mirage/ocaml-dns mirage/ocaml-dns

  • Stars
    star
    102
  • Rank 325,863 (Top 7 %)
  • Language
    OCaml
  • License
    BSD 2-Clause "Sim...
  • Created over 12 years ago
  • Updated 9 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mirage/ocaml-dns
github

mirage

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OCaml implementation of the DNS protocol

ocaml-dns - a Domain Name System (DNS) library

(c) 2017-2019 Hannes Mehnert (robur.io, Center for the Cultivation of Technology)

%%VERSION%%

This library supports most of the domain name system used in the wild. It adheres to strict conventions. Failing early and hard. It is mostly implemented in the pure fragment of OCaml (no mutation, isolated IO, no exceptions).

It all started out as an experiment to run a recursive resolver, but after initial prototypes it turned out that every configurable recursive resolver needs a fully-fledged authoritative nameserver as well (for overriding various zones such as .localhost and reverse lookups of RFC 1918 IP ranges).

Legacy resource record types are not dealt with, and there is no plan to support ISDN, MAILA, MAILB, WKS, MB, HINFO, ... . AXFR, IXFR, and UPDATE is only handled via TCP connections. The only resource class supported is IN (the Internet). Truncated hmac in TSIG are not supported (always the full length of the hash algorithm is used).

Please read the blog article for a more detailed overview.

This library is published under the 2 clause BSD license.

Supported RFCs

  • RFC 1034 Domain Names - Concepts and Facilities
  • RFC 1035 Domain Names - Implementation and Specification
  • RFC 1876 A Means for Expressing Location Information in the Domain Name System
  • RFC 1912 Common DNS Operational and Configuration Errors
  • RFC 1995 Incremental Zone Transfer in DNS
  • RFC 1996 A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
  • RFC 2136 Dynamic Updates in the domain name system (DNS UPDATE)
  • RFC 2181 Clarifications to the DNS Specification
  • RFC 2308 Negative Caching of DNS Queries (DNS NCACHE)
  • RFC 2782 A DNS RR for specifying the location of services (DNS SRV)
  • RFC 2845 Secret Key Transaction Authentication for DNS (TSIG)
  • RFC 3596 DNS Extensions to Support IP Version 6
  • RFC 4033 DNS Security Introduction and Requirements
  • RFC 4034 Resource Records for the DNS Security Extensions
  • RFC 4035 Protocol Modifications for the DNS Security Extensions
  • RFC 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
  • RFC 4343 Domain Name System (DNS) Case Insensitivity Clarification
  • RFC 4509 Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)
  • RFC 4592 The Role of Wildcards in the Domain Name System
  • RFC 4635 HMAC SHA TSIG Algorithm Identifiers
  • * RFC 5001 DNS Name Server Identifier (NSID) Option
  • RFC 5155 DNS Security (DNSSEC) Hashed Authenticated Denial of Existence
  • RFC 5358 Preventing Use of Recursive Nameservers in Reflector Attacks
  • RFC 5452 Measures for Making DNS More Resilient against Forged Answers
  • RFC 5936 DNS Zone Transfer Protocol (AXFR)
  • RFC 6594 Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records
  • RFC 6605 Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC
  • RFC 6698 The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA
  • RFC 6761 Special-Use Domain Names
  • * RFC 6762 Multicast DNS
  • RFC 6844 DNS Certification Authority Authorization (CAA) Resource Record
  • RFC 6890 Special-Purpose IP Address Registries
  • RFC 6891 Extension Mechanisms for DNS (EDNS(0))
  • RFC 6895 Domain Name System (DNS) IANA Considerations (BCP 42)
  • RFC 7129 Authenticated Denial of Existence in the DNS
  • RFC 7479 Using Ed25519 in SSHFP Resource Records
  • RFC 7626 DNS Privacy Considerations
  • RFC 7766 DNS Transport over TCP - Implementation Requirements
  • RFC 7816 DNS Query Name Minimisation to Improve Privacy
  • RFC 7828 The edns-tcp-keepalive EDNS0 Option
  • * RFC 7830 The EDNS(0) Padding Option
  • * RFC 7873 Domain Name System (DNS) Cookies
  • RFC 8080 Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC
  • RFC 8109 Initializing a DNS Resolver with Priming Queries
  • draft-ietf-dnsop-let-localhost-be-localhost-02 Let 'localhost' be localhost.

