Dog: A command-line DNS client

Dog

dog is a command-line DNS client.

Dogs can look up!

dog is a command-line DNS client, like dig. It has colourful output, understands normal command-line argument syntax, supports the DNS-over-TLS and DNS-over-HTTPS protocols, and can emit JSON.

Examples

dog example.net                          Query a domain using default settings
dog example.net MX                       ...looking up MX records instead
dog example.net MX @1.1.1.1              ...using a specific nameserver instead
dog example.net MX @1.1.1.1 -T           ...using TCP rather than UDP
dog -q example.net -t MX -n 1.1.1.1 -T   As above, but using explicit arguments

Command-line options

Query options

<arguments>              Human-readable host names, nameservers, types, or classes
-q, --query=HOST         Host name or domain name to query
-t, --type=TYPE          Type of the DNS record being queried (A, MX, NS...)
-n, --nameserver=ADDR    Address of the nameserver to send packets to
--class=CLASS            Network class of the DNS record being queried (IN, CH, HS)

Sending options

--edns=SETTING           Whether to OPT in to EDNS (disable, hide, show)
--txid=NUMBER            Set the transaction ID to a specific value
-Z=TWEAKS                Set uncommon protocol-level tweaks

Protocol options

-U, --udp                Use the DNS protocol over UDP
-T, --tcp                Use the DNS protocol over TCP
-S, --tls                Use the DNS-over-TLS protocol
-H, --https              Use the DNS-over-HTTPS protocol

Output options

-1, --short              Short mode: display nothing but the first result
-J, --json               Display the output as JSON
--color, --colour=WHEN   When to colourise the output (always, automatic, never)
--seconds                Do not format durations, display them as seconds
--time                   Print how long the response took to arrive

Installation

To install dog, you can download a pre-compiled binary, or you can compile it from source. You may be able to install dog using your OS’s package manager, depending on your platform.

Packages

• For Arch Linux, install the dog package.
• For Homebrew on macOS, install the dog formula.
• For NixOS, install the dogdns package.

Downloads

Binary downloads of dog are available from the releases section on GitHub for 64-bit Windows, macOS, and Linux targets. They contain the compiled executable, the manual page, and shell completions.

Compilation

dog is written in Rust. You will need rustc version 1.45.0 or higher. The recommended way to install Rust for development is from the official download page, using rustup.

To build, download the source code and run:

$ cargo build
$ cargo test

The just command runner can be used to run some helpful development commands, in a manner similar to make. Run just --list to get an overview of what’s available.

If you are compiling a copy for yourself, be sure to run cargo build --release or just build-release to benefit from release-mode optimisations. Copy the resulting binary, which will be in the target/release directory, into a folder in your $PATH. /usr/local/bin is usually a good choice.

To compile and install the manual pages, you will need pandoc. The just man command will compile the Markdown into manual pages, which it will place in the target/man directory. To use them, copy them into a directory that man will read. /usr/local/share/man is usually a good choice.

Container image

To build the container image of dog, you can use Docker or Kaniko. Here an example using Docker:

$ docker build -t dog .

You can then run it using the following command:

$ docker run -it --rm dog

To run dog directly, you can then define the following alias:

$ alias dog="docker run -it --rm dog"

End-to-end testing

dog has an integration test suite written as Specsheet check documents. If you have a copy installed, you can run:

$ just xtests

Specsheet will test the compiled binary by making DNS requests over the network, checking that dog returns the correct results and does not crash. Note that this will expose your IP address. For more information, read the xtests README.

Feature toggles

dog has three Cargo features that can be switched off to remove functionality. While doing so makes dog less useful, it results in a smaller binary that takes less time to build.

There are three feature toggles available, all of which are active by default:

• with_idna, which enables IDNA processing
• with_tls, which enables DNS-over-TLS
• with_https, which enables DNS-over-HTTPS (requires with_tls)

Use cargo to build a binary that uses feature toggles. For example, to disable TLS and HTTPS support but keep IDNA support enabled, you can run:

$ cargo build --no-default-features --features=with_idna

The list of features that have been disabled can be checked at runtime as part of the --version string.

Documentation

For documentation on how to use dog, see the website: https://dns.lookup.dog/

See also

mutt, tail, sleep, roff

Download Details:

Author: ogham
Source Code: https://github.com/ogham/dog 
License: EUPL-1.2 license

#rust #dns #client #commandline 

Dart Package for Performing MDNS Queries (e.g. Bonjour, Avahi)

Multicast DNS package

A Dart package to do service discovery over multicast DNS (mDNS), Bonjour, and Avahi.

Usage

To use this package, add multicast_dns as a dependency in your pubspec.yaml file.

Example

Import the library via

import 'package:multicast_dns/multicast_dns.dart';

Then use the MDnsClient Dart class in your code. To see how this is done, check out the example app.

Use this package as a library

Depend on it

Run this command:

With Dart:

 $ dart pub add multicast_dns

With Flutter:

 $ flutter pub add multicast_dns

This will add a line like this to your package's pubspec.yaml (and run an implicit dart pub get):

dependencies:
  multicast_dns: ^0.3.2+3

Alternatively, your editor might support dart pub get or flutter pub get. Check the docs for your editor to learn more.

Import it

Now in your Dart code, you can use:

import 'package:multicast_dns/multicast_dns.dart';

example/main.dart

// Copyright 2013 The Flutter Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Example script to illustrate how to use the mdns package to discover the port
// of a Dart observatory over mDNS.

// ignore_for_file: avoid_print

import 'package:multicast_dns/multicast_dns.dart';

Future<void> main() async {
  // Parse the command line arguments.

  const String name = '_dartobservatory._tcp.local';
  final MDnsClient client = MDnsClient();
  // Start the client with default options.
  await client.start();

  // Get the PTR record for the service.
  await for (final PtrResourceRecord ptr in client
      .lookup<PtrResourceRecord>(ResourceRecordQuery.serverPointer(name))) {
    // Use the domainName from the PTR record to get the SRV record,
    // which will have the port and local hostname.
    // Note that duplicate messages may come through, especially if any
    // other mDNS queries are running elsewhere on the machine.
    await for (final SrvResourceRecord srv in client.lookup<SrvResourceRecord>(
        ResourceRecordQuery.service(ptr.domainName))) {
      // Domain name will be something like "io.flutter.example@some-iphone.local._dartobservatory._tcp.local"
      final String bundleId =
          ptr.domainName; //.substring(0, ptr.domainName.indexOf('@'));
      print('Dart observatory instance found at '
          '${srv.target}:${srv.port} for "$bundleId".');
    }
  }
  client.stop();

  print('Done.');
}

Download Details:

Author: flutter.dev

Source Code: https://github.com/flutter/packages/tree/main/packages/multicast_dns

#flutter #android #ios #dart #dns 

Основные принципы DNS

В этом блоге мы получим общее представление о системах доменных имен (DNS), например, что такое DNS, что такое IP-адрес и как на самом деле работает DNS. Так что придерживайтесь этого блога, чтобы изучить основные принципы системы доменных имен.

Введение

В мире сетей компьютеры не носят имена, как мы, люди, а номера. Вот как компьютеры и другие подобные устройства общаются или идентифицируют друг друга по сети, используя числа, такие как IP-адреса.

В то время как люди привыкли использовать имена для общения друг с другом или идентификации различных объектов и мест вместо использования чисел.

Таким образом, чтобы закрыть этот разрыв связи между компьютерами и людьми, сетевые инженеры разработали DNS.

Что такое ДНС?

DNS означает систему доменных имен , которая преобразует доменные имена в IP-адреса. Таким образом, если вы вводите веб-адрес в веб-браузере, DNS преобразует имя в число (IP-адрес), потому что единственное, что понимает компьютер, — это число.

Например, когда вы вводите amazon.com в браузере, технически нет необходимости вводить amazon.com. В браузере вы можете просто ввести IP-адрес, если знаете, но в Интернете есть миллионы веб-сайтов. Поскольку мы, люди, не привыкли запоминать числа, мы не можем их запомнить.

Поэтому, когда мы набираем amazon.com в нашем браузере, DNS-сервер будет искать в базе данных IP-адрес, связанный с именем. Когда он найдет его, он преобразует это доменное имя в IP-адрес веб-страницы Amazon. Как только он преобразуется в IP-адрес, ваш компьютер может связаться с веб-сервером Amazon и получить веб-страницу.

DNS в основном работает как телефонная книга, когда вы хотите найти номер, который вы ищете в первую очередь по имени. И затем он дает вам номер, связанный с этим конкретным именем.

Что такое IP-адрес?

Вы можете понимать IP-адрес как номер стационарного телефона, где у каждого стационарного телефона есть уникальный номер для звонка. Точно так же IP-адрес представляет собой уникальную строку чисел, разделенных точками, которые помогают идентифицировать устройства в Интернете или в локальной сети. Термин IP означает Интернет-протокол . Это набор правил, определяющих формат данных, отправляемых по сети.

Например, вы можете попробовать ввести IP-адрес google.com 142.250.67.142.

В IP-адресе часть его представляет собой сетевой адрес, а часть — адреса узлов.

Как работает DNS?

Давайте разберемся с работой DNS на изображении ниже:

• Когда вы вводите amazon.com в своем веб-браузере, он ищет IP-адрес в кэш-памяти. Если ваш веб-браузер или ОС не может найти свой IP-адрес в собственной локальной кэш-памяти, он отправляет запрос на следующий уровень Resolver Server .
• Сервер Resolver — это не что иное, как ваш ISP (интернет-провайдер) .
• Когда сервер распознавателя получает запрос, он проверяет свой локальный кэш на наличие IP-адреса. Когда он не может найти IP-адрес amazon.com, он отправляет запрос на следующий уровень, то есть на сервер RootName.
• Серверы RootName — это стратегически расположенные серверы в разных точках мира. Эти корневые серверы имен управляются 12 различными организациями.
• Когда сервер RootName получает запрос IP-адреса amazon.com, он не знает IP-адрес. И он обрабатывает запрос и возвращает результат, который позволяет преобразователю DNS узнать адрес сервера TLD .
• Теперь преобразователь DNS будет запрашивать у сервера TLD IP-адрес amazon.com. Сервер домена верхнего уровня хранит адресную информацию о доменах верхнего уровня, таких как .com, .net, .org и т. д. Этот конкретный сервер TLD управляет доменом .com, частью которого является amazon.com.
• Когда приходит запрос, этот сервер TLD не знает об IP-адресе amazon.com, поэтому сервер TLD перенаправляет преобразователь на последний уровень, который является авторитетным сервером имен .
• Теперь преобразователь DNS будет запрашивать у авторитетного сервера имен IP-адрес amazon.com. Полномочные серверы имен несут ответственность за знание всего о домене, включая IP-адрес. Поэтому, когда авторитетный сервер имен разрешает запрос, он отвечает IP-адресом amazon.com.
• И, наконец, преобразователь ответит вашему компьютеру с IP-адресом amazon.com.

После получения IP-адреса он подключается к серверу Amazon и извлекает веб-страницу.

Как только резолвер получает IP-адрес, он сохраняет в нем свою кэш-память. Таким образом, если он получит еще один запрос для amazon.com, ему не нужно будет снова выполнять все шаги. И может просто ответить вашему компьютеру IP-адресом amazon.com

Заключение

Итак, в этом блоге мы узнали о DNS, IP-адресе и о том, как на самом деле работает DNS.
Чтобы прочитать больше блогов на такие темы, посетите:  Блоги Knoldus

Для получения дополнительных обновлений по этим темам, пожалуйста, следите за нашей страницей LinkedIn:  Front-end Studio

Оригинальный источник статьи: https://blog.knoldus.com/

#aws #dns #basic #fundamentals 

DNS 基础知识

在此博客中，我们将对域名系统 (DNS)有基本的了解，例如什么是 DNS、什么是 IP 地址以及 DNS 的实际工作原理。所以请坚持阅读此博客，以了解域名系统的基本原理。

介绍

在网络世界中，计算机不像我们人类那样使用名称，它们使用数字。这就是计算机和其他类似设备通过使用 IP 地址等数字在网络上进行通信或相互识别的方式。

而人类习惯于使用名字来相互交流或识别不同的物体和地点，而不是使用数字。

因此，为了弥补计算机和人类之间的这种沟通差距，网络工程师开发了 DNS。

什么是域名系统？

DNS 代表将域名解析为 IP 地址的域名系统。因此，如果您在网络浏览器中键入网址，DNS 会将名称解析为数字（IP 地址），因为计算机唯一能理解的就是数字。

例如，当您在浏览器中键入 amazon.com 时，从技术上讲，无需键入 amazon.com。在浏览器中，如果您知道 IP 地址，您只需输入 IP 地址即可，但互联网上有数百万个网站。由于我们人类不习惯记住数字，所以我们不可能记住。

因此，当我们在浏览器中键入 amazon.com 时，DNS 服务器将搜索数据库以查找与该名称关联的 IP 地址。当它找到它时，它将将该域名解析为亚马逊网页的 IP 地址。一旦它解析为 IP 地址，您的计算机就能够与亚马逊网络服务器通信并检索网页。

