diff --git a/README.md b/README.md index 83bb43f..0ac9de5 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ # sslip.io | Test Type | Status | -|------------------------|----------------------------------------------------------------------------------------------------------------------------------------| +| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | | Production Nameservers | [![ci.nono.io](https://ci.nono.io/api/v1/pipelines/sslip.io/jobs/dns-servers/badge)](https://ci.nono.io/teams/main/pipelines/sslip.io) | | DNS Server Unit Tests | [![ci.nono.io](https://ci.nono.io/api/v1/pipelines/sslip.io/jobs/unit/badge)](https://ci.nono.io/teams/main/pipelines/sslip.io) | -*sslip.io* is a DNS server that maps specially-crafted DNS A records to IP +_sslip.io_ is a DNS server that maps specially-crafted DNS A records to IP addresses (e.g. "127-0-0-1.sslip.io" maps to 127.0.0.1). It is similar to, and inspired by, [xip.io](http://xip.io/). @@ -118,29 +118,29 @@ as ARM64 (AWS Graviton, Apple M1/M2). ## Command-line Flags - `-port` overrides the default port, 53, which the server binds to. This can -be especially useful when running as a non-privileged user, unable to bind to -privileged ports (<1024) ("`listen udp :53: bind: permission denied`"). For -example, to run the server on port 9553: `go run main.go -port 9553`. To query, -`dig @localhost 127.0.0.1.sslip.io -p 9553` -- `-nameservers` overrides the default NS records `ns-azure.sslip.io`, -`ns-gce.sslip.io`, and `ns-ovh.sslip.io`; flag, e.g. `go run main.go --nameservers ns1.example.com,ns2.example.com`). If you're running your own -nameservers, you probably want to set this. Don't forget to set address records -for the new name servers with the `-addresses` flag (see below). Exception: -`_acme-challenge` records are handled differently to accommodate the -procurement of Let's Encrypt wildcard certificates; you can read more about -that procedure [here](docs/wildcard.md) + be especially useful when running as a non-privileged user, unable to bind to + privileged ports (<1024) ("`listen udp :53: bind: permission denied`"). For + example, to run the server on port 9553: `go run main.go -port 9553`. To query, + `dig @localhost 127.0.0.1.sslip.io -p 9553` +- `-nameservers` overrides the default NS records + `ns-gce.sslip.io`, `ns-hetzner.sslip.io`, and `ns-ovh.sslip.io`; flag, e.g. `go run main.go + -nameservers ns1.example.com,ns2.example.com`). If you're running your own + nameservers, you probably want to set this. Don't forget to set address records + for the new name servers with the `-addresses` flag (see below). Exception: + `_acme-challenge` records are handled differently to accommodate the + procurement of Let's Encrypt wildcard certificates; you can read more about + that procedure [here](docs/wildcard.md) - `-addresses` overrides the default A/AAAA (IPv4/IPv6) address records. For -example, here's how we set the IPv4 record & IPv6 record for our nameserver (in -the `-nameservers` example above), ns1.example.com: `-addresses -ns1.example.com=10.8.8.8,ns1.example.com=fc::8888`. Note that you can set many -addresses for a single host, e.g. -`ns1.example.com=1.1.1.1,ns1.example.com=8.8.8.8,ns1.example.com=9.9.9.9` + example, here's how we set the IPv4 record & IPv6 record for our nameserver (in + the `-nameservers` example above), ns1.example.com: `-addresses + ns1.example.com=10.8.8.8,ns1.example.com=fc::8888`. Note that you can set many + addresses for a single host, e.g. + `ns1.example.com=1.1.1.1,ns1.example.com=8.8.8.8,ns1.example.com=9.9.9.9` - `-blocklistURL` overrides the default block list, -(). -It's not necessary to override this if you're in an internetless environment: -if the DNS server can't download the blocklist, it prints out a message and -continues to serve DNS queries + (). + It's not necessary to override this if you're