*: Please note that the RFCs marked with * are only partially implemented (i.e. only wire format, but no logic handling the feature).

Installation

You first need to install OCaml (at least 4.08.2) and opam, the OCaml package manager (at least 2.0.0) on your machine (you can use opam to install an up-to-date OCaml (opam switch 4.08.2)).

You may want to follow the mirage installation instructions to get mirage installed on your computer.

To minimize the amount of run-time dependencies for each individual functionality, the library is split into multiple opam packages (core, server, client, resolver, cli, certify), with multiple ocamlfind libraries for the different backends (no optional dependencies) -- i.e. dns-server.mirage contains the MirageOS-specific DNS server code.

Now the µDNS library is installed, and you can try out the examples. Find some examples at the unikernel repository.

Documentation

API documentation is available online.

Transition from older versions

The pre-4.0.0 versions of ocaml-dns had a significantly different interface, and so applications using them will need to be rewritten to follow the stricter coding style used in the post-4.0.0 branches. The major improvements from 1.x to the 4.x series are:

  • data (rrset) is defined in a single GADT in Rr_map
  • added support for: notify, dynamic update, zone transfer, tsig (hmac authentication), edns
  • no mutable data structures, leading to easier reasoning about library state
  • switched to an independent domain_name library which uses a faster and more compact string array instead of string list for storing domain names
  • integration with LetsEncrypt for provisioning valid X.509 certificates
  • no use of exceptions, instead preferring explicit result values from API functions

Please get in touch on [email protected] or on the Discuss forum at https://discuss.ocaml.org (with the mirageos tag) if you have any questions about migrating (or just general questions).

Development

To work with the opam packages provided when developing modifications to DNS, or when pinning a specific version, you will have to pin the same version for all of them:

: csh syntax
set version=4.99.0
set repo=git+https://github.com/mirage/ocaml-dns.git

# the -y parameter means "force" or
# "do go ahead and register a new package"

# the -n parameter means
# "just register the pin, don't actually install it yet"

foreach pkg ( dns dns-{certify,cli,client,resolver,server,mirage,tsig,stub} )
  opam pin add -y -n $pkg.$version --dev $repo
end
: bash syntax
version=4.99.0
repo=git+https://github.com/mirage/ocaml-dns.git

for pkg in dns dns-{certify,cli,client,resolver,server,mirage,tsig,stub}
do
  opam pin add -y -n $pkg.$version --dev $repo
done

Now you can install the packages you need, for instance:

opam install dns-client

or

opam install dns-resolver

More Repositories

1

mirage

MirageOS is a library operating system that constructs unikernels
OCaml
2,417
star
2

irmin

Irmin is a distributed database that follows the same design principles as Git
OCaml
1,742
star
3

ocaml-cohttp

An OCaml library for HTTP clients and servers using Lwt or Async
OCaml
644
star
4

alcotest

A lightweight and colourful test framework
OCaml
413
star
5

ocaml-git

Pure OCaml Git format and protocol
OCaml
349
star
6

mirage-tcpip

TCP/IP networking stack in pure OCaml, using the Mirage platform libraries. Includes IPv4/6, ICMP, and UDP/TCP support.
OCaml
321
star
7

jitsu

A DNS server that automatically starts unikernels on demand
OCaml
308
star
8

mirage-skeleton

Examples of simple MirageOS apps
OCaml
210
star
9

qubes-mirage-firewall

A Mirage firewall VM for QubesOS
OCaml
201
star
10

mirage-www

Website infrastructure and content for mirage.io
HTML
162
star
11

decompress

Pure OCaml implementation of Zlib.
OCaml
116
star
12

ocaml-cow

Caml on the Web (COW) is a set of parsers and syntax extensions to let you manipulate HTML, CSS, XML, JSON and Markdown directly from OCaml code.
OCaml
105
star
13

ocaml-cstruct

Map OCaml arrays onto C-like structs
OCaml
103
star
14

awa-ssh

Purely functional SSH library in ocaml.
OCaml
103
star
15

ocaml-github

GitHub APIv3 OCaml bindings
OCaml
99
star
16

ocaml-solo5

Freestanding OCaml runtime
C
98
star
17

ocaml-rpc

Light library to deal with RPCs in OCaml
OCaml
96
star
18

capnp-rpc

Cap'n Proto RPC implementation
OCaml
95
star
19

ocaml-uri

RFC3986 URI parsing library for OCaml
OCaml
93
star
20

digestif

Simple hash algorithms in OCaml
OCaml
86
star
21

ocaml-conduit

Dereference URIs into communication channels for Async or Lwt
OCaml
84
star
22

mirage-platform

Archived, see https://github.com/mirage/mirage/issues/1159 for details. Old: Core platform libraries for Mirage (UNIX and Xen). This provides the `OS` library which handles timers, device setup and the main loop, as well as the runtime for the Xen unikernel.
C
77
star
23

mirage-crypto

Cryptographic primitives for OCaml, in OCaml (also used in MirageOS)
C
74
star
24

xen

Unofficial mirror of xenbits.xen.org/xen.git
C
72
star
25

ocaml-crunch

Convert a filesystem into a static OCaml module
OCaml
70
star
26

mini-os

Mirror of the Xen MiniOS Git from git://xenbits.xen.org/mini-os.git
C
64
star
27

functoria

A DSL to invoke otherworldly functors
OCaml
63
star
28

ocaml-9p

An OCaml/Mirage-friendly implementation of the 9P protocol
OCaml
62
star
29

mirage-qubes

Mirage support for writing QubesOS AppVM unikernels
OCaml
60
star
30

xen-arm-builder

Archived - the Xen and ARM support in MirageOS has been superseeded by our PVH support - Build an SDcard image for Xen/ARM, for a Cubieboard
Shell
57
star
31

charrua

A DHCP library in OCaml
OCaml
55
star
32

orm

Object Relational Mapper extension
OCaml
54
star
33

eqaf

Constant time equal function to avoid timing attacks in OCaml
OCaml
50
star
34

ke

Fast implementation of queue in OCaml
HTML
49
star
35

ocaml-matrix

Implementation of a matrix server in OCaml for MirageOS
OCaml
49
star
36

ocaml-tar

Pure OCaml library to read and write tar files
OCaml
49
star
37

prometheus

OCaml library for reporting metrics to a Prometheus server
OCaml
48
star
38

conan

Like detective conan, find clue about the type of the file
OCaml
46
star
39

ocaml-vchan

Pure OCaml implementation of the "vchan" shared-memory communication protocol
OCaml
46
star
40

metrics

Infrastructure to collect metrics from OCaml applications.
OCaml
45
star
41

bechamel

Agnostic benchmark in OCaml (proof-of-concept)
OCaml
44
star
42

wodan

A Mirage filesystem library
OCaml
44
star
43

ocaml-base64

Base64 encoding and decoding in OCaml
OCaml
43
star
44

colombe

Implementation of SMTP protocols in OCaml
OCaml
42
star
45

ocaml-ipaddr

A library for manipulation of IP (and MAC) address representations
OCaml
41
star
46

mrmime

What do you mean?
OCaml
40
star
47

ezjsonm

An easy interface on top of the Jsonm library.
OCaml
40
star
48

index

A platform-agnostic multi-level index
OCaml
34
star
49

bloomf

Efficient Bloom filters for OCaml
OCaml
34
star
50

mirage-nat

library for network address translation intended for use with mirage unikernels
OCaml
31
star
51