DNS 基本上像电话簿一样工作，当您想要查找号码时，您首先要查找姓名。然后它会为您提供与该特定名称关联的号码。

什么是 IP 地址？

您可以将IP 地址理解为固定电话号码，其中每条固定电话都有一个唯一的号码可以拨打。同样，IP 地址是一串由句点分隔的独特数字，有助于识别互联网或本地网络上的设备。IP 一词代表互联网协议。它是管理通过网络发送的数据格式的一组规则。

例如，您可以尝试访问google.com 的 IP 地址 142.250.67.142

在IP地址中，一部分代表网络地址，一部分代表主机地址。

DNS 是如何工作的？

让我们通过下图了解 DNS 的工作原理：

• 当您在网络浏览器中输入amazon.com时，它会在高速缓存中搜索 IP 地址。如果您的 Web 浏览器或操作系统无法在其自己的本地缓存内存中找到其 IP，它会将查询发送到下一级到Resolver Server。
• Resolver 服务器就是您的ISP（Internet 服务提供商）。
• 当解析器服务器收到查询时，它将检查其本地缓存中的 IP 地址。当它找不到 amazon.com 的 IP 时，它会将查询发送到下一级，即 RootName 服务器。
• RootName服务器是战略性地放置在世界不同位置的服务器。这些根名称服务器由 12 个不同的组织运营。
• 当RootName 服务器收到 amazon.com 的 IP 地址查询时，它不知道 IP 地址。它接受查询并返回一个结果，让DNS 解析器知道TLD 服务器的地址。
• 现在DNS 解析器将向TLD 服务器查询amazon.com 的 IP 地址。顶级域服务器存储有关顶级域的地址信息，如.com、.net、.org等。这个特定的TLD 服务器管理 amazon.com 所属的 .com 域。
• 当查询到来时，此TLD 服务器不知道 amazon.com 的 IP 地址，因此 TLD 服务器会将解析器重定向到最终级别，即权威名称服务器。
• 现在 DNS 解析器将向权威名称服务器查询amazon.com 的 IP 地址。权威名称服务器负责了解域的所有信息，包括 IP 地址。因此，当权威名称服务器解析查询时，它会使用 amazon.com 的 IP 地址进行响应。
• 最后，解析器将使用 amazon.com 的 IP 地址响应您的计算机。

获取 IP 地址后，它连接到亚马逊服务器并检索网页。

一旦解析器收到 IP 地址，它就会将其存储在缓存中。因此，如果它收到另一个对 amazon.com 的查询，它就不必再次执行所有步骤。并且可以简单地用amazon.com的IP地址回复你的电脑

结论

因此，在这篇博客中，我们了解了 DNS、IP 地址以及 DNS 的实际工作原理。
要阅读有关此类主题的更多博客，请访问：  Knoldus 博客

有关此类主题的更多更新，请关注我们的 LinkedIn 页面： 前端工作室

文章原文出处：https: //blog.knoldus.com/

#aws #dns #basic #fundamentals 

Basic Fundamentals of DNS

In this blog, we will be gaining a basic understanding of Domain Name Systems (DNS) like what is DNS, what is an IP Address and how a DNS actually works. So stick to this blog, to learn the basic fundamentals of a Domain Name System.

Introduction

In the world of networking, computers don’t go by names as we humans do, they go by numbers. That’s how computers and other similar devices communicate or identify each other over a network which is by using numbers such as IP addresses.

Whereas humans are accustomed to using names to communicate with each other or identifying different objects and places instead of using numbers.

So to cover this communication gap between computers and humans network engineers developed DNS.

What is DNS?

A DNS stands for a Domain Name system that resolves domain names into IP addresses. So, if you type a web address in your web browser DNS will resolve the name to a number (IP address) because the only thing that the computer understands is the number.

For Example, When you type amazon.com in your browser, technically there is no need to type amazon.com. In the browser, you can just type in the IP address if you know, but there are millions of websites on the internet. As we humans are not accustomed to memorizing numbers, it is not possible for us to remember.

So when we type amazon.com in our browser the DNS server will search through the database to find the IP address associated with the name. When it finds it it will resolve that domain name to the IP address of the amazon web page. Once it resolves to the IP address your computer is able to communicate with the amazon web server and retrieve the web page.

DNS basically works like a phonebook when you want to find a number you look for the name first. And then it gives you the number associated with that particular name.

What is an IP Address?

You can understand an IP address as a landline number where each landline is having a unique number to call. Similarly, the IP address is a unique string of numbers separated by periods that help in identifying devices on the internet or on the local network. The term IP stands for Internet Protocol. It is the set of rules that governs the format of data sent over the network.

An as example you can try hitting the IP address of google.com 142.250.67.142

In an IP address, some portion of it represents the network address, and some represent host addresses.

How does DNS works?

Let’s understand the working of DNS through the below image :

• When you type in amazon.com in your web browser it searches for the IP address in the cache memory. If your web browser or OS is unable to find its IP in its own local cache memory it sends the query to the next level to Resolver Server.
• The Resolver server is nothing but your ISP (Internet Service Provider).
• When the resolver server receives the query it will check its local cache for the IP address. When it is unable to find the IP of amazon.com it will send the query to the next level i.e. the RootName server.
• The RootName servers are strategically placed servers over different locations in the world. These root name servers are operated by 12 different organizations.
• When a RootName server receives the query of the IP address of amazon.com it doesn’t know the IP address. And it takes up the query and returns a result that let the DNS resolver know the address of the TLD server.
• Now the DNS resolver will query the TLD server for the IP address of amazon.com. The Top Level Domain Server stores the address information about the top-level domains like .com, .net, .org, etc. This particular TLD server manages the .com domain which amazon.com is a part of.
• When the query comes this TLD server doesn’t know about the IP address of amazon.com so the TLD server will re-direct the resolver to the final level which is the Authoritative name server.
• Now the DNS resolver will query the Authoritative name server for the IP address of amazon.com. The authoritative name servers are responsible for knowing everything about the domain that also includes the IP address. So when the Authoritative name server resolves the query it responds with the IP address of amazon.com.
• And finally, the resolver will respond to your computer with the IP address of amazon.com.

After getting the IP address it connects to the amazon server and retrieves the webpage.

Once the resolver receives the IP address it stores in it its cache memory. So, that in case it receives another query for amazon.com it doesn’t have to follow all the steps again. And can simply respond to your computer with the IP address of amazon.com

Conclusion

So in this blog, we learned about DNS, IP address, and how the DNS actually works.
To read more blogs on such topics visit: Knoldus Blogs

For more updates on such topics, please follow our LinkedIn page: Front-end Studio

Original article source at: https://blog.knoldus.com/

#aws #dns #basic #fundamentals 

Настройте свой собственный DNS-сервер с открытым исходным кодом

Возьмите под контроль свою конфиденциальность в Интернете, запустив собственный DNS-сервер с проектом с открытым исходным кодом Adguard Home.

Сервер доменных имен (DNS) связывает доменное имя (например, example.com) с IP-адресом (например, 93.184.216.34). Таким образом ваш веб-браузер узнает, где в мире искать данные, когда вы вводите URL-адрес или когда поисковая система возвращает URL-адрес для посещения. DNS очень удобен для пользователей Интернета, но не лишен недостатков. Например, платная реклама появляется на веб-страницах, потому что ваш браузер естественным образом использует DNS для определения того, где эта реклама «живет» в Интернете. Точно так же программное обеспечение, которое отслеживает ваше перемещение в Интернете, часто активируется службами, разрешаемыми через DNS. Вы не хотите полностью отключать DNS, потому что это очень полезно. Но вы можете запустить свою собственную службу DNS, чтобы лучше контролировать ее использование.

Я считаю жизненно важным, чтобы вы запускали свой собственный DNS-сервер, чтобы вы могли блокировать рекламу и сохранять конфиденциальность вашего просмотра, вдали от провайдеров, пытающихся проанализировать ваши онлайн-взаимодействия. Я использовал Pi-hole в прошлом и до сих пор рекомендую его. Однако в последнее время я запускаю проект с открытым исходным кодом Adguard Home в своей сети. Я обнаружил, что у него есть некоторые уникальные особенности, которые стоит изучить.

Адгард Главная

Из вариантов DNS с открытым исходным кодом, которые я использовал, Adguard Home является самым простым в настройке и обслуживании. Вы получаете множество решений для разрешения DNS, таких как DNS через TLS, DNS через HTTPS и DNS через QUIC, в рамках одного проекта.

Вы можете настроить Adguard как контейнер или как нативный сервис с помощью одного скрипта:

$ curl -s -S -L \
https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh

Посмотрите на скрипт, чтобы понять, что он делает. Как только вы освоитесь с процессом установки, запустите его:

$ sh ./install.sh

Некоторые из моих любимых функций AdGuard Home:

Простой интерфейс администратора

Блокируйте рекламу и вредоносное ПО с помощью черного списка Adguard

Параметры для индивидуальной настройки каждого устройства в вашей сети

Принудительный безопасный поиск на определенных устройствах

Установите HTTPS для интерфейса администратора, чтобы ваше удаленное взаимодействие с ним было полностью зашифровано.

Я считаю, что Adguard Home экономит мое время. Его списки блокировки более надежны, чем у Pi-hole. Вы можете быстро и легко настроить его для запуска DNS через HTTPS.

Больше никаких вредоносных программ

Вредоносное ПО — это нежелательный контент на вашем компьютере. Это не всегда непосредственно опасно для вас, но может привести к опасным действиям для третьих лиц. Интернет никогда не предназначался для этого. Я считаю, что вы должны разместить свой собственный DNS-сервис, чтобы сохранить вашу интернет-историю конфиденциальной и недоступной для известных трекеров, таких как Microsoft, Google и Amazon. Попробуйте Adguard Home в своей сети.

Оригинальный источник статьи:   https://opensource.com/

#dns #server #opensource 

设置您自己的开源 DNS 服务器

通过使用开源项目 Adguard Home 运行您自己的 DNS 服务器来控制您的互联网隐私。

域名服务器 (DNS) 将域名（如 example.com）与 IP 地址（如 93.184.216.34）相关联。这就是当您输入 URL 或搜索引擎返回 URL 供您访问时，您的网络浏览器如何知道在世界的哪个地方寻找数据。DNS 为互联网用户提供了极大的便利，但也并非没有缺点。例如，付费广告会出现在网页上，因为您的浏览器自然会使用 DNS 来解析这些广告在互联网上“存在”的位置。同样，跟踪您在线活动的软件通常由通过 DNS 解析的服务启用。您不想完全关闭 DNS，因为它非常有用。但是您可以运行自己的 DNS 服务，以便更好地控制它的使用方式。

我认为您运行自己的 DNS 服务器至关重要，这样您就可以阻止广告并保持您的浏览隐私，远离试图分析您的在线交互的提供商。我过去用过Pi-hole ，今天仍然推荐它。然而，最近，我一直在我的网络上运行开源项目Adguard Home。我发现它有一些值得探索的独特功能。

Adguard 主页

在我使用过的开源 DNS 选项中，Adguard Home是最容易设置和维护的。您可以在一个项目中获得许多 DNS 解析解决方案，例如 DNS over TLS、DNS over HTTPS 和 DNS over QUIC。

您可以使用单个脚本将 Adguard 设置为容器或本地服务：

$ curl -s -S -L \
https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh

查看脚本以便了解它的作用。熟悉安装过程后，运行它：

$ sh ./install.sh

我最喜欢 AdGuard Home 的一些功能：

一个简单的管理界面

使用 Adguard 阻止列表阻止广告和恶意软件

单独配置网络上每个设备的选项

强制在特定设备上进行安全搜索

为管理界面设置 HTTPS，因此您的遥控器与其交互是完全加密的

我发现 Adguard Home 为我节省了时间。它的黑名单比 Pi-hole 上的黑名单更强大。您可以快速轻松地将其配置为通过 HTTPS 运行 DNS。

没有更多的恶意软件

恶意软件是您计算机上不需要的内容。它并不总是对您有直接危险，但它可能会为第三方带来危险活动。这不是互联网曾经打算做的。我认为您应该托管自己的 DNS 服务，以保护您的互联网历史记录的私密性，并避免被 Microsoft、Google 和 Amazon 等已知跟踪器掌握。在您的网络上试用 Adguard Home。

文章原文出处：https:   //opensource.com/

#dns #server #opensource 

Как установить, настроить и поддерживать DNS-сервер Linux

DNS ( система доменных имен ) — это система именования компьютеров, служба, которая делает это, — это DNS-сервер, который переводит IP-адрес в удобочитаемый адрес.

Этот процесс является основой Интернета и очень важной службой на вашем сервере, поэтому с этого момента мы обсудим DNS-сервер или, в частности, DNS-сервер Linux, а также способы его установки, настройки и обслуживания.

Файл /etc/hosts

Каждая система должна будет хранить свою копию таблицы имен хостов и их IP-адресов. Этот файл отвечает за IP-адреса.

В системах Linux эта таблица находится в файле /etc/hosts .

Таким образом, даже если у вас нет DNS-сервера или DNS-сервер недоступен, этот файл может преобразовывать IP-адреса в имена с помощью файла /etc/hosts.

Это означает, что система сначала запрашивает этот файл перед переходом к DNS-серверу, и если она находит домен, она переводит его, не обращаясь к каким-либо DNS-серверам.

