Collection of Meta's DNS Libraries
Meta's authoritative dns server
Meta's dns snooping utility
Meta's dns loadtesting utility
fbdns is licensed under Apache 2.0 as found in the LICENSE file.
Collection of Meta's DNS Libraries
License: Apache License 2.0
Collection of Meta's DNS Libraries
Meta's authoritative dns server
Meta's dns snooping utility
Meta's dns loadtesting utility
fbdns is licensed under Apache 2.0 as found in the LICENSE file.
Hello, I am having issues with compiling dnswatch on Ubuntu 22.04.
I installed every requirement in the README but when I run make
I get the following error:
cli0@Tardis:/home/WorkSpace/dnswatch/dns/dnswatch$ make
bpftool btf dump file /sys/kernel/btf/vmlinux format c > bpf/vmlinux.h
clang -g -O2 -Wall -fpie -fno-stack-protector -I /usr/include/bpf -target bpf -D__TARGET_ARCH_x86 -I bpf -c bpf/dnswatch.bpf.c -o snoop/out/dnswatch_bpf_probe_core.o
bpf/dnswatch.bpf.c:151:21: warning: unused variable 'inet' [-Wunused-variable]
struct inet_sock* inet = (struct inet_sock*)sk;
^
bpf/dnswatch.bpf.c:176:21: warning: unused variable 'inet' [-Wunused-variable]
struct inet_sock* inet = (struct inet_sock*)sk;
^
2 warnings generated.
CGO_LDFLAGS="-lbpf" CGO_CFLAGS="-I /usr/include/bpf -I /usr/include/pcap" go build .
# github.com/aquasecurity/libbpfgo
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:30:9: could not determine kind of name for C.LIBBPF_MAJOR_VERSION
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:35:9: could not determine kind of name for C.LIBBPF_MINOR_VERSION
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:276:55: could not determine kind of name for C.LIBBPF_STRICT_AUTO_RLIMIT_MEMLOCK
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:277:55: could not determine kind of name for C.LIBBPF_STRICT_MAP_DEFINITIONS
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:275:55: could not determine kind of name for C.LIBBPF_STRICT_NO_OBJECT_LIST
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:274:55: could not determine kind of name for C.LIBBPF_STRICT_SEC_NAME
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:707:9: could not determine kind of name for C.bpf_map__lookup_elem
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:516:15: could not determine kind of name for C.bpf_map_create
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:978:7: could not determine kind of name for C.bpf_object__next_map
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:1001:7: could not determine kind of name for C.bpf_object__next_program
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:1285:21: could not determine kind of name for C.bpf_program__type
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:1983:16: could not determine kind of name for C.libbpf_probe_bpf_map_type
/home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:1991:16: could not determine kind of name for C.libbpf_probe_bpf_prog_type
cgo:
gcc errors for preamble:
In file included from /home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:5:
./libbpfgo.h: In function 'init_perf_buf':
./libbpfgo.h:69:10: error: 'struct perf_buffer_opts' has no member named 'sz'
69 | pb_opts.sz = sizeof(struct perf_buffer_opts);
| ^
./libbpfgo.h:71:8: error: too many arguments to function 'perf_buffer__new'
71 | pb = perf_buffer__new(map_fd, page_cnt, perfCallback, perfLostCallback,
| ^~~~~~~~~~~~~~~~
In file included from ./libbpfgo.h:16,
from /home/cli0/go/pkg/mod/github.com/aquasecurity/[email protected]/libbpfgo.go:5:
/usr/include/bpf/libbpf.h:682:1: note: declared here
682 | perf_buffer__new(int map_fd, size_t page_cnt,
| ^~~~~~~~~~~~~~~~
make: *** [Makefile:11: build] Error 2
I don't know where to go from here, the error message doesn't help.
Any suggestions would be very appreciated.
Add DNS Name Server Identifier (NSID) support to dnsrocks.
more on this: https://www.rfc-editor.org/rfc/rfc5001
We could reuse the CoreDNS nsid plugin, as DNSRocks is compatible with coredns plugins: https://coredns.io/plugins/nsid/
DNSRocks supports DOT, tcp and UDP. Let's add DOQ support .
There is a reference DOQ implementation in Go by OARC that we could use for potential pointers: https://github.com/DNS-OARC/golang-dns-server-doq
DNSRocks currently supports DOT , UDP and TCP.
Let's add Dns Over Https support
We could look at coredns for implementation details, as we are pretty similar to Coredns, and we support coredns plugins.
Hi!
