mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-05 15:46:50 +08:00
2a0e6b105d
When we check the production servers, we now expect, when we delete a key, to NOT receive the key's old value as a response, lest we inadvertently extend the lifetime of the key that we want to expire.
sslip.io
| Test Type | Status |
|---|---|
| Production Nameservers | |
| DNS Server Unit Tests |
sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses (e.g. "127-0-0-1.sslip.io" maps to 127.0.0.1). It is similar to, and inspired by, xip.io.
If you'd like to use sslip.io as a service, refer to the website (sslip.io) for more information. This README targets developers; the website targets users.
Quick Start
git clone git@github.com:cunnie/sslip.io.git
cd sslip.io/src/sslip.io-dns-server/
sudo go run main.go
# sudo is required on Linux, but not on macOS, to bind to privileged port 53
In another window:
dig @localhost 192.168.0.1.sslip.io +short
# should return "192.168.0.1"
Quick Start Tests
go install github.com/onsi/ginkgo/v2/ginkgo@latest
go get github.com/onsi/gomega/...
sudo ~/go/bin/ginkgo -r .
# sudo is required on Linux, but not on macOS, to bind to privileged port 53
Directory Structure
src/contains the source code to the DNS serverci/contains the Concourse continuous integration (CI) pipeline and taskspec/contains the tests for the production nameservers. To run the tests locally:DOMAIN=sslip.io rspec --format documentation --color spec/k8s/document_root/contains the HTML content of the sslip.io website. Please runtidy -im -w 120 k8s/document_root/index.htmlbefore submitting pull requestsbosh-release/[deprecated] contains the BOSH release. BOSH is the mechanism we previously used to deploy the servers, and the sslip.io BOSH release is a packaging of the DNS server (analogous to a.msi,.pkg,.debor.rpm)
DNS Server
The DNS server is written in Golang and is not configurable without modifying the source:
- it binds to port 53, but can be overridden on the command line with the
-port, e.g.go run main.go -port 9553 - it only binds to UDP (no TCP, sorry)
- The SOA record is hard-coded with the exception of the MNAME (primary master
name server) record, which is set to the queried hostname (e.g.
dig big.apple.com @ns-aws.nono.iowould return an SOA with an MNAME record ofbig.apple.com. - The NS records are hard-coded (
ns-aws.sslip.io,ns-azure.sslip.io,ns-gce.sslip.io). Exception:_acme-challengerecords are handled differently to accommodate the procurement of Let's Encrypt wildcard certificates; you can read more about that procedure here - The MX records are hard-coded to the queried hostname with a preference of 0,
with the exception of
sslip.ioitself, which has custom MX records to enable email delivery to ProtonMail - There are no SRV records
Acknowledgements
- Sam Stephenson (xip.io), Roopinder Singh (nip.io), and the other DNS developers out there
- The contributors (@normanr, @jpambrun come to mind) who improved sslip.io
- Jenessa Petersen of Let's Encrypt who bumped the rate limits
- Natalia Ershova of JetBrains who provided a free license for open source development