mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-07 00:23:44 +08:00
67e033f8f8
Prior behavior was that the same trinity of NS records was returned for every NS query: - ns-aws.nono.io. - ns-azure.nono.io. - ns-gce.nono.io. This commit introduces a change in that behavior: IF the NS query includes the string `_acme-challenge.` AND the query has an embedded IP address THEN the NS record returned is the query with the `_acme-challenge.` stripped. For example: ``` dig +short ns _acme-challenge.104.155.144.4.sslip.io ``` Would return: ``` 104.155.144.4.sslip.io. ``` This is an attempt to enable [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenge for wildcard certs from Let's Encrypt or other CAs (Certificate Authorities). Note that the embedded IP address would need to be routable (NOT 10.x 172.16-31.x, or 192.168.x). Note that you would also need to run a DNS server such as [acme-dns](https://github.com/joohoi/acme-dns) at that address. Thanks @normanr ! [#6]
sslip.io
| Test Type | Status |
|---|---|
| Production Nameservers | |
| DNS Server Unit Tests |
sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses (e.g. "127-0-0-1.sslip.io" maps to 127.0.0.1). It is similar to, and inspired by, xip.io.
If you'd like to use sslip.io as a service, refer to the website (sslip.io) for more information. This README targets developers; the website targets users.
src/contains the source code to the DNS server.ci/contains the Concourse continuous integration (CI) pipeline and task.spec/contains the tests for the production nameservers. To run the tests locally:DOMAIN=sslip.io rspec --format documentation --color spec/k8s/document_root/contains the HTML content of the sslip.io website. Please runtidy -im -w 120 k8s/document_root/index.htmlbefore submitting pull requests.bosh-release/contains the BOSH release. BOSH is the mechanism we use to deploy the servers, and the sslip.io BOSH release is a packaging of the DNS server (analogous to a.msi,.pkg,.debor.rpm)conf/sslip.io+nono.io.yml(deprecated) contains the PowerDNS's pipe backend's configuration in YAML format for use with BOSH. Thepdns_pipekey is the pipe backend script, andpdns_pipe_confis its configuration file.
DNS Server
The DNS server is written in Golang and is not configurable without modifying the source:
- it binds to port 53 (you can't change it)
- it only binds to UDP (no TCP, sorry)
- The SOA record is hard-coded with the exception of the MNAME (primary master
name server) record, which is set to the queried hostname (e.g.
dig big.apple.com @ns-aws.nono.iowould return an SOA with an MNAME record ofbig.apple.com. - The NS records are hard-coded
- The MX records are hard-coded to the queried hostname with a preference of 0,
with the exception of
sslip.ioitself, which has custom MX records to enable email delivery to ProtonMail. - No TXT records are returned with the exception of
sslip.io, which has custom records to enable email delivery - There are no SRV records
To run the unit tests:
cd src
go get github.com/onsi/ginkgo/ginkgo
go get github.com/onsi/gomega/...
ginkgo -r .
To run the server on, say, a Mac, you must first start the server:
cd src
go run main.go
And then, in another window, run a query, e.g.:
dig +short 127.0.0.1.sslip.io @localhost
Which will return the expected IP address:
127.0.0.1
You will also see a log message in the server window, similar to the following:
2020/11/22 03:45:44 ::1.62302 TypeA 127.0.0.1.sslip.io. ? 127.0.0.1