Home / Blogs

Supporting New DNS RR Types with dnsextlang, Part II

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

Previous article introduced my DNS extension language, intended to make it easier to add new DNS record types to DNS software. It described a new perl module Net::DNS::Extlang that uses the extension language to automatically create perl code to handle new RRTYPEs. Today we look at my second project, intended to let people create DNS records and zone files with new RRTYPEs.

I’ve long had a DNS “toaster”, a web site where my users and I could manage our DNS zones. Rather than limiting users to a small list of RRTYPEs, it lets users edit the text of their zone files, which works fine except when it doesn’t. Every hour a daemon takes any changed zonefiles, signs them, and passes them to the DNS servers. With no syntax check in the toaster, if there’s a syntax error in a zone file, the entire rebuild process fails until someone (usually me) notices and fixes it.

Since the toaster is written in python, I wrote a python library that uses the same extension language to do syntax checked zone edits and a simple version of the toaster as a django app that people can start with. The syntax checker does two things: one is to read text strings that are supposed to be DNS master files, or single master records and check whether they’re valid. The other is to create and parse HTML forms for DNS records to help people enter valid ones.

To show how this works, I put a series of screen shots in this PDF so you can follow along.

The first screen shows the site after you log in, with a few existing random domains. If you the Create tab, you get the second screen, which lets you fill in the domain name and (if you’re a site admin) the name of the user who owns the site. Click Submit, and now you’re on the edit page, where you can see the zone has been created with a single comment record, just so it wouldn’t be empty.

There’s a New Record: section where you can choose the record type you want to create, and click Add. The set of record types is created on the fly from the extension language database in the DNS that I described in the last blog post, so you can create and later edit any RRTYPE that the extension language can describe. We choose MX and click Add, which gives us a screen with a form that has all of the fields in the MX record. This form is also created on the fly by the extension language library, so for each rrtype, it will show an appropriate form with prompts for each field. Fill in the form and click Submit, and the record is added to the zone file if it’s valid.

The next screen shows what happens if you get the syntax wrong, in this case, an A record with an invalid IPv4 address. The extension library has a class for every field type that produces helpful error messages in case of syntax errors.

Since sometimes it’s tedious to edit a record at a time, there’s also a Block edit mode, shown in the next screen, where you can edit the zone as a block of text. When you submit the changes, it syntax checks the zone. The next screen shows an error message for an AAAA record with an invalid IPv6 address.

Not shown are some other odds and ends, notably a batch script that exports a list of zone names and a set of zone files that you can give you your DNS server. The django app is only about 1000 lines of python, of which about 1/3 is managing the various web pages, 1/3 is connecting the extlang library to the forms generated by django’s forms class, and 1/3 is everything else.

The python library is in pypi at https://pypi.python.org/pypi/dnsextlang/, currently python3 only.

The django app is on github at https://github.com/jrlevine/editdns, written in django 1.9 and python3. It uses the dnsextlang library, of course.

By John Levine, Author, Consultant & Speaker

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC