• CNCF

• CoreDNS
  • Source IP based query block/allow (Main focus)
  • Google Cloud Backend
  • Azure Backend

Links:

• Introductory Talk [TODO: Write notes after watching the talk again]
• Video on Usage
• Webinar
• CoreDNS in k8s
• What are DNS Zones

• Kubernetes [TODO]

• CoreDNS

  • Clients make requests that are routed to the DNS servers (seem like primary but are secondary) through recursives (like Google or Cloudflare)
  • refresh -> how many times the secondary pulls data from the hidden primary
  • retry -> checks if the data has changed, pulls the headers check for change in serial and if it is changed then it refreshes

• Important: Caddy middleware for block-allow IP mechanism
• Firewall example codebase https://github.com/middelink/mikrotik-fwban
• ipfilter library: https://github.com/jpillora/ipfilter/
• read later: https://www.reddit.com/r/golang/comments/3wpi6w/is_it_possible_to_monitor_and_redirect_http/

AWS

• ListHostedZonesByNameWithContext
• ListResourceRecordSetsPagesWithContext

AZURE

• (ZonesClient) List

• (RecordSetsClient)ListAllByDNSZone

Record types

Azure provides the following record types that will be supported as a part of this project

const (
    A     RecordType = original.A
    AAAA  RecordType = original.AAAA
    CAA   RecordType = original.CAA
    CNAME RecordType = original.CNAME
    MX    RecordType = original.MX
    NS    RecordType = original.NS
    PTR   RecordType = original.PTR
    SOA   RecordType = original.SOA
    SRV   RecordType = original.SRV
    TXT   RecordType = original.TXT
)

• API Ref: https://cloud.google.com/dns/docs/apis

• golang sdk: https://godoc.org/google.golang.org/api/dns/v1

• Listing resource records: https://cloud.google.com/dns/docs/reference/v1/resourceRecordSets/list

  • golang sdk method

• Listing managed zone: https://cloud.google.com/dns/docs/reference/v1/managedZones/list

  • golang sdk method

• Zones:

  Zone file: a sample zone file

  ; zone file for example.com
  $TTL 2d    ; 172800 secs default TTL for zone
  $ORIGIN example.com.
  @             IN      SOA   ns1.example.com. hostmaster.example.com. (
                          2003080800 ; se = serial number
                          12h        ; ref = refresh
                          15m        ; ret = update retry
                          3w         ; ex = expiry
                          3h         ; min = minimum
                          )
                IN      NS      ns1.example.com.
                IN      MX  10  mail.example.net.
  joe           IN      A       192.168.254.3
  www           IN      CNAME   joe 
  
  

  • comments start with a ;
  • directives start with a $
  • first Resource Record must be the SOA (Start of Authority) record and $TTL must appear before it.
  • TTL is the caching time for RR

• Resource records: Are a DNS server entries. A bunch of name value pairs (domain name to ip address)

Types of resource records are:

• IPv4 host address (A)

• IPv6 host address (AAAA, pronounced "quad-A")

• CNAME (Alias): Stands for canonical name.

• Pointer (PTR): Used for reverse lookups, IP addresses to domain names

• Mail Exchanger (MX): used by mail applications to locate mail servers

• Service (SRV):

• :

References:

• http://www.zytrax.com/books/dns/ch8/
• https://dnspropagation.net/articles/dns-records/