#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2008
    Posts
    60
    Rep Power
    42

    DNS Resolver Response


    I am writing a DNS resolver in C++.
    I am looking at RFC 1034 and I am trying to understand exactly what my resolver must return to the client. I know that the response must contain the following information:
    • Header
    • Sections
      1. Question
      2. Answer
      3. Authority
      4. Additional

    What I am confused about is how should I return this information. Should I simply write it back to the client as a char* array? Are their specific structures that I must fill out and return to the client? Right now I am just returning a char* buffer by writing it to the client using the socket networking api.
    If it is just a char* that I must write to the client then how should the information be delimited?

    I would like to be able to configure my gnu/linux distro to use my dns resolver so that when I type an address into firefox the dns resolver is able to resolve the host and the browser is able to send an http request to the correct host. I am not yet sure how to set this all up so that I can test it, otherwise I would be able to experiment a bit with what I return from the resolver. If anyone has any advice on setting up a custom resolver like this I would be interested in some direction.

    --EDIT #1 --
    What program does linux use to resolve dns queries?
    Knowing that might help me answer the rest of my questions. I would like to know how my resolver must return the response to the client to be compliant so that I can swap out the currently running dns resolver with my own. I want to know what program would resolve dns queries made by Firefox when I type an address in the address bar, or any other application trying to access a resource on the Internet.
    ----------

    -- EDIT #2 --
    I am starting to think that there is no one dns resolver for the linux operating system, but rather, programs use library functions that read the /etc/resolve.conf file. Is this the case? Is there no single resolver to speak of?

    If there is no single resolver to speak of then it seems that if I wish to write a program to handle the DNS lookups for all programs then I would have to configure the resolve.conf file to use my program as the nameserver. Is that correct? What exactly would my name server have to return? I have read the RFC 1034, so I know the resolver is suppose to return, is it the same thing for a nameserver? What datatype must I return? There must be a standardized interface for this?
    ----------------
    Sincerely,

    dustfinger.
    Last edited by dustfinger; June 27th, 2011 at 12:36 AM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    248
    Rep Power
    5
    Are you trying to write your own DNS software? As in something along the same lines as BIND? Or just a stub resolver? The best way to see how to format the data might be to look at DNS packets. You can use things like tcpdump, snort and WireShark to do packet inspection.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2008
    Posts
    60
    Rep Power
    42
    Originally Posted by CaptPikel
    Are you trying to write your own DNS software? As in something along the same lines as BIND? Or just a stub resolver? The best way to see how to format the data might be to look at DNS packets. You can use things like tcpdump, snort and WireShark to do packet inspection.
    I am trying to write my own resolver. My goal is to have a resolver on Computer A and have All computers behind Router X use my resolver when making a request to a website. So my resolver would take the host name of the request and call getaddrinfo to get the address information and return it. At first I thought that a linux machine would have a single resolver program that would do this for all applications, but it seems like perhaps all applications just use an api that reads the /etc/resolv.conf. This has been a big source of confusion for me. I am going to take your advice and see if I can see what is going on using wireshark. I have never used wireshark before so I am hoping that it is not too difficult to figure out.

    So to recap:
    1. Computer A is running my custom resolver
    2. All computer's behind router X should use the resolver running on Computer A when making requests to the Internet.
    3. The applications on Computer A need not use the resolver, they can use the default resolver.

    One question that would help me a lot right now is knowing whether or not gnu/linux systems use a single resolver, or if all apps implement their own resolvers using a library. I have read the resolver man page so I know that such a library exists, but I am not sure how this is all implemented in practice.

    Sincerely,

    dustfinger.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    248
    Rep Power
    5
    I use Linux and UNIX on a regular basis, however I'm really not sure if there is a single resolver they use. I use BIND which is the de facto DNS server software.

    However I'm 90% sure there is not just a single one resolver Linux systems use. Maybe one in UNIX... but If there's one thing I know, there's never anything all Linux systems will always have in common

    If you have access to a linux machine, try "man-k resolv". That will search the manual pages for anything matching resolv (resolv.conf, resolver, resolving, etc...). That may have some helpful info in it.
  8. #5
  9. Wiser? Not exactly.
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    5,959
    Rep Power
    4035
    The resolver code is usually builtin to the network libraries. Rather than try and repplace the resolver, what you should do is setup a DNS server on Computer A then configure all the other computers to use that as their Primary DNS server.
    Recycle your old CD's, don't just trash them



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    248
    Rep Power
    5
    I'm not to familiar with writing programs but I agree, using something like BIND on the backend and maybe using a smaller program to manipulate it (if needed) seems like it might be easier. Unless it's for school or something.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2008
    Posts
    60
    Rep Power
    42
    Thank you CaptPikel and kicken,

    The reason why I was trying to write my own resolver is because I would like to make decisions about what IP address to return based on the address of the computer making the request. It will need to be a custom resolver unless I can write a plugin for bind. Would it be possible to write a resolver and point all my computers to use it as a dns server? I guess I am not 100% clear, but I think that a dns can do a lot more than just resolve queries, and that is the only part that I need to customize. I wonder if I listed my resolver as the nameserver in resolv.conf if that would work? But I still need to determine exactly what format I must return the header and section information mentioned in RFC 1034. I am going to do some tests with wireshark in a bit and try to answer this question.

