Shaman
Small, clusterable, lightweight, api-driven dns server.
Quickstart:
# Start shaman with defaults (requires admin privileges (port 53))
shaman -s
# register a new domain
shaman add -d nanopack.io -A 127.0.0.1
# perform dns lookup
# OR `nslookup -port=53 nanopack.io 127.0.0.1`
dig @localhost nanopack.io +short
# 127.0.0.1
# Congratulations!Usage:
As a CLI
Simply run shaman <COMMAND>
shaman or shaman -h will show usage and a list of commands:
shaman - api driven dns server
Usage:
shaman [flags]
shaman [command]
Available Commands:
add Add a domain to shaman
delete Remove a domain from shaman
list List all domains in shaman
get Get records for a domain
update Update records for a domain
reset Reset all domains in shaman
Flags:
-C, --api-crt string Path to SSL crt for API access
-a, --api-domain string Domain of generated cert (if none passed) (default "shaman.nanobox.io")
-k, --api-key string Path to SSL key for API access
-p, --api-key-password string Password for SSL key
-H, --api-listen string Listen address for the API (ip:port) (default "127.0.0.1:1632")
-c, --config-file string Configuration file to load
-O, --dns-listen string Listen address for DNS requests (ip:port) (default "127.0.0.1:53")
-d, --domain string Parent domain for requests (default ".")
-f, --fallback-dns Fallback dns server address (ip:port), if not specified fallback is not used
-i, --insecure Disable tls key checking (client) and listen on http (api). Also disables auth-token
-2, --l2-connect string Connection string for the l2 cache (default "scribble:///var/db/shaman")
-l, --log-level string Log level to output [fatal|error|info|debug|trace] (default "INFO")
-s, --server Run in server mode
-t, --token string Token for API Access (default "secret")
-T, --ttl int Default TTL for DNS records (default 60)
-v, --version Print version info and exit
Use "shaman [command] --help" for more information about a command.
For usage examples, see api and/or cli readme
As a Server
To start shaman as a server run:
shaman --server
An optional config file can also be passed on startup:
shaman -c config.json
config.json
{ "api-domain": "shaman.nanobox.io", "api-crt": "", "api-key": "", "api-key-password": "", "api-listen": "127.0.0.1:1632", "token": "secret", "insecure": false, "l2-connect": "scribble:///var/db/shaman", "ttl": 60, "domain": ".", "dns-listen": "127.0.0.1:53", "log-level": "info", "server": true }
L2 connection strings
Scribble Cacher
The connection string looks like scribble://localhost/path/to/data/store.
API:
| Route | Description | Payload | Output |
|---|---|---|---|
| POST /records | Adds the domain and full record | json domain object | json domain object |
| PUT /records | Update all domains and records (replaces all) | json array of domain objects | json array of domain objects |
| GET /records | Returns a list of domains we have records for | nil | string array of domains |
| PUT /records/{domain} | Update domain's records (replaces all) | json domain object | json domain object |
| GET /records/{domain} | Returns the records for that domain | nil | json domain object |
| DELETE /records/{domain} | Delete a domain | nil | success message |
note: The API requires a token to be passed for authentication by default and is configurable at server start (--token). The token is passed in as a custom header: X-AUTH-TOKEN.
For examples, see the api's readme
Overview
+------------+ +----------+ +-----------------+
| +-----> +-----> |
| API Server | | | | Short-Term |
| <-----+ Caching <-----+ (in-memory) |
+------------+ | And | +-----------------+
| Database |
+------------+ | Manager | +-----------------+
| +-----> +-----> |
| DNS Server | | | | Long-Term (L2) |
| <-----+ <-----+ |
+------------+ +----------+ +-----------------+Data types:
Domain (Resource):
json:
{
"domain": "nanopack.io.",
"records": [
{
"ttl": 60,
"class": "IN",
"type": "A",
"address": "127.0.0.1"
},
{
"ttl": 60,
"class": "IN",
"type": "A",
"address": "127.0.0.2"
}
]
}Fields:
- domain: Domain name to resolve
- records: Array of address records
- ttl: Seconds a client should cache for
- class: Record class
- type: Record type
- A - Address record
- CNAME - Canonical name record
- MX - Mail exchange record
- Many more - may or may not work as is
- address: Address domain resolves to
- note: Special rules apply in some cases. E.g. MX records require a number "10 mail.google.com"
Error:
json:
{
"err": "exit status 2: unexpected argument"
}Fields:
- err: Error message
Message:
json:
{
"msg": "Success"
}Fields:
- msg: Success message
Todo
- atomic local cache updates
- export in hosts file format
- improve scribble add (adding before stored in cache overwrites)
Changelog
- v0.0.2 (May 11, 2016)
- Refactor to allow multiple records per domain and more fully utilize dns library
- v0.0.3 (May 12, 2016)
- Tests for DNS server
- Start Server Insecure
- v0.0.4 (Aug 16, 2016)
- Postgresql as a backend
Contributing
Contributions to shaman are welcome and encouraged. Shaman is a Nanobox project and contributions should follow the Nanobox Contribution Process & Guidelines.
