diff options
author | schmonz <schmonz@pkgsrc.org> | 2022-01-27 15:31:09 +0000 |
---|---|---|
committer | schmonz <schmonz@pkgsrc.org> | 2022-01-27 15:31:09 +0000 |
commit | 94fd9e5a3d3cf4ba93b5a853ed0a2659471d46d9 (patch) | |
tree | 78d0bd2896c68dfce64d46deb94507a17c6f3b1a /net | |
parent | fd8e5ae9a3d3e3a1393228aee8f4703b6e849c33 (diff) | |
download | pkgsrc-94fd9e5a3d3cf4ba93b5a853ed0a2659471d46d9.tar.gz |
Add dq, a recursive DNS/DNSCurve server. This package contains:
- dqcache, a recursive DNS server with DNSCurve support
- based on dnscache from djbdns
- added support for streamlined DNSCurve
- added support for TXT DNSCurve
- added support for combined DNSCurve (streamlined and TXT)
- added support for DNS anchors with DNSCurve keys
- added full IPv6 support
- added support for IPv6 DNS anchors
- added support for cache dumping/loading
- used siphash24 instead of hash5381 in cache library
- added SOA record caching
- added authority record to DNS response
- improved logs - IPs not printed in hex format
- fixed CVE-2012-1191
- fixed CVE-2008-4392
- dq, a command-line tool to debug DNS/DNScurve
- based on dnsq and dnsqr from djbdns
- added IPv6 support
- added DNSCurve support (Streamlined/TXT)
Diffstat (limited to 'net')
-rw-r--r-- | net/dq/DESCR | 21 | ||||
-rw-r--r-- | net/dq/Makefile | 51 | ||||
-rw-r--r-- | net/dq/PLIST | 11 | ||||
-rw-r--r-- | net/dq/distinfo | 6 | ||||
-rw-r--r-- | net/dq/files/dnscurveroots.global | 24 | ||||
-rw-r--r-- | net/dq/files/dqcache.sh | 56 | ||||
-rw-r--r-- | net/dq/files/examples.md | 170 | ||||
-rw-r--r-- | net/dq/patches/patch-make-install.sh | 14 |
8 files changed, 353 insertions, 0 deletions
diff --git a/net/dq/DESCR b/net/dq/DESCR new file mode 100644 index 00000000000..36078db8308 --- /dev/null +++ b/net/dq/DESCR @@ -0,0 +1,21 @@ +Dq contains: + +- dqcache, a recursive DNS server with DNSCurve support + - based on dnscache from djbdns + - added support for streamlined DNSCurve + - added support for TXT DNSCurve + - added support for combined DNSCurve (streamlined and TXT) + - added support for DNS anchors with DNSCurve keys + - added full IPv6 support + - added support for IPv6 DNS anchors + - added support for cache dumping/loading + - used siphash24 instead of hash5381 in cache library + - added SOA record caching + - added authority record to DNS response + - improved logs - IPs not printed in hex format + - fixed CVE-2012-1191 + - fixed CVE-2008-4392 +- dq, a command-line tool to debug DNS/DNScurve + - based on dnsq and dnsqr from djbdns + - added IPv6 support + - added DNSCurve support (Streamlined/TXT) diff --git a/net/dq/Makefile b/net/dq/Makefile new file mode 100644 index 00000000000..05956a06dcb --- /dev/null +++ b/net/dq/Makefile @@ -0,0 +1,51 @@ +# $NetBSD: Makefile,v 1.1 2022/01/27 15:31:09 schmonz Exp $ + +GITHUB_PROJECT= dq +GITHUB_TAG= 