mirror of
https://github.com/thakares/nx9-dns-server.git
synced 2025-12-20 08:59:35 -06:00
4.8 KiB
4.8 KiB
DNS Server Algorithm & Flowchart
This document outlines the algorithm and flowchart for a DNS server implementation compliant with RFC 1035 (DNS) and RFC 4034 (DNSSEC).
✅ Server Algorithm
1. Server Initialization
- Load configuration from environment variables.
- Initialize the logging system.
- Create SQLite database connection and initialize schema.
- Initialize cache with NS records.
- Start periodic cache cleanup task (every 5 minutes).
- Bind and listen on UDP and TCP sockets.
2. Query Handling Flow
Upon Receiving a DNS Query:
- Validate DNS query packet.
- Parse header and extract domain name and query type.
- If query type is
DNSKEYorDS, return signed records. - Check DNS cache:
- If hit, build and return response.
- If miss, lookup in database:
- If found, respond and cache it.
- If not found:
- If authoritative, return
NXDOMAIN. - Else, forward to upstream resolvers.
- If authoritative, return
- Add DNSSEC signatures if applicable.
- Send response to the client.
3. DNSSEC Signing Process
- Load DNSSEC key from configured file.
- For each relevant record:
- Generate
RRSIG. - Encode signature (Base64).
- Calculate key tag and signature expiration.
- Generate
- Add
RRSIGto the answer section. - Include
DNSKEYin the authority section if needed.
4. Response Generation Logic
- Construct response header:
- Set QR flag and response code.
- Include Authoritative Answer (AA) if authoritative.
- Attach original question section.
- Populate:
- Answer section: with resolved records.
- Authority section: with NS and DS records.
- Additional section: with glue records, DNSKEY if required.
📊 Flowchart
Below is the visual representation of the DNS query handling logic:
+---------------------+
| Start DNS Server |
+---------------------+
|
v
+---------------------+
| Receive DNS Query |
+---------------------+
|
v
+---------------------+
| Parse Header and |
| Extract Domain & |
| Query Type |
+---------------------+
|
+---------------------+
| |
v v
+---------------------+ +---------------------+
| Is Query Type | | Use Cache |
| DNSKEY/DS? | | |
+---------------------+ +---------------------+
| |
Yes | |
v v
+---------------------+ +---------------------+
| Return | | Lookup in SQLite DB |
| DNSSEC Record | | |
+---------------------+ +---------------------+
|
v
+---------------------+
| Is Authoritative |
| Zone? |
+---------------------+
|
No |
v
+---------------------+
| Return NXDOMAIN |
+---------------------+
|
v
+---------------------+
| Add GSSEC |
+---------------------+
|
v
+---------------------+
| Send Response |
+---------------------+
|
v
+---------------------+
| End |
+---------------------+
🧩 Key Components
| Component | Purpose | Details |
|---|---|---|
DnsCache |
DNS Response Cache | Thread-safe HashMap with TTL |
ServerConfig |
Server Configuration | Loaded via environment variables |
rusqlite |
Record Storage | SQLite database backend |
tokio |
Async I/O Runtime | UDP/TCP async handlers and tasks |
DNSSEC |
Secure DNS Signing | RSA-SHA256 with Base64-encoded keys |
⚠️ Error Handling Strategy
- Custom
DnsErrorenum viathiserror - Graceful shutdown via
SIGINT - Cache cleanup every 5 minutes
- Fallback to resolver forwarding
- Detailed logging at every stage