Попробуйте отредактировать /etc/hosts и ввести следующее:

127.0.0.1              google.com

Затем перейдите в браузер, введите google.com и посмотрите результаты. Если в вашей системе установлен сервер Apache и работает ваш локальный хост, вместо страницы Google будет отображаться индексная страница локального хоста.

Вы можете перевести google.com на любой другой IP-адрес любого сайта и посмотреть результат, чтобы убедиться в этом.

Итак, что делает этот файл, так это переводит IP-адреса в имена, но это для той же подключенной сети. Так что насчет внешних сетей и как вести все эти записи для всех систем?

Будет ли каждый управлять своим файлом /etc/hosts и обновлять его самостоятельно? Конечно, нет.

Доменные имена

Когда вы посещаете веб-сайт, вы вводите полное доменное имя (полное доменное имя) или доменное имя, подобное этому: likegeeks.com или www.google.com.

Каждый домен состоит из компонентов домена; точка разделяет эти компоненты.

Текст com — это компонент домена верхнего уровня, google — компонент домена второго уровня, а www — компонент домена третьего уровня.

Когда вы посещаете любой веб-сайт, браузер молча добавляет точку в конце, но не виден вам, поэтому домен будет выглядеть как www.google.com. Обратите внимание на точку после .com; эта точка называется корневым доменом.

Но почему мы добавили этот корневой домен или точку?

Поскольку эта точка обслуживается корневыми серверами имен, на момент написания этого поста в мире существует 13 корневых серверов имен, вы можете думать о них как о мозге Интернета, если они отключатся, мир останется без интернет.

А почему 13?

Потому что землетрясение или стихийное бедствие, случившееся в одном месте в мире, может разрушить корневой сервер, поэтому остальные будут работать до тех пор, пока поврежденный сервер не вернется в сеть.

Эти корневые серверы имен имеют такие имена: a.root-server.net, b.root-server.net и т. д.

Доменные имена верхнего уровня (TLD)

Мы видели компонент домена верхнего уровня, такой как домены com.

Домены верхнего уровня (TLD) делятся на категории на основе географических или функциональных аспектов.

На момент написания этой статьи в сети насчитывается более 800 доменов верхнего уровня.

Категории доменов верхнего уровня:

• Общий домен верхнего уровня, например (.org, .com, .net, .gov, .edu и т. д.).
• Домены верхнего уровня с кодом страны, такие как (.us, .ca и т. д.), соответствующие кодам стран для США и Канады соответственно.
• Новые брендированные домены верхнего уровня, такие как (.linux, .microsoft, .companyname и т. д.).
• Инфраструктурные домены верхнего уровня, такие как домен .arpa.

Субдомены

Когда вы посещаете такой веб-сайт, как mail.google.com, почта здесь является поддоменом google.com.

Только серверы имен для mail.google.com знают все хосты, существующие под ним, поэтому Google отвечает, есть ли почтовый поддомен или нет, корневые серверы имен не имеют об этом ни малейшего представления.

Типы DNS-серверов

Существует три типа DNS-серверов:

• Первичные DNS-серверы : они содержат файлы конфигурации домена и отвечают на DNS-запросы.
• Вторичный DNS-сервер : они работают как резервный и распределяют нагрузку. Первичные серверы знают о существовании вторичных серверов имен и отправляют им обновления.
• Кэширующий DNS-сервер : все, что они делают, это кэшируют ответы DNS, поэтому вам не нужно снова запрашивать первичный или вторичный DNS-сервер. Вы можете легко заставить свою систему работать как кеширующий сервер, как мы увидим позже в этом посте.

Настройка DNS-сервера Linux

В Linux есть множество пакетов, реализующих функциональность DNS, но мы сосредоточимся на DNS-сервере BIND . Его используют многие серверы по всему миру.

Если вы используете дистрибутив на основе Red Hat, такой как CentOS, вы можете установить его следующим образом:

$ dnf -y install bind

Или в системах на основе Debian, таких как Ubuntu:

$ apt-get install bind9

После завершения установки вы можете запустить ее и включить во время загрузки.

$ systemctl start named

$ systemctl enable named

Настройка привязки

Конфигурация службы находится в файле /etc/named.conf .

Есть несколько операторов, которые BIND использует в этом файле, например:

Из оператора options видно, что рабочим каталогом для BIND является каталог /var/named.

Оператор zone позволяет определить зону DNS.

Например, домен google.com, который также имеет поддомены, такие как mail.google.com и analytics.google.com и другие поддомены.

Каждый из этих трех (домен и поддомены) имеет зону, определенную оператором зоны.

Определение основной зоны

Из типов DNS-серверов мы знаем, что существуют первичные, вторичные и кэш-серверы DNS.

Первичный и вторичный одинаково авторитетны в своих ответах, в отличие от кэширующего сервера.

Чтобы определить основную зону, вы можете использовать следующий синтаксис:

/etc/named.confzone     

"likegeeks.com" {
type master;
file likegeeks.com.db
};

Файл, содержащий информацию о зоне, находится в каталоге /var/named , так как это рабочий каталог, как мы знаем из параметров.

Обратите внимание, что используемое вами серверное программное обеспечение или панель хостинга автоматически создает этот файл с этим именем, поэтому, если ваш домен — example.org, файл будет  /var/named/example.org.db .

Тип — master, что означает, что это основная зона.

Определение вторичной зоны

То же, что и определение основной зоны с небольшими изменениями.

zone      "likegeeks.com" {
type slave;
masters Primary Nameserver IP Address Here; ;
file likegeeks.com.db
};

Во вторичной зоне домен такой же, как и в первичной зоне, и тип slave здесь означает, что это вторичная зона , а опция masters для перечисления IP-адресов первичного сервера имен и, наконец, файл — это путь к файлы первичной зоны.

Определение зоны кэширования

Необходимо иметь зону кэширования, так вы уменьшите запросы на DNS-сервере.

Чтобы определить зону кэширования, вам необходимо определить трехзонные разделы:

zone      "." IN {
type hint;
file "root.hint";
};

Первая строка содержит точку, которая является корневым сервером имен. Подсказка типа, означающая запись зоны кэширования, и файл «root.hints» ; указывает файл, содержащий корневые серверы (13-й корневой сервер имен). Вы можете получить последнюю версию корневого сервера имен с http://www.internic.net/zones/named.root .

Вторая зона определена в файле /etc/named.rfc1912.zones и включена в /etc/named.conf через директиву include, которая уже включена по умолчанию.

zone      "localhost" IN {
type master;
file "localhost.db";
};

Третья зона определяет обратный поиск для локального хоста.

zone      "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.rev";
};

Размещение этих трех зон в файле /etc/named.conf заставит вашу систему работать как кэширующий DNS-сервер. Теперь вы должны ввести содержимое файлов, на которые ссылаются, например, geeks.com.db, localhost.db и 127.0.0.rev.

Эти файлы содержат типы записей DNS для каждой зоны с некоторыми параметрами. Так что же это за типы записей DNS и как их писать?

Типы DNS-записей

Файлы базы данных состоят из таких типов записей, как SOA, NS, A, PTR, MX, CNAME и TXT .

Итак, давайте начнем с каждого типа записи и посмотрим, как мы можем его настроить.

SOA: начало авторитетной записи

Запись SOA описывает записи DNS сайта в следующем формате:

example.com.      86400      IN      SOA      ns1.example.com.      mail.example.com.      (
2017012604 ;serial
86400 ;refresh, seconds
7200 ;retry, seconds
3600000 ;expire, seconds
86400 ;minimum, seconds
)

Первая строка начинается с домена example.com. и заканчивается точкой. Это то же самое, что и определение зоны в файле /etc/named.conf.

Имейте в виду, что файлы конфигурации DNS чрезвычайно разборчивы.

Слово IN означает запись в Интернете.

Слово SOA означает начало записи полномочий.

нс1. пример.com . это сервер имен домена.

mail.host.com. адрес электронной почты администратора домена. Вы можете заметить, что знака @ нет, и мы заменили его точкой, и есть завершающая точка.

Строка 2 — это серийный номер, мы используем его, чтобы сообщить серверу имен о времени обновления файла, поэтому, если вы вносите изменения в данные зоны, вы должны увеличить этот номер. Серийный номер имеет формат YYYYMMDDxx, где xx начинается с 00.

Строка 3 — частота обновления в секундах. Как часто вторичные DNS-серверы должны запрашивать первичный сервер для проверки обновлений.

Строка 4 — частота повторных попыток в секундах. Это время ожидания вторичного DNS-сервера после попытки подключения к первичному DNS-серверу, когда он не может связаться с ним. Указанное количество секунд повтора.

Строка 5 — это директива об истечении срока действия. Если вторичный сервер не может подключиться к первичному серверу для обновления, он должен сбросить это значение через указанное количество секунд.

Строка 6 сообщает, что кэширующие серверы не могут подключиться к основному DNS-серверу; они ждут до истечения срока действия записи, эта строка определяет время ожидания.

NS: записи сервера имен

Вы можете использовать запись NS, чтобы указать серверы имен для зоны. Записи NS такие:

IN           NS         ns1.example.com.
IN           NS         ns2.example.com.

Вам не нужно создавать две записи NS, но мы предпочитаем иметь резервные серверы имен.

A и AAAA: адресные записи

Запись A сопоставляет имя хоста с IP-адресом:

support IN          A             192.168.1.5

Если у вас есть хост на support.example.com с адресом 192.168.1.5, вы можете ввести, как в приведенном выше примере.

Примечание: мы написали хост без точки.

PTR: записи указателей

Запись PTR предназначена для обратного разрешения имен, вы указываете IP-адрес, и она возвращает имя хоста.

Это противоположно тому, что делает запись.

192.168.1.5        IN            PTR        support.example.com.

Здесь мы вводим полное имя хоста с завершающей точкой.

MX: записи обмена почтой

Запись MX сообщает о  записях почтового сервера  .

example.com.   IN           MX         10           mail

Домен заканчивается точкой; число 10 — это важность почтового сервера, если у вас несколько почтовых серверов, чем меньше число, тем меньше значение.

CNAME: записи канонических имен

Записи CNAME похожи на ярлыки для имен хостов.

Предположим, у вас есть сайт с именем хоста what-bignameis.example.com, и, поскольку система является веб-сервером, для хоста можно создать псевдоним www или запись CNAME.

Таким образом, вы можете создать запись CNAME, чтобы сделать имя www.example.com:

whatever-bignameis      IN           A                    192.168.1.5
www                     IN           CNAME                whatever-bignameis

Первая строка сообщает DNS-серверу о расположении псевдонима; вторая строка создает псевдоним, указывающий на www.

TXT-записи

Вы можете поместить любой текст в записи TXT, например свою контактную информацию или любую другую информацию, которую вы хотите, чтобы люди знали, когда они запрашивают ваш DNS-сервер.

Вы можете писать записи TXT следующим образом:

example.com.   IN           TXT         " YOUR INFO GOES HERE"

Кроме того, вы можете использовать запись RP для размещения контактной информации.

example.com.   IN           RP           mail.example.com.         example.com.

Значение срока жизни DNS

В /etc/named.conf вверху есть запись $TTL .

Эта запись информирует BIND о значении времени жизни для каждой отдельной записи.

Он принимает значение в секундах, например 14400 секунд (4 часа) , поэтому DNS-серверы кэшируют вашу зону до четырех часов, а затем снова запрашивают ваш DNS-сервер.

Вы можете понизить значение, но значение по умолчанию справедливо, если вы не знаете, что делаете.

Отлов ошибок конфигурации

Когда вы пишете свои файлы зон, возможно, вы забыли точку, пробел или любую другую ошибку.

Вы можете диагностировать ошибки DNS-сервера Linux из журнала. Служба BIND через ошибки в /var/log/messages, вы можете использовать команду tail для просмотра журнала ошибок в реальном времени, используя параметр -f.

$tail -f /var/log/messages

Поэтому, когда вы пишете файл зоны или изменяете /etc/named.config и перезапускаете службу, и она показывает ошибку, вы можете легко определить ошибку из журнала.

Хост-команда

После того, как вы успешно добавили или изменили свои записи, вы можете использовать команду host, чтобы проверить, правильно ли разрешен ваш хост.

Если вы дадите ему имя хоста, он ответит соответствующими IP-адресами.

$ host example.com

Кроме того, вы можете выполнять обратный поиск.

$ host 192.168.1.5

Вы можете проверить хост и команду dig .

Whois-команда

Вы можете использовать команду whois, чтобы получить информацию о владельце домена.

Также адреса электронной почты владельца и контактные телефоны.

$ whois example.com

Команда rndc

Вы можете использовать инструмент rndc для безопасного управления сервером имен.

Вы можете проверить статус DNS-сервера Linux следующим образом:

$ rndc status

Кроме того, если вы вносите изменения в любой из файлов зоны, вы можете перезагрузить службу без перезапуска указанной службы.

$ rndc reload example.com

Здесь мы перезагружаем файл зоны example.com.

Вы можете перезагрузить все зоны следующим образом:

$ rndc reload

Или, может быть, вы добавляете новые зоны или меняете конфигурацию сервиса; вы можете перезагрузить конфигурацию следующим образом:

$ rndc reconfig

DNS-преобразователь Linux

Мы увидели, как работает DNS-сервер Linux и как его настроить. Другая часть — это клиент, который связывается с DNS-сервером.

