zishuo/nip
1
0
Fork 0
mirror of https://github.com/cunnie/sslip.io.git synced 2025-10-04 07:16:33 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

PTR domain is now configurable, defaults to nip.io

Browse Source 
Default PTR record domain has changed from "sslip.io" to "nip.io".
For example, `dig -x 127.0.0.1 @ns.nip.io` previously returned
`127-0-0-1.sslip.io.`, now returns `127-0-0-1.nip.io.`

Previously, the PTR domain was hard-coded to `sslip.io.`, but this
commit introduces two changes:

- the default PTR domain is now `nip.io.`. Hey, it's shorter.
- the PTR domain can now be set with the `-ptr-domain` flag, e.g. `go
  run main.go -ptr-domain=xip.example.com` and then querying `dig -x
  169.254.169.254` would return `169-254-169-254.xip.example.com.`

Notes:

- Our new flag, `-ptr-domain`, follows the kebab-case convention of
  Golang flags, but this is inconsistent with our previous camelCase
  convention, e.g. `-blocklistURL`. We didn't know any better, and it's
  too late to change existing flags.
- removed two comment-out `panic()` whose purpose has long since been
  forgotten
- I don't feel bad about changing the default behavior because hardly
  anyone uses PTR lookups. Out of 12,773,617,290 queries, only 1564 were
  PTR records (0.000012%)!
- In that vein, I acknowledge that this is a feature that no one's
  clamoring for, no one will use, but it's important to me for reasons
  that I don't fully understand.
This commit is contained in:
Brian Cunnie
2025-07-29 06:56:02 -07:00
parent 747843f600
commit 14d1aa9fe7
5 changed files with 123 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
integration_flags_test.go
View File

@@ -266,4 +266,96 @@ var _ = Describe("flags", func() {
})
})
})
When("-ptr-domain is set", func() {
When("doing a reverse-lookup of an IPv4 address", func() {
BeforeEach(func() {
flags = []string{"-ptr-domain=" + "hp.com."}
})
It("should return the PTR record with the 'hp.com.' domain", func() {
digArgs := "@localhost -x 127.0.0.2 -p " + strconv.Itoa(port)
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`))
Eventually(digSession).Should(Say(`2.0.0.127.in-addr.arpa. 604800 IN PTR 127-0-0-2.hp.com.`))
Eventually(digSession, 1).Should(Exit(0))
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 2\.0\.0\.127\.in-addr\.arpa\. \? 127-0-0-2\.hp\.com\.`))
})
})
When("the PTR domain is set without a trailing dot", func() {
BeforeEach(func() {
flags = []string{"-ptr-domain=" + "ibm.com"}
})
It("should return the PTR record with the 'ibm.com.' domain", func() {
digArgs := "@localhost -x 127.0.0.3 -p " + strconv.Itoa(port)
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`))
Eventually(digSession).Should(Say(`3.0.0.127.in-addr.arpa. 604800 IN PTR 127-0-0-3.ibm.com.`))
Eventually(digSession, 1).Should(Exit(0))
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 3\.0\.0\.127\.in-addr\.arpa\. \? 127-0-0-3\.ibm\.com\.`))
})
})
When("the PTR domain is a mere '.'", func() {
BeforeEach(func() {
flags = []string{"-ptr-domain=" + "."}
})
It("should return the PTR record with the '.' domain (no double-dot, '..')", func() {
digArgs := "@localhost -x 127.0.0.4 -p " + strconv.Itoa(port)
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`))
Eventually(digSession).Should(Say(`4.0.0.127.in-addr.arpa. 604800 IN PTR 127-0-0-4.\n`))
Eventually(digSession, 1).Should(Exit(0))
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 4\.0\.0\.127\.in-addr\.arpa\. \? 127-0-0-4\.\n`))
})
})
When("the PTR domain is an empty string", func() {
BeforeEach(func() {
flags = []string{"-ptr-domain="}
})
It("should return the PTR record with the '.' domain", func() {
digArgs := "@localhost -x 127.0.0.5 -p " + strconv.Itoa(port)
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`))
Eventually(digSession).Should(Say(`5.0.0.127.in-addr.arpa. 604800 IN PTR 127-0-0-5.\n`))
Eventually(digSession, 1).Should(Exit(0))
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 5\.0\.0\.127\.in-addr\.arpa\. \? 127-0-0-5\.\n`))
})
})
When("the PTR record queried is IPv6", func() {
BeforeEach(func() {
flags = []string{}
})
It("should return the PTR record with the 'nip.io.' domain", func() {
digArgs := "@localhost -x 2601:646:100:69f0:8ab:8f21:27de:5375 -p " + strconv.Itoa(port)
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`))
Eventually(digSession).Should(Say(`5.7.3.5.e.d.7.2.1.2.f.8.b.a.8.0.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. 604800 IN PTR 2601-646-100-69f0-8ab-8f21-27de-5375.nip.io.\n`))
Eventually(digSession, 1).Should(Exit(0))
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 5.7.3.5.e.d.7.2.1.2.f.8.b.a.8.0.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? 2601-646-100-69f0-8ab-8f21-27de-5375.nip.io.\n`))
})
})
When("the PTR domain is set and the PTR record queried is IPv6", func() {
BeforeEach(func() {
flags = []string{"-ptr-domain=att.com"}
})
It("should return the PTR record with the 'nip.io.' domain", func() {
digArgs := "@localhost -x 2601:646:100:69f0:8ab:8f21:27de:5375 -p " + strconv.Itoa(port)
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`))
Eventually(digSession).Should(Say(`5.7.3.5.e.d.7.2.1.2.f.8.b.a.8.0.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. 604800 IN PTR 2601-646-100-69f0-8ab-8f21-27de-5375.att.com.\n`))
Eventually(digSession, 1).Should(Exit(0))
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 5.7.3.5.e.d.7.2.1.2.f.8.b.a.8.0.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? 2601-646-100-69f0-8ab-8f21-27de-5375.att.com.\n`))
})
})
})
})