20220101 +DISTNAME= ${GITHUB_PROJECT} +PKGNAME= ${GITHUB_PROJECT}-${GITHUB_TAG} +CATEGORIES= net +MASTER_SITES= ${MASTER_SITE_GITHUB:=janmojzis/} + +MAINTAINER= schmonz@NetBSD.org +HOMEPAGE= https://github.com/janmojzis/dq/ +COMMENT= Recursive DNS/DNSCurve server +LICENSE= public-domain + +DEPENDS+= daemontools-[0-9]*:../../sysutils/daemontools + +DJB_MAKE_TARGETS= no +BUILD_TARGET= compile + +SUBST_CLASSES+= etc +SUBST_STAGE.etc= do-configure +SUBST_FILES.etc= dq/dns_rcrw.c dq/dq.c man/dq.1 +SUBST_SED.etc= -e 's|/etc/dnsrewrite|${PKG_SYSCONFBASE}/dnsrewrite|g' +SUBST_MESSAGE.etc= Fixing prefix. + +EGDIR= share/examples/${PKGBASE} +INSTALLATION_DIRS= ${EGDIR} +MAKE_DIRS+= ${PKG_SYSCONFDIR}/dqcache/servers + +CONF_FILES+= ${PREFIX}/${EGDIR}/dnscurveroots.global \ + ${PKG_SYSCONFDIR}/dqcache/servers/@ + +PKG_GROUPS+= ${DQCACHE_GROUP} +PKG_USERS+= ${DQCACHE_USER}:${DQCACHE_GROUP} +BUILD_DEFS+= DQCACHE_GROUP DQCACHE_USER PKG_SYSCONFBASE + +RCD_SCRIPTS= dqcache +FILES_SUBST+= DQCACHE_USER=${DQCACHE_USER:Q} +FILES_SUBST+= PKGNAME=${PKGNAME:Q} + +post-configure: + ${RUN}cd ${DJB_CONFIG_DIR}; \ + [ -f conf-sbin ] && ${ECHO} ${DJB_CONFIG_PREFIX}/sbin > conf-sbin + +post-install: + for i in examples.md dnscurveroots.global; do \ + ${INSTALL_DATA} ${FILESDIR}/$$i ${DESTDIR}${PREFIX}/${EGDIR}/; \ + done + +.include "../../mk/djbware.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/net/dq/PLIST b/net/dq/PLIST new file mode 100644 index 00000000000..a41bea728f6 --- /dev/null +++ b/net/dq/PLIST @@ -0,0 +1,11 @@ +@comment $NetBSD: PLIST,v 1.1 2022/01/27 15:31:09 schmonz Exp $ +bin/dq +man/man1/dq.1 +man/man8/dqcache-makekey.8 +man/man8/dqcache-start.8 +man/man8/dqcache.8 +sbin/dqcache +sbin/dqcache-makekey +sbin/dqcache-start +share/examples/dq/dnscurveroots.global +share/examples/dq/examples.md diff --git a/net/dq/distinfo b/net/dq/distinfo new file mode 100644 index 00000000000..5a545d0bdf0 --- /dev/null +++ b/net/dq/distinfo @@ -0,0 +1,6 @@ +$NetBSD: distinfo,v 1.1 2022/01/27 15:31:09 schmonz Exp $ + +BLAKE2s (dq-20220101.tar.gz) = 3b340e5217e58061e38fdafc407f40e64877a61f680c7f43409b8b6a4fe290ba +SHA512 (dq-20220101.tar.gz) = 5c4fd8a8f37b2f8707abde80af7efe943dd00f0e725b406bff9ee8aae889f820fb76fe137be8223943c76ec14d41579de9a66f5d4c440d493e6d527bb24b175a +Size (dq-20220101.tar.gz) = 140727 bytes +SHA1 (patch-make-install.sh) = f8d8460015ab6a849e5bc25d341bb993c3bdcb3c diff --git a/net/dq/files/dnscurveroots.global b/net/dq/files/dnscurveroots.global new file mode 100644 index 00000000000..26a7ed6b0a4 --- /dev/null +++ b/net/dq/files/dnscurveroots.global @@ -0,0 +1,24 @@ +198.41.0.4 +2001:503:ba3e::2:30 +192.228.79.201 +2001:500:84::b +192.33.4.12 +2001:500:2::c +199.7.91.13 +2001:500:2d::d +192.203.230.10 +192.5.5.241 +2001:500:2f::f +192.112.36.4 +198.97.190.53 +2001:500:1::53 +192.36.148.17 +2001:7fe::53 +192.58.128.30 +2001:503:c27::2:30 +193.0.14.129 +2001:7fd::1 +199.7.83.42 +2001:500:9f::42 +202.12.27.33 +2001:dc3::35 diff --git a/net/dq/files/dqcache.sh b/net/dq/files/dqcache.sh new file mode 100644 index 00000000000..c2d37a6d96a --- /dev/null +++ b/net/dq/files/dqcache.sh @@ -0,0 +1,56 @@ +#!