    Would writing a resolver and configuring /etc/resolv.conf nameserver to point to my resolver do the trick?

    I am going to do a lot more reading up on the RFC's tonight and investigate the possibility of writing a plugin for BIND as well.

    Sincerely,

    Trevor Wilson
  14. #8
  15. Wiser? Not exactly.
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    May 2001
    Location
    Bonita Springs, FL
    Posts
    5,959
    Rep Power
    4035
    Originally Posted by dustfinger
    The reason why I was trying to write my own resolver is because I would like to make decisions about what IP address to return based on the address of the computer making the request.
    What kind of decisions? If it is just returning a different IP for certain domains, BIND can do that. You can create views in the config file so it does different things based on the requesters address. For ex, you could create a view to return an internal IP for your servers to Internal computers, and provide the external IP to external users.


    I guess I am not 100% clear, but I think that a dns can do a lot more than just resolve queries, and that is the only part that I need to customize
    That is pretty much what dns is. Clients make queries asking to resolve various names and DNS servers provide the answers.
    Recycle your old CD's, don't just trash them



    If I helped you out, show some love with some reputation, or tip with Bitcoins to 1N645HfYf63UbcvxajLKiSKpYHAq2Zxud
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    248
    Rep Power
    5
    BIND is a powerful program for DNS. That's why it's been around so long. If you want to return queries based on the computer asking or the destination, you may want to look in to using the view clauses in BIND. Also known as split view/horizon.


    http://www.zytrax.com/books/dns/ch7/view.html
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2008
    Posts
    60
    Rep Power
    42
    Hi kicken and CaptPikel,

    What kind of decisions? If it is just returning a different IP for certain domains, BIND can do that. You can create views in the config file so it does different things based on the register's address. For ex, you could create a view to return an internal IP for your servers to Internal computers, and provide the external IP to external users.
    When a query has been accepted I need to be able to query a database, match the requesters IP and the resolved query's IP with IP addresses in the database and based on some rules make decisions about what IP address to return. One problem with views is that the IP addresses are all in a config file. The IP addresses that I need to evaluate must be in a database and may change over time. They need to be dynamic. Perhaps the view clauses are expressive enough to handle the business logic, I am not sure yet, I am looking into it now.

    Perhaps if I could combine Bind views with mysql-bind then I may have a solution. I just discovered mysql-bind and I have not read enough into either solution to know if this will work. I am going to spend the evening doing just that and investigating other options as well. I was thinking of writing my own resolver because I thought that a full fledged DNS server was more complicated and I also didn't want to get into Bind because I have heard that it is a complicated product. I probably wouldn't use most of its features. I am going to investigate the possibility of using bind now though. Perhaps that is the smarter way to go. So if I did use Bind then I imagine that I would configure my /etc/resolv.conf file to use my bind server as the nameserver. Then when an application like firefox calls a library function like getaddrinfo, it will query my bind server to resolve the query. If this is correct, then the model in my head is finally getting sorted out. I was picturing something called a dns server and some other thing called a resolver, which I now believe to be incorrect. They are really one in the same thing. Having said that it seems like the client code that calls methods like getaddrinfo are often referred to as a resolver.

    Well, you have given me a lot to research. Thank you so much to both of you for taking some time to consider my questions and to refer me to some alternative options. I really do appreciate it.

    Sincerely,

    dustfinger.
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2010
    Posts
    248
    Rep Power
    5
    BIND can be daunting at first but it's a rather simple and straight forward program. CLI tends to scare some people and I've found that to be the biggest thing people have to overcome. Anyone familiar with cli anything can probably pick it up easily. Especially programmers or people coming from Cisco stuff. I only learned BIND out of necessity at a job. It does a lot but sometimes you have to tinker with it to get it right.

    It sounds like an interesting idea you have. I know BIND but I'm crappy at writing programs(and many other things...) so it will be interesting if you get that to work.

    As for the resolvers, a big difference from the client side and a DNS server is the type of query. You may want to read up on recursion and iteration. Clients usually send recursive queries and servers resolve the queries via iteration.

    http://technet.microsoft.com/en-us/library/cc961401.aspx

IMN logo majestic logo threadwatch logo seochat tools logo