My goal was to create a DNS server as simple as the LDAP server I've been contributing to (glauth) and here it is: https://github.com/fusion/kittendns
A few things to know about it:
- It is easy to configure using a Toml file
- I am using it to bail my coredns/etcd instances when under attack
- (yes, it also works as a service location server)
- It comes with a simple, plain English, rule engine that doesn't do much at this point
- It can be used with LetsEncrypt. I use it to retrieve certificates for my home servers.
- RFC: all the nice ones :)
Anyway, feedback is welcome.
I am going to try to address the input I've received so far:
# Licensing
Arg. How could I forget? The project is now licensed under Apache 2, which is compatible with the BSD licenses that @d_meeze listed. I've used it in many previous projects, including RootTools, and some projects were included in multiple commercial projects.
# Data in the configuration file
@drdaeman yes this is definitely with simplicity in mind. Right now, the updates the server accepts are limited to RFC2136 for LetsEncrypt's ephemeral TXT fields. If this becomes a necessary feature, I may do the same as with Glauth and introduce database plugins (SQLite would remain a light, but not as simple approach)
# Toml
Controversial as always. @dhzhzjsbevs, I found that if I provide an amply documented template file, folks find it easy to use. Is this a great configuration option? No, not it is not. I personally dislike all of them.
# Record reuse
@drdaeman making another valid point. It's going to be an easy fix, which is good.
# Split horizon DNS
And then we get to @jchw and one of my unstated goals. Right now, I am using the rule engine to alter responses. Obviously, a nice demo of what it can do, but a bad idea overall. Can anyone think of a way to implement split DNS other than filtering based on which interface the query came through? I do extract the query source's IP address, but this only tells me which server is recursing.