Im trying to follow the steps in https://github.com/facebookincubator/dns/blob/main/dnsrocks/docs/getting_started.md but im getting an error when trying to build dnsrocks-data for the first step.
Im running CGO_CFLAGS_ALLOW="(?s).*" CGO_LDFLAGS_ALLOW="(?s).*" CGO_CXXFLAGS_ALLOW="(?s).*" go build cmd/dnsrocks-data/dnsrocks-data.go
.
Expected was a successfully builded dnsrocks-data bin. But im getting the following output/errors:
/usr/bin/ld: $WORK/b079/_x005.o: in function `_cgo_1d2241184754_Cfunc_rocksdb_open_as_secondary':
/tmp/go-build/cgo-gcc-prolog:263: undefined reference to `rocksdb_open_as_secondary'
/usr/bin/ld: $WORK/b079/_x005.o: in function `_cgo_1d2241184754_Cfunc_rocksdb_try_catch_up_with_primary':
/tmp/go-build/cgo-gcc-prolog:338: undefined reference to `rocksdb_try_catch_up_with_primary'
/usr/bin/ld: $WORK/b079/_x009.o: in function `_cgo_1d2241184754_Cfunc_rocksdb_options_set_bottommost_compression':
/tmp/go-build/cgo-gcc-prolog:163: undefined reference to `rocksdb_options_set_bottommost_compression'
collect2: error: ld returned 1 exit status
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
# github.com/facebookincubator/dns/dnsrocks/cgo-rocksdb
cc1: warning: command line option ‘-std=c++17’ is valid for C++/ObjC++ but not for C
cc1: warning: command line option ‘-faligned-new=1’ is valid for C++/ObjC++ but not for C
Im running Debian 10 on a digitalocean droplet.
We run a network of DNS resolvers, running on AWS infrastructure. We have observed issues with all Meta domains such as facebook.com, instagram.com, whatsapp.com etc. where the IP address returned in response to a query with no ECS data appears to be in the incorrect region. When querying the with the IP address of the resolver in an ECS field, we get a geo-appropriate response.
Investigations so far have shown that the issue seems very much tied to the IP address of the resolver - switching IP addresses and repeating the queries can result in different responses. It has also shown that the responses for a given IP are consistent over time, although they do change occasionally. For example, an IP address located in Mumbai that on Friday was consistently receiving Singapore-based IP addresses for star-mini.c10r.facebook.com was, when tested again on Monday, receiving a Seattle-based IP address in response to the same query. Obviously, neither is ideal. At any given time, the same response is received from all four NS instances for facebook.com (a.ns.facebook.com through d.ns.facebook.com).
It's not clear if this is an issue with the code or with data. I notice from looking through the code that when an ECS field is present in a request, an attempt is first made to resolve for that Subnet, and that the resolver IP is only used if that is not present or fails. I also noticed that the lookup for the Resolver IP may select a different location map than an ECS query for the same name. Apologies if this is not the correct forum to raise this issue, but if you can point me at the right place I'd be very grateful.
The impact of this issue right now is that customers using our resolvers are seeing traffic to Meta services directed from India to Singapore or even Seattle, which in some cases impacts peering arrangements and thus incurs significant costs for them, in addition to the performance issues.
https://www.rfc-editor.org/rfc/rfc8914.html
RFC 8914 defines an extensible method to return additional information about the cause of DNS errors.
This is useful for cases, where we might want to indicate for example that we are not autohiritative for a request by adding an EDE code Not Authoritative
in the response, alongside the normal REFUSED, which provides the user with some more insight.
Hi,
The logging code uses dnstap. Here is where the dnstap Message.Type
field is set:
See:
// AUTH_QUERY is a DNS query message received from a resolver by an
// authoritative name server, from the perspective of the authoritative
// name server.
AUTH_QUERY = 1;
and
// CLIENT_QUERY is a DNS query message sent from a client to a DNS
// server which is expected to perform further recursion, from the
// perspective of the DNS server. The client may be a stub resolver or
// forwarder or some other type of software which typically sets the RD
// (recursion desired) bit when querying the DNS server. The DNS server
// may be a simple forwarding proxy or it may be a full recursive
// resolver.
CLIENT_QUERY = 5;
I did not see any recursive or forwarding features in dnsrocks
(it seems to be an authoritative nameserver), so AUTH_QUERY
rather than CLIENT_QUERY
is the correct value to use for the dnstap Message.Type
field.
