Skip to content

Commit

Permalink
Added security and contributing docs and markdown corrections (#214)
Browse files Browse the repository at this point in the history
  • Loading branch information
@semihalev
semihalev authored Aug 17, 2023
1 parent 00d9f67 commit 23f9d39
Show file tree
Hide file tree
Showing 4 changed files with 118 additions and 69 deletions.
29 changes: 29 additions & 0 deletions CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# Contributing to SDNS

First and foremost, thank you for considering contributing to SDNS! It's people like you that make SDNS such a great tool.

## Getting Started

* Make sure you have a [GitHub account](https://github.com/signup/free).
* Fork the repository on GitHub.
* Decide if you want to work on an existing issue or if you want to propose a new feature or bug fix.

## Making Changes

1. Create a new branch in your fork from the main branch. Name your branch something descriptive.
2. Make the changes in your fork.
3. If you're adding a feature or fixing a bug, please add or modify existing tests if applicable.
4. Run all tests to ensure your changes don't negatively impact existing code.
5. Commit your changes to your branch. Keep commit messages clear and concise, stating what you did and why.

## Submitting Changes

1. Push your changes to your fork on GitHub.
2. Open a pull request against the main branch of the original repository.
3. Please ensure your pull request description clearly describes the problem and solution and relates to any issues it addresses.

## Additional Resources

* [Issue tracker](https://github.com/semihalev/sdns/issues)
* [General GitHub documentation](https://docs.github.com/)
* [GitHub pull request documentation](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)
4 changes: 1 addition & 3 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
ARG IMAGE=golang:alpine3.18

FROM ${IMAGE} AS builder
FROM golang:alpine AS builder

COPY . /go/src/github.com/semihalev/sdns/

Expand Down
134 changes: 68 additions & 66 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,15 @@
</p>

<p align="center">
<a href="https://github.com/semihalev/sdns/actions"><img src="https://img.shields.io/github/actions/workflow/status/semihalev/sdns/go.yml?style=for-the-badge"></a>
<a href="https://goreportcard.com/report/github.com/semihalev/sdns"><img src="https://goreportcard.com/badge/github.com/semihalev/sdns?style=for-the-badge"></a>
<a href="http://godoc.org/github.com/semihalev/sdns"><img src="https://img.shields.io/badge/godoc-reference-blue.svg?style=for-the-badge"></a>
<a href="https://codecov.io/gh/semihalev/sdns"><img src="https://img.shields.io/codecov/c/github/semihalev/sdns?style=for-the-badge"></a>
<a href="https://github.com/semihalev/sdns/releases"><img src="https://img.shields.io/github/v/release/semihalev/sdns?style=for-the-badge"></a>
<a href="https://github.com/semihalev/sdns/blob/master/LICENSE"><img src="https://img.shields.io/github/license/semihalev/sdns?style=for-the-badge"></a>
<a href="https://github.com/semihalev/sdns/actions"><img src="https://img.shields.io/github/actions/workflow/status/semihalev/sdns/go.yml?style=flat-square"></a>
<a href="https://goreportcard.com/report/github.com/semihalev/sdns"><img src="https://goreportcard.com/badge/github.com/semihalev/sdns?style=flat-square"></a>
<a href="http://godoc.org/github.com/semihalev/sdns"><img src="https://img.shields.io/badge/godoc-reference-blue.svg?style=flat-square"></a>
<a href="https://codecov.io/gh/semihalev/sdns"><img src="https://img.shields.io/codecov/c/github/semihalev/sdns?style=flat-square"></a>
<a href="https://github.com/semihalev/sdns/releases"><img src="https://img.shields.io/github/v/release/semihalev/sdns?style=flat-square"></a>
<a href="https://github.com/semihalev/sdns/blob/master/LICENSE"><img src="https://img.shields.io/github/license/semihalev/sdns?style=flat-square"></a>
</p>

---
***

## Installation

Expand All @@ -33,8 +33,8 @@ You can download the latest release from the [Github Repo](https://github.com/se