in an internetless environment: + if the DNS server can't download the blocklist, it prints out a message and + continues to serve DNS queries ## DNS Server Miscellany diff --git a/docs/DEVELOPER.md b/docs/DEVELOPER.md index 5fb456d..b7e2bec 100644 --- a/docs/DEVELOPER.md +++ b/docs/DEVELOPER.md @@ -18,12 +18,12 @@ sed -i '' "s~/$OLD_VERSION/~/$VERSION/~g" \ k8s/Dockerfile-sslip.io-dns-server ``` -Optional: Update the version for the ns-aws, ns-azure, ns-gce, ns-ovh install scripts +Optional: Update the version for the ns-gce, ns-hetzner, and ns-ovh install scripts ```bash pushd ~/bin sed -i '' "s~/$OLD_VERSION/~/$VERSION/~g" \ - ~/bin/install_ns-{aws,azure,gce,hetzner,ovh}.sh + ~/bin/install_ns-{gce,hetzner,ovh}.sh git add -p git ci -m"Update sslip.io DNS server $OLD_VERSION → $VERSION" git push @@ -85,19 +85,9 @@ git ci -vm"$VERSION: Minor bugfixes, tweaks" git tag $VERSION git push git push --tags -scp bin/sslip.io-dns-server-linux-arm64 ns-aws: -scp bin/sslip.io-dns-server-linux-amd64 ns-azure: scp bin/sslip.io-dns-server-linux-amd64 ns-gce: scp bin/sslip.io-dns-server-linux-amd64 ns-hetzner: scp bin/sslip.io-dns-server-linux-amd64 ns-ovh: -ssh ns-aws sudo install sslip.io-dns-server-linux-arm64 /usr/bin/sslip.io-dns-server -ssh ns-aws sudo shutdown -r now - # check version number: -sleep 10; while ! dig txt @ns-aws.sslip.io version.status.sslip.io +short; do sleep 5; done # wait until it's back up before rebooting ns-azure -ssh ns-azure sudo install sslip.io-dns-server-linux-amd64 /usr/bin/sslip.io-dns-server -ssh ns-azure sudo shutdown -r now - # check version number: -sleep 10; while ! dig txt @ns-azure.sslip.io version.status.sslip.io +short; do sleep 5; done # wait until it's back up before rebooting ns-gce ssh ns-gce sudo install sslip.io-dns-server-linux-amd64 /usr/bin/sslip.io-dns-server ssh ns-gce sudo shutdown -r now # check version number: @@ -124,7 +114,7 @@ Update the webservers with the HTML with new versions: ```bash ssh nono.io curl -L -o /www/sslip.io/document_root/index.html https://raw.githubusercontent.com/cunnie/sslip.io/main/k8s/document_root_sslip.io/index.html -for HOST in ns-{aws,azure,gce,hetzner,ovh}.sslip.io; do +for HOST in {blocked,ns-gce,ns-hetzner,ns-ovh}.sslip.io; do ssh $HOST curl -L -o /var/nginx/sslip.io/index.html https://raw.githubusercontent.com/cunnie/sslip.io/main/k8s/document_root_sslip.io/index.html done ``` diff --git a/docs/wildcard.md b/docs/wildcard.md index e8c66c2..80ea4d3 100644 --- a/docs/wildcard.md +++ b/docs/wildcard.md @@ -14,7 +14,7 @@ Let's Encrypt DNS-01 challenge process. Let's Encrypt will query your name servers for the TXT record `_acme-challenge.xip.example.com`, then your DNS server will respond with the TXT record _that should have been created on Route53 as part of the challenge_, -otherwise it'll return the delegated nameservers (ns-azure.sslip.io and so on). +otherwise it'll return the delegated nameservers (ns-gce.sslip.io and so on). ### Using the sslip.io domain diff --git a/integration_speed_test.go b/integration_speed_test.go index 66c0782..3b94e6e 100644 --- a/integration_speed_test.go +++ b/integration_speed_test.go @@ -63,7 +63,7 @@ var _ = Describe("speed", func() { // The queries/second is conservative, realistically should be higher // - queries are done sequentially, not in parallel // - each query includes an overhead of 4 Expect() - // current max queries is 132/second (ns-aws.sslip.io.) + // current max queries is 2047/second (ns-ovh.sslip.io.) // ~19k Apple M2 // ~8k vSphere Xeon D-1736 2.7GHz // ~6k AWS Graviton T2 diff --git a/k8s/document_root_sslip.io/index.html b/k8s/document_root_sslip.io/index.html index a6f2db4..a1da28d 100644 --- a/k8s/document_root_sslip.io/index.html +++ b/k8s/document_root_sslip.io/index.html @@ -241,7 +241,7 @@ dig @ns.sslip.io txt ip.sslip.io +short -6 # forces IPv6 lookup; sample reply "2

