DNS Toys (2022)

koito17 · 2024-01-07T08:31:31

This reminds me of a neat little trick I used back then to "reliably" compute IP address of my machines for a dynamic DNS utility I wrote for myself.

OpenDNS resolvers (such as resolver1.opendns.com) will resolve myip.opendns.com to your actual IP address. Whether you get A or AAAA records depends on your connection. Since the IP addresses for these resolvers tend to be anycast IPs, I also want to believe they are marginally faster than pinging some central HTTP service that can go down at any time. (Of course, OpenDNS can vanish at any time, too, but I find the risk of that more tolerable than the countless "what is my IP address?" HTTP services out there)

Anyway, I remember hearing before that DNS originally was intended to be used with a broader scope of data than just domain names (hence the existence of TXT records and the like). This website greatly demonstrates how much utility you can get out of DNS.

kuon · 2024-01-07T12:04:28

Google and akamai also has a DNS service.

    dig @ns1-1.akamaitech.net ANY whoami.akamai.net +short


    dig @ns1.google.com TXT o-o.myaddr.l.google.com +short

masfuerte · 2024-01-07T17:40:14

On Windows:

    nslookup whoami.akamai.net ns1-1.akamaitech.net

sevg · 2024-01-07T20:32:31

You have a good point that most of those HTTP services out there for getting your IP don't seem like they would be particularly reliable in terms of uptime.

Worth noting that Cloudflare run one though, and that seems more likely to be reliable:

https://icanhazip.com/

https://ipv4.icanhazip.com/

https://ipv6.icanhazip.com/

Uptrenda · 2024-01-07T09:11:14

Very nice idea. Seems way simpler than the STUN protocol.

annoyingnoob · 2024-01-07T16:57:18

I worked on VoIP before RFC3489. We built our own ways to handle NAT and firewalls, but it always involved something like a directory server that would see both your private and public IPs and share information between clients at call time to connect calls.

johnhenry · 2024-01-07T15:44:09

I'm a big fan of Julia Evans[1] who's made a number of useful toys including ones for DNS here[2] and here[3].

- [1] https://jvns.ca/

- [2] https://dns-lookup.jvns.ca/

- [3] https://messwithdns.net/

rochak · 2024-01-07T17:32:52

Thanks for sharing these absolute gems!

johnhenry · 2024-01-07T23:04:49

You're welcome! I should have linked directly to the tool page: https://jvns.ca/categories/playgrounds/

rochak · 2024-01-08T03:06:55

Thanks! Julia does seem like an absolute baller.

dang · 2024-01-07T08:13:16

DNS Toys: Useful utilities and services over DNS - https://news.ycombinator.com/item?id=31637226 - June 2022 (1 comment)

shivam-dev · 2024-01-07T08:20:40

Here’s a talk the author of the project gave recently, fun story of how the project came into being

https://youtu.be/ANmFZ8rbmnc?si=ndEWH4xY2oxJuEnB

defrost · 2024-01-07T08:22:23

Odd that

dig A0.0,0.0/0.0,90.0.aerial @dns.toys

and

dig A0.0,0.0/90.0,0.0.aerial @dns.toys

both produce TXT "aerial distance = 10007.06 KM"

The equatorial circumference is 40,075.017 km (24,901.461 mi), while the polar circumference is 40,007.863 km (24,859.734 mi).

I guess there's no great harm in assuming the earth is hypothetically cow shaped, and it avoids that awkward series for shortest distance twixt points following an ellipsoids surface.

aidos · 2024-01-07T09:07:49

Oh interesting - those circumferences are actually closer than I assumed they would be!

defrost · 2024-01-07T09:17:54

Yeah, it's pretty minor stuff of no real import to many ... unless someone had a background in geodesy and had to measure fields on a oblate spheroid with fragmented moving plates girt by sloshing fluids.

codetrotter · 2024-01-07T14:08:19

I like your funny words, magic man :D

ricardo81 · 2024-01-07T12:05:44

Somewhat related, DNS lookup for (UK) business listings - same idea of 'abusing' the DNS service to provide non-DNS data.

https://www.num.uk/

Though going by their roadmap, it may be they're no longer maintaining the service.

m3047 · 2024-01-07T19:23:07

Don't use the word "abuse" unless it's in the sense of "SOAP and XHR are an 'abuse' of HTTP".

