From 14d1aa9fe77224220b90a2c9e394d338669b0bdd Mon Sep 17 00:00:00 2001 From: Brian Cunnie Date: Tue, 29 Jul 2025 06:56:02 -0700 Subject: [PATCH] PTR domain is now configurable, defaults to nip.io Default PTR record domain has changed from "sslip.io" to "nip.io". For example, `dig -x 127.0.0.1 @ns.nip.io` previously returned `127-0-0-1.sslip.io.`, now returns `127-0-0-1.nip.io.` Previously, the PTR domain was hard-coded to `sslip.io.`, but this commit introduces two changes: - the default PTR domain is now `nip.io.`. Hey, it's shorter. - the PTR domain can now be set with the `-ptr-domain` flag, e.g. `go run main.go -ptr-domain=xip.example.com` and then querying `dig -x 169.254.169.254` would return `169-254-169-254.xip.example.com.` Notes: - Our new flag, `-ptr-domain`, follows the kebab-case convention of Golang flags, but this is inconsistent with our previous camelCase convention, e.g. `-blocklistURL`. We didn't know any better, and it's too late to change existing flags. - removed two comment-out `panic()` whose purpose has long since been forgotten - I don't feel bad about changing the default behavior because hardly anyone uses PTR lookups. Out of 12,773,617,290 queries, only 1564 were PTR records (0.000012%)! - In that vein, I acknowledge that this is a feature that no one's clamoring for, no one will use, but it's important to me for reasons that I don't fully understand. --- integration_flags_test.go | 92 +++++++++++++++++++++++++++++++++++++++ integration_test.go | 22 +++++----- main.go | 3 +- xip/xip.go | 15 +++++-- xip/xip_test.go | 14 +++--- 5 files changed, 123 insertions(+), 23 deletions(-) diff --git a/integration_flags_test.go b/integration_flags_test.go index f0be1dc..86aecc7 100644 --- a/integration_flags_test.go +++ b/integration_flags_test.go @@ -266,4 +266,96 @@ var _ = Describe("flags", func() { }) }) }) + When("-ptr-domain is set", func() { + When("doing a reverse-lookup of an IPv4 address", func() { + BeforeEach(func() { + flags = []string{"-ptr-domain=" + "hp.com."} + }) + It("should return the PTR record with the 'hp.com.' domain", func() { + digArgs := "@localhost -x 127.0.0.2 -p " + strconv.Itoa(port) + digCmd := exec.Command("dig", strings.Split(digArgs, " ")...) + digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter) + Expect(err).ToNot(HaveOccurred()) + Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`)) + Eventually(digSession).Should(Say(`2.0.0.127.in-addr.arpa. 604800 IN PTR 127-0-0-2.hp.com.`)) + Eventually(digSession, 1).Should(Exit(0)) + Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 2\.0\.0\.127\.in-addr\.arpa\. \? 127-0-0-2\.hp\.com\.`)) + }) + }) + When("the PTR domain is set without a trailing dot", func() { + BeforeEach(func() { + flags = []string{"-ptr-domain=" + "ibm.com"} + }) + It("should return the PTR record with the 'ibm.com.' domain", func() { + digArgs := "@localhost -x 127.0.0.3 -p " + strconv.Itoa(port) + digCmd := exec.Command("dig", strings.Split(digArgs, " ")...) + digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter) + Expect(err).ToNot(HaveOccurred()) + Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`)) + Eventually(digSession).Should(Say(`3.0.0.127.in-addr.arpa. 604800 IN PTR 127-0-0-3.ibm.com.`)) + Eventually(digSession, 1).Should(Exit(0)) + Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 3\.0\.0\.127\.in-addr\.arpa\. \? 127-0-0-3\.ibm\.com\.`)) + }) + }) + When("the PTR domain is a mere '.'", func() { + BeforeEach(func() { + flags = []string{"-ptr-domain=" + "."} + }) + It("should return the PTR record with the '.' domain (no double-dot, '..')", func() { + digArgs := "@localhost -x 127.0.0.4 -p " + strconv.Itoa(port) + digCmd := exec.Command("dig", strings.Split(digArgs, " ")...) + digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter) + Expect(err).ToNot(HaveOccurred()) + Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`)) + Eventually(digSession).Should(Say(`4.0.0.127.in-addr.arpa. 604800 IN PTR 127-0-0-4.\n`)) + Eventually(digSession, 1).Should(Exit(0)) + Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 4\.0\.0\.127\.in-addr\.arpa\. \? 127-0-0-4\.