mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-07 00:23:44 +08:00
f797605bba
The purpose of this commit is to enable Let's Encrypt DNS-01 challenges for wildcard certificates. To accomplish that, we'd like to delegate queries for ALL types (e.g. NS, SOA, A, AAAA) to the IP address of that server. For example, any query for `_acme-challenge.52-0-56-137.sslip.io` would be delegated to the DNS server `52-0-56-137.sslip.io` (whose IP address 52.0.56.137 would be supplied as well). Thanks @NormanR ! On a personal note, I feel the code is getting bloated again. Also, I'm inconsistent with my parameters: `NSResponse()`, for example, has arguments which it mutates (`response`), and which are returned (`logMessage`). This offends my esthetics. [#6]
sslip.io
| Test Type | Status |
|---|---|
| Production Nameservers | |
| DNS Server Unit Tests |
sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses (e.g. "127-0-0-1.sslip.io" maps to 127.0.0.1). It is similar to, and inspired by, xip.io.
If you'd like to use sslip.io as a service, refer to the website (sslip.io) for more information. This README targets developers; the website targets users.
src/contains the source code to the DNS server.ci/contains the Concourse continuous integration (CI) pipeline and task.spec/contains the tests for the production nameservers. To run the tests locally:DOMAIN=sslip.io rspec --format documentation --color spec/k8s/document_root/contains the HTML content of the sslip.io website. Please runtidy -im -w 120 k8s/document_root/index.htmlbefore submitting pull requests.bosh-release/contains the BOSH release. BOSH is the mechanism we use to deploy the servers, and the sslip.io BOSH release is a packaging of the DNS server (analogous to a.msi,.pkg,.debor.rpm)conf/sslip.io+nono.io.yml(deprecated) contains the PowerDNS's pipe backend's configuration in YAML format for use with BOSH. Thepdns_pipekey is the pipe backend script, andpdns_pipe_confis its configuration file.
DNS Server
The DNS server is written in Golang and is not configurable without modifying the source:
- it binds to port 53 (you can't change it)
- it only binds to UDP (no TCP, sorry)
- The SOA record is hard-coded with the exception of the MNAME (primary master
name server) record, which is set to the queried hostname (e.g.
dig big.apple.com @ns-aws.nono.iowould return an SOA with an MNAME record ofbig.apple.com. - The NS records are hard-coded
- The MX records are hard-coded to the queried hostname with a preference of 0,
with the exception of
sslip.ioitself, which has custom MX records to enable email delivery to ProtonMail. - No TXT records are returned with the exception of
sslip.io, which has custom records to enable email delivery - There are no SRV records
To run the unit tests:
cd src
go get github.com/onsi/ginkgo/ginkgo
go get github.com/onsi/gomega/...
ginkgo -r .
To run the server on, say, a Mac, you must first start the server:
cd src
go run main.go
And then, in another window, run a query, e.g.:
dig +short 127.0.0.1.sslip.io @localhost
Which will return the expected IP address:
127.0.0.1
You will also see a log message in the server window, similar to the following:
2020/11/22 03:45:44 ::1.62302 TypeA 127.0.0.1.sslip.io. ? 127.0.0.1