22
integration_test.go
View File

@@ -132,10 +132,10 @@ var _ = Describe("sslip.io-dns-server", func() {
"@127.0.0.1 example.com txt +short",
`\A\z`,
`TypeTXT example.com. \? nil, SOA example.com. briancunnie.gmail.com. 20250723 900 900 1800 180\n`),
Entry(`get a PTR for 1.0.168.192.in-addr.arpa returns 192-168-0-1.sslip.io`,
Entry(`get a PTR for 1.0.168.192.in-addr.arpa returns 192-168-0-1.nip.io`,
"@127.0.0.1 ptr -x 192.168.0.1 +short",
`\A192-168-0-1.sslip.io.\n\z`,
`TypePTR 1.0.168.192.in-addr.arpa. \? 192-168-0-1.sslip.io.`),
`\A192-168-0-1.nip.io.\n\z`,
`TypePTR 1.0.168.192.in-addr.arpa. \? 192-168-0-1.nip.io.`),
Entry(`get a PTR for 1.0.0.127.blah.in-addr.arpa returns no records; "blah.in-addr.arpa is not a valid domain."`,
"@127.0.0.1 1.0.0.127.blah.in-addr.arpa ptr +short",
`\A\z`,
@@ -148,10 +148,10 @@ var _ = Describe("sslip.io-dns-server", func() {
"@127.0.0.1 0.0.127.in-addr.arpa ptr +short",
`\A\z`,
`TypePTR 0.0.127.in-addr.arpa. \? nil, SOA sslip.io. briancunnie.gmail.com. 20250723 900 900 1800 180\n`),
Entry(`get a PTR for 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa returns 2601-646-100-69f0-14ce-6eea-9204-bba2.sslip.io`,
Entry(`get a PTR for 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa returns 2601-646-100-69f0-14ce-6eea-9204-bba2.nip.io`,
"@127.0.0.1 ptr -x 2601:646:100:69f0:14ce:6eea:9204:bba2 +short",
`\A2601-646-100-69f0-14ce-6eea-9204-bba2.sslip.io.\n\z`,
`TypePTR 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? 2601-646-100-69f0-14ce-6eea-9204-bba2.sslip.io.`),
`\A2601-646-100-69f0-14ce-6eea-9204-bba2.nip.io.\n\z`,
`TypePTR 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? 2601-646-100-69f0-14ce-6eea-9204-bba2.nip.io.`),
Entry(`get a PTR for 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.blah.ip6.arpa returns no records; "blah isn't a valid subdomain'"`,
"@127.0.0.1 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.blah.ip6.arpa ptr +short",
`\A\z`,
@@ -166,12 +166,12 @@ var _ = Describe("sslip.io-dns-server", func() {
`TypePTR b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? nil, SOA sslip.io. briancunnie.gmail.com. 20250723 900 900 1800 180\n`),
Entry(`TODO: should, but doesn't, return an IDNA2008-compliant record for ::1`,
"@127.0.0.1 -x ::1 +short",
`\A--1.sslip.io.\n\z`,
`TypePTR 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. \? --1.sslip.io.\n`),
`\A--1.nip.io.\n\z`,
`TypePTR 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. \? --1.nip.io.\n`),
Entry(`TODO: should, but doesn't, return an IDNA2008-compliant record for 2600::`,
"@127.0.0.1 -x 2600:: +short",
`\A2600--.sslip.io.\n\z`,
`TypePTR 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.2.ip6.arpa. \? 2600--.sslip.io.\n`),
`\A2600--.nip.io.\n\z`,
`TypePTR 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.2.ip6.arpa. \? 2600--.nip.io.\n`),
Entry(`over TCP, A (customized) for sslip.io`,
"@localhost sslip.io +short +vc",
`\A78.46.204.247\n\z`,
@@ -222,7 +222,7 @@ var _ = Describe("sslip.io-dns-server", func() {
digCmd = exec.Command("dig", strings.Split(digArgs, " ")...)
digSession, err = Start(digCmd, GinkgoWriter, GinkgoWriter)
Expect(err).ToNot(HaveOccurred())
expectedPtr := strings.ReplaceAll(addr.String(), ":", "-") + ".sslip.io."
expectedPtr := strings.ReplaceAll(addr.String(), ":", "-") + ".nip.io."
Eventually(digSession).Should(Say(expectedPtr))
Eventually(digSession, 1).Should(Exit(0))
}