Клиент является решателем; вы можете проверить файл конфигурации /etc/resolv.conf

В дистрибутивах на основе Debian вы можете проверить каталог /etc/resolvconf/resolv.conf.d/ .

Файл /etc/resolv.conf содержит локальные DNS-серверы, используемые системой.

Первая строка предназначена для домена поиска по умолчанию, а вторая строка указывает IP-адрес сервера имен.

Вы можете использовать свой собственный DNS-сервер после запуска службы BIND, просто введите их в файл resolver.conf.

Оригинальный источник статьи:   https://likegeeks.com/

#linux #dns #server 

如何安装、配置和维护 Linux DNS 服务器

DNS（域名系统）是计算机的命名系统，执行此操作的服务是将 IP 地址转换为人类可读地址的 DNS 服务器。

这个过程是 Internet 的骨干，也是服务器中非常重要的服务，因此从那时起，我们将讨论 DNS 服务器或具体的 Linux DNS 服务器以及如何安装、配置和维护它。

/etc/主机文件

每个系统都必须保留其主机名及其 IP 地址表的副本。该文件负责 IP 地址。

在 Linux 系统上，此表是/etc/hosts文件。

因此，即使您没有 DNS 服务器或 DNS 服务器不可用，此文件也可以使用 /etc/hosts 文件将 IP 地址转换为名称。

这意味着系统在转到 DNS 服务器之前首先查询此文件，如果找到域，它将在不转到任何 DNS 服务器的情况下对其进行转换。

尝试编辑 /etc/hosts 并键入以下内容：

127.0.0.1              google.com

然后转到您的浏览器并输入 google.com 并查看结果。如果您的系统上安装了Apache 服务器并且您的 localhost 正在运行，它将显示 localhost 的索引页面而不是 google 页面。

您可以将 google.com 转换为任何网站的任何其他 IP 地址，并查看结果以确保这一点。

所以这个文件所做的是将 IP 地址转换为名称，但这是针对相同的连接网络。那么外部网络又如何维护所有系统的所有这些记录呢？

每个人都会管理自己的 /etc/hosts 文件并自己更新吗？当然不是。

域名

当您访问网站时，您键入 FQDN（完全限定域名）或这样的域名：likegeeks.com 或 www.google.com

每个域由域组件组成；点分隔这些组件。

文本com为顶级域组件，google为二级域组件， www为三级域组件

当您访问任何网站时，浏览器会在末尾默默地添加一个点，但您看不到，因此该域将类似于 www.google.com。注意 .com 后面的点；这个点称为根域。

但为什么我们要添加这个根域或点呢？

因为这个点由根名称服务器提供服务，所以在这篇文章发布时，世界上有 13 个根名称服务器，你可以将它们视为互联网的大脑，如果它们关闭，世界将没有互联网。

为什么是13？

因为也许世界上某个地方发生地震或自然灾害，可能会毁掉一台根服务器，所以其他服务器一直服务到损坏的服务器恢复上线。

这些根名称服务器的名称如下：a.root-server.net、b.root-server.net 等等。

顶级域名 (TLD)

我们看到了顶级域组件，例如 com 域。

顶级域 (TLD) 根据地理或功能方面分为几类。

在撰写本文时，网络上有 800 多个顶级域。

顶级域类别是：

• 通用顶级域，例如（.org、.com、.net、.gov、.edu 等）。
• 国家代码顶级域，如（.us、.ca 等）分别对应美国和加拿大的国家代码。
• 新品牌顶级域，如（.linux、.microsoft、.companyname 等）。
• 基础设施顶级域，如 .arpa 域。

子域

当您访问像 mail.google.com 这样的网站时，这里的邮件是 google.com 的子域。

只有 mail.google.com 的名称服务器知道它下面存在的所有主机，因此谷歌会回答是否存在邮件子域，根名称服务器对此一无所知。

DNS 服务器的类型

DNS 服务器分为三种类型：

• 主 DNS 服务器：它们包含域的配置文件，并响应 DNS 查询。
• 辅助 DNS 服务器：它们用作备份和负载分配。主服务器知道辅助名称服务器的存在并向它们发送更新。
• 缓存 DNS 服务器：他们所做的只是缓存 DNS 响应，因此您无需再次询问主 DNS 服务器或辅助 DNS 服务器。您可以轻松地将您的系统用作缓存服务器，正如我们稍后将在本文中看到的那样。

设置 Linux DNS 服务器

Linux 上有许多实现 DNS 功能的包，但我们将重点介绍BIND DNS 服务器。世界各地的许多服务器都在使用它。

如果你使用的是基于 Red Hat 的发行版，比如 CentOS，你可以像这样安装它：

$ dnf -y install bind

或者在基于 Debian 的系统上，比如 Ubuntu：

$ apt-get install bind9

安装完成后，您可以启动它并使其在引导时运行。

$ systemctl start named

$ systemctl enable named

配置绑定

服务配置是/etc/named.conf文件。

BIND 在该文件中使用了一些语句，例如：

从选项语句中，您可以看到 BIND 的工作目录是 /var/named 目录。

zone 语句使您能够定义 DNS 区域。

就像域 google.com 一样，它也有子域，如 mail.google.com 和 analytics.google.com 以及其他子域。

这三个（域和子域）中的每一个都有一个由 zone 语句定义的区域。

定义主要区域

我们从 DNS 服务器类型中知道有主 DNS 服务器、辅助 DNS 服务器和缓存 DNS 服务器。

与缓存服务器不同，主要和次要的答案具有同等权威性。

要定义主要区域，您可以使用以下语法：

/etc/named.confzone     

"likegeeks.com" {
type master;
file likegeeks.com.db
};

包含区域信息的文件位于/var/named目录中，因为这是工作目录，正如我们从选项中知道的那样。

请注意，您使用的服务器软件或托管面板会自动为您创建具有此名称的文件，因此如果您的域是 example.org，则该文件将为 /var/named/example.org.db。

类型是 master，这意味着这是一个主要区域。

定义次要区域

与主要区域定义相同，变化不大。

zone      "likegeeks.com" {
type slave;
masters Primary Nameserver IP Address Here; ;
file likegeeks.com.db
};

secondary zone中，域与primary zone相同，这里的type slave表示这是一个secondary zone，masters选项列出了primary nameserver的IP地址，最后，文件是路径主要的区域文件。

定义缓存区

有必要有一个缓存区，这样你就可以减少对 DNS 服务器的查询。

要定义缓存区域，您需要定义三区域部分，第一个区域：

zone      "." IN {
type hint;
file "root.hint";
};

第一行包含一个点，这是根名称服务器。类型提示，表示缓存区条目，以及文件“root.hints” ；指定包含根服务器（第 13 根名称服务器）的文件。您可以从http://www.internic.net/zones/named.root获取最新的根名称服务器

第二个区域在/etc/named.rfc1912.zones文件中定义，并通过 include 指令包含在 /etc/named.conf 中，默认情况下已包含在内。

zone      "localhost" IN {
type master;
file "localhost.db";
};

第三个区域定义本地主机的反向查找。

zone      "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.rev";
};

将这三个区域放在 /etc/named.conf 上将使您的系统用作缓存 DNS 服务器。现在您应该键入引用的文件的内容，如 likegeeks.com.db、localhost.db 和 127.0.0.rev。

这些文件包含每个区域的 DNS 记录类型和一些选项。那么那些 DNS 记录类型是什么以及如何编写它们呢？

DNS 记录类型

数据库文件由SOA、NS、A、PTR、MX、CNAME 和 TXT 等记录类型组成。

因此，让我们从每种记录类型开始，看看我们如何配置它。

SOA：授权记录开始

SOA 记录使用以下格式描述站点的 DNS 条目：

example.com.      86400      IN      SOA      ns1.example.com.      mail.example.com.      (
2017012604 ;serial
86400 ;refresh, seconds
7200 ;retry, seconds
3600000 ;expire, seconds
86400 ;minimum, seconds
)

第一行以域 example.com 开头。并以句号结束。这与 /etc/named.conf 文件中的区域定义相同。

请记住，DNS 配置文件非常挑剔。

IN一词表示互联网记录。

SOA一词的意思是授权记录开始。

ns1。示例.com 。是域的名称服务器。

mail.host.com。是域管理员电子邮件。您可能会注意到没有 @ 符号，我们将其替换为句点，并且有一个尾随句点。

第 2 行是序列号，我们用它来告诉名称服务器文件更新时间，所以如果你对区域数据进行更改，你必须增加这个数字。序列号的格式为 YYYYMMDDxx，其中 xx 从 00 开始。

第 3 行是以秒为单位的刷新率。辅助 DNS 服务器查询主服务器以检查更新的频率。

第 4 行是以秒为单位的重试率。这是辅助 DNS 服务器在尝试连接到主 DNS 服务器但无法访问后等待的时间。指定的重试秒数。

第 5 行是过期指令。如果辅助服务器无法连接到主服务器进行更新，它应该在指定的秒数后丢弃该值。

第 6 行告诉缓存服务器无法连接到主 DNS 服务器；他们在条目过期之前等待，这一行定义了等待时间。

NS：名称服务器记录

您可以使用 NS 记录指定区域的名称服务器。NS记录是这样的：

IN           NS         ns1.example.com.
IN           NS         ns2.example.com.

您不必创建两个 NS 记录，但我们更愿意拥有备份名称服务器。

A和AAAA：地址记录

A 记录将主机名映射到 IP 地址：

support IN          A             192.168.1.5

如果您在地址 192.168.1.5 上的 support.example.com 有一个主机，您可以像上面的例子一样输入。

注意：我们写的主机没有句号。

PTR：指针记录

PTR 记录用于进行反向名称解析，您提供一个 IP 地址，它返回主机名。

这与 A 记录的作用相反。

192.168.1.5        IN            PTR        support.example.com.

在这里，我们键入带有结尾句点的完整主机名。

MX：邮件往来记录

MX 记录说明 邮件服务器 记录。

example.com.   IN           MX         10           mail

域以句点结尾；数字 10 是邮件服务器的重要性，如果您有多个邮件服务器，则数字越小越不重要。

CNAME：规范名称记录

CNAME 记录就像主机名的快捷方式。

假设您有一个主机名为 whatever-bignameis.example.com 的站点，并且由于系统是 Web 服务器，可以为主机创建别名 www 或 CNAME 记录。

因此，您可以创建一个 CNAME 记录来创建名称 www.example.com：

whatever-bignameis      IN           A                    192.168.1.5
www                     IN           CNAME                whatever-bignameis

第一行告诉 DNS 服务器别名的位置；第二行创建指向 www 的别名。

TXT记录

您可以在 TXT 记录上放置任何文本，例如您的联系信息或您希望人们在查询您的 DNS 服务器时知道的任何其他信息。

可以这样写TXT记录：

example.com.   IN           TXT         " YOUR INFO GOES HERE"

另外，您可以使用RP 记录来放置联系信息。

example.com.   IN           RP           mail.example.com.         example.com.

DNS TTL 值

在顶部的/etc/named.conf中有$TTL条目。

此条目通知 BIND 每个单独记录的生存时间值。

它需要一个以秒为单位的值，例如14400 秒（4 小时），因此 DNS 服务器会将您的区域缓存最多四个小时，然后再次查询您的 DNS 服务器。

您可以降低该值，但默认值是合理的，除非您知道自己在做什么。

捕获配置错误

当您编写区域文件时，您可能会忘记句点或空格或任何其他错误。

您可以从日志中诊断您的 Linux DNS 服务器错误。BIND 服务通过/var/log/messages 中的错误，您可以使用tail 命令使用-f 选项查看实时错误日志。

$tail -f /var/log/messages

因此，当您编写区域文件或修改 /etc/named.config 并重新启动服务并显示错误时，您可以轻松地从日志中识别错误。

主机命令

成功添加或修改记录后，您可以使用主机命令查看您的主机是否正确解析。

如果你给它一个主机名，它会回答相应的 IP 地址。

$ host example.com

此外，您还可以执行反向查找。

$ host 192.168.1.5

您可以检查主机和挖掘命令。

域名查询命令

您可以使用 whois 命令获取域所有者的详细信息。

此外，所有者的电子邮件地址和联系电话号码。

$ whois example.com

rndc 命令

您可以使用 rndc 工具来安全地管理名称服务器。

您可以像这样检查 Linux DNS 服务器的状态：

$ rndc status

此外，如果您对任何区域文件进行了更改，则可以重新加载服务而无需重新启动命名服务。

$ rndc reload example.com

这里我们重新加载 example.com 区域文件。

您可以像这样重新加载所有区域：

$ rndc reload

或者您可能添加新区域或更改服务配置；您可以像这样重新加载配置：

$ rndc reconfig

Linux DNS 解析器

我们已经了解了 Linux DNS 服务器的工作原理以及配置方法。另一部分是正在联系 DNS 服务器的客户端。

客户端是解析器；你可以查看配置文件/etc/resolv.conf

在基于 Debian 的发行版上，您可以检查/etc/resolvconf/resolv.conf.d/目录。

/etc/resolv.conf文件包含系统使用的本地 DNS 服务器。

第一行是默认搜索域，第二行是名称服务器的IP地址。

BIND 服务运行后，您可以使用自己的 DNS 服务器，只需在 resolver.conf 文件中键入它们即可。

文章原文出处：https:   //likegeeks.com/

#linux #dns #server 

Set Up Your Own Open Source DNS Server

Take control of your internet privacy by running your own DNS server with the open source project, Adguard Home.

