Skip to content

banyansecurity/dns

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4,270 Commits
.github
.github
 
 
dnsutil
dnsutil
 
 
.codecov.yml
.codecov.yml
 
 
.gitignore
.gitignore
 
 
AUTHORS
AUTHORS
 
 
CODEOWNERS
CODEOWNERS
 
 
CONTRIBUTORS
CONTRIBUTORS
 
 
COPYRIGHT
COPYRIGHT
 
 
LICENSE
LICENSE
 
 
Makefile.fuzz
Makefile.fuzz
 
 
Makefile.release
Makefile.release
 
 
README.md
README.md
 
 
acceptfunc.go
acceptfunc.go
 
 
acceptfunc_test.go
acceptfunc_test.go
 
 
client.go
client.go
 
 
client_test.go
client_test.go
 
 
clientconfig.go
clientconfig.go
 
 
clientconfig_test.go
clientconfig_test.go
 
 
dane.go
dane.go
 
 
defaults.go
defaults.go
 
 
dns.go
dns.go
 
 
dns_bench_test.go
dns_bench_test.go
 
 
dns_test.go
dns_test.go
 
 
dnssec.go
dnssec.go
 
 
dnssec_keygen.go
dnssec_keygen.go
 
 
dnssec_keyscan.go
dnssec_keyscan.go
 
 
dnssec_privkey.go
dnssec_privkey.go
 
 
dnssec_test.go
dnssec_test.go
 
 
doc.go
doc.go
 
 
duplicate.go
duplicate.go
 
 
duplicate_generate.go
duplicate_generate.go
 
 
duplicate_test.go
duplicate_test.go
 
 
dyn_test.go
dyn_test.go
 
 
edns.go
edns.go
 
 
edns_test.go
edns_test.go
 
 
example_test.go
example_test.go
 
 
format.go
format.go
 
 
format_test.go
format_test.go
 
 
fuzz.go
fuzz.go
 
 
fuzz_test.go
fuzz_test.go
 
 
generate.go
generate.go
 
 
generate_test.go
generate_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
hash.go
hash.go
 