@RCD_SCRIPTS_SHELL@ +# +# $NetBSD: dqcache.sh,v 1.1 2022/01/27 15:31:09 schmonz Exp $ +# +# @PKGNAME@ script to control dqcache (caching DNS+DNSCurve resolver). +# + +# PROVIDE: dqcache named +# REQUIRE: NETWORKING mountcritremote syslogd +# BEFORE: DAEMON + +name="dqcache" + +# User-settable rc.conf variables and their default values: +: ${dqcache_postenv:=""} +: ${dqcache_ip:="127.0.0.1"} +: ${dqcache_size:="10000000"} +: ${dqcache_log:="YES"} +: ${dqcache_logcmd:="logger -t nbdq/cache -p daemon.info"} +: ${dqcache_nologcmd:="@PREFIX@/bin/multilog -*"} + +if [ -f /etc/rc.subr ]; then + . /etc/rc.subr +fi + +rcvar=${name} +required_dirs="@PKG_SYSCONFDIR@/${name}/servers" +required_files="@PKG_SYSCONFDIR@/${name}/servers/@" +command="@PREFIX@/sbin/${name}" +procname=nb${name} +start_precmd="dqcache_precmd" + +dqcache_precmd() { + if [ -f /etc/rc.subr ] && ! checkyesno dqcache_log; then + dqcache_logcmd=${dqcache_nologcmd} + fi + command="@PREFIX@/bin/pgrphack @SETENV@ - ${dqcache_postenv} \ +ROOT=@PKG_SYSCONFDIR@/${name} \ +IP=${dqcache_ip} \ +CACHESIZE=${dqcache_size} \ +@PREFIX@/bin/envuidgid @DQCACHE_USER@ \ +@PREFIX@/bin/argv0 @PREFIX@/sbin/${name} ${procname} \ +2>&1 | \ +${dqcache_logcmd}" + command_args="&" + rc_flags="" +} + +if [ -f /etc/rc.subr ]; then + load_rc_config $name + run_rc_command "$1" +else + @ECHO_N@ " ${name}" + dqcache_precmd + eval ${command} ${dqcache_flags} ${command_args} +fi diff --git a/net/dq/files/examples.md b/net/dq/files/examples.md new file mode 100644 index 00000000000..3ab68ec77fc --- /dev/null +++ b/net/dq/files/examples.md @@ -0,0 +1,170 @@ +# dq + +### Authoritative example - streamlined DNSCurve query (executed 23.11.2013): + + $ dq -a a dnscurve.org uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org + 1 dnscurve.org - streamlined DNSCurve: + 320 bytes, 1+2+3+3 records, response, authoritative, noerror + query: 1 dnscurve.org + answer: dnscurve.org 600 A 131.193.32.142 + answer: dnscurve.org 600 A 131.193.32.147 + authority: dnscurve.org 259200 NS uz5hjgptn63q5qlch6xlrw63tf6vhvvu6mjwn0s31buw1lhmlk14kd.ns.dnscurve.org + authority: dnscurve.org 259200 NS uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org + authority: dnscurve.org 259200 NS uz5uu2c7j228ujjccp3ustnfmr4pgcg5ylvt16kmd0qzw7bbjgd5xq.ns.dnscurve.org + additional: uz5hjgptn63q5qlch6xlrw63tf6vhvvu6mjwn0s31buw1lhmlk14kd.ns.dnscurve.org 259200 A 131.193.32.142 + additional: uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org 259200 A 131.155.71.143 + additional: uz5uu2c7j228ujjccp3ustnfmr4pgcg5ylvt16kmd0qzw7bbjgd5xq.ns.dnscurve.org 259200 A 80.101.159.118 + +### Authoritative example - TXT DNSCurve query, using suffix 'dnscurve.org' +(executed 23.11.2013): + + $ dq -S 'dnscurve.org' -a a dnscurve.org uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org + 1 dnscurve.org - txt DNSCurve: + 320 bytes, 1+2+3+3 records, response, authoritative, noerror + query: 1 dnscurve.org + answer: dnscurve.org 600 A 131.193.32.142 + answer: dnscurve.org 600 A 131.193.32.147 + authority: dnscurve.org 259200 NS uz5hjgptn63q5qlch6xlrw63tf6vhvvu6mjwn0s31buw1lhmlk14kd.ns.dnscurve.org + authority: dnscurve.org 259200 NS uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org + authority: dnscurve.org 259200 NS uz5uu2c7j228ujjccp3ustnfmr4pgcg5ylvt16kmd0qzw7bbjgd5xq.ns.dnscurve.org + additional: uz5hjgptn63q5qlch6xlrw63tf6vhvvu6mjwn0s31buw1lhmlk14kd.ns.dnscurve.org 259200 A 131.193.32.142 + additional: uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org 259200 A 131.155.71.143 + additional: uz5uu2c7j228ujjccp3ustnfmr4pgcg5ylvt16kmd0qzw7bbjgd5xq.ns.dnscurve.org 259200 A 80.101.159.118 + +### Authoritative example - streamlined DNSCurve query, using IPv4 and key +(executed 23.11.2013): + + $ dq -k uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090 -a a dnscurve.org 131.155.71.143 + 1 dnscurve.org - streamlined DNSCurve: + 320 bytes, 1+2+3+3 records, response, authoritative, noerror + query: 1 dnscurve.org + answer: dnscurve.org 600 A 131.193.32.147 + answer: dnscurve.org 600 A 131.193.32.142 + authority: dnscurve.org 259200 NS uz5hjgptn63q5qlch6xlrw63tf6vhvvu6mjwn0s31buw1lhmlk14kd.ns.dnscurve.org + authority: dnscurve.org 259200 NS uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org + authority: dnscurve.org 259200 NS uz5uu2c7j228ujjccp3ustnfmr4pgcg5ylvt16kmd0qzw7bbjgd5xq.ns.dnscurve.org + additional: uz5hjgptn63q5qlch6xlrw63tf6vhvvu6mjwn0s31buw1lhmlk14kd.ns.dnscurve.org 259200 A 131.193.32.142 + additional: uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org 259200 A 131.155.71.143 + additional: uz5uu2c7j228ujjccp3ustnfmr4pgcg5ylvt16kmd0qzw7bbjgd5xq.ns.dnscurve.org 259200 A 80.101.159.118 + +### Authoritative example - streamlined DNSCurve query, using IPv6 and key +(executed 23.11.2013): + + $ dq -a -k uz52zufj724bjt11s3pgk2dtcpw8ww1dr8g3ssm3hs3jkmwr8l090p a blinkenlights.ch 2a01:4f8:120:43c1::a + 1 blinkenlights.ch - streamlined DNSCurve: + 341 bytes, 1+1+3+3 records, response, authoritative, noerror + query: 1 blinkenlights.ch + answer: blinkenlights.ch 86400 A 78.46.72.150 + authority: blinkenlights.ch 259200 NS uz5crn6x92t4vb4k3z68du7rmwmnnvkbdd29t79yzg9fr2s2rx5pk0.nsde1.eqmx.net + authority: blinkenlights.ch 259200 NS uz5mnv8n4dzrp95zl50jryb4wgf45my27q6pvx8f540l9sspkcwvtm.nszh1.eqmx.net + authority: blinkenlights.ch 259200 NS uz52zufj724bjt11s3pgk2dtcpw8ww1dr8g3ssm3hs3jkmwr8l090p.dns1.workaround.ch + additional: uz5crn6x92t4vb4k3z68du7rmwmnnvkbdd29t79yzg9fr2s2rx5pk0.nsde1.eqmx.net 86400 A 178.209.50.169 + additional: uz5mnv8n4dzrp95zl50jryb4wgf45my27q6pvx8f540l9sspkcwvtm.nszh1.eqmx.net 86400 A 46.246.93.162 + additional: uz52zufj724bjt11s3pgk2dtcpw8ww1dr8g3ssm3hs3jkmwr8l090p.dns1.workaround.ch 86400 A 78.46.72.150 + +### Recursive example (executed 23.11.2013): + + $ dq a dnscurve.org + 1 dnscurve.org - regular DNS: + 272 bytes, 1+2+3+0 records, response, noerror + query: 1 dnscurve.org + answer: dnscurve.org 600 A 131.193.32.147 + answer: dnscurve.org 600 A 131.193.32.142 + authority: dnscurve.org 259200 NS uz5hjgptn63q5qlch6xlrw63tf6vhvvu6mjwn0s31buw1lhmlk14kd.ns.dnscurve.org + authority: dnscurve.org 259200 NS uz5dz39x8xk8wyq3dzn7vpt670qmvzx0zd9zg4ldwldkv6kx9ft090.ns.dnscurve.org + authority: dnscurve.org 259200 NS uz5uu2c7j228ujjccp3ustnfmr4pgcg5ylvt16kmd0qzw7bbjgd5xq.ns.dnscurve.org + +### Recursive example, using OpenDNS resolver - IPv6 (executed 23.11.2013): + + $ dq a dnscurve.org 2620:0:ccc::2 + 1 dnscurve.org - regular DNS: + 62 bytes, 1+2+0+0 records, response, noerror + query: 1 dnscurve.org + answer: dnscurve.org 600 A 131.193.32.147 + answer: dnscurve.org 600 A 131.193.32.142 + +### Recursive example, using OpenDNS resolver - IPv4 (executed 23.11.2013): + + $ dq a dnscurve.org 208.67.222.222 + 1 dnscurve.org - regular DNS: + 62 bytes, 1+2+0+0 records, response, noerror + query: 1 dnscurve.org + answer: dnscurve.org 600 A 131.193.32.142 + answer: dnscurve.org 600 A 131.193.32.147 + +### Recursive example, using OpenDNS resolver - IPv4, dnsqr backward +compatibility (executed 23.11.2013): + + env DNSCACHEIP=208.67.222.222 dq a dnscurve.org + 1 dnscurve.org - regular DNS: + 62 bytes, 1+2+0+0 records, response, noerror + query: 1 dnscurve.org + answer: dnscurve.org 600 A 131.193.32.142 + answer: dnscurve.org 600 A 131.193.32.147 + +### Recursive example, PTR query (executed 23.11.2013): + + $ dq ptr 1.0.0.127.in-addr.arpa + 12 1.0.0.127.in-addr.arpa - regular DNS: + 63 bytes, 1+1+0+0 records, response, noerror + query: 12 1.0.0.127.in-addr.arpa + answer: 1.0.0.127.in-addr.arpa 655360 PTR localhost + +### Recursive example, PTR query, auto-rewrite to *.in-addr.arpa (executed +23.11.2013): + + $ dq ptr 127.0.0.1 + 12 1.0.0.127.in-addr.arpa - regular DNS: + 63 bytes, 1+1+0+0 records, response, noerror + query: 12 1.0.0.127.in-addr.arpa + answer: 1.0.0.127.in-addr.arpa 655360 PTR localhost + +### Recursive example, PTR query, auto-rewrite to *.ip6.arpa (executed +23.11.2013): + + $ dq ptr 2a01:4f8:120:43c1::aa + 12 a.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.c.3.4.0.2.1.0.8.f.4.0.1.0.a.2.ip6.arpa - regular DNS: + 90 bytes, 1+0+0+0 records, response, authoritative, nxdomain + query: 12 a.