The IN (internet) class is the evolutionary "towering cedar" of the moment, but there were the CH (chaos) and HS (hesiod) classes during the cambrian period; you might review those project's purposes and goals.

Arguably the abuse today is in the form of things like ten millisecond windows for retransmission and qname minimization which optimize specifically for cloud-based web services ("happy eyeballs") at the expense of all else (and seemingly without awareness of e.g. buffer bloat). There's a whole world outside of A / AAAA resolution.

It's not unheard of to see two people with pocket protectors having a knife fight (or at least poking at each other with pencils) in the hallway at an Internet confab. "RFC" stands for "Request For Comments" and BCPs (Best Current Practice) are routinely ignored.

ricardo81 · 2024-01-08T00:30:12

Fair point. Probably showing my lack of experience previous to the millennium, at most it was debugging res_mkquery for hours because of what I was passing as a class, iirc C_ANY rather than C_IN.

m3047 · 2024-01-08T01:53:35

ANY is definitely a trap for the overconfident, as it is a qtype without a corresponding rdtype. Is there a wildcard for class? You got me there, I'd have to go look it up and I'm up to my armpits in something else at the moment.

wutwutwat · 2024-01-07T19:53:05

This is my goto these days https://addr.tools/

https://dnscheck.tools/

https://myip.addr.tools/help

account-5 · 2024-01-07T12:02:10

Can someone ELI5 for the idiot in the thread. I know it's for fun but I don't get it. Also how's it's working? I'm aware it's my ignorance.

input_sh · 2024-01-07T12:24:24

You're essentially resolving non-existent domains through their custom DNS server. For example:

    dig 100USD-INR.fx @dns.toys

Translates into "resolve 100USD-INR.fx using dns.toys as a DNS server". They then return TXT records containing the actual answer. Since .fx is a non-existent domain, they're not impersonating anyone, and if you switch "@dns.toys" with say "@8.8.8.8", it wouldn't resolve to anything.

sethammons · 2024-01-07T12:26:58

Sure, imagine a DNS server as a specialized type of web server, but it uses a different protocol over a different port. Just like you make requests to a web server using HTTP, you can interact with a DNS server using DNS protocols. Think of it like comparing how you might use telnet to simulate an HTTP or SMTP request; it's about communicating with a specific type of server over a specific set of rules. This server tends to do some computation before yielding its results, unlike most DNS records that you'd expect to be static.

themoonisachees · 2024-01-07T12:26:25

The DNS protocol is just text over udp. When making a DNS request, your system will open a socket, write "google.com" in it and read for a response. The server, if it is properly configured as a DNS server, will reply with the appropriate DNS record, again as text. Google.com is a cname to some subdomain used for load balancing, so the server will simply reply "CNAME blabla.google.com" and may optionally also resolve blabla.google.com to save you the trouble of making another request.

The DNS protocol, defined in some RFC, says that I have to make a request a certain way, and that the server has to respond a certain way. One of these ways is that for top level domains that don't exist (for ex. .time is not a currently existing tld), the server is supposed to reply nxdomain, but in reality there is no technical measure stopping it from replying with anything it wants, such as the current time.

In fact, generally speaking, the expectation that the server operators will not fuck you over is the only thing preventing public (and indeed private) DNS operators from returning you bogus data. This is mitigated somewhat by HTTPS, but DNS records themselves are infinitely fakeable with no recourse.

denton-scratch · 2024-01-07T17:42:58

DNS is not a text protocol, it's a binary protocol.

NoZebra120vClip · 2024-01-07T16:51:41

Your reply is riddled with errors and you don't seem to actually know how the DNS protocol works at all, on the wire or otherwise. It is, firstly, impossible for "google.com" to contain a CNAME record. This would violate standards, and it's simply not done. Query or yourself; there is no CNAME at that label.

Your description of how queries work is not how queries work at all. Your entire comment is a net negative and detracts from the overall knowledge at Hacker News.

jodrellblank · 2024-01-07T18:11:51

> "It is, firstly, impossible for "google.com" to contain a CNAME record. This would violate standards, and it's simply not done."

It is possible for an apex domain to contain/be a CNAME, and it simply is done, by many companies: https://serverfault.com/questions/55528/set-root-domain-reco...

NoZebra120vClip · 2024-01-07T19:28:06

This is a disingenuous claim, because many of the comments at the linked thread indicate that it not only is a breach of the RFC requirements, but is also liable to malfunction, so any provider/software that permits it, is going to have trouble supporting it.

