupdate. For details on how to configure BIND9 for dynamic updates, refer to the BIND9 ARM. Libraries exist for most languages which allow Dynamic DNS updates using this protocol. For PHP for example, it's Net_DNS2. It's not well documented, but sites have nice examples which easily allowed me to use it.
Some DNS servers (especially PowerDNS) can read their DNS records from database back-end. Thus it makes possible to write new DNS records into normal SQL database, and server just takes them from there. Documentation sources: If you choose this way I very suggest to use PowerDNS, look for documentation on PowerDNS site.
If updates are not frequent, it's also possible to update text zone files on the DNS server and then request server to re-read the updated zone files. Though this is probably not a convenient way. All major DNS servers support same zone file format, I find DNS for Rocket Scientists excellent.
Now, there's a completely different side of dynamic DNS is a dynamic DNS services like to no-ip.com, my own net-me.net and many others. They all expose some HTTP-based API (usually very simple) to update DNS records, and often provide a GUI client software which actually updates them. Quick overview on the update protocol, the client and the whole process you can get here. As no standard exists, every provider uses his own variation of the protocol, usually they all look quite similar. (All these Dynamic DNS providers internally use some sort of 1.2.3. described above.)
The last but not least - there's a great Oreilly book - DNS and BIND 5th edition which covers all possible aspects of DNS.
Related
I've discovered a couple Node.js modules that allow for checking DNS records for domains, but none that allow for changing and setting DNS records to update domains.
Is what I'm asking even possible? I'm just looking for a step in the right direction.
I am using DNS Made Easy for my DNS servers, if that helps.
I think it really depends on the DNS server you're using. There are some standardized ways to update DNS servers - see https://en.wikipedia.org/wiki/Dynamic_DNS, or if you're using a service like afraid.org, then they have a REST-ish/HTTP endpoint you can call to update DNS records. There's no reason you couldn't initiate that call from node.js. That said - if you're trying to do real DDNS, you might have to implement a more tricky protocol to get it to happen. Some DNS servers just read text files from the disk, so you could also build something that updates those files and the domain serial number and reloads the server when an update occurs. TL;DR: it's possible, but you might have to implement some tricky stuff to get it to work.
To PROGRAMMATICALLY verify if a domain exists I do the following:
DNS Query it and see if it resolves. If it does, it's obviously registered. So no need for step 2. If it doesn't, it might STILL be registered. So a whois check is required.
Backtrack from whois.iana.org and see if the designated whois server knows the domain or not.
Well, whois is not really meant for bulk checking. Not to mention that the RFC has only 4 pages and there's no clear specifications as to the format or even the encoding of the data. So you pretty much have to train the parser for each specific answer format (server).
Is there a way to circumvent the whois query and check (as close to the metal as possible) if the domain is registered in another (publicly available) standardized (preferably free or affordable) way? And not by downloading the TLD zone file or using third-party APIs (as they have a bad habit of snatching domains that you check before you get to register them). :)
I know registrars have their own protocol but I'm not sure if it's open to public use.
There isn't really any good way to do this accurately without looking at zone files or checking directly with the registry, unfortunately.
Registrars typically use a protocol like EPP to talk to a registry, check name availability and place orders. It's unlikely that anyone other than an accredited registrar would be permitted to use this protocol, but it may be worth checking with the registry that manages the TLDs you are interested in, e.g. Verisign.
I'd (personally) be wary of relying too much on DNS queries or WHOIS lookups to ascertain whether a particular domain exists, as both can produce inaccurate results from time to time. For example, certain TLDs have name servers configured for any unregistered domain name (they often direct you to the registry's website). The Vietnamese registry is one example of this. WHOIS lookups can fail for any number of reasons, so lack of a record is not concrete evidence of the domain's availability.
I'm trying to create an automated bulk domain name availability lookup service. I'm wondering if there are guidelines available as to how many lookups are allowed from a single ip address in a set period of time?
Edit
To add further clarification I am automating using multiple calls to the command terminal whois command, not through any particular website.
Whois bulk lookup limitations are usually enforced on the source IP seen by the whois server in the query. The solution is to bounce around as many IPs as possible by using proxies, server farms, web based whois forms, etc.
Each registry/Registrar has its own throttle rule, as an example: godaddy only allows 100 or less queries from any IP.
Why do browsers not use SRV records?
It seems like a minimal amount of work and it will make the server-side implementation of reliable websites much simpler.