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.c.3.4.0.2.1.0.8.f.4.0.1.0.a.2.ip6.arpa + +### Authoritative example, verbose mode, truncated answer (executed +23.11.2013): + + $ dq -a -vv any google.com ns4.google.com + dq: debug: resolving: ns4.google.com + dq: debug: DNS query: ns4.google.com AAAA UDP 127.10.10.10 53: sent + dq: debug: DNS query: ns4.google.com A UDP 127.10.10.10 53: sent + dq: debug: DNS query: ns4.google.com A UDP 127.10.10.10 53: received + dq: debug: DNS query: ns4.google.com AAAA UDP 127.10.10.10 53: received + dq: debug: resolved: ns4.google.com: ns4.google.com 216.239.38.10 + dq: debug: DNS query: google.com ANY UDP 216.239.38.10 53: sent + dq: debug: DNS query: google.com ANY UDP 216.239.38.10 53: failed: truncated + dq: debug: DNS query: google.com ANY TCP 216.239.38.10 53: sent + dq: debug: DNS query: google.com ANY TCP 216.239.38.10 53: received + 255 google.com - regular DNS: + 577 bytes, 1+24+0+0 records, response, authoritative, noerror + query: 255 google.com + answer: google.com 300 A 173.194.112.97 + answer: google.com 300 A 173.194.112.96 + answer: google.com 300 A 173.194.112.104 + answer: google.com 300 A 173.194.112.98 + answer: google.com 300 A 173.194.112.99 + answer: google.com 300 A 173.194.112.103 + answer: google.com 300 A 173.194.112.110 + answer: google.com 300 A 173.194.112.100 + answer: google.com 300 A 173.194.112.102 + answer: google.com 300 A 173.194.112.105 + answer: google.com 300 A 173.194.112.101 + answer: google.com 300 AAAA 2a00:1450:4001:803::1006 + answer: google.com 86400 SOA ns1.google.com dns-admin.google.com 2013100300 7200 1800 1209600 300 + answer: google.com 600 MX 10 aspmx.l.google.com + answer: google.com 86400 257 \000\005issuesymantec.com + answer: google.com 345600 NS ns3.google.com + answer: google.com 345600 NS ns2.google.com + answer: google.com 345600 NS ns1.google.com + answer: google.com 600 MX 20 alt1.aspmx.l.google.com + answer: google.com 600 MX 30 alt2.aspmx.l.google.com + answer: google.com 345600 NS ns4.google.com + answer: google.com 600 MX 50 alt4.aspmx.l.google.com + answer: google.com 600 MX 40 alt3.aspmx.l.google.com + answer: google.com 3600 TXT v=spf1 include:_spf.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all diff --git a/net/dq/patches/patch-make-install.sh b/net/dq/patches/patch-make-install.sh new file mode 100644 index 00000000000..46d82fe5b8c --- /dev/null +++ b/net/dq/patches/patch-make-install.sh @@ -0,0 +1,14 @@ +$NetBSD: patch-make-install.sh,v 1.1 2022/01/27 15:31:09 schmonz Exp $ + +DESTDIR support. + +--- make-install.sh.orig 2021-12-28 17:36:08.000000000 +0000 ++++ make-install.sh +@@ -28,7 +28,6 @@ do + mkdir -p "$1/${confbin}" || exit 111 + cp "${bin}/${x}" "$1/${confbin}" || exit 111 + chmod 755 "$1/${confbin}/${x}" || exit 111 +- chown 0:0 "$1/${confbin}/${x}" || exit 111 + done + echo "=== `date` === finishing" + |