3
main.go
View File

@@ -66,12 +66,13 @@ func main() {
var bindPort = flag.Int("port", 53, "port the DNS server should bind to")
var quiet = flag.Bool("quiet", false, "suppresses logging of each DNS response. Use this to avoid Google Cloud charging you $30/month to retain the logs of your GKE-based sslip.io server")
var public = flag.Bool("public", true, "allows resolution of public IP addresses. If false, only resolves private IPs including localhost (127/8, ::1), link-local (169.254/16, fe80::/10), CG-NAT (100.64/12), private (10/8, 172.16/12, 192.168/16, fc/7). Set to false if you don't want miscreants impersonating you via public IPs. If unsure, set to false")
var ptrDomain = flag.String("ptr-domain", "nip.io.", "the domain to use for PTR records, e.g. if 'nip.io', 127-0-0-1.nip.io.")
flag.Parse()
log.Printf("%s version %s starting", os.Args[0], xip.VersionSemantic)
log.Printf("blocklist URL: %s, name servers: %s, bind port: %d, quiet: %t",
*blocklistURL, *nameservers, *bindPort, *quiet)
x, logmessages := xip.NewXip(*blocklistURL, strings.Split(*nameservers, ","), strings.Split(*addresses, ","), strings.Split(*delegates, ","))
x, logmessages := xip.NewXip(*blocklistURL, strings.Split(*nameservers, ","), strings.Split(*addresses, ","), strings.Split(*delegates, ","), *ptrDomain)
x.Public = *public
for _, logmessage := range logmessages {
log.Println(logmessage)