A big advantage of using DNS queries instead of HTTP queries is bandwidth: querying - ns-azure.sslip.io requires a mere 594 bytes spread over 2 packets; Querying ns-ovh.sslip.io requires a mere 594 bytes spread over 2 packets; Querying https://icanhazip.com/ requires 8692 bytes spread out over 34 packets—over 14 times as much! Admittedly bandwidth usage is a bigger concern for the one hosting the service than the one using the @@ -262,7 +262,7 @@ dig @ns-gce.nono.io version.status.sslip.io txt +short

Server Metrics

You can retrieve metrics from a given server by querying the TXT records of metrics.status.sslip.io 
-dig @ns-azure.sslip.io metrics.status.sslip.io txt +short
+dig @ns-ovh.sslip.io metrics.status.sslip.io txt +short
   "Uptime: 165655"
   "Blocklist: 2023-10-04 07:37:50-07 3,6"
   "Queries: 14295231 (86.3/s)"
@@ -316,7 +316,7 @@ dig @ns-azure.sslip.io metrics.status.sslip.io txt +short
           (e.g. "dig @ns.sslip.io ip.sslip.io txt")
         
TXT Version

         
The number of responses which included a TXT record of the DNS's servers version since starting operation
-          (e.g. "dig @ns-azure.sslip.io version.status.sslip.io txt")

+          (e.g. "dig @ns-hetzner.sslip.io version.status.sslip.io txt")
         
PTR IPv4/IPv6

         
This consists of two numbers; the first is the number of responses to IPv4 PTR queries
           (1.0.0.127.in-addr.arpa.127-0-0-1.sslip.io.), the second, IPv6 PTR queries

diff --git a/main.go b/main.go
index 13140dd..91c551b 100644
--- a/main.go
+++ b/main.go
@@ -28,9 +28,8 @@ func main() {
 			"ns.sslip.io=2a01:4ff:1f0:c920::,"+
 			"ns.sslip.io=51.75.53.19,"+
 			"ns.sslip.io=2001:41d0:602:2313::1,"+
-			"ns-aws.sslip.io=52.0.56.137,"+
-			"ns-aws.sslip.io=2600:1f18:aaf:6900::a,"+
-			"ns-azure.sslip.io=52.187.42.158,"+
+			"blocked.sslip.io=52.0.56.137,"+
+			"blocked.sslip.io=2600:1f18:aaf:6900::a,"+
 			"ns-gce.sslip.io=104.155.144.4,"+
 			"ns-gce.sslip.io=2600:1900:4000:4d12::,"+
 			"ns-hetzner.sslip.io=5.78.115.44,"+
diff --git a/xip/xip.go b/xip/xip.go
index 9ba54d9..a299af8 100644
--- a/xip/xip.go
+++ b/xip/xip.go
@@ -1155,13 +1155,13 @@ func (x *Xip) nameToAwithBlocklist(q dnsmessage.Question, response Response, log
 					Class:  dnsmessage.ClassINET,
 					TTL:    604800, // 60 * 60 * 24 * 7 == 1 week; long TTL, these IP addrs don't change
 					Length: 0,
-				}, Customizations["ns-aws.sslip.io."].A[0])
+				}, Customizations["blocked.sslip.io."].A[0])
 				if err != nil {
 					return err
 				}
 				return nil
 			})
-		return response, logMessage + net.IP(Customizations["ns-aws.sslip.io."].A[0].A[:]).String(), nil
+		return response, logMessage + net.IP(Customizations["blocked.sslip.io."].A[0].A[:]).String(), nil
 	}
 	x.Metrics.AnsweredQueries++
 	x.Metrics.AnsweredAQueries++
@@ -1267,13 +1267,13 @@ func (x *Xip) nameToAAAAwithBlocklist(q dnsmessage.Question, response Response,
 					Class:  dnsmessage.ClassINET,
 					TTL:    604800, // 60 * 60 * 24 * 7 == 1 week; long TTL, these IP addrs don't change
 					Length: 0,
-				}, Customizations["ns-aws.sslip.io."].AAAA[0])
+				}, Customizations["blocked.sslip.io."].AAAA[0])
 				if err != nil {
 					return err
 				}
 				return nil
 			})
-		return response, logMessage + net.IP(Customizations["ns-aws.sslip.io."].AAAA[0].AAAA[:]).String(), nil
+		return response, logMessage + net.IP(Customizations["blocked.sslip.io."].AAAA[0].AAAA[:]).String(), nil
 	}
 	x.Metrics.AnsweredQueries++
 	x.Metrics.AnsweredAAAAQueries++
diff --git a/xip/xip_test.go b/xip/xip_test.go
index 967e52a..a2122e1 100644
--- a/xip/xip_test.go
+++ b/xip/xip_test.go
@@ -79,13 +79,13 @@ var _ = Describe("Xip", func() {
 