A Domain Name Server (DNS) associates a domain name (like example.com) with an IP address (like 93.184.216.34). This is how your web browser knows where in the world to look for data when you enter a URL or when a search engine returns a URL for you to visit. DNS is a great convenience for internet users, but it's not without drawbacks. For instance, paid advertisements appear on web pages because your browser naturally uses DNS to resolve where those ads "live" on the internet. Similarly, software that tracks your movement online is often enabled by services resolved over DNS. You don't want to turn off DNS entirely because it's very useful. But you can run your own DNS service so you have more control over how it's used.

I believe it's vital that you run your own DNS server so you can block advertisements and keep your browsing private, away from providers attempting to analyze your online interactions. I've used Pi-hole in the past and still recommend it today. However, lately, I've been running the open source project Adguard Home on my network. I found that it has some unique features worth exploring.

Adguard Home

Of the open source DNS options I've used, Adguard Home is the easiest to set up and maintain. You get many DNS resolution solutions, such as DNS over TLS, DNS over HTTPS, and DNS over QUIC, within one single project.

You can set up Adguard as a container or as a native service using a single script:

$ curl -s -S -L \
https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh

Look at the script so you understand what it does. Once you're comfortable with the install process, run it:

$ sh ./install.sh

Some of my favorite features of AdGuard Home:

An easy admin interface

Block ads and malware with the Adguard block list

Options to configure each device on your network individually

Force safe search on specific devices

Set HTTPS for the admin interface, so your remote interacts with it are fully encrypted

I find that Adguard Home saves me time. Its block lists are more robust than those on Pi-hole. You can quickly and easily configure it to run DNS over HTTPS.

No more malware

Malware is unwanted content on your computer. It's not always directly dangerous to you, but it may enable dangerous activity for third parties. That's not what the internet was ever meant to do. I believe you should host your own DNS service to keep your internet history private and out of the hands of known trackers such as Microsoft, Google, and Amazon. Try Adguard Home on your network.

Original article source at:  https://opensource.com/

#dns #server #opensource 

How to Install, Configure, and Maintain Linux DNS Server

The DNS (Domain Name System) is a naming system for computers, the service that does that is the DNS server which translates an IP address to a human-readable address.

This process is the backbone of the internet and a very important service in your server, so from that point, we will discuss DNS server or specifically Linux DNS server and how to install, configure and maintain it.

The /etc/hosts file

Every system will have to keep its copy of the table of the hostnames and their IP addresses. This file is responsible for IP addresses.

On Linux systems, this table is the /etc/hosts file.

So even if you don’t have a DNS server or DNS server is unavailable, this file can translate IP addresses to names using /etc/hosts file.

That means the system query this file first before going to the DNS server, and if it finds the domain, it will translate it without going to any DNS servers.

Try to edit /etc/hosts and type the following:

127.0.0.1              google.com

Then go to your browser and type google.com and see the results. If you have Apache server installed on your system and your localhost is running, it will show the index page of the localhost instead of the google page.

You can translate google.com to any other IP address of any site and see the result to ensure that.

So what this file is doing is translating IP addresses to names, but this for the same connected network. So what about the outside networks and how to maintain all those records for all systems?

Will everybody manages his own /etc/hosts file and update it himself? Of course not.

Domain names

When you visit a website, you type the FQDN (Fully Qualified Domain Name) or the domain name like this: likegeeks.com or www.google.com

Each domain consists of domain components; the dot separates these components.

The text com is the top-level domain component, and google is the second-level domain component, and www is the third-level domain component

When you visit any website, the browser silently adds a dot at the end, but not visible to you, so the domain will be like www.google.com. Notice the dot after .com; this dot is called the root domain.

But why we added this root domain or the dot?

Because this dot is served by the root name servers, at the time of this post, there are 13 root name servers in the world, you can think of them as the brain of the internet, if they go OFF the world will be without the internet.

And why 13?

Because maybe an earthquake or a natural disaster happens in one place in the world may destroy a root server, so the others serve until the damaged server returns online.

Those root name servers have names like this: a.root-server.net, b.root-server.net, and so on.

Top Level domain names (TLDs)

We saw a top-level domain component, such as com domains.

Top-level domains (TLDs) are divided into categories based on geographical or functional aspects.

There are more than 800 top-level domains on the web at the time of writing this post.

The top-level domains categories are:

• Generic top-level domain like (.org, .com, .net, .gov, .edu and so on).
• Country-code top-level domains like (.us, .ca, and so on) corresponding to the country codes for the United States and Canada, respectively.
• New branded top-level domains like (.linux, .microsoft, .companyname and so on).
• Infrastructure top-level domains like the .arpa domain.

Subdomains

When you visit a website like mail.google.com, the mail here is a subdomain of google.com.

Only the name servers for mail.google.com know all the hosts existing beneath it, so google answers if there is mail subdomain or not, the root name servers have no clue about that.

Types of DNS servers

There are three types of DNS servers:

• Primary DNS servers: They contain the domain’s configuration files, and they respond to the DNS queries.
• Secondary DNS server: They work as a backup and load distribution. Primary servers know the existence of the secondary name servers and send updates to them.
• Caching DNS server: All they do is caching the DNS responses, so you don’t need to ask the primary or secondary DNS server again. You can make your system work as a caching server easily, as we will see later on this post.

Setting up Linux DNS server

There are many packages on Linux that implement DNS functionality, but we will focus on the BIND DNS server. Many servers around the world use it.

If you are using Red Hat based distro like CentOS, you can install it like this:

$ dnf -y install bind

Or on Debian based systems like Ubuntu:

$ apt-get install bind9

Once the installation completed, you can start it and enable it to run at boot time.

$ systemctl start named

$ systemctl enable named

Configuring BIND

The service configuration is /etc/named.conf file.

There are some statements that BIND uses in that file like:

From the options statement, you can see that the working directory for BIND is /var/named directory.

The zone statement enables you to define a DNS zone.

Like the domain google.com which also has subdomains like mail.google.com and analytics.google.com and other subdomains.

Every one of these three (the domain and subdomains) has a zone defined by the zone statement.

Defining a primary zone

We know from the DNS server types that there are primary, secondary, and cache DNS servers.

Primary and secondary are equally authoritative in their answers, unlike the caching server.

To define a primary zone, you can use the following syntax:

/etc/named.confzone     

"likegeeks.com" {
type master;
file likegeeks.com.db
};

The file that contains the zone information is located in /var/named directory since this is the working directory, as we know from the options.

Note that the server software or the hosting panel you’re using creates this file with this name automatically for you, so if your domain is example.org, the file will be /var/named/example.org.db.

The type is master, which means this is a primary zone.

Defining a secondary zone

The same as the primary zone definition with little change.

zone      "likegeeks.com" {
type slave;
masters Primary Nameserver IP Address Here; ;
file likegeeks.com.db
};

In the secondary zone, the domain is the same as the primary zone, and the type slave here means this is a secondary zone, and the masters option to list the IP addresses of the primary nameserver and finally, the file is the path of the primary’s zone files.

Defining a caching zone

It is necessary to have a caching zone, so you decrease the queries on the DNS server.

To define a caching zone, you need to define three-zone sections the first one:

zone      "." IN {
type hint;
file "root.hint";
};

The first line contains a dot, which is the root name servers. The type hint, which means a caching zone entry, and the file “root.hints”; specifies the file that contains the root servers ( the 13 root name server). You can get the latest root name server from http://www.internic.net/zones/named.root

The second zone defined in the /etc/named.rfc1912.zones file and included in /etc/named.conf via include directive, which is already included by default.

zone      "localhost" IN {
type master;
file "localhost.db";
};

The third zone defines the reverse lookup for the localhost.

zone      "0.0.127.in-addr.arpa" IN {
type master;
file "127.0.0.rev";
};

Putting these three zones on /etc/named.conf will make your system work as a caching DNS server. Now you should type the content of the files referenced like likegeeks.com.db, localhost.db, and 127.0.0.rev.

These files contain the DNS record types for each zone with some options. So what are those DNS record types and how to write them?

DNS records types

The database files consist of record types like SOA, NS, A, PTR, MX, CNAME, and TXT.

So let’s start with each record type and see how we can configure it.

SOA: Start of Authority Record

The SOA record describes the site’s DNS entries with the following format:

example.com.      86400      IN      SOA      ns1.example.com.      mail.example.com.      (
2017012604 ;serial
86400 ;refresh, seconds
7200 ;retry, seconds
3600000 ;expire, seconds
86400 ;minimum, seconds
)

The first line starts with the domain example.com. and ends with a period. Which is the same as the zone definition in /etc/named.conf file.

Keep in mind that DNS configuration files are extremely picky.

The IN word means Internet record.

The SOA word means Start of Authority record.

The ns1. example.com. is the domain’s name server.

The mail.host.com. is the domain administrator email. You may notice there is no @ sign, and we replaced it with the period, and there is a trailing period.

Line 2 is the serial number, we use it to tell the name server about the file update time, so if you make a change to the zone data, you have to increment this number. The serial number has the format YYYYMMDDxx where xx is starting from 00.

Line 3 is the refresh rate in seconds. How often secondary DNS servers should query the primary server to check for updates.

Line 4 is the retry rate in seconds. This is the time that the secondary DNS server takes for waiting after trying to connect to the primary DNS server and cannot reach it. The specified number of retry seconds.

Line 5 is the expire directive. If the secondary server cannot connect to the primary server for an update, it should discard the value after the specified number of seconds.

Line 6 tells the caching servers can’t connect to the primary DNS server; they wait before expiring an entry, this line defines the wait time.

NS: Name Server records

You can use the NS record to specify the name servers for a zone. The NS records are like this:

IN           NS         ns1.example.com.
IN           NS         ns2.example.com.

You don’t have to create two NS records, but we prefer to have backup name servers.

A and AAAA: address records

The A record maps the hostname to an IP address:

support IN          A             192.168.1.5

If you have a host at support.example.com on address 192.168.1.5, you can type like the above example.

Note: we wrote the host without a period.

PTR: pointer records

The PTR record is for doing the reverse name resolution, you give an IP address, and it returns the hostname.

This is the opposite of what A record does.

192.168.1.5        IN            PTR        support.example.com.

Here we type the full hostname with the trailing period.

MX: Mail exchange records

The MX record tells about the mail server records.

example.com.   IN           MX         10           mail

The domain ends with a period; the number 10 is the importance of the mail server, if you have multiple mail servers, the lower number is the less important.

CNAME: Canonical Name Records

CNAME records are like shortcuts for hostnames.

Suppose you have a site that has a hostname of whatever-bignameis.example.com, and since the system is a web server, an alias of www or CNAME record can be created for the host.

So you can create a CNAME record to make the name www.example.com:

whatever-bignameis      IN           A                    192.168.1.5
www                     IN           CNAME                whatever-bignameis

The first line tells the DNS server about the location of the alias; the second line creates the alias that points to www.

TXT records

You can put any text on TXT records like your contact information or any other information you want the people to know when they query your DNS server.

You can write TXT records like this:

example.com.   IN           TXT         " YOUR INFO GOES HERE"

Also, you can use the RP record to put the contact information.

example.com.   IN           RP           mail.example.com.         example.com.

DNS TTL value

In /etc/named.conf on the top there is $TTL entry.

This entry informs BIND about the time to live value for each individual record.

It takes a value in seconds like 14400 seconds (4 hours), so the DNS servers will cache your zone up to four hours then will query your DNS server again.

You can lower the value, but the default value is fair unless you know what you are doing.

Catching configuration errors

When you write your zone files, maybe you forget a period or space or any other error.

You can diagnose your Linux DNS server errors from the log. The BIND service through errors in /var/log/messages, you can use the tail command to view real-time error log using -f option.

$tail -f /var/log/messages

So when you write a zone file or modify /etc/named.config and restart your service and it shows an error, you can easily identify the error from the log.

Host command

After you have successfully added or modified your records, you can use the host command to see if your host if resolved correctly.

If you give it a hostname, it will answer with the corresponding IP addresses.

$ host example.com

Also, you can perform reverse lookups.

$ host 192.168.1.5

You can check the host and dig command.

Whois command

You can use the whois command to get the domain owner’s details.

Also, the owner’s email addresses, and contact phone numbers.

$ whois example.com

The rndc command

You can use the rndc tool to manage the name server securely.

You can check the status of the Linux DNS server like this:

$ rndc status

Also, if you make a change to any of the zone files, you can reload the service without restart the named service.

$ rndc reload example.com

Here we reload the example.com zone file.

You can reload all zones like this:

$ rndc reload

Or maybe you add new zones or change the configuration of the service; you can reload the configuration like this:

$ rndc reconfig

Linux DNS resolver

We’ve seen how a Linux DNS server works and how to configure it. The other part is the client who is contacting the DNS server.