For example, you can specify tiers, such that www.example.com resolves to 1.2.3.4 and 2.3.4.5, and only if neither of those are available, try 4.5.6.7.
SRV records have been around for years...
Is there something I'm missing here?
The RFC for SRV records specifies that it may not be used by pre-existing protocols which did not already specify the use of SRV records in their specifications. I.e. no SRV in the HTTP spec - browsers are, by the SRV standard, prohibited from using it.
This does not prohibit a new HTTP 1.2 standard from specifying the use of SRV records, though. However, Mark Andrews proposed this in April 2007 to the IETF HTTP working group, but got no response.
There have been two efforts to introduce this that I know of:
draft-andrews-http-srv (2002)
draft-jennings-http-srv (2009)
The "Open Issues" paragraph of the latter draft is illuminating:
The big open issue seems to be if one should just update the HTTP
scheme to do this SRV lookup and not create a new scheme. The 00
version of this draft did that. A new scheme makes this somewhat
unusable for general web surfing while using the old scheme results
in a very long transition times where different clients resolve URLs
in different ways.
and that is the crux of the matter. If your site relies on SRV records to be found, it won't work for some users until every browser supports it.
Would you take that risk, without some sort of transition mechanism?
Jonathan de Boyne Pollard provides the following Frequently Given Answer.
You've come to this page because you've said something similar to the following:
SRV record support hasn't even made it into web browsers yet, let alone clients of less-common protocols.
This is the Frequently Given Answer to such statements.
Because:
The current HTTP RFC does not specify a symbolic service name for use in SRV records and does not specify that SRV records should be used (cf. RFC 2782, Applicability Statement).
It may negatively impact the latency in browsers and browser vendors want to first see it standardized for http by the IETF (cf. chromium bug report)
It may be kind of complex to integrate it into existing browsers (cf. firefox bug report)
Vendors don't want to say why (cf. webkit bug report)
The latest draft for adding SRV records to HTTP is andrews-http-srv-02 from 2014 which includes security and transitional considerations. It is more complete than the jennings-http-srv-05 draft from 2009. For example, it specifies a security relevant algorithm for choosing the port when it is given in the URL and there is a SRV record (which also includes a port field) - where the jennings draft does not look into this issue.
I was hoping they would standardize SRV for years, but no luck.
For most, this would be essential, only scalability outweighs the disadvantages, everything they say about speed and compatibility is just a bad excuse. If the server wants SRV records to be analyzed and applied, why not provide this option to users?
About compatibility and other issues - we live in the era of DoH, DoQ, DoT, which are not super-compatible, fast, but very useful, forge metal when it's hot, find no excuses, just do it.
I have to implement a DNS server in C and I don't know where to start. What are all the features that a DNS has...how can I implement a bare-bones DNS in single C file.
I don't even want to use a Database, just a file will work.
Thank you in advance
That's big for homework! Your teacher is ambitious. Implementing DNS
requires reading at least ten complicated RFC (not mentioning DNSSEC...) Do
not limit yourself to RFC 1034 and 1035, there are mandatory
RFC after (such as 2181 and 2671). See a nice graph of them.
Is it an authoritative name server or a recursive one?
Do you have to do it from scratch? If not, I strongly suggest to start
with the evldns library, which allows you to write an
anthoritative name server in 200 lines of C.
Otherwise, the usual advice applies: read source code (I suggest
nsd for an authoritative server and unbound for a recursive
one).
DNS is a big spec. If you really want DNS, use a DNS server. So if you want something really quick and dirty, why not just write a program that edits your hosts file (C:\windows\system32\drivers\etc\hosts or /etc/hosts (on UNIX)?)
dns.net points up RFC 1034: DOMAIN NAMES - CONCEPTS AND FACILITIES and RFC 1035: DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION as the definitive references.
As a topical plus, wow your teacher by including some non-ascii IDN names in your toy lookup list.
The RFCs that the protocol is based on can be found here: http://www.zoneedit.com/doc/rfc/
There are also several explanations of the protocol that should be useful to be found around the internet, such as this one: http://www.windowsnetworking.com/articles_tutorials/Understanding-DNS-Protocol-Part1.html
This should get you started.
This example uses BSD sockets to build a simple DNS resolver.
http://www.binarytides.com/blog/dns-query-code-in-c-with-winsock-and-linux-sockets/