#### Docker

- [Docker Package](https://github.com/semihalev/sdns/packages/188181) (updated every release)
- [Docker Hub](https://hub.docker.com/r/c1982/sdns) (alternative)
* [Docker Package](https://github.com/semihalev/sdns/packages/188181) (updated every release)
* [Docker Hub](https://hub.docker.com/r/c1982/sdns) (alternative)

```shell
$ docker run -d --name sdns -p 53:53 -p 53:53/udp sdns
Expand Down Expand Up @@ -148,7 +148,7 @@ example.com. 0 CH HINFO "Host" "IPv6:[2001:500:8d::53]:53 rtt:148ms health:[GOO
| **forwarderservers** | Forwarder resolver IPv4 or IPv6 addresses with port (leave blank to disable) Example: "8.8.8.8:53" |
| **api** | HTTP API server binding address (leave blank to disable) |
| **blocklists** | Remote blocklist address list (downloaded to the blocklist folder) |
| **blocklistdir** | [DEPRECATED] Directory creation is automated in the working directory |
| **blocklistdir** | \[DEPRECATED] Directory creation is automated in the working directory |
| **loglevel** | Log verbosity level (crit, error, warn, info, debug) |
| **accesslog** | Location of the access log file (leave blank to disable) Default: Common Log Format |
| **nullroute** | IPv4 address for forwarding blocked queries |
Expand All @@ -168,7 +168,7 @@ example.com. 0 CH HINFO "Host" "IPv6:[2001:500:8d::53]:53 rtt:148ms health:[GOO
| **cookiesecret** | DNS cookie secret (RFC 7873) - auto-generated if not set |
| **nsid** | DNS server identifier (RFC 5001) - useful for operating multiple sdns instances (leave blank to disable) |
| **chaos** | Enable responses to version.server, version.bind, hostname.bind and id.server chaos txt queries |
| **qname_min_level** | Qname minimize level (0 to disable - higher values increase complexity and impact response performance) |
| **qname\_min\_level** | Qname minimize level (0 to disable - higher values increase complexity and impact response performance) |
| **emptyzones** | Enable response to RFC 1918 zone queries. For details, see http://as112.net/ |
## Plugin Configuration
Expand All @@ -178,6 +178,7 @@ In sdns, you have the ability to add custom plugins. The sequence of the plugins
The plugin interface is straightforward. For additional information, please refer to the [example plugin](https://github.com/semihalev/sdnsexampleplugin).
### Example Configuration
```toml
[plugins]
[plugins.example]
Expand All @@ -189,70 +190,71 @@ The plugin interface is straightforward. For additional information, please refe
## Server Configuration Checklist
- Increase the file descriptor limit on your server
* Increase the file descriptor limit on your server
## Features
- Linux/BSD/Darwin/Windows supported
- DNS RFC compatibility
- DNS lookups within listed ipv4 and ipv6 auth servers
- DNS caching with prefetch support
- DNSSEC validation
- DNS over TLS support (DoT)
- DNS over HTTPS support (DoH) with HTTP/3 support
- DNS over QUIC support (DoQ)
- Outbound IP selection
- Middleware Support, you can add, your own middleware
- RTT priority within listed servers
- Failover forwarders while returning failured responses
- Forwarder support
- EDNS Cookie Support (client&lt;->server)
- EDNS NSID Support
- Full IPv6 support (client&lt;->server, server&lt;->server)
- Query based ratelimit
- IP based ratelimit
- Access list
- Access log
- Prometheus basic query metrics
- Black-hole for malware responses
- HTTP API support
- Cache Purge API and query support
- Answer chaos txt queries for version.bind and hostname.bind
- Empty zones support described at RFC 1918
- External plugins supported
* Linux/BSD/Darwin/Windows supported
* DNS RFC compatibility
* DNS lookups within listed ipv4 and ipv6 auth servers
* DNS caching with prefetch support
* DNSSEC validation
* DNS over TLS support (DoT)
* DNS over HTTPS support (DoH) with HTTP/3 support
* DNS over QUIC support (DoQ)
* Outbound IP selection
* Middleware Support, you can add, your own middleware
* RTT priority within listed servers
* Failover forwarders while returning failured responses
* Forwarder support
* EDNS Cookie Support (client<->server)
* EDNS NSID Support
* Full IPv6 support (client<->server, server<->server)
* Query based ratelimit
* IP based ratelimit
* Access list
* Access log
* Prometheus basic query metrics
* Black-hole for malware responses
* HTTP API support
