mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-06 08:06:53 +08:00
61f56fea14
The TXT response to the query `metrics.status.sslip.io` was doomed to exceed the UDP 512-byte limit, which would have forced the client to re-attempt via TCP, and our server doesn't yet bind to TCP. This commit fixes that by squeezing the packet. We haven't dropped any information, but we made it more succinct. Per [Infoblox](https://www.infoblox.com/dns-security-resource-center/dns-security-faq/is-dns-tcp-or-udp-port-53/): > when the message size exceeds 512 bytes, it will trigger the ‘TC’ bit (Truncation) in DNS to be set, informing the client that the message length has exceeded the allowed size. In these situations, the client needs to re-transmit over TCP
sslip.io
| Test Type | Status |
|---|---|
| Production Nameservers | |
| DNS Server Unit Tests |
sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses (e.g. "127-0-0-1.sslip.io" maps to 127.0.0.1). It is similar to, and inspired by, xip.io.
If you'd like to use sslip.io as a service, refer to the website (sslip.io) for more information. This README targets developers; the website targets users.
Quick Start
git clone git@github.com:cunnie/sslip.io.git
cd sslip.io/src/sslip.io-dns-server/
sudo go run main.go
# sudo is required on Linux, but not on macOS, to bind to privileged port 53
In another window:
dig @localhost 192.168.0.1.sslip.io +short
# should return "192.168.0.1"
Quick Start Tests
go install github.com/onsi/ginkgo/v2/ginkgo@latest
go get github.com/onsi/gomega/...
sudo ~/go/bin/ginkgo -r .
# sudo is required on Linux, but not on macOS, to bind to privileged port 53
Directory Structure
src/contains the source code to the DNS serverci/contains the Concourse continuous integration (CI) pipeline and taskspec/contains the tests for the production nameservers. To run the tests locally:DOMAIN=sslip.io rspec --format documentation --color spec/k8s/document_root_sslip.io/contains the HTML content of the sslip.io website. Please runtidy -im -w 120 k8s/document_root_sslip.io/index.htmlbefore submitting pull requestsbosh-release/[deprecated] contains the BOSH release. BOSH is the mechanism we previously used to deploy the servers, and the sslip.io BOSH release is a packaging of the DNS server (analogous to a.msi,.pkg,.debor.rpm)
DNS Server
The DNS server is written in Golang and is not configurable without modifying the source:
- it binds to port 53, but can be overridden on the command line with the
-port, e.g.go run main.go -port 9553 - it only binds to UDP (no TCP, sorry)
- The SOA record is hard-coded with the exception of the MNAME (primary master
name server) record, which is set to the queried hostname (e.g.
dig big.apple.com @ns-aws.nono.iowould return an SOA with an MNAME record ofbig.apple.com. - The NS records are hard-coded (
ns-aws.sslip.io,ns-azure.sslip.io,ns-gce.sslip.io). Exception:_acme-challengerecords are handled differently to accommodate the procurement of Let's Encrypt wildcard certificates; you can read more about that procedure here - The MX records are hard-coded to the queried hostname with a preference of 0,
with the exception of
sslip.ioitself, which has custom MX records to enable email delivery to ProtonMail - There are no SRV records
Acknowledgements
- Sam Stephenson (xip.io), Roopinder Singh (nip.io), and the other DNS developers out there
- The contributors (@normanr, @jpambrun come to mind) who improved sslip.io
- Jenessa Petersen of Let's Encrypt who bumped the rate limits
- Natalia Ershova of JetBrains who provided a free license for open source development