We enable special behavior under the `kv.sslip.io` subdomain: it can be
treated as a key-value store, the sub-subdomain being the key, and the
TXT record being the value.
For example, to write ("put") the value "12.0.1" to the key
"macos-version" on the `ns-gce.sslip.io.` nameserver, you'd use the
following `dig` command:
```shell
dig @ns-gce.sslip.io. txt put.12.0.1.macos-version.kv.sslip.io.
```
To read ("get") the value back, you'd write the following `dig` command:
```shell
dig @ns-gce.sslip.io. txt get.macos-version.kv.sslip.io.
```
Since "get" is the default behavior, you don't need to include it in the
domain name:
```shell
dig @ns-gce.sslip.io. txt macos-version.kv.sslip.io.
```
Finally, when you're done with the key-value, you can "delete" it:
```shell
dig @ns-gce.sslip.io. txt delete.macos-version.kv.sslip.io.
```
Notes:
- Keys are case-insensitive (to accommodate DNS convention). In other
words, `KEY.kv.sslip.io` and `key.kv.sslip.io` return the same TXT
record.
- Values are case-sensitive. `put.CamelCase.style.kv.sslip.io` sets the
TXT record to "CamelCase".
- `put` requests will return the TXT record being put; i.e.
`put.hello.world.kv.sslip.io` returns one TXT record of one string,
`hello`.
- `delete` requests will return the TXT record being deleted; i.e.
`delete.world.kv.sslip.io` returns one TXT record of one string,
`hello`. If the TXT record does not exist, no TXT records will be
returned.
- Values are limited to 63 bytes to mitigate using the sslip.io servers
in a [DNS amplification
attack](https://us-cert.cisa.gov/ncas/alerts/TA13-088A).
- Values are not persistent: if the server is restarted, all values
disappear. Poof.
- Values are not consistent. If a value is set in `ns-aws.sslip.io`, it
does not propagate to `ns-gce.sslip.io` nor `ns-azure.sslip.io`.
Our documentation was wrong; our homepage said to get the origin IP
address by querying the TXT record of the root, i.e. `dig
@ns-aws.nono.io txt . +short`; however, our code worked differently: it
returned the origin IP when the `.ip` TLD was queried.
The new behavior is that it returns the origin IP when `ip.sslip.io.` is
queried, and the documentation now reflects that behavior.
Also, that behavior is marked "experimental" to give us leeway to
change.
[fixes#11]
- Returns version information for DNS server
- Contains 3 strings:
- Semantic version, e.g. "2.2.1"
- Date of compilation
- Latest git hash
Note: the BOSH Release will have a different compilation date &
different git hash than the released executables; the semantic version
will be the same.
- Use HTTP-01 challenge for run-of-the-mill certificates
- White label domains can acquire their own wildcard certificates
- VMware employees have access to *.sslip.io wildcard
- Use DNS-01 challenge for *.w-x-y-z.sslip.io wildcards
`DEVELOPER.md` had the wrong tests (mostly missing newlines); that's
been fixed. Also, I added a new test for DNS records which contain
`_acme-challenge.`, which may enable users to generate wildcard certs
for their sslip.io domains.
When we released our new Golang-based DNS server, we had a banner that
said to let us know if anything breaks, but we neglected to tell them
_how_ to let us know. Now we include a link that opens a GitHub issue.
We describe how to run our pre-built executable within a docker
container. They can figure out the rest from there.
If they don't understand those instructions, they shouldn't be running
their own DNS server.
ns-vultr.nono.io is a bad nameserver because it's shut down for ~8 days
each month (when the unbelievable Singapore hunger for NTP uses up my
monthly allowance of 3TB)
Besides, three nameservers is enough.
