Public | Automated Build

Last pushed: 10 months ago
Short Description
An obsequious DNS server that tells you exactly want you want to hear
Full Description


YesDNS is an obsequious DNS server that tells you exactly want you want to hear.

YesDNS responds to DNS queries with DNS messages provided to it by a REST interface. It returns only what you tell it to, and absolutely anything you tell it to, without modificaiton.

YesDNS is intended for testing and quickly standing up ephemeral environments.

YesDNS does not yet implement any sort of security. DO NOT expose YesDNS to the outside world.


Run from source

export GOPATH=/tmp/gopath
go get
go install
$GOPATH/bin/yesdns &
curl -v -X PUT -d@"$GOPATH/src/" localhost:5380/v1/resolver
curl -v -X PUT -d@"$GOPATH/src/" localhost:5380/v1/question
dig @localhost -p 8053 A
; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost -p 8053 A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53579
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;        IN    A

;; ANSWER SECTION:    10    IN    A


;; ADDITIONAL SECTION:    10    IN    TXT    "" "" "Text line 1 of 2" "Text line 2 of 2"

;; Query time: 0 msec
;; WHEN: Thu Jun 29 10:39:23 CEST 2017
;; MSG SIZE  rcvd: 175

Wildcard resolution

curl -v -X PUT -d@"$GOPATH/src/" localhost:5380/v1/question
dig @localhost -p 8053 A

Run with TLS

openssl genrsa -out server.key 2048
openssl ecparam -genkey -name secp384r1 -out server.key
openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 -subj "/C=US/ST=TX/L=Austin/O=YesDNS/CN=localhost"

yesdns -http-listen=:53443 -tls-cert-file=server.crt -tls-key-file=server.key

Run via Docker

docker run -d --name=yesdns -p 8053:8053/udp -p 8053:8053/tcp -p 5380:5380 alangibson/yesdns



Resolution Algorithm

  • Receive a DNS Question on a Listener.
  • Look up exact matching record in database by Qtype and Qname
    • Return Answer if found
  • Otherwise, substitute wildcard (*) for leftmost element in Qname and repeat lookup
    Example: -> *
    • Return Answer if found and Name field provided
    • Return Answer with name set to Qname if found and Name field not provided
  • Return NxDomain if no Forward configured
  • Otherwise, send request to Forward if configured
    • If failure while forwarding, return ServFail
    • Return Answer from Forward if Forward returned positive response
  • Otherwise, return NXDomain


  • No REST API security (yet)
  • Only supports Question OpCode (for now)
  • Only supports IN Qclass (for now)
  • Wildcards are not RFC4592 compliant, and only partially RFC1034 compliant
    • i.e. A.X.COM is matched by .X.COM, but not .A.X.COM
  • Only supports 1 question per message, like everyone else.
  • User cannot set the following response header fields: Id, RecursionDesired, Opcode, Response, RecursionAvailable
  • No recursion support
  • No DNSSEC support
  • No zone transfer support
  • No Dynamic Update (RFC2136) support
  • No DNS over TLS (RFC7858) support
  • No caching


Docker Pull Command
Source Repository