 
issue_test.go
issue_test.go
 
 
labels.go
labels.go
 
 
labels_test.go
labels_test.go
 
 
leak_test.go
leak_test.go
 
 
length_test.go
length_test.go
 
 
listen_no_socket_options.go
listen_no_socket_options.go
 
 
listen_socket_options.go
listen_socket_options.go
 
 
msg.go
msg.go
 
 
msg_generate.go
msg_generate.go
 
 
msg_helpers.go
msg_helpers.go
 
 
msg_helpers_test.go
msg_helpers_test.go
 
 
msg_test.go
msg_test.go
 
 
msg_truncate.go
msg_truncate.go
 
 
msg_truncate_test.go
msg_truncate_test.go
 
 
nsecx.go
nsecx.go
 
 
nsecx_test.go
nsecx_test.go
 
 
parse_test.go
parse_test.go
 
 
privaterr.go
privaterr.go
 
 
privaterr_test.go
privaterr_test.go
 
 
reverse.go
reverse.go
 
 
rr_test.go
rr_test.go
 
 
sanitize.go
sanitize.go
 
 
sanitize_test.go
sanitize_test.go
 
 
scan.go
scan.go
 
 
scan_rr.go
scan_rr.go
 
 
scan_test.go
scan_test.go
 
 
serve_mux.go
serve_mux.go
 
 
serve_mux_test.go
serve_mux_test.go
 
 
server.go
server.go
 
 
server_test.go
server_test.go
 
 
sig0.go
sig0.go
 
 
sig0_test.go
sig0_test.go
 
 
smimea.go
smimea.go
 
 
svcb.go
svcb.go
 
 
svcb_test.go
svcb_test.go
 
 
tlsa.go
tlsa.go
 
 
tmpdir_darwin_test.go
tmpdir_darwin_test.go
 
 
tmpdir_test.go
tmpdir_test.go
 
 
tools.go
tools.go
 
 
tsig.go
tsig.go
 
 
tsig_test.go
tsig_test.go
 
 
types.go
types.go
 
 
types_generate.go
types_generate.go
 
 
types_test.go
types_test.go
 
 
udp.go
udp.go
 
 
udp_darwin.go
udp_darwin.go
 
 
udp_no_control.go
udp_no_control.go
 
 
udp_test.go
udp_test.go
 
 
update.go
update.go
 
 
update_test.go
update_test.go
 
 
version.go
version.go
 
 
version_test.go
version_test.go
 
 
xfr.go
xfr.go
 
 
xfr_test.go
xfr_test.go
 
 
zduplicate.go
zduplicate.go
 
 

Repository files navigation

Build Status Code Coverage Go Report Card

DNS version 2 is now available at https://codeberg.org/miekg/dns, check it out if you want to help shape the next 15 years of the Go DNS package.

The version here will see no new features and less and less development.

Alternative (more granular) approach to a DNS library

Less is more.

Complete and usable DNS library. All Resource Records are supported, including the DNSSEC types. It follows a lean and mean philosophy. If there is stuff you should know as a DNS programmer there isn't a convenience function for it. Server side and client side programming is supported, i.e. you can build servers and resolvers with it.

We try to keep the "master" branch as sane as possible and at the bleeding edge of standards, avoiding breaking changes wherever reasonable. We support the last two versions of Go.

Goals

  • KISS;
  • Fast;
  • Small API. If it's easy to code in Go, don't make a function for it.

Users

A not-so-up-to-date-list-that-may-be-actually-current:

Send pull request if you want to be listed here.

Features

  • UDP/TCP queries, IPv4 and IPv6
  • RFC 1035 zone file parsing ($INCLUDE, $ORIGIN, $TTL and $GENERATE (for all record types) are supported
  • Fast
  • Server side programming (mimicking the net/http package)
  • Client side programming
  • DNSSEC: signing, validating and key generation for DSA, RSA, ECDSA and Ed25519
  • EDNS0, NSID, Cookies
  • AXFR/IXFR
  • TSIG, SIG(0)
  • DNS over TLS (DoT): encrypted connection between client and server over TCP
  • DNS name compression

Have fun!

Miek Gieben - 2010-2012 - miek@miek.nl DNS Authors 2012-

Building

This library uses Go modules and uses semantic versioning. Building is done with the go tool, so the following should work:

go get github.com/miekg/dns
go build github.com/miekg/dns

Examples

A short "how to use the API" is at the beginning of doc.go (this also will show when you call godoc github.com/miekg/dns).

Example programs can be found in the github.com/miekg/exdns repository.

