Building a DNS Server

What is DNS?

Domain Name System

• DNS is the system that translates human-friendly domain names like “www.example.com” into IP addresses that computers can use to identify each other on the internet.
• DNS Resolution involves querying DNS servers to find the IP address associated with a domain name, using requests and responses.

Request Structure

• Header
• Questions
• Answers
• Authoritative records
• Additional records

Header

• Transaction Id: 2 bytes
• Flags: 2 bytes
  • is response: 1 bit
  • opcode: 4 bits
  • is authoritative answer: 1 bit
  • is truncated: 1 bit
  • is recursion desired: 1 bit
  • is recursion available: 1 bit
  • reserved: 3 bits
  • response code: 4 bits
• Question count: 2 bytes
• Answer count: 2 bytes
• Authority count: 2 bytes
• Additional count: 2 bytes

Question

• Domain: zone
• Record type: 2 bytes
• Class: 2 bytes

Responce/Resource Records

• Name: zone
• Type: 2 bytes
• Class: 2 bytes
• Time to live: 4 bytes
• Data length: 2 bytes
• Data: data_length bytes

DNS Records

DNS records contain information about a domain, such as its IP address or mail server.

• A (Address) Record
• AAAA (IPv6 Address) Record
• CNAME (Canonical Name) Record
• MX (Mail Exchange) Record
• NS (Name Server) Record
• TXT (Text) Record

DNS Zones

DNS Zones are administrative units that contain DNS records for a domain or a subdomain.

• Domains are represented as n part[n], where
  • n is a two byte number which gives the length of the segment
    • if n & 0xC0 is true, the the rest of the name uses label compression
  • part[n] is n bytes representing the segment
• Domains end with 2 bytes of 0

Label Compression

Used to represent domains, if part of the domain has already been referenced earlier, we can use a pointer to it.

e.g.,

1
2

example.com.          512   IN  A    93.184.216.34
steam.example.com.   1024   IN  TXT  Let's go GAMERS!

We repeat example.com.. The server can just send a pointer to the first instance of example.com. and clients parse from there.

DNS Caching

DNS caching involves storing previously resolved DNS queries to speed up future lookups.

• Local DNS Cache
• Resolver Cache
• TTL (Time to Live)

DNS Security

DNS Security mechanisms protect against various threats, including DNS spoofing and cache poisoning.

• DNSSEC (DNS Security Extensions)
• DANE (DNS-based Authentication of Named Entities)
• DNS Filtering and Firewalling

Building a DNS Server — GPT Style

0. Download the DNS server template
1. Set up a basic DNS server
2. Handle DNS queries
3. Implement DNS records
4. Manage DNS Zones
5. Implement DNS caching
6. Enhance DNS security
7. Handle DNS requests from different clients
8. Troubleshoot DNS issues

Building a DNS Server

0. Download the DNS server template
1. Parse a DNS request
2. Create a response
3. Send the response
4. Implement request recursion

• debugging tip: use dig/nslookup