* Cache Purge API and query support
* Answer chaos txt queries for version.bind and hostname.bind
* Empty zones support described at RFC 1918
* External plugins supported
## TODO
- [x] More tests
- [x] Try lookup NS address better way
- [x] DNS over TLS support
- [x] DNS over HTTPS support
- [x] Full DNSSEC support
- [x] RTT optimization
- [x] Access list
- [x] Periodic priming queries described at RFC 8109
- [x] Full IPv6 support (server&lt;->server communication)
- [x] Query name minimization to improve privacy described at RFC 7816
- [x] DNAME Redirection in the DNS described at RFC 6672
- [x] Automated Updates DNSSEC Trust Anchors described at RFC 5011
- [ ] DNS64 DNS Extensions for NAT from IPv6 Clients to IPv4 Servers described at RFC 6147
- [x] DNS over QUIC support described at RFC 9250
* \[x] More tests
* \[x] Try lookup NS address better way
* \[x] DNS over TLS support
* \[x] DNS over HTTPS support
* \[x] Full DNSSEC support
* \[x] RTT optimization
* \[x] Access list
* \[x] Periodic priming queries described at RFC 8109
* \[x] Full IPv6 support (server<->server communication)
* \[x] Query name minimization to improve privacy described at RFC 7816
* \[x] DNAME Redirection in the DNS described at RFC 6672
* \[x] Automated Updates DNSSEC Trust Anchors described at RFC 5011
* \[ ] DNS64 DNS Extensions for NAT from IPv6 Clients to IPv4 Servers described at RFC 6147
* \[x] DNS over QUIC support described at RFC 9250
## Performance
### Benchmark Environment
- **Server Specifications:**
- Processor: Intel Xeon E5-2609 v4 CPU
- Memory: 32GB
* **Server Specifications:**
* Processor: Intel Xeon E5-2609 v4 CPU
* Memory: 32GB
### Benchmarking Tool
- **Tool Name:** [DNS-OARC dnsperf](https://www.dns-oarc.net/tools/dnsperf)
- **Benchmark Configuration:**
- Query Data Volume: 50,000 sample queries
* **Tool Name:** [DNS-OARC dnsperf](https://www.dns-oarc.net/tools/dnsperf)
* **Benchmark Configuration:**
* Query Data Volume: 50,000 sample queries
### Benchmark Comparisons
Benchmarks were performed on the following DNS resolvers: sdns-1.3.3, pdns-recursor-4.8.4, bind-9.19.12, unbound-1.17.1.
### Benchmark Results
Expand All @@ -264,20 +266,20 @@ Benchmarks were performed on the following DNS resolvers: sdns-1.3.3, pdns-recur
| Bind | 99.74% | 132 | 35,024 | 885 | 13,959 | 127s64ms | 390/s |
| Unbound | 99.49% | 253 | 35,152 | 624 | 13,971 | 174s64ms | 284/s |
## Contributing
We welcome pull requests. If you're considering significant changes, please start a discussion by opening an issue first.
Ensure that your changes are accompanied by corresponding tests.
Before submitting patches, please review our [CONTRIBUTING](https://github.com/semihalev/sdns/blob/master/CONTRIBUTING.md) guidelines.
## :hearts: Made With
- [miekg/dns](https://github.com/miekg/dns) - Alternative (more granular) approach to a DNS library
* [miekg/dns](https://github.com/miekg/dns) - Alternative (more granular) approach to a DNS library
## Inspired by
## Inspired by
- [coredns/coredns](https://github.com/coredns/coredns)
- [looterz/grimd](https://github.com/looterz/grimd)
* [coredns/coredns](https://github.com/coredns/coredns)
* [looterz/grimd](https://github.com/looterz/grimd)
## License
Expand Down
20 changes: 20 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Security Policy

## Supported Versions

Only the following version is currently being supported with security updates:

| Version | Supported |
| ------- | ------------------ |
| 1.3.x | :white\_check\_mark: |
| < 1.3 | :x: |

## Reporting a Vulnerability

We take security issues seriously. If you discover a security vulnerability in this project, please follow these steps:

1. **Open an Issue**: Once you've made sure you're on the latest version and the vulnerability still exists, open an issue on our GitHub repository. Describe the vulnerability in detail, including the steps to reproduce if possible.
2. **Discussion**: After you report the vulnerability, we'll engage in a discussion with you on the issue to understand it better and evaluate its impact.
3. **Resolution**: We will address the security issue and release a new version with the necessary patches as soon as possible.

Your efforts to responsibly disclose your findings are sincerely appreciated and will be acknowledged.

0 comments on commit 23f9d39

Please sign in to comment.