15
xip/xip.go
View File

@@ -33,6 +33,7 @@ type Xip struct {
BlocklistUpdated time.Time // The most recent time the Blocklist was updated
NameServers []dnsmessage.NSResource // The list of authoritative name servers (NS)
Public bool // Whether to resolve public IPs; set to false if security-conscious
PtrDomain string // The domain to use for PTR records, e.g. if "nip.io", `dig -x 127.0.0.1` will return "127-0-0-1.nip.io."
}
// Metrics contains the counters of the important/interesting queries
@@ -218,7 +219,7 @@ type Response struct {
}
// NewXip follows convention for constructors: https://go.dev/doc/effective_go#allocation_new
func NewXip(blocklistURL string, nameservers []string, addresses []string, delegates []string) (x *Xip, logmessages []string) {
func NewXip(blocklistURL string, nameservers []string, addresses []string, delegates []string, ptrDomain string) (x *Xip, logmessages []string) {
x = &Xip{Metrics: Metrics{Start: time.Now()}}
// Download the blocklist
@@ -356,6 +357,14 @@ func NewXip(blocklistURL string, nameservers []string, addresses []string, deleg
time.Sleep(250 * time.Millisecond)
}
}()
x.PtrDomain = ptrDomain
if !strings.HasSuffix(x.PtrDomain, ".") {
x.PtrDomain += "." // always end with a dot lest the DNS server appends the search domains
}
if x.PtrDomain == "." {
x.PtrDomain = "" // corner-case: if top-level, we don't want to append _two_ dots (e.g. "127-0-0-1..")
}
logmessages = append(logmessages, fmt.Sprintf(`Setting PTR domain to "%s"`, x.PtrDomain))
return x, logmessages
}
@@ -994,7 +1003,7 @@ func (x *Xip) PTRResource(fqdn []byte) *dnsmessage.PTRResource {
reversedIPv4address[1],
reversedIPv4address[0],
})
ptrName, err := dnsmessage.NewName(strings.ReplaceAll(ip.String(), ".", "-") + ".sslip.io.")
ptrName, err := dnsmessage.NewName(strings.ReplaceAll(ip.String(), ".", "-") + "." + x.PtrDomain)
if err != nil {
return nil
}
@@ -1020,7 +1029,7 @@ func (x *Xip) PTRResource(fqdn []byte) *dnsmessage.PTRResource {
if ip == nil {
return nil
}
ptrName, err := dnsmessage.NewName(strings.ReplaceAll(ip.String(), ":", "-") + ".sslip.io.")
ptrName, err := dnsmessage.NewName(strings.ReplaceAll(ip.String(), ":", "-") + "." + x.PtrDomain)
if err != nil {
return nil
}

14
xip/xip_test.go
View File

@@ -90,7 +90,7 @@ var _ = Describe("Xip", func() {
Describe("NSResources()", func() {
When("we use the default nameservers", func() {
var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{})
var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}, "")
It("returns the name servers", func() {
randomDomain := testhelper.Random8ByteString() + ".com."
ns := x.NSResources(randomDomain)
@@ -123,13 +123,13 @@ var _ = Describe("Xip", func() {
When("we delegate domains to other nameservers", func() {
When(`we don't use the "=" in the arguments`, func() {
It("returns an informative log message", func() {
var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{"noEquals"})
var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{"noEquals"}, "")
Expect(strings.Join(logs, "")).To(MatchRegexp(`"-delegates: arguments should be in the format "delegatedDomain=nameserver", not "noEquals"`))
})
})
When(`there's no "." at the end of the delegated domain or nameserver`, func() {
It(`helpfully adds the "."`, func() {
var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{"a=b"})
var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{"a=b"}, "")
Expect(strings.Join(logs, "")).To(MatchRegexp(`Adding delegated NS record "a\.=b\."`))
ns := x.NSResources("a.")
Expect(len(ns)).To(Equal(1))
@@ -138,7 +138,7 @@ var _ = Describe("Xip", func() {
})
})
When("we override the default nameservers", func() {
var x, _ = xip.NewXip("file:///", []string{"mickey", "minn.ie.", "goo.fy"}, []string{}, []string{})
var x, _ = xip.NewXip("file:///", []string{"mickey", "minn.ie.", "goo.fy"}, []string{}, []string{}, "")
It("returns the configured servers", func() {
randomDomain := testhelper.Random8ByteString() + ".com."
ns := x.NSResources(randomDomain)
@@ -236,9 +236,8 @@ var _ = Describe("Xip", func() {
})
When(`the domain "metrics.status.sslip.io" is queried`, func() {
// the simpler "var x xip.Xip" causes the metrics test to hang
var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{})
var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}, "")
It("returns metrics information", func() {
// panic("I love my dog!")
txts, err := x.TXTResources("metrics.status.sslip.io.", nil)
Expect(err).To(Not(HaveOccurred()))
Expect(len(txts)).To(Equal(12))
@@ -258,9 +257,8 @@ var _ = Describe("Xip", func() {
})
When(`the domain "metrics.status.nip.io" is queried`, func() {
// the simpler "var x xip.Xip" causes the metrics test to hang
var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{})
var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}, "")
It("returns metrics information", func() {
// panic("I love my dog!")
txts, err := x.TXTResources("metrics.status.nip.io.", nil)
Expect(err).To(Not(HaveOccurred()))
Expect(len(txts)).To(Equal(12))