Closed cookiengineer closed 3 years ago
The first DNS implementation is now nearly complete.
What's left to do are the server-side resource record formatted encodings (including the string encodings of TXT entries).
The review needs further tests for the following DNS.send()/server/*
:
The DNS Connection has been implemented and integrated into the new RESOLVER-based API, which also has been integrated into the server's Hosts
API.
The current implementation of the DNS Protocol only supports fixed DNS over HTTPS requests. That was a good start, but in order to support more DNS servers out there (including DNS via TLS), it's necessary to implement an encoder and decoder inside the DNS Protocol that can be reused in an encrypted manner.
In order to to have the same conventions, DNS via TLS will be named DNSS (as it's TCP based anyways), and DNS itself will be UDP based. The Multicast DNS Protocol will be named MDNS and will implement the service-based discovery aspects that will allow to find local peers in the same NAT automatically.
This will further allow to use and observe DNS exfiltration techniques in the local network in order to break out of NATs that block HTTPS requests.
In the next iteration, the
stealth/Server
will also handle DNS requests in order to use DNS as a network protocol to connect to the service and handle API calls (whenSRV
is used) and handle host requests (whenA
,AAAA
etc are being requested). How the Multicast DNS structure of the protocol will look like is currently unclear and needs further research; though it might make sense to use the same structure as AirPrint, AirDrop etc. for the sake of conventions and future compatibility, so the announced service will probably bestealth._tcp._local
andstealth._udp._local
.protocol/DNS:
upgrade()
to be able to host a custom DNS server.protocol/DNSS:
... this is TODO when DNS has been implemented, and will use the DNS Protocol implementation similar to how HTTPS reuses the HTTP Connection.
DNS via HTTPS implementation:
This implementation will be moved to the
server/Host
service, and the DNS.resolve() calls will be ported into a helper method asresolve_host()
.