DNS: How do resource records work for an Authoritative DNS server?

3
votes

But please bear with me. I do not need help with ndns or JavaScript. I need help with DNS Resource Records.

I can already send resource records. I just need to know how to send the right ones for an Authoritative DNS Server.

I am writing the DNS server using ndns. Ndns is supposed to do the low level communications for me, but I still have to know the basics of DNS. Ndns is not documented except for this example. It is in JavaScript, but it should be pretty easy to read anyway. When a request is received, it adds a resource record to the response and sends the response

function handleDnsRequest(request, response) {
    response.addRR(
        ndns.ns_s.ar,  // Section AR
        'node.js',     // Name
        ndns.ns_t.txt, // Type TXT
        ndns.ns_c.in,  // Class IN
        1991,          // TTL
        'http://nodejs.org/' // Value
        );
    response.send();
}

So, no matter what the request, this handler adds a response record as follows

  • Section AR (Additional Records)
  • Name "node.js"
  • Type TXT (Text String)
  • Class IN (Internet)
  • TTL 1991 (~33 minutes)
  • Value (Text String)

Which gives this output on Windows nslookup

C:\>nslookup - 127.0.0.1
node.js text =

        "http://nodejs.org/"
Default Server:  UnKnown
Address:  127.0.0.1

> google.com
Server:  UnKnown
Address:  127.0.0.1

Name:    google.com

>

How can I send correct responses? I want to start off by sending a fixed IP address for all A records no matter what and to deny most everything else as unsupported or whatnot.

In a typical log in to nslookup, ask for an a record What would be the typical list of Resource Records that would come out of the DNS server?

1
node.jsdnsndns
Can you please simplify your question a lot. I do DNS full time, but I can't figure out what you're actually asking, either of us, or your DNS server. Please get rid of the superfluous information and in simple terms explain what DNS query you're trying to send, and it should then become obvious what DNS answer you should produce.Alnitak
p.s. also, please install dig for windows and show examples using that instead. nslookup is horrible.Alnitak
@Alnitak: Sorry, I cut out most of the question. To start with, I want to know the typical questions and resource records for an A lookup700 Software
@Alnitak: Dig is installed. What command should I run?700 Software
dig @server_ip some_domain_nameAlnitak

1 Answers

5
votes

I want to start off by sending a fixed IP address for all A records no matter what and to deny most everything else as unsupported or whatnot.

Aha, now we're getting somewhere.

You need to return an RR in the answer section that has the same "owner name" as that in the (first) question, with the appropriate fields.

Try this:

function listener (req, res)
{
    res.addRR(
         ndns.ns_s.an,         // answer section
         req.question[0].name, // name
         ndns.ns_t.a,          // type
         ndns.ns_c.in,         // class
         3600,                 // TTL
         '127.0.0.1'           // RDATA
    );
    res.header.aa = 1;         // authoritative answer
    res.header.ra = 0;         // recursion not available
    res.send ();
}

This only handles the default response, and doesn't check whether the inbound query was for an A record or not.

To refuse other queries you'll want to check for:

req.question.length == 1
req.question[0].type == ndns.ns_t.a
req.question[0].class == ndns.ns_c.in

and then set res.header.rcode to something non-zero.

A real authoritative server would also send DNS server names in the authority section, but you should be able to get away without doing so here.