 	Describe("NSResources()", func() {
 		When("we use the default nameservers", func() {
-			var x, _ = xip.NewXip("file:///", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{})
+			var x, _ = xip.NewXip("file:///", []string{"ns-gce.sslip.io.", "ns-hetzner.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{})
 			It("returns the name servers", func() {
 				randomDomain := testhelper.Random8ByteString() + ".com."
 				ns := x.NSResources(randomDomain)
 				Expect(len(ns)).To(Equal(3))
-				Expect(ns[0].NS.String()).To(Equal("ns-azure.sslip.io."))
-				Expect(ns[1].NS.String()).To(Equal("ns-gce.sslip.io."))
+				Expect(ns[0].NS.String()).To(Equal("ns-gce.sslip.io."))
+				Expect(ns[1].NS.String()).To(Equal("ns-hetzner.sslip.io."))
 				Expect(ns[2].NS.String()).To(Equal("ns-ovh.sslip.io."))
 			})
 			When(`the domain name contains "_acme-challenge."`, func() {
@@ -112,13 +112,13 @@ var _ = Describe("Xip", func() {
 			When("we delegate domains to other nameservers", func() {
 				When(`we don't use the "=" in the arguments`, func() {
 					It("returns an informative log message", func() {
-						var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"noEquals"})
+						var _, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-gce.sslip.io.", "ns-hetzner.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"noEquals"})
 						Expect(strings.Join(logs, "")).To(MatchRegexp(`"-delegates: arguments should be in the format "delegatedDomain=nameserver", not "noEquals"`))
 					})
 				})
 				When(`there's no "." at the end of the delegated domain or nameserver`, func() {
 					It(`helpfully adds the "."`, func() {
-						var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-azure.sslip.io.", "ns-gce.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"a=b"})
+						var x, logs = xip.NewXip("file://etc/blocklist-test.txt", []string{"ns-gce.sslip.io.", "ns-hetzner.sslip.io.", "ns-ovh.sslip.io."}, []string{}, []string{"a=b"})
 						Expect(strings.Join(logs, "")).To(MatchRegexp(`Adding delegated NS record "a\.=b\."`))
 						ns := x.NSResources("a.")
 						Expect(len(ns)).To(Equal(1))
@@ -228,8 +228,8 @@ var _ = Describe("Xip", func() {
 			Entry("www", "www.sslip.io"),
 			Entry("a lone number", "538.sslip.io"),
 			Entry("too big", "256.254.253.252"),
-			Entry("NS but no dot", "ns-azure.sslip.io"),
-			Entry("NS + cruft at beginning", "p-ns-azure.sslip.io"),
+			Entry("NS but no dot", "ns-hetzner.sslip.io"),
+			Entry("NS + cruft at beginning", "p-ns-hetzner.sslip.io"),
 			Entry("test-net address with dots-and-dashes mixed", "www-192.0-2.3.example-me.com"),
 		)
 		When("There is more than one A record", func() {