emile

& images
OCaml
30
star
52

ocaml-hex

Hexadecimal converter
OCaml
29
star
53

ocaml-diet

A simple implementation of Discrete Interval Encoding Trees
OCaml
28
star
54

repr

OCaml
27
star
55

ptt

Postes, Télégraphes et Téléphones
OCaml
26
star
56

ocaml-fat

Read and write FAT format filesystems from OCaml
OCaml
26
star
57

encore

Synonym of angkor
OCaml
25
star
58

ocaml-magic-mime

Convert file extensions to MIME types
OCaml
24
star
59

irmin-server

A high-performance server for Irmin
OCaml
24
star
60

ocaml-lazy-trie

Lazy prefix trees in OCaml
OCaml
23
star
61

optint

Library to provide a fast integer (x64 arch) or allocated int32 (x84 arch)
OCaml
23
star
62

ocaml-pcap

OCaml code for generating and analysing pcap (packet capture) files
OCaml
22
star
63

qubes-mirage-skeleton

An example Mirage unikernel that runs as a Qubes AppVM
OCaml
22
star
64

duff

Pure OCaml implementation of libXdiff (Rabin's fingerprint)
OCaml
21
star
65

hacl

Archived. Curve25519 support has been integrated into mirage-crypto-ec (via fiat-crypto). Hacl bindings are available from the hacl-star opam package. OCaml bindings for HACL* elliptic curves
C
21
star
66

arp

Address resolution protocol (ARP) implementation in OCaml targeting MirageOS
OCaml
21
star
67

shared-memory-ring

Xen-style shared memory rings
OCaml
20
star
68

irmin-rpc

RPC client/server for Irmin
OCaml
20
star
69

typebeat

Parsing of the Content-Type header in pure OCaml
OCaml
20
star
70

ocaml-tuntap

Bindings to UNIX tuntap facilities
OCaml
20
star
71

mirage-lambda

An eDSL for MirageOS apps
OCaml
19
star
72

merge-queues

Mergeable queues
OCaml
19
star
73

mirage-solo5

Solo5 core platform libraries for MirageOS
OCaml
19
star
74

ocaml-qcow

Pure OCaml code for parsing, printing, modifying .qcow format data
OCaml
19
star
75

mirage-xen

Xen core platform libraries for MirageOS
C
18
star
76

mirage-profile

Collect profiling information
OCaml
18
star
77

ocaml-vmnet

NATed networking on MacOS X using the vmnet framework
OCaml
18
star
78

mirage-clock

Portable clock implementation for Unix and Xen
OCaml
18
star
79

ocaml-mbr

A simple library for manipulating Master Boot Records
OCaml
18
star
80

cactus

A Btree library in OCaml
OCaml
17
star
81

mirage-dev

Development OPAM repository for work-in-progress packages
16
star
82

mirage-fs-unix

Unix Filesystem passthrough for MirageOS
OCaml
16
star
83

mirage-vnetif

Virtual network interface and software bridge for Mirage
OCaml
16
star
84

spamtacus

Ocaml modular spam filter
OCaml
15
star
85

irmin-rs

Rust
15
star
86

checkseum

C
15
star
87

ocaml-hvsock

Bindings for hypervisor sockets, for Linux, Windows and macOS (via Hyperkit)
OCaml
14
star
88

mirage-handbook

WIP Handbook for MirageOS
14
star
89

ca-certs

Detect root CA certificates from the operating system
OCaml
14
star
90

irmin-watcher

Portable implementation of the Irmin Watch API
OCaml
14
star
91

retreat.mirage.io

Microsite for the MirageOS hack retreats
OCaml
14
star
92

mmap

File mapping
OCaml
13
star
93

mirage-decks

These are the MirageOS slide decks, written as a self-hosting unikernel
HTML
13
star
94

ezxmlm

Like the tax form, this is an easier interface for quick n dirty XMLM scripts
OCaml
13
star
95

mirage-unix

Unix core platform libraries for MirageOS
OCaml
13
star
96

ocaml-gpt

A simple library for manipulating GUID partition tables
OCaml
12
star
97

irmin.org

Irmin website
CSS
12
star
98

mirage-console

Portable console handling for Mirage applications
OCaml
12
star
99

mirage-net-xen

Xen Netfront and Netback ethernet device drivers for Mirage
OCaml
12
star
100

ocaml-openflow

OCaml
12
star