The client is the resolver; you can check the configuration file /etc/resolv.conf

On Debian based distros, you can check /etc/resolvconf/resolv.conf.d/ directory.

The /etc/resolv.conf file contains the local DNS servers that the system uses.

The first line is for the default search domain, and the second line indicates the IP address of the name server.

You can use your own DNS server once your BIND service running, just type them in the resolver.conf file.

Original article source at:  https://likegeeks.com/

#linux #dns #server 

DNS: Async DNS Resolution for PHP Based on Amp

dns

amphp/dns provides asynchronous DNS resolution for PHP based on Amp.

Installation

composer require amphp/dns

Example

<?php

require __DIR__ . '/examples/_bootstrap.php';

use Amp\Dns;
use Amp\Loop;

Loop::run(function () {
    $githubIpv4 = yield Dns\resolve("github.com", Dns\Record::A);
    pretty_print_records("github.com", $githubIpv4);

    $googleIpv4 = Amp\Dns\resolve("google.com", Dns\Record::A);
    $googleIpv6 = Amp\Dns\resolve("google.com", Dns\Record::AAAA);

    $firstGoogleResult = yield Amp\Promise\first([$googleIpv4, $googleIpv6]);
    pretty_print_records("google.com", $firstGoogleResult);

    $combinedGoogleResult = yield Amp\Dns\resolve("google.com");
    pretty_print_records("google.com", $combinedGoogleResult);

    $googleMx = yield Amp\Dns\query("google.com", Amp\Dns\Record::MX);
    pretty_print_records("google.com", $googleMx);
});

Download Details:

Author: Amphp
Source Code: https://github.com/amphp/dns 
License: MIT license

#php #async #dns 

Setup DNS in Kinsta Managed Hosting – Route 53

How to Setup DNS in Kinsta Managed Hosting with Amazon Route 53 DNS service.

Kinsta premium DNS uses Amazon’s Route 53 DNS management for managing DNS. This guide shows you how to get the benefits of AWS DNS service by setting up and configuring it through Kinsta.

Prerequisites

1. A Kinsta account to setup your brand new WordPress or migrate your website.
2. Create your site in Kinsta

Setup Kinsta DNS

To setup Kinsta DNS go to your Kinsta console and navigate to Kinsta DNS.

Click Add your first domain

Enter your domain name and click Add domain

Now a set of nameservers will be created for your domain.

You can update these nameservers at your domain registrar.

Once you have updated the nameservers you can manage all your DNS records from Kinsta DNS.

Point your Domain to Kinsta

Now take note of your IPv4 address from the Site details page.

Next step is to point your domain to Kinsta managed server by creating a A record.

Click Manage next to your domain name to add your DNS records.

Click Add the first DNS record

In Type select A

In Hostname you can leave it blank.

In IPv4 address enter the IP address you have noted from the Site details page.

Click Add DNS record

Create a CNAME record for www

Again click Add a DNS record

In Type select CNAME

In Hostname enter www

In Points to enter your domain name (yourdomain.com)

Click Add DNS record

Now your Domain name is pointed to Kinsta Managed server and your DNS is managed by AWS Route 53 by Kinsta.

The DNS propagation takes around 4 hours to complete. Once the DNS is propagated you can visit your domain name in the browser to see your installation.

Conclusion

Now you have learned how to setup Amazon Route 53 DNS using Kinsta and point your domain name to Kinsta server.

Original article source at: https://www.cloudbooklet.com/

#dns #managed #amazon #53 

Stacks-blockchain: The Stacks Blockchain Implementation

Stacks 2.0

Reference implementation of the Stacks blockchain in Rust.

Stacks 2.0 is a layer-1 blockchain that connects to Bitcoin for security and enables decentralized apps and predictable smart contracts. Stacks 2.0 implements Proof of Transfer (PoX) mining that anchors to Bitcoin security. Leader election happens at the Bitcoin blockchain and Stacks (STX) miners write new blocks on the separate Stacks blockchain. With PoX there is no need to modify Bitcoin to enable smart contracts and apps around it. See this page for more details and resources.

Repository

Release Schedule and Hotfixes

Normal releases in this repository that add features such as improved RPC endpoints, improved boot-up time, new event observer fields or event types, etc., are released on a monthly schedule. The currently staged changes for such releases are in the develop branch. It is generally safe to run a stacks-node from that branch, though it has received less rigorous testing than release tags. If bugs are found in the develop branch, please do report them as issues on this repository.

For fixes that impact the correct functioning or liveness of the network, hotfixes may be issued. These are patches to the main branch which are backported to the develop branch after merging. These hotfixes are categorized by priority according to the following rubric:

• High Priority. Any fix for an issue that could deny service to the network as a whole, e.g., an issue where a particular kind of invalid transaction would cause nodes to stop processing requests or shut down unintentionally. Any fix for an issue that could cause honest miners to produce invalid blocks.
• Medium Priority. Any fix for an issue that could cause miners to waste funds.
• Low Priority. Any fix for an issue that could deny service to individual nodes.

Versioning

This repository uses a 5 part version number.

X.Y.Z.A.n

X = 2 and does not change in practice unless there’s another Stacks 2.0 type event
Y increments on consensus-breaking changes
Z increments on non-consensus-breaking changes that require a fresh chainstate (akin to semantic MAJOR)
A increments on non-consensus-breaking changes that do not require a fresh chainstate, but introduce new features (akin to semantic MINOR)
n increments on patches and hot-fixes (akin to semantic PATCH)

For example, a node operator running version 2.0.10.0.0 would not need to wipe and refresh their chainstate to upgrade to 2.0.10.1.0 or 2.0.10.0.1. However, upgrading to 2.0.11.0.0 would require a new chainstate.

Roadmap

•  SIP 001: Burn Election
•  SIP 002: Clarity, a language for predictable smart contracts
•  SIP 003: Peer Network
•  SIP 004: Cryptographic Commitment to Materialized Views
•  SIP 005: Blocks, Transactions, and Accounts
•  SIP 006: Clarity Execution Cost Assessment
•  SIP 007: Stacking Consensus
•  SIP 008: Clarity Parsing and Analysis Cost Assessment

Stacks improvement proposals (SIPs) are aimed at describing the implementation of the Stacks blockchain, as well as proposing improvements. They should contain concise technical specifications of features or standards and the rationale behind it. SIPs are intended to be the primary medium for proposing new features, for collecting community input on a system-wide issue, and for documenting design decisions.

See SIP 000 for more details.

The SIPs are now located in the stacksgov/sips repository as part of the Stacks Community Governance organization.

Testnet versions

 Krypton is a Stacks 2 testnet with a fixed, two-minute block time, called regtest. Regtest is generally unstable for regular use, and is reset often. See the regtest documentation for more information on using regtest.

 Xenon is the Stacks 2 public testnet, which runs PoX against the Bitcoin testnet. It is the full implementation of the Stacks 2 blockchain, and should be considered a stable testnet for developing Clarity smart contracts. See the testnet documentation for more information on the public testnet.

 Mainnet is the fully functional Stacks 2 blockchain, see the Stacks overview for information on running a Stacks node, mining, stacking, and writing Clarity smart contracts.

Getting started

Download and build stacks-blockchain

The first step is to ensure that you have Rust and the support software installed.

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

For building on Windows, follow the rustup installer instructions at https://rustup.rs/

From there, you can clone this repository:

git clone --depth=1 https://github.com/blockstack/stacks-blockchain.git

cd stacks-blockchain

Then build the project:

cargo build

Run the tests:

cargo test testnet  -- --test-threads=1

Encode and sign transactions

Here, we have generated a keypair that will be used for signing the upcoming transactions:

cargo run --bin blockstack-cli generate-sk --testnet

# Output
# {
#  secretKey: "b8d99fd45da58038d630d9855d3ca2466e8e0f89d3894c4724f0efc9ff4b51f001",
#  publicKey: "02781d2d3a545afdb7f6013a8241b9e400475397516a0d0f76863c6742210539b5",
#  stacksAddress: "ST2ZRX0K27GW0SP3GJCEMHD95TQGJMKB7G9Y0X1MH"
# }

This keypair is already registered in the testnet-follower-conf.toml file, so it can be used as presented here.

We will interact with the following simple contract kv-store. In our examples, we will assume this contract is saved to ./kv-store.clar:

(define-map store { key: (string-ascii 32) } { value: (string-ascii 32) })

(define-public (get-value (key (string-ascii 32)))
    (match (map-get? store { key: key })
        entry (ok (get value entry))
        (err 0)))

(define-public (set-value (key (string-ascii 32)) (value (string-ascii 32)))
    (begin
        (map-set store { key: key } { value: value })
        (ok true)))

We want to publish this contract on chain, then issue some transactions that interact with it by setting some keys and getting some values, so we can observe read and writes.

Our first step is to generate and sign, using your private key, the transaction that will publish the contract kv-store. To do that, we will use the subcommand:

cargo run --bin blockstack-cli publish --help

With the following arguments:

cargo run --bin blockstack-cli publish b8d99fd45da58038d630d9855d3ca2466e8e0f89d3894c4724f0efc9ff4b51f001 515 0 kv-store ./kv-store.clar --testnet

The 515 is the transaction fee, denominated in microSTX. Right now, the testnet requires one microSTX per byte minimum, and this transaction should be less than 515 bytes. The third argument 0 is a nonce, that must be increased monotonically with each new transaction.

This command will output the binary format of the transaction. In our case, we want to pipe this output and dump it to a file that will be used later in this tutorial.

cargo run --bin blockstack-cli publish b8d99fd45da58038d630d9855d3ca2466e8e0f89d3894c4724f0efc9ff4b51f001 515 0 kv-store ./kv-store.clar --testnet | xxd -r -p > tx1.bin

Run the testnet

You can observe the state machine in action locally by running:

cargo stacks-node start --config=./testnet/stacks-node/conf/testnet-follower-conf.toml

testnet-follower-conf.toml is a configuration file that you can use for setting genesis balances or configuring Event observers. You can grant an address an initial account balance by adding the following entries:

[[ustx_balance]]
address = "ST2VHM28V9E5QCRD6C73215KAPSBKQGPWTEE5CMQT"
amount = 100000000

The address field is the Stacks testnet address, and the amount field is the number of microSTX to grant to it in the genesis block. The addresses of the private keys used in the tutorial below are already added.

Publish your contract

Assuming that the testnet is running, we can publish our kv-store contract.

In another terminal (or file explorer), you can move the tx1.bin generated earlier, to the mempool:

curl -X POST -H "Content-Type: application/octet-stream" --data-binary @./tx1.bin http://localhost:20443/v2/transactions

In the terminal window running the testnet, you can observe the state machine's reactions.

Reading from / Writing to the contract

Now that our contract has been published on chain, let's try to submit some read / write transactions. We will start by trying to read the value associated with the key foo.

To do that, we will use the subcommand:

cargo run --bin blockstack-cli contract-call --help

With the following arguments:

cargo run --bin blockstack-cli contract-call b8d99fd45da58038d630d9855d3ca2466e8e0f89d3894c4724f0efc9ff4b51f001 500 1 ST2ZRX0K27GW0SP3GJCEMHD95TQGJMKB7G9Y0X1MH kv-store get-value -e \"foo\" --testnet | xxd -r -p > tx2.bin

contract-call generates and signs a contract-call transaction.

We can submit the transaction by moving it to the mempool path:

curl -X POST -H "Content-Type: application/octet-stream" --data-binary @./tx2.bin http://localhost:20443/v2/transactions

Similarly, we can generate a transaction that would be setting the key foo to the value bar:

cargo run --bin blockstack-cli contract-call b8d99fd45da58038d630d9855d3ca2466e8e0f89d3894c4724f0efc9ff4b51f001 500 2 ST2ZRX0K27GW0SP3GJCEMHD95TQGJMKB7G9Y0X1MH kv-store set-value -e \"foo\" -e \"bar\" --testnet | xxd -r -p > tx3.bin

And submit it by moving it to the mempool path:

curl -X POST -H "Content-Type: application/octet-stream" --data-binary @./tx3.bin http://localhost:20443/v2/transactions

Finally, we can issue a third transaction, reading the key foo again, for ensuring that the previous transaction has successfully updated the state machine:

cargo run --bin blockstack-cli contract-call b8d99fd45da58038d630d9855d3ca2466e8e0f89d3894c4724f0efc9ff4b51f001 500 3 ST2ZRX0K27GW0SP3GJCEMHD95TQGJMKB7G9Y0X1MH kv-store get-value -e \"foo\" --testnet | xxd -r -p > tx4.bin

And submit this last transaction by moving it to the mempool path:

curl -X POST -H "Content-Type: application/octet-stream" --data-binary @./tx4.bin http://localhost:20443/v2/transactions

Congratulations, you can now write your own smart contracts with Clarity.

Platform support

Officially supported platforms: Linux 64-bit, MacOS 64-bit, Windows 64-bit.

Platforms with second-tier status (builds are provided but not tested): MacOS Apple Silicon (ARM64), Linux ARMv7, Linux ARM64.

For help cross-compiling on memory-constrained devices, please see the community supported documentation here: Cross Compiling.