Supported RFCs

all of them

  • 103{4,5} - DNS standard
  • 1183 - ISDN, X25 and other deprecated records
  • 1348 - NSAP record (removed the record)
  • 1982 - Serial Arithmetic
  • 1876 - LOC record
  • 1995 - IXFR
  • 1996 - DNS notify
  • 2136 - DNS Update (dynamic updates)
  • 2181 - RRset definition - there is no RRset type though, just []RR
  • 2537 - RSAMD5 DNS keys
  • 2065 - DNSSEC (updated in later RFCs)
  • 2671 - EDNS record
  • 2782 - SRV record
  • 2845 - TSIG record
  • 2915 - NAPTR record
  • 2929 - DNS IANA Considerations
  • 3110 - RSASHA1 DNS keys
  • 3123 - APL record
  • 3225 - DO bit (DNSSEC OK)
  • 340{1,2,3} - NAPTR record
  • 3445 - Limiting the scope of (DNS)KEY
  • 3596 - AAAA record
  • 3597 - Unknown RRs
  • 4025 - A Method for Storing IPsec Keying Material in DNS
  • 403{3,4,5} - DNSSEC + validation functions
  • 4255 - SSHFP record
  • 4343 - Case insensitivity
  • 4408 - SPF record
  • 4509 - SHA256 Hash in DS
  • 4592 - Wildcards in the DNS
  • 4635 - HMAC SHA TSIG
  • 4701 - DHCID
  • 4892 - id.server
  • 5001 - NSID
  • 5155 - NSEC3 record
  • 5205 - HIP record
  • 5702 - SHA2 in the DNS
  • 5936 - AXFR
  • 5966 - TCP implementation recommendations
  • 6605 - ECDSA
  • 6725 - IANA Registry Update
  • 6742 - ILNP DNS
  • 6840 - Clarifications and Implementation Notes for DNS Security
  • 6844 - CAA record
  • 6891 - EDNS0 update
  • 6895 - DNS IANA considerations
  • 6944 - DNSSEC DNSKEY Algorithm Status
  • 6975 - Algorithm Understanding in DNSSEC
  • 7043 - EUI48/EUI64 records
  • 7314 - DNS (EDNS) EXPIRE Option
  • 7477 - CSYNC RR
  • 7828 - edns-tcp-keepalive EDNS0 Option
  • 7553 - URI record
  • 7858 - DNS over TLS: Initiation and Performance Considerations
  • 7871 - EDNS0 Client Subnet
  • 7873 - Domain Name System (DNS) Cookies
  • 8080 - EdDSA for DNSSEC
  • 8490 - DNS Stateful Operations
  • 8499 - DNS Terminology
  • 8659 - DNS Certification Authority Authorization (CAA) Resource Record
  • 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery
  • 8914 - Extended DNS Errors
  • 8976 - Message Digest for DNS Zones (ZONEMD RR)
  • 9460 - Service Binding and Parameter Specification via the DNS
  • 9461 - Service Binding Mapping for DNS Servers
  • 9462 - Discovery of Designated Resolvers
  • 9460 - SVCB and HTTPS Records
  • 9567 - DNS Error Reporting
  • 9606 - DNS Resolver Information
  • 9660 - DNS Zone Version (ZONEVERSION) Option
  • Draft - Compact Denial of Existence in DNSSEC

Loosely Based Upon

Upstream Synchronization

Assumes that multiple remotes are present:

> git remote -v
origin  git@github.com:banyansecurity/dns.git (fetch)
origin  git@github.com:banyansecurity/dns.git (push)
upstream        git@github.com:miekg/dns.git (fetch)
upstream        git@github.com:miekg/dns.git (push)

As an example, for syncing v1.1.69, fetch the latest tags:

> git fetch --all
Fetching origin
Fetching upstream
remote: Enumerating objects: 44, done.
remote: Counting objects: 100% (23/23), done.
remote: Compressing objects: 100% (13/13), done.
remote: Total 44 (delta 13), reused 10 (delta 10), pack-reused 21 (from 3)
Unpacking objects: 100% (44/44), 69.33 KiB | 559.00 KiB/s, done.
From github.com:miekg/dns
 * [new branch]        dependabot/go_modules/all-e97dd7be45 -> upstream/dependabot/go_modules/all-e97dd7be45
   4145b390..3126b782  master                               -> upstream/master
 * [new tag]           v1.1.69                              -> v1.1.69

Create a new branch based on that tag and make sure it looks good:

> git checkout -b sync-v1.1.69 v1.1.69
Switched to a new branch 'sync-v1.1.69'

> git log -n 1
commit 49a9cee9c07326338c622657fde8f0cc8128bf0a (HEAD -> sync-v1.1.69, tag: v1.1.69)
Author: Miek Gieben <miek@miek.nl>
Date:   Thu Dec 11 17:10:38 2025 +0100

    Release 1.1.69

Merge in our changes (master), handle any merge conflicts, push / handle the pull request as usual with master as the target:

> git merge master
Auto-merging server.go
Auto-merging version.go
CONFLICT (content): Merge conflict in version.go
Automatic merge failed; fix conflicts and then commit the result.

> git add . && git commit && git push origin sync-v1.1.69

About

DNS library in Go

miek.nl/2014/august/16/go-dns-package

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%