1. 15 Dec, 2016 1 commit
  2. 13 Dec, 2016 2 commits
  3. 09 Dec, 2016 2 commits
  4. 06 Dec, 2016 1 commit
  5. 17 Oct, 2016 1 commit
  6. 07 Sep, 2016 1 commit
  7. 19 Aug, 2016 1 commit
    • Robert Edmonds's avatar
      modules: Add new whoami module · b2c753d9
      Robert Edmonds authored
      This commit adds a new "whoami" module. It synthesizes an A or AAAA
      record containing the query source IP address, at the apex of the zone
      being served. It makes sure to allow Knot to generate cacheable negative
      responses, and to allow fallback to extra records defined in the
      underlying zone file. The TTL of the synthesized record is copied from
      the TTL of the SOA record in the zone file.
      
      Because a DNS query for type A or AAAA has nothing to do with whether
      the query is occurs over IPv4 or IPv6, this module requires a special
      zone configuration to support both address families. For A queries, the
      underlying zone must have a set of nameservers that only have IPv4
      addresses, and for AAAA queries, the underlying zone must have a set of
      nameservers that only have IPv6 addresses.
      
      To enable this module, you need to add something like the following to
      the Knot configuration file:
      
          mod-whoami:
            - id: default
      
          zone:
            - domain: whoami.domain.example
              file: "/path/to/whoami.domain.example"
              module: [mod-whoami/default]
      
          zone:
            - domain: whoami6.domain.example
              file: "/path/to/whoami6.domain.example"
              module: [mod-whoami/default]
      
      The whoami.domain.example zone file would look something like:
      
          $TTL 1
      
          @       SOA     (
                                  whoami.domain.example.          ; MNAME
                                  hostmaster.domain.example.      ; RNAME
                                  2016051300                      ; SERIAL
                                  86400                           ; REFRESH
                                  86400                           ; RETRY
                                  86400                           ; EXPIRE
                                  1                               ; MINIMUM
                          )
      
          $TTL 86400
      
          @       NS      ns1.whoami.domain.example.
          @       NS      ns2.whoami.domain.example.
          @       NS      ns3.whoami.domain.example.
          @       NS      ns4.whoami.domain.example.
      
          ns1     A       198.51.100.53
          ns2     A       192.0.2.53
          ns3     A       203.0.113.53
          ns4     A       198.19.123.53
      
      The whoami6.domain.example zone file would look something like:
      
          $TTL 1
      
          @       SOA     (
                                  whoami6.domain.example.         ; MNAME
                                  hostmaster.domain.example.      ; RNAME
                                  2016051300                      ; SERIAL
                                  86400                           ; REFRESH
                                  86400                           ; RETRY
                                  86400                           ; EXPIRE
                                  1                               ; MINIMUM
                          )
      
          $TTL 86400
      
          @       NS      ns1.whoami6.domain.example.
          @       NS      ns2.whoami6.domain.example.
          @       NS      ns3.whoami6.domain.example.
          @       NS      ns4.whoami6.domain.example.
      
          ns1     AAAA    2001:db8:100::53
          ns2     AAAA    2001:db8:200::53
          ns3     AAAA    2001:db8:300::53
          ns4     AAAA    2001:db8:400::53
      
      The parent domain would then delegate whoami.domain.example to
      ns[1-4].whoami.domain.example and whoami6.domain.example to
      ns[1-4].whoami6.domain.example, and include the corresponding A-only or
      AAAA-only glue records.
      
      To test this locally, I stubbed out the zones in my Unbound
      configuration:
      
          server:
              domain-insecure: "whoami.domain.example"
              domain-insecure: "whoami6.domain.example"
      
          stub-zone:
              name: "whoami.domain.example"
              stub-addr: <IPv4 address that Knot listens on>
      
          stub-zone:
              name: "whoami6.domain.example"
              stub-addr: <IPv6 address that Knot listens on>
      b2c753d9
  8. 16 Aug, 2016 2 commits
  9. 08 Aug, 2016 3 commits
  10. 06 Aug, 2016 1 commit
  11. 03 Aug, 2016 1 commit
  12. 27 Jun, 2016 1 commit
  13. 23 Jun, 2016 1 commit
  14. 22 Jun, 2016 3 commits
  15. 21 Jun, 2016 2 commits
  16. 14 Jun, 2016 1 commit
  17. 13 Jun, 2016 3 commits
  18. 10 Jun, 2016 1 commit
  19. 08 Jun, 2016 3 commits
  20. 05 May, 2016 2 commits
  21. 27 Apr, 2016 1 commit
  22. 22 Apr, 2016 1 commit
  23. 21 Apr, 2016 2 commits
  24. 19 Apr, 2016 1 commit
  25. 13 Apr, 2016 1 commit
  26. 24 Mar, 2016 1 commit