Community

Beyond this Github project, Blockstack maintains a public forum and an opened Discord channel. In addition, the project maintains a mailing list which sends out community announcements.

The greater Blockstack community regularly hosts in-person meetups. The project's YouTube channel includes videos from some of these meetups, as well as video tutorials to help new users get started and help developers wrap their heads around the system's design.

Further Reading

You can learn more by visiting the Blockstack Website and checking out the documentation:

• Blockstack docs

You can also read the technical papers:

• "PoX: Proof of Transfer Mining with Bitcoin", May 2020
• "Stacks 2.0: Apps and Smart Contracts for Bitcoin", Dec 2020

If you have high-level questions about Blockstack, try searching our forum and start a new question if your question is not answered there.

Contributing

Tests and Coverage

PRs must include test coverage. However, if your PR includes large tests or tests which cannot run in parallel (which is the default operation of the cargo test command), these tests should be decorated with #[ignore]. If you add #[ignore] tests, you should add your branch to the filters for the all_tests job in our circle.yml (or if you are working on net code or marf code, your branch should be named such that it matches the existing filters there).

A test should be marked #[ignore] if:

1. It does not always pass cargo test in a vanilla environment (i.e., it does not need to run with --test-threads 1).
2. Or, it runs for over a minute via a normal cargo test execution (the cargo test command will warn if this is not the case).

Formatting

This repository uses the default rustfmt formatting style. PRs will be checked against rustfmt and will fail if not properly formatted.

You can check the formatting locally via:

cargo fmt --all -- --check

You can automatically reformat your commit via:

cargo fmt --all

Mining

Stacks tokens (STX) are mined by transferring BTC via PoX. To run as a miner, you should make sure to add the following config fields to your config file:

[node]
# Run as a miner
miner = True
# Bitcoin private key to spend
seed = "YOUR PRIVATE KEY"
# How long to wait for microblocks to arrive before mining a block to confirm them (in milliseconds)
wait_time_for_microblocks = 10000
# Run as a mock-miner, to test mining without spending BTC. Needs miner=True.
#mock_mining = True

[miner]
# Smallest allowed tx fee, in microSTX
min_tx_fee = 100
# Time to spend on the first attempt to make a block, in milliseconds.
# This can be small, so your node gets a block-commit into the Bitcoin mempool early.
first_attempt_time_ms = 1000
# Time to spend on subsequent attempts to make a block, in milliseconds.
# This can be bigger -- new block-commits will be RBF'ed.
subsequent_attempt_time_ms = 60000
# Time to spend mining a microblock, in milliseconds.
microblock_attempt_time_ms = 30000

You can verify that your node is operating as a miner by checking its log output to verify that it was able to find its Bitcoin UTXOs:

$ head -n 100 /path/to/your/node/logs | grep -i utxo
INFO [1630127492.031042] [testnet/stacks-node/src/run_loop/neon.rs:146] [main] Miner node: checking UTXOs at address: <redacted>
INFO [1630127492.062652] [testnet/stacks-node/src/run_loop/neon.rs:164] [main] UTXOs found - will run as a Miner node

Configuring Cost and Fee Estimation

Fee and cost estimators can be configured via the config section [fee_estimation]:

[fee_estimation]
cost_estimator = naive_pessimistic
fee_estimator = fuzzed_weighted_median_fee_rate
fee_rate_fuzzer_fraction = 0.1
fee_rate_window_size = 5
cost_metric = proportion_dot_product
log_error = true
enabled = true

Fee and cost estimators observe transactions on the network and use the observed costs of those transactions to build estimates for viable fee rates and expected execution costs for transactions. Estimators and metrics can be selected using the configuration fields above, though the default values are the only options currently. log_error controls whether or not the INFO logger will display information about the cost estimator accuracy as new costs are observed. Setting enabled = false turns off the cost estimators. Cost estimators are not consensus-critical components, but rather can be used by miners to rank transactions in the mempool or client to determine appropriate fee rates for transactions before broadcasting them.

The fuzzed_weighted_median_fee_rate uses a median estimate from a window of the fees paid in the last fee_rate_window_size blocks. Estimates are then randomly "fuzzed" using uniform random fuzz of size up to fee_rate_fuzzer_fraction of the base estimate.

Non-Consensus Breaking Release Process

For non-consensus breaking releases, this project uses the following release process:

The release must be timed so that it does not interfere with a prepare phase. The timing of the next Stacking cycle can be found here. A release to mainnet should happen at least 24 hours before the start of a new cycle, to avoid interfering with the prepare phase. So, start by being aware of when the release can happen.

Before creating the release, the release manager must determine the version number for this release. The factors that determine the version number are discussed in Versioning. We assume, in this section, that the change is not consensus-breaking. So, the release manager must first determine whether there are any "non-consensus-breaking changes that require a fresh chainstate". This means, in other words, that the database schema has changed, but an automatic migration was not implemented. Then, the release manager should determine whether this is a feature release, as opposed to a hotfix or a patch. Given the answers to these questions, the version number can be computed.

The release manager enumerates the PRs or issues that would block the release. A label should be applied to each such issue/PR as 2.0.x.y.z-blocker. The release manager should ping these issue/PR owners for updates on whether or not those issues/PRs have any blockers or are waiting on feedback.

The release manager should open a develop -> master PR. This can be done before all the blocker PRs have merged, as it is helpful for the manager and others to see the staged changes.

The release manager must update the CHANGELOG.md file with summaries what was Added, Changed, and Fixed. The pull requests merged into develop can be found here. Note, however, that GitHub apparently does not allow sorting by

merge time, so, when sorting by some proxy criterion, some care should be used to understand which PR's were merged after the last develop -> master release PR. This CHANGELOG.md should also be used as the description of the develop -> master so that it acts as release notes when the branch is tagged.

Once the blocker PRs have merged, the release manager will create a new tag by manually triggering the stacks-blockchain Github Actions workflow against the develop branch, inputting the release candidate tag, 2.0.x.y.z-rc0, in the Action's input textbox.

Once the release candidate has been built, and docker images, etc. are available, the release manager will notify various ecosystem participants to test the release candidate on various staging infrastructure:

1. Stacks Foundation staging environments.
2. Hiro PBC testnet network.
3. Hiro PBC mainnet mock miner.

The release manager will test that the release candidate successfully syncs with the current chain from genesis both in testnet and mainnet. This requires starting the release candidate with an empty chainstate and confirming that it synchronizes with the current chain tip.

If bugs or issues emerge from the rollout on staging infrastructure, the release will be delayed until those regressions are resolved. As regressions are resolved, additional release candidates should be tagged. The release manager is responsible for updating the develop -> master PR with information about the discovered issues, even if other community members and developers may be addressing the discovered issues.

Once the final release candidate has rolled out successfully without issue on the above staging infrastructure, the release manager tags 2 additional stacks-blockchain team members to review the develop -> master PR. If there is a merge conflict in this PR, this is the protocol: open a branch off of develop, merge master into that branch, and then open a PR from this side branch to develop. The merge conflicts will be resolved.

Once reviewed and approved, the release manager merges the PR, and tags the release via the stacks-blockchain Github action by clicking "Run workflow" and providing the release version as the tag (e.g., 2.0.11.1.0) This creates a release and release images. Once the release has been created, the release manager should update the Github release text with the CHANGELOG.md "top-matter" for the release.

Download Details:

Author: Stacks-network
Source Code: https://github.com/stacks-network/stacks-blockchain 
License: GPL-3.0 license

#serverless #blockchain #dns #rust #blockchain 

Gobuster: Directory/File, DNS and VHost Busting tool Written in Go

Gobuster v3.2.0

Gobuster is a tool used to brute-force:

• URIs (directories and files) in web sites.
• DNS subdomains (with wildcard support).
• Virtual Host names on target web servers.
• Open Amazon S3 buckets

Changes

3.2

• Use go 1.19
• use contexts in the correct way
• get rid of the wildcard flag (except in DNS mode)
• color output
• retry on timeout
• google cloud bucket enumeration
• fix nil reference errors

3.1

• enumerate public AWS S3 buckets
• fuzzing mode
• specify HTTP method
• added support for patterns. You can now specify a file containing patterns that are applied to every word, one by line. Every occurrence of the term {GOBUSTER} in it will be replaced with the current wordlist item. Please use with caution as this can cause increase the number of requests issued a lot.
• The shorthand p flag which was assigned to proxy is now used by the pattern flag

3.0

• New CLI options so modes are strictly separated (-m is now gone!)
• Performance Optimizations and better connection handling
• Ability to enumerate vhost names
• Option to supply custom HTTP headers

Manual

Available Modes

• dir - the classic directory brute-forcing mode
• dns - DNS subdomain brute-forcing mode
• s3 - Enumerate open S3 buckets and look for existence and bucket listings
• gcs - Enumerate open google cloud buckets
• vhost - virtual host brute-forcing mode (not the same as DNS!)
• fuzz - some basic fuzzing, replaces the FUZZ keyword

Easy Installation

Binary Releases

We are now shipping binaries for each of the releases so that you don't even have to build them yourself! How wonderful is that!

If you're stupid enough to trust binaries that I've put together, you can download them from the releases page.

Using go install

If you have a Go environment ready to go (at least go 1.19), it's as easy as:

go install github.com/OJ/gobuster/v3@latest

PS: You need at least go 1.19 to compile gobuster.

Building From Source

Since this tool is written in Go you need to install the Go language/compiler/etc. Full details of installation and set up can be found on the Go language website. Once installed you have two options. You need at least go 1.19 to compile gobuster.

Compiling

gobuster has external dependencies, and so they need to be pulled in first:

go get && go build

This will create a gobuster binary for you. If you want to install it in the $GOPATH/bin folder you can run:

go install

Modes

Help is built-in!

• gobuster help - outputs the top-level help.
• gobuster help <mode> - outputs the help specific to that mode.

dns Mode

Options

Uses DNS subdomain enumeration mode

Usage:
  gobuster dns [flags]

Flags:
  -d, --domain string      The target domain
  -h, --help               help for dns
  -r, --resolver string    Use custom DNS server (format server.com or server.com:port)
  -c, --show-cname         Show CNAME records (cannot be used with '-i' option)
  -i, --show-ips           Show IP addresses
      --timeout duration   DNS resolver timeout (default 1s)
      --wildcard           Force continued operation when wildcard found

Global Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
      --no-color          Disable color output
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Examples

gobuster dns -d mysite.com -t 50 -w common-names.txt

Normal sample run goes like this:

gobuster dns -d google.com -w ~/wordlists/subdomains.txt

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dns
[+] Url/Domain   : google.com
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 11:54:20 Starting gobuster
===============================================================
Found: chrome.google.com
Found: ns1.google.com
Found: admin.google.com
Found: www.google.com
Found: m.google.com
Found: support.google.com
Found: translate.google.com
Found: cse.google.com
Found: news.google.com
Found: music.google.com
Found: mail.google.com
Found: store.google.com
Found: mobile.google.com
Found: search.google.com
Found: wap.google.com
Found: directory.google.com
Found: local.google.com
Found: blog.google.com
===============================================================
2019/06/21 11:54:20 Finished
===============================================================

Show IP sample run goes like this:

gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dns
[+] Url/Domain   : google.com
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 11:54:54 Starting gobuster
===============================================================
Found: www.google.com [172.217.25.36, 2404:6800:4006:802::2004]
Found: admin.google.com [172.217.25.46, 2404:6800:4006:806::200e]
Found: store.google.com [172.217.167.78, 2404:6800:4006:802::200e]
Found: mobile.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: ns1.google.com [216.239.32.10, 2001:4860:4802:32::a]
Found: m.google.com [172.217.25.43, 2404:6800:4006:802::200b]
Found: cse.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: chrome.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: search.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: local.google.com [172.217.25.46, 2404:6800:4006:80a::200e]
Found: news.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: blog.google.com [216.58.199.73, 2404:6800:4006:806::2009]
Found: support.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: wap.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: directory.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: translate.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: music.google.com [172.217.25.46, 2404:6800:4006:802::200e]
Found: mail.google.com [172.217.25.37, 2404:6800:4006:802::2005]
===============================================================
2019/06/21 11:54:55 Finished
===============================================================

Base domain validation warning when the base domain fails to resolve. This is a warning rather than a failure in case the user fat-fingers while typing the domain.

gobuster dns -d yp.to -w ~/wordlists/subdomains.txt -i

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dns
[+] Url/Domain   : yp.to
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 11:56:43 Starting gobuster
===============================================================
2019/06/21 11:56:53 [-] Unable to validate base domain: yp.to
Found: cr.yp.to [131.193.32.108, 131.193.32.109]
===============================================================
2019/06/21 11:56:53 Finished
===============================================================

Wildcard DNS is also detected properly:

gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dns
[+] Url/Domain   : 0.0.1.xip.io
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 12:13:48 Starting gobuster
===============================================================
2019/06/21 12:13:48 [-] Wildcard DNS found. IP address(es): 1.0.0.0
2019/06/21 12:13:48 [!] To force processing of Wildcard DNS, specify the '--wildcard' switch.
===============================================================
2019/06/21 12:13:48 Finished
===============================================================