I stand by what I said: it's impossible, and is simply not done [by anyone who cares about adhering to standards or interoperability.]

Uptrenda · 2024-01-07T15:14:20

Imagine a site like news.ycombinator.com. The browser uses that name to lookup the IP from a specialized server. So for the domain it might have this saved:

A IP = ...1

AAAA IP = ...2

Where 'a' is the type of record. But there are other types of records:

TXT gender = 'male'

So there's a few assumptions here about DNS that are normally true:

1. People are using DNS as a switch board to other services.

2. The values in the switchboard are normally static.

With this setup they're doing something completely different because they're serving back changing values based on the domain. To do this you would need to write a custom DNS server (though the DNS protocol is quite simple.) The reasons this is a clever hack though are as follows:

1. DNS is one of the most widely used and supported protocols. All mainstream programming libraries support it. This includes numerous command-line tools already in operating system. By providing this as a service over DNS it provides an elegant way for command-line tools and libraries to access services with minimal dependencies.

2. It challenges the way the DNS system should be used by tipping the normal assumptions behind its use on its head (direct usage for information, dynamic content for values.) This makes it possible to use DNS directly as an application service rather than as a switch board operator for regular internet services.

3. DNS is so integral that a complex integration wouldn't be needed to add it to existing software. A DNS request is arguably more straight-forwards than a typical web API. Chances are this also has benefits for censorship resistance, too.

All in all a clever hack.

robryk · 2024-01-07T11:32:41

I'm surprised that they aren't also available in some subdomain of dns.toys (so that they would resolve without using a special name server).

quesera · 2024-01-07T13:13:35

If you used default nameservers, you'd be introducing all the usual DNS complications, e.g. caching.

avidiax · 2024-01-07T17:39:31

Those complications would be easily controllable using the TTL.

quesera · 2024-01-08T00:33:15

Many ISP caches do not respect TTLs.

urbandw311er · 2024-01-07T21:13:12

The premise is kinda neat but it probably doesn’t need to do all this stuff just to provide the proof of concept that you can remotely execute a script somewhere via DNS.

mejthemage · 2024-01-07T16:29:55

I didn't know you could specify a DNS server with a name. So does dig first look up that name using whatever DNS server is normally configured to determine where the intended DNS server is?

NextDNS gives you a name that you can put in certain UIs (like "Private DNS" in Android) -- I always assumed there was just something special about those.

drones · 2024-01-07T14:51:25

(Drawing from 1-semester CCNA course in uni) Since DNS operates over UDP, isn't the amount of data that can be safely transferred effectively bottlenecked by the smallest page size between the routers that reach your device? DNS is served in one chunk, right?

lowpro · 2024-01-07T15:40:04

Usually if a response is greater than 512 bytes the DNS server will renegotiate on TCP 53. Note some DNS servers might not do this, but every normal implementation does that I’m aware of.

piperswe · 2024-01-07T22:19:52

Historically musl libc didn't support TCP DNS, but even musl supports it now [1]

[1]: https://www.theregister.com/2023/05/16/alpine_linux_318/

baby_souffle · 2024-01-07T15:13:43

DNS can switch to tcp for this reason

motopost · 2024-01-07T14:07:51

Seems like we can just build light weight APIs on top of this. And port 53 is always open too just 80 and 443.

remram · 2024-01-07T15:57:52

DNS is designed for caching. You can use DNS for anything that is public, idempotent, and immutable (or at least, slow-changing).

Havoc · 2024-01-07T10:40:43

How does this actually work? Finding it hard to believe someone bought domains for all combinations of those unit conversions

jfreax · 2024-01-07T10:49:33

> How does this actually work? Finding it hard to believe someone bought domains for all combinations of those unit conversions

dns.toys runs a (custom) DNS resolver. The example dig commands are asking this resolver. They are not using your configured (public) resolver. The custom resolver can return whatever it wants depending on the request. You could also ask the resolver what the IP (A-record) of e.g. "google.com" is and it could answer with whatever it wants.

Therefore, they actually just use one domain: dns.toys.

maxmouchet · 2024-01-07T10:43:58

It works by querying a specific DNS resolver (dns.toys):

  dig +short TXT mumbai.weather @dns.google
  # NXDOMAIN
 
  dig +short TXT mumbai.weather @dns.toys  
  "Mumbai (IN)" "30.90C (87.62F)" "45.90% hