dnsxd

License: Apache 2

Status: Alpha

Overview

dnsxd is an Erlang DNS server with a focus on DNS Service Discovery. It supports:

• DNS Update
• DNS Update Leases
• DNS Long Lived Queries
• Transaction Signatures (TSIGs)
• DNSSEC - NSEC3 with RSA SHA1 signatures

dnsxd's default datastore module is an interface to CouchDB. Alternative modules can be selected via a configuration option.

Dependancies

• Erlang R14B or later
• OpenSSL (with development lib) for SHA2 signatures and DNSSEC key generation
• CouchDB (1.1 recommended)

dnsxd also uses the following Erlang apps which will be downloaded along with their dependancies and compiled automatically as part of the build process:

• couchbeam
• cutkey
• dns_erlang
• getopt
• procket
• riak_err

Building dnsxd

dnsxd is built with rebar. The included Makefile is a wrapper around rebar. make all should be sufficient to kick-off a complete build.

Once built a self-contained dnsxd (including Erlang) will be located in rel/dnsxd. This directory can be moved elsewhere with issue. For the moment dnsxd does not include a system install target.

Configuring dnsxd

Configuration is done via two files found in rel/dnsxd/etc. vm.args contains flags provided to the Erlang virtual machine and is unlikely to need customisation. app.config contains configuration data for dnsxd itself. Comments in that file cover configuration options in further detail and are worth reading.

Binding port 53

On most UNIX systems binding port 53 is a privileged operation (requires root). Running Erlang as root is not recommended so some configuration will need to be done so that dnsxd can bind port 53.

If you run a recent Linux kernel with capabilities you can give Erlang the privilege using the setcap command (you may need to install a package named lxc or similar to obtain this command).

$ setcap 'cap_net_bind_service=+ep' /path/to/rel/dnsxd/erts-5.8.4/bin/beam`
$ setcap 'cap_net_bind_service=+ep' /path/to/rel/dnsxd/erts-5.8.4/bin/beam.smp

On FreeBSD all ports can be made accessible to all users by issuing:

$ sysctl net.inet.ip.portrange.reservedhigh=0

A third option is to make procket setuid and use it to bind port 53. For more details on procket see the previous link and also review app.config.

Administering dnsxd

Administration is done via a series of shell tools located in rel/dnsxd/bin. As dnsxd is still in flux these tools will only be covered in general:

• dnsxd - used to start and stop dnsxd as well as attach to the Erlang console
• dnsxd-admin - primary administration tool for manipulating zones as well as TSIG and DNSSEC keys
• dnsxd-llq - used to view running LLQ
• dnsxd-rb - used to read reports generated by various events as dnsxd runs
• dnsxd-disklog - used to read operational logs (at time of writing, TSIG failures and client updates) saved by the dnsxd_disklog module

Save for dnsxd all of the above accept a -h argument to display further information on how to use them.