If the user wants to force processing of a domain that has wildcard entries, use --wildcard:

gobuster dns -d 0.0.1.xip.io -w ~/wordlists/subdomains.txt --wildcard

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dns
[+] Url/Domain   : 0.0.1.xip.io
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/subdomains.txt
===============================================================
2019/06/21 12:13:51 Starting gobuster
===============================================================
2019/06/21 12:13:51 [-] Wildcard DNS found. IP address(es): 1.0.0.0
Found: 127.0.0.1.xip.io
Found: test.127.0.0.1.xip.io
===============================================================
2019/06/21 12:13:53 Finished
===============================================================

dir Mode

Options

Uses directory/file enumeration mode

Usage:
  gobuster dir [flags]

Flags:
  -f, --add-slash                       Append / to each request
  -c, --cookies string                  Cookies to use for the requests
  -d, --discover-backup                 Also search for backup files by appending multiple backup extensions
      --exclude-length ints             exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.
  -e, --expanded                        Expanded mode, print full URLs
  -x, --extensions string               File extension(s) to search for
  -r, --follow-redirect                 Follow redirects
  -H, --headers stringArray             Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
  -h, --help                            help for dir
      --hide-length                     Hide the length of the body in the output
  -m, --method string                   Use the following HTTP method (default "GET")
  -n, --no-status                       Don't print status codes
  -k, --no-tls-validation               Skip TLS certificate verification
  -P, --password string                 Password for Basic Auth
      --proxy string                    Proxy to use for requests [http(s)://host:port]
      --random-agent                    Use a random User-Agent string
      --retry                           Should retry on request timeout
      --retry-attempts int              Times to retry on request timeout (default 3)
  -s, --status-codes string             Positive status codes (will be overwritten with status-codes-blacklist if set)
  -b, --status-codes-blacklist string   Negative status codes (will override status-codes if set) (default "404")
      --timeout duration                HTTP Timeout (default 10s)
  -u, --url string                      The target URL
  -a, --useragent string                Set the User-Agent string (default "gobuster/3.2.0")
  -U, --username string                 Username for Basic Auth

Global Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
      --no-color          Disable color output
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Examples

gobuster dir -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html

Default options looks like this:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent   : gobuster/3.2.0
[+] Timeout      : 10s
===============================================================
2019/06/21 11:49:43 Starting gobuster
===============================================================
/categories (Status: 301)
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200)
===============================================================
2019/06/21 11:49:44 Finished
===============================================================

Default options with status codes disabled looks like this:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -n

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent   : gobuster/3.2.0
[+] No status    : true
[+] Timeout      : 10s
===============================================================
2019/06/21 11:50:18 Starting gobuster
===============================================================
/categories
/contact
/index
/posts
===============================================================
2019/06/21 11:50:18 Finished
===============================================================

Verbose output looks like this:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -v

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent   : gobuster/3.2.0
[+] Verbose      : true
[+] Timeout      : 10s
===============================================================
2019/06/21 11:50:51 Starting gobuster
===============================================================
Missed: /alsodoesnotexist (Status: 404)
Found: /index (Status: 200)
Missed: /doesnotexist (Status: 404)
Found: /categories (Status: 301)
Found: /posts (Status: 301)
Found: /contact (Status: 301)
===============================================================
2019/06/21 11:50:51 Finished
===============================================================

Example showing content length:

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -l

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Mode         : dir
[+] Url/Domain   : https://buffered.io/
[+] Threads      : 10
[+] Wordlist     : /home/oj/wordlists/shortlist.txt
[+] Status codes : 200,204,301,302,307,401,403
[+] User Agent   : gobuster/3.2.0
[+] Show length  : true
[+] Timeout      : 10s
===============================================================
2019/06/21 11:51:16 Starting gobuster
===============================================================
/categories (Status: 301) [Size: 178]
/posts (Status: 301) [Size: 178]
/contact (Status: 301) [Size: 178]
/index (Status: 200) [Size: 51759]
===============================================================
2019/06/21 11:51:17 Finished
===============================================================

Quiet output, with status disabled and expanded mode looks like this ("grep mode"):

gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt -q -n -e
https://buffered.io/index
https://buffered.io/contact
https://buffered.io/posts
https://buffered.io/categories

vhost Mode

Options

Uses VHOST enumeration mode (you most probably want to use the IP adress as the URL parameter

Usage:
  gobuster vhost [flags]

Flags:
      --append-domain         Append main domain from URL to words from wordlist. Otherwise the fully qualified domains need to be specified in the wordlist.
  -c, --cookies string        Cookies to use for the requests
      --domain string         the domain to append when using an IP address as URL. If left empty and you specify a domain based URL the hostname from the URL is extracted
      --exclude-length ints   exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.
  -r, --follow-redirect       Follow redirects
  -H, --headers stringArray   Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
  -h, --help                  help for vhost
  -m, --method string         Use the following HTTP method (default "GET")
  -k, --no-tls-validation     Skip TLS certificate verification
  -P, --password string       Password for Basic Auth
      --proxy string          Proxy to use for requests [http(s)://host:port]
      --random-agent          Use a random User-Agent string
      --retry                 Should retry on request timeout
      --retry-attempts int    Times to retry on request timeout (default 3)
      --timeout duration      HTTP Timeout (default 10s)
  -u, --url string            The target URL
  -a, --useragent string      Set the User-Agent string (default "gobuster/3.2.0")
  -U, --username string       Username for Basic Auth

Global Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
      --no-color          Disable color output
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Examples

gobuster vhost -u https://mysite.com -w common-vhosts.txt

Normal sample run goes like this:

gobuster vhost -u https://mysite.com -w common-vhosts.txt

===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:          https://mysite.com
[+] Threads:      10
[+] Wordlist:     common-vhosts.txt
[+] User Agent:   gobuster/3.2.0
[+] Timeout:      10s
===============================================================
2019/06/21 08:36:00 Starting gobuster
===============================================================
Found: www.mysite.com
Found: piwik.mysite.com
Found: mail.mysite.com
===============================================================
2019/06/21 08:36:05 Finished
===============================================================

fuzz Mode

Options

Uses fuzzing mode

Usage:
  gobuster fuzz [flags]

Flags:
  -c, --cookies string              Cookies to use for the requests
      --exclude-length ints         exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.
  -b, --excludestatuscodes string   Negative status codes (will override statuscodes if set)
  -r, --follow-redirect             Follow redirects
  -H, --headers stringArray         Specify HTTP headers, -H 'Header1: val1' -H 'Header2: val2'
  -h, --help                        help for fuzz
  -m, --method string               Use the following HTTP method (default "GET")
  -k, --no-tls-validation           Skip TLS certificate verification
  -P, --password string             Password for Basic Auth
      --proxy string                Proxy to use for requests [http(s)://host:port]
      --random-agent                Use a random User-Agent string
      --retry                       Should retry on request timeout
      --retry-attempts int          Times to retry on request timeout (default 3)
      --timeout duration            HTTP Timeout (default 10s)
  -u, --url string                  The target URL
  -a, --useragent string            Set the User-Agent string (default "gobuster/3.2.0")
  -U, --username string             Username for Basic Auth

Global Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
      --no-color          Disable color output
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Examples

gobuster fuzz -u https://example.com?FUZZ=test -w parameter-names.txt

s3 Mode

Options

Uses aws bucket enumeration mode

Usage:
  gobuster s3 [flags]

Flags:
  -h, --help                 help for s3
  -m, --maxfiles int         max files to list when listing buckets (only shown in verbose mode) (default 5)
  -k, --no-tls-validation    Skip TLS certificate verification
      --proxy string         Proxy to use for requests [http(s)://host:port]
      --random-agent         Use a random User-Agent string
      --retry                Should retry on request timeout
      --retry-attempts int   Times to retry on request timeout (default 3)
      --timeout duration     HTTP Timeout (default 10s)
  -a, --useragent string     Set the User-Agent string (default "gobuster/3.2.0")

Global Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
      --no-color          Disable color output
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Examples

gobuster s3 -w bucket-names.txt

gcs Mode

Options

Uses gcs bucket enumeration mode

Usage:
  gobuster gcs [flags]

Flags:
  -h, --help                 help for gcs
  -m, --maxfiles int         max files to list when listing buckets (only shown in verbose mode) (default 5)
  -k, --no-tls-validation    Skip TLS certificate verification
      --proxy string         Proxy to use for requests [http(s)://host:port]
      --random-agent         Use a random User-Agent string
      --retry                Should retry on request timeout
      --retry-attempts int   Times to retry on request timeout (default 3)
      --timeout duration     HTTP Timeout (default 10s)
  -a, --useragent string     Set the User-Agent string (default "gobuster/3.2.0")

Global Flags:
      --delay duration    Time each thread waits between requests (e.g. 1500ms)
      --no-color          Disable color output
      --no-error          Don't display errors
  -z, --no-progress       Don't display progress
  -o, --output string     Output file to write results to (defaults to stdout)
  -p, --pattern string    File containing replacement patterns
  -q, --quiet             Don't print the banner and other noise
  -t, --threads int       Number of concurrent threads (default 10)
  -v, --verbose           Verbose output (errors)
  -w, --wordlist string   Path to the wordlist

Examples

gobuster gcs -w bucket-names.txt

Wordlists via STDIN

Wordlists can be piped into gobuster via stdin by providing a - to the -w option:

hashcat -a 3 --stdout ?l | gobuster dir -u https://mysite.com -w -

Note: If the -w option is specified at the same time as piping from STDIN, an error will be shown and the program will terminate.

Patterns

You can supply pattern files that will be applied to every word from the wordlist. Just place the string {GOBUSTER} in it and this will be replaced with the word. This feature is also handy in s3 mode to pre- or postfix certain patterns.

Caution: Using a big pattern file can cause a lot of request as every pattern is applied to every word in the wordlist.

Example file

{GOBUSTER}Partial
{GOBUSTER}Service
PRE{GOBUSTER}POST
{GOBUSTER}-prod
{GOBUSTER}-dev

Use case in combination with patterns

• Create a custom wordlist for the target containing company names and so on
• Create a pattern file to use for common bucket names.

curl -s --output - https://raw.githubusercontent.com/eth0izzle/bucket-stream/master/permutations/extended.txt | sed -s 's/%s/{GOBUSTER}/' > patterns.txt

• Run gobuster with the custom input. Be sure to turn verbose mode on to see the bucket details

gobuster s3 --wordlist my.custom.wordlist -p patterns.txt -v

Normal sample run goes like this:

PS C:\Users\firefart\Documents\code\gobuster> .\gobuster.exe s3 --wordlist .\wordlist.txt
===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Threads:                 10
[+] Wordlist:                .\wordlist.txt
[+] User Agent:              gobuster/3.2.0
[+] Timeout:                 10s
[+] Maximum files to list:   5
===============================================================
2019/08/12 21:48:16 Starting gobuster in S3 bucket enumeration mode
===============================================================
webmail
hacking
css
img
www
dav
web
localhost
===============================================================
2019/08/12 21:48:17 Finished
===============================================================

Verbose and sample run

PS C:\Users\firefart\Documents\code\gobuster> .\gobuster.exe s3 --wordlist .\wordlist.txt -v
===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Threads:                 10
[+] Wordlist:                .\wordlist.txt
[+] User Agent:              gobuster/3.2.0
[+] Verbose:                 true
[+] Timeout:                 10s
[+] Maximum files to list:   5
===============================================================
2019/08/12 21:49:00 Starting gobuster in S3 bucket enumeration mode
===============================================================
www [Error: All access to this object has been disabled (AllAccessDisabled)]
hacking [Error: Access Denied (AccessDenied)]
css [Error: All access to this object has been disabled (AllAccessDisabled)]
webmail [Error: All access to this object has been disabled (AllAccessDisabled)]
img [Bucket Listing enabled: GodBlessPotomac1.jpg (1236807b), HOMEWORKOUTAUDIO.zip (203908818b), ProductionInfo.xml (11946b), Start of Perpetual Motion Logo-1.mp3 (621821b), addressbook.gif (3115b)]
web [Error: Access Denied (AccessDenied)]
dav [Error: All access to this object has been disabled (AllAccessDisabled)]
localhost [Error: Access Denied (AccessDenied)]
===============================================================
2019/08/12 21:49:01 Finished
===============================================================

Extended sample run

PS C:\Users\firefart\Documents\code\gobuster> .\gobuster.exe s3 --wordlist .\wordlist.txt -e
===============================================================
Gobuster v3.2.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Threads:                 10
[+] Wordlist:                .\wordlist.txt
[+] User Agent:              gobuster/3.2.0
[+] Timeout:                 10s
[+] Expanded:                true
[+] Maximum files to list:   5
===============================================================
2019/08/12 21:48:38 Starting gobuster in S3 bucket enumeration mode
===============================================================
http://css.s3.amazonaws.com/
http://www.s3.amazonaws.com/
http://webmail.s3.amazonaws.com/
http://hacking.s3.amazonaws.com/
http://img.s3.amazonaws.com/
http://web.s3.amazonaws.com/
http://dav.s3.amazonaws.com/
http://localhost.s3.amazonaws.com/
===============================================================
2019/08/12 21:48:38 Finished
===============================================================

Download Details:

Author: OJ
Source Code: https://github.com/OJ/gobuster 
License: Apache-2.0 license

#go #golang #dns #web #tool