I'm using fbdns
version:
Given:
uname -a
Linux deby.lan 6.1.0-8-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.25-1 (2023-04-22) x86_64 GNU/Linux
When I run:
doas apt install libbpf1 libbpf-dev libpcap0.8 libpcap0.8-dev make clang gcc-multilib
make
I expected this to happen:
Working compilation
But, instead this happened:
l1x@deby ~/c/d/dnswatch (main)> make
clang -g -O2 -Wall -fpie -fno-stack-protector -I /usr/include/bpf -target bpf -D__TARGET_ARCH_x86 -I bpf -c bpf/dnswatch.bpf.c -o snoop/out/dnswatch_bpf_probe_core.o
In file included from bpf/dnswatch.bpf.c:23:
In file included from /usr/include/bpf/bpf_helpers.h:11:
/usr/include/bpf/bpf_helper_defs.h:78:83: error: unknown type name '__u64'
static long (*bpf_map_update_elem)(void *map, const void *key, const void *value, __u64 flags) = (void *) 2;
^
/usr/include/bpf/bpf_helper_defs.h:102:42: error: unknown type name '__u32'
static long (*bpf_probe_read)(void *dst, __u32 size, const void *unsafe_ptr) = (void *) 4;
^
/usr/include/bpf/bpf_helper_defs.h:114:14: error: function cannot return function type 'int (void)'
static __u64 (*bpf_ktime_get_ns)(void) = (void *) 5;
^
/usr/include/bpf/bpf_helper_defs.h:177:50: error: unknown type name '__u32'
static long (*bpf_trace_printk)(const char *fmt, __u32 fmt_size, ...) = (void *) 6;
^
/usr/include/bpf/bpf_helper_defs.h:193:14: error: function cannot return function type 'int (void)'
static __u32 (*bpf_get_prandom_u32)(void) = (void *) 7;
^
/usr/include/bpf/bpf_helper_defs.h:206:14: error: function cannot return function type 'int (void)'
static __u32 (*bpf_get_smp_processor_id)(void) = (void *) 8;
^
/usr/include/bpf/bpf_helper_defs.h:227:59: error: unknown type name '__u32'
static long (*bpf_skb_store_bytes)(struct __sk_buff *skb, __u32 offset, const void *from, __u32 len, __u64 flags) = (void *) 9;
^
/usr/include/bpf/bpf_helper_defs.h:227:91: error: unknown type name '__u32'
static long (*bpf_skb_store_bytes)(struct __sk_buff *skb, __u32 offset, const void *from, __u32 len, __u64 flags) = (void *) 9;
^
/usr/include/bpf/bpf_helper_defs.h:227:102: error: unknown type name '__u64'
static long (*bpf_skb_store_bytes)(struct __sk_buff *skb, __u32 offset, const void *from, __u32 len, __u64 flags) = (void *) 9;
^
/usr/include/bpf/bpf_helper_defs.h:256:59: error: unknown type name '__u32'
static long (*bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10;
^
/usr/include/bpf/bpf_helper_defs.h:256:73: error: unknown type name '__u64'
static long (*bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10;
^
/usr/include/bpf/bpf_helper_defs.h:256:85: error: unknown type name '__u64'
static long (*bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10;
^
/usr/include/bpf/bpf_helper_defs.h:256:95: error: unknown type name '__u64'
static long (*bpf_l3_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 size) = (void *) 10;
^
/usr/include/bpf/bpf_helper_defs.h:292:59: error: unknown type name '__u32'
static long (*bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11;
^
/usr/include/bpf/bpf_helper_defs.h:292:73: error: unknown type name '__u64'
static long (*bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11;
^
/usr/include/bpf/bpf_helper_defs.h:292:85: error: unknown type name '__u64'
static long (*bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11;
^
/usr/include/bpf/bpf_helper_defs.h:292:95: error: unknown type name '__u64'
static long (*bpf_l4_csum_replace)(struct __sk_buff *skb, __u32 offset, __u64 from, __u64 to, __u64 flags) = (void *) 11;
^
/usr/include/bpf/bpf_helper_defs.h:327:63: error: unknown type name '__u32'
static long (*bpf_tail_call)(void *ctx, void *prog_array_map, __u32 index) = (void *) 12;
^
/usr/include/bpf/bpf_helper_defs.h:355:58: error: unknown type name '__u32'
static long (*bpf_clone_redirect)(struct __sk_buff *skb, __u32 ifindex, __u64 flags) = (void *) 13;
^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
make: *** [Makefile:7: snoop/out/dnswatch_bpf_probe_core.o] Error 1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.