\n`)) + }) + }) + When("the PTR domain is an empty string", func() { + BeforeEach(func() { + flags = []string{"-ptr-domain="} + }) + It("should return the PTR record with the '.' domain", func() { + digArgs := "@localhost -x 127.0.0.5 -p " + strconv.Itoa(port) + digCmd := exec.Command("dig", strings.Split(digArgs, " ")...) + digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter) + Expect(err).ToNot(HaveOccurred()) + Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`)) + Eventually(digSession).Should(Say(`5.0.0.127.in-addr.arpa. 604800 IN PTR 127-0-0-5.\n`)) + Eventually(digSession, 1).Should(Exit(0)) + Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 5\.0\.0\.127\.in-addr\.arpa\. \? 127-0-0-5\.\n`)) + }) + }) + When("the PTR record queried is IPv6", func() { + BeforeEach(func() { + flags = []string{} + }) + It("should return the PTR record with the 'nip.io.' domain", func() { + digArgs := "@localhost -x 2601:646:100:69f0:8ab:8f21:27de:5375 -p " + strconv.Itoa(port) + digCmd := exec.Command("dig", strings.Split(digArgs, " ")...) + digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter) + Expect(err).ToNot(HaveOccurred()) + Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`)) + Eventually(digSession).Should(Say(`5.7.3.5.e.d.7.2.1.2.f.8.b.a.8.0.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. 604800 IN PTR 2601-646-100-69f0-8ab-8f21-27de-5375.nip.io.\n`)) + Eventually(digSession, 1).Should(Exit(0)) + Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 5.7.3.5.e.d.7.2.1.2.f.8.b.a.8.0.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? 2601-646-100-69f0-8ab-8f21-27de-5375.nip.io.\n`)) + }) + }) + When("the PTR domain is set and the PTR record queried is IPv6", func() { + BeforeEach(func() { + flags = []string{"-ptr-domain=att.com"} + }) + It("should return the PTR record with the 'nip.io.' domain", func() { + digArgs := "@localhost -x 2601:646:100:69f0:8ab:8f21:27de:5375 -p " + strconv.Itoa(port) + digCmd := exec.Command("dig", strings.Split(digArgs, " ")...) + digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter) + Expect(err).ToNot(HaveOccurred()) + Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`)) + Eventually(digSession).Should(Say(`5.7.3.5.e.d.7.2.1.2.f.8.b.a.8.0.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. 604800 IN PTR 2601-646-100-69f0-8ab-8f21-27de-5375.att.com.\n`)) + Eventually(digSession, 1).Should(Exit(0)) + Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypePTR 5.7.3.5.e.d.7.2.1.2.f.8.b.a.8.0.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? 2601-646-100-69f0-8ab-8f21-27de-5375.att.com.\n`)) + }) + }) + }) }) diff --git a/integration_test.go b/integration_test.go index 5fa97dc..579ff9a 100644 --- a/integration_test.go +++ b/integration_test.go @@ -132,10 +132,10 @@ var _ = Describe("sslip.io-dns-server", func() { "@127.0.0.1 example.com txt +short", `\A\z`, `TypeTXT example.com. \? nil, SOA example.com. briancunnie.gmail.com. 20250723 900 900 1800 180\n`), - Entry(`get a PTR for 1.0.168.192.in-addr.arpa returns 192-168-0-1.sslip.io`, + Entry(`get a PTR for 1.0.168.192.in-addr.arpa returns 192-168-0-1.nip.io`, "@127.0.0.1 ptr -x 192.168.0.1 +short", - `\A192-168-0-1.sslip.io.\n\z`, - `TypePTR 1.0.168.192.in-addr.arpa. \? 192-168-0-1.sslip.io.`), + `\A192-168-0-1.nip.io.\n\z`, + `TypePTR 1.0.168.192.in-addr.arpa. \? 192-168-0-1.nip.io.`), Entry(`get a PTR for 1.0.0.127.blah.in-addr.arpa returns no records; "blah.in-addr.arpa is not a valid domain."`, "@127.0.0.1 1.0.0.127.blah.in-addr.arpa ptr +short", `\A\z`, @@ -148,10 +148,10 @@ var _ = Describe("sslip.io-dns-server", func() { "@127.0.0.1 0.0.127.in-addr.arpa ptr +short", `\A\z`, `TypePTR 0.0.127.in-addr.arpa. \? nil, SOA sslip.io. briancunnie.gmail.com. 20250723 900 900 1800 180\n`), - Entry(`get a PTR for 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa returns 2601-646-100-69f0-14ce-6eea-9204-bba2.sslip.io`, + Entry(`get a PTR for 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa returns 2601-646-100-69f0-14ce-6eea-9204-bba2.nip.io`, "@127.0.0.1 ptr -x 2601:646:100:69f0:14ce:6eea:9204:bba2 +short", - `\A2601-646-100-69f0-14ce-6eea-9204-bba2.sslip.io.\n\z`, - `TypePTR 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? 2601-646-100-69f0-14ce-6eea-9204-bba2.sslip.io.`), + `\A2601-646-100-69f0-14ce-6eea-9204-bba2.nip.io.\n\z`, + `TypePTR 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? 2601-646-100-69f0-14ce-6eea-9204-bba2.nip.io.`), Entry(`get a PTR for 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.blah.ip6.arpa returns no records; "blah isn't a valid subdomain'"`, "@127.0.0.1 2.a.b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.blah.ip6.arpa ptr +short", `\A\z`, @@ -166,12 +166,12 @@ var _ = Describe("sslip.io-dns-server", func() { `TypePTR b.b.4.0.2.9.a.e.e.6.e.c.4.1.0.f.9.6.0.0.1.0.6.4.6.0.1.0.6.2.ip6.arpa. \? nil, SOA sslip.io. briancunnie.gmail.com. 20250723 900 900 1800 180\n`), Entry(`TODO: should, but doesn't, return an IDNA2008-compliant record for ::1`, "@127.0.0.1 -x ::1 +short", - `\A--1.sslip.io.\n\z`, - `TypePTR 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. \? --1.sslip.io.\n`), + `\A--1.nip.io.\n\z`, + `TypePTR 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. \? --1.nip.io.\n`), Entry(`TODO: should, but doesn't, return an IDNA2008-compliant record for 2600::`, "@127.0.0.1 -x 2600:: +short", - `\A2600--.sslip.io.\n\z`, - `TypePTR 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.2.ip6.arpa. \? 2600--.sslip.io.\n`), + `\A2600--.nip.io.\n\z`, + `TypePTR 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.2.ip6.arpa. \? 2600--.nip.io.\n`), Entry(`over TCP, A (customized) for sslip.io`, "@localhost sslip.io +short +vc", `\A78.46.204.247\n\z`, @@ -222,7 +222,7 @@ var _ = Describe("sslip.io-dns-server", func() { digCmd = exec.Command("dig", strings.Split(digArgs, " ")...) digSession, err = Start(digCmd, GinkgoWriter, GinkgoWriter) Expect(err).ToNot(HaveOccurred()) - expectedPtr := strings.ReplaceAll(addr.String(), ":", "-") + ".sslip.io." + expectedPtr := strings.ReplaceAll(addr.String(), ":", "-") + ".nip.io." Eventually(digSession).Should(Say(expectedPtr)) Eventually(digSession, 1).Should(Exit(0)) } diff --git a/main.go b/main.go index 0cbff41..f709301 100644 --- a/main.go +++ b/main.go @@ -66,12 +66,13 @@ func main() { var bindPort = flag.Int("port", 53, "port the DNS server should bind to") var quiet = flag.Bool("quiet", false, "suppresses logging of each DNS response. Use this to avoid Google Cloud charging you $30/month to retain the logs of your GKE-based sslip.io server") var public = flag.Bool("public", true, "allows resolution of public IP addresses. If false, only resolves private IPs including localhost (127/8, ::1), link-local (169.254/16, fe80::/10), CG-NAT (100.64/12), private (10/8, 172.16/12, 192.168/16, fc/7). Set to false if you don't want miscreants impersonating you via public IPs. If unsure, set to false") + var ptrDomain = flag.String("ptr-domain", "nip.io.", "the domain to use for PTR records, e.g. if 'nip.io', 127-0-0-1.nip.io.") flag.Parse() log.Printf("%s version %s starting", os.Args[0], xip.VersionSemantic) log.Printf("blocklist URL: %s, name servers: %s, bind port: %d, quiet: %t", *blocklistURL, *nameservers, *bindPort, *quiet) - x, logmessages := xip.NewXip(*blocklistURL, strings.Split(*nameservers, ","), strings.Split(*addresses, ","), strings.Split(*delegates, ",")) + x, logmessages := xip.NewXip(*blocklistURL, strings.Split(*nameservers, ","), strings.Split(*addresses, ","), strings.Split(*delegates, ","), *ptrDomain) x.Public = *public for _, logmessage := range logmessages { log.Println(logmessage) diff --git a/xip/xip.go b/xip/xip.go index 4b04dee..2b3c67c 100644 --- a/xip/xip.go +++ b/xip/xip.go @@ -33,6 +33,7 @@ type Xip struct { BlocklistUpdated time.Time // The most recent time the Blocklist was updated NameServers []dnsmessage.NSResource // The list of authoritative name servers (NS) Public bool // Whether to resolve public IPs; set to false if security-conscious + PtrDomain string // The domain to use for PTR records, e.g. if "nip.io", `dig -x 127.0.0.1` will return "127-0-0-1.nip.io." } // Metrics contains the counters of the important/interesting queries @@ -218,7 +219,7 @@ type Response struct { } // NewXip follows convention for constructors: https://go.dev/doc/effective_go#allocation_new -func NewXip(blocklistURL string, nameservers []string, addresses []string, delegates []string) (x *Xip, logmessages []string) { +func NewXip(blocklistURL string, nameservers []string, addresses []string, delegates []string, ptrDomain string) (x *Xip, logmessages []string) { x = &Xip{Metrics: Metrics{Start: time.Now()}} // Download the blocklist @@ -356,6 +357,14 @@ func NewXip(blocklistURL string, nameservers []string, addresses []string, deleg time.Sleep(250 * time.Millisecond) } }() + x.PtrDomain = ptrDomain + if !strings.HasSuffix(x.PtrDomain, ".") { + x.PtrDomain += "." // always end with a dot lest the DNS server appends the search domains + } + if x.PtrDomain == "." { + x.PtrDomain = "" // corner-case: if top-level, we don't want to append _two_ dots (e.g. "127-0-0-1..") + } + logmessages = append(logmessages, fmt.Sprintf(`Setting PTR domain to "%s"`, x.PtrDomain)) return x, logmessages } @@ -994,7 +1003,7 @@ func (x *Xip) PTRResource(fqdn []byte) *dnsmessage.PTRResource { reversedIPv4address[1], reversedIPv4address[0], }) - ptrName, err := dnsmessage.NewName(strings.ReplaceAll(ip.String(), ".", "-") + ".sslip.io.") + ptrName, err := dnsmessage.NewName(strings.ReplaceAll(ip.String(), ".", "-") + "." + x.PtrDomain) if err != nil { return nil } @@ -1020,7 +1029,7 @@ func (x *Xip) PTRResource(fqdn []byte) *dnsmessage.PTRResource { if ip == nil { return nil } - ptrName, err := dnsmessage.NewName(strings.ReplaceAll(ip.String(), ":", "-") + ".sslip.io.") + ptrName, err := dnsmessage.NewName(strings.ReplaceAll(ip.String(), ":", "-") + "." + x.PtrDomain) if err != nil { return nil } diff --git a/xip/xip_test.go b/xip/xip_test.go index bab412f..25c1416 100644 --- a/xip/xip_test.go +++ b/xip/xip_test.go @@ -90,7 +90,7 @@ var _ = Describe("Xip", func() { Describe("NSResources()", func() { When("we use the default nameservers", func() { - var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}) + var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}, "") It("returns the name servers", func() { randomDomain := testhelper.Random8ByteString() + ".com." ns := x.NSResources(randomDomain) @@ -123,13 +123,13 @@ var _ = Describe("Xip", func() { When("we delegate domains to other nameservers", func() { When(`we don't use the "=" in the arguments`, func() { It("returns an informative log message", func() { - var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{"noEquals"}) + var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{"noEquals"}, "") Expect(strings.Join(logs, "")).To(MatchRegexp(`"-delegates: arguments should be in the format "delegatedDomain=nameserver", not "noEquals"`)) }) }) When(`there's no "." at the end of the delegated domain or nameserver`, func() { It(`helpfully adds the "."`, func() { - var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{"a=b"}) + var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{"a=b"}, "") Expect(strings.Join(logs, "")).To(MatchRegexp(`Adding delegated NS record "a\.=b\."`)) ns := x.NSResources("a.") Expect(len(ns)).To(Equal(1)) @@ -138,7 +138,7 @@ var _ = Describe("Xip", func() { }) }) When("we override the default nameservers", func() { - var x, _ = xip.NewXip("file:///", []string{"mickey", "minn.ie.", "goo.fy"}, []string{}, []string{}) + var x, _ = xip.NewXip("file:///", []string{"mickey", "minn.ie.", "goo.fy"}, []string{}, []string{}, "") It("returns the configured servers", func() { randomDomain := testhelper.Random8ByteString() + ".com." ns := x.NSResources(randomDomain) @@ -236,9 +236,8 @@ var _ = Describe("Xip", func() { }) When(`the domain "metrics.status.sslip.io" is queried`, func() { // the simpler "var x xip.Xip" causes the metrics test to hang - var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}) + var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}, "") It("returns metrics information", func() { - // panic("I love my dog!") txts, err := x.TXTResources("metrics.status.sslip.io.", nil) Expect(err).To(Not(HaveOccurred())) Expect(len(txts)).To(Equal(12)) @@ -258,9 +257,8 @@ var _ = Describe("Xip", func() { }) When(`the domain "metrics.status.nip.io" is queried`, func() { // the simpler "var x xip.Xip" causes the metrics test to hang - var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}) + var x, _ = xip.NewXip("file:///", []string{"ns-hetzner.sslip.io.", "ns-ovh.sslip.io.", "ns-do-sg.sslip.io."}, []string{}, []string{}, "") It("returns metrics information", func() { - // panic("I love my dog!") txts, err := x.TXTResources("metrics.status.nip.io.", nil) Expect(err).To(Not(HaveOccurred())) Expect(len(txts)).To(Equal(12))