Skip to content
Snippets Groups Projects
Select Git revision
  • gpl-2
  • master default protected
  • redis
  • kdig_dnssec_valid
  • redis_squashed
  • 3.4 protected
  • onlinesign_interference
  • zone_load_from_dir
  • ctl_sockets_multi
  • redis-tls
  • incr_decr_as_in_c
  • python_libknot_api_doc
  • tests_socket_starting_dv
  • 3.3 protected
  • doc_backup_members
  • kxdpgun_latency
  • dbg_dname_v3.4.1
  • status_frozen_fix
  • memsan_fixes
  • gcc_warnings
  • v3.4.5 protected
  • v3.4.4 protected
  • v3.3.10 protected
  • v3.4.3 protected
  • v3.4.2 protected
  • v3.4.1 protected
  • v3.5.dev protected
  • v3.4.0 protected
  • v3.3.9 protected
  • v3.3.8 protected
  • v3.2.13 protected
  • v3.3.7 protected
  • v3.3.6 protected
  • v3.3.5 protected
  • v3.3.4 protected
  • v3.2.12 protected
  • v3.3.3 protected
  • v3.2.11 protected
  • v3.3.2 protected
  • v3.2.10 protected
40 results
Search by author
  • Any Author
  • Aleš Mrázek Aleš Mrázek amrazek
  • Daniel Salzman Daniel Salzman dsalzman
  • David Vasek David Vasek dvasek
  • Frantisek Tobias Frantisek Tobias ftobias
  • Hynek Šabacký Hynek Šabacký hsabacky
  • Jakub Ružička Jakub Ružička jruzicka
  • Jan Doskočil Jan Doskočil jan.doskocil
  • Jan Hák Jan Hák jhak
  • Ladislav Lhotka Ladislav Lhotka llhotka
  • Libor Peltan Libor Peltan lpeltan
  • Lukáš Ondráček Lukáš Ondráček londracek
  • Petr Špaček Petr Špaček isc-pspacek
  • Robert Edmonds Robert Edmonds edmonds
  • Štěpán Balážik Štěpán Balážik sbalazik
  • Tomas Krizek Tomas Krizek tkrizek
  • Vaclav Sraier Vaclav Sraier vsraier
  • Vladimír Čunát Vladimír Čunát vcunat
17 authors
  1. Jan 25, 2017
  3. Jan 17, 2017
  5. Jan 09, 2017
  7. Jan 08, 2017
  9. Jan 04, 2017
  11. Dec 29, 2016
  13. Dec 15, 2016
  15. Dec 06, 2016
  17. Oct 17, 2016
  19. Sep 23, 2016
  21. Sep 21, 2016
  23. Sep 13, 2016
  25. Aug 19, 2016
    • Robert Edmonds's avatar
      modules: Add new whoami module · b2c753d9
      Robert Edmonds authored and Daniel Salzman's avatar Daniel Salzman committed 
      This commit adds a new "whoami" module. It synthesizes an A or AAAA
record containing the query source IP address, at the apex of the zone
being served. It makes sure to allow Knot to generate cacheable negative
responses, and to allow fallback to extra records defined in the
underlying zone file. The TTL of the synthesized record is copied from
the TTL of the SOA record in the zone file.

Because a DNS query for type A or AAAA has nothing to do with whether
the query is occurs over IPv4 or IPv6, this module requires a special
zone configuration to support both address families. For A queries, the
underlying zone must have a set of nameservers that only have IPv4
addresses, and for AAAA queries, the underlying zone must have a set of
nameservers that only have IPv6 addresses.

To enable this module, you need to add something like the following to
the Knot configuration file:

    mod-whoami:
      - id: default

    zone:
      - domain: whoami.domain.example
        file: "/path/to/whoami.domain.example"
        module: [mod-whoami/default]

    zone:
      - domain: whoami6.domain.example
        file: "/path/to/whoami6.domain.example"
        module: [mod-whoami/default]

The whoami.domain.example zone file would look something like:

    $TTL 1

    @       SOA     (
                            whoami.domain.example.          ; MNAME
                            hostmaster.domain.example.      ; RNAME
                            2016051300                      ; SERIAL
                            86400                           ; REFRESH
                            86400                           ; RETRY
                            86400                           ; EXPIRE
                            1                               ; MINIMUM
                    )

    $TTL 86400

    @       NS      ns1.whoami.domain.example.
    @       NS      ns2.whoami.domain.example.
    @       NS      ns3.whoami.domain.example.
    @       NS      ns4.whoami.domain.example.

    ns1     A       198.51.100.53
    ns2     A       192.0.2.53
    ns3     A       203.0.113.53
    ns4     A       198.19.123.53

The whoami6.domain.example zone file would look something like:

    $TTL 1

    @       SOA     (
                            whoami6.domain.example.         ; MNAME
                            hostmaster.domain.example.      ; RNAME
                            2016051300                      ; SERIAL
                            86400                           ; REFRESH
                            86400                           ; RETRY
                            86400                           ; EXPIRE
                            1                               ; MINIMUM
                    )

    $TTL 86400

    @       NS      ns1.whoami6.domain.example.
    @       NS      ns2.whoami6.domain.example.
    @       NS      ns3.whoami6.domain.example.
    @       NS      ns4.whoami6.domain.example.

    ns1     AAAA    2001:db8:100::53
    ns2     AAAA    2001:db8:200::53
    ns3     AAAA    2001:db8:300::53
    ns4     AAAA    2001:db8:400::53

The parent domain would then delegate whoami.domain.example to
ns[1-4].whoami.domain.example and whoami6.domain.example to
ns[1-4].whoami6.domain.example, and include the corresponding A-only or
AAAA-only glue records.

To test this locally, I stubbed out the zones in my Unbound
configuration:

    server:
        domain-insecure: "whoami.domain.example"
        domain-insecure: "whoami6.domain.example"

    stub-zone:
        name: "whoami.domain.example"
        stub-addr: <IPv4 address that Knot listens on>

    stub-zone:
        name: "whoami6.domain.example"
        stub-addr: <IPv6 address that Knot listens on>
      b2c753d9
  27. Aug 06, 2016
  29. Aug 03, 2016
  31. Jul 20, 2016
  33. Jul 13, 2016
  35. Jun 27, 2016
  37. Jun 22, 2016
  39. Jun 10, 2016
  41. Jun 03, 2016
  43. Apr 13, 2016
  45. Mar 24, 2016
  47. Feb 09, 2016
  49. Jan 15, 2016
  51. Jan 14, 2016
  53. Jan 10, 2016
  55. Jan 08, 2016
  57. Dec 28, 2015
  59. Dec 18, 2015
  61. Dec 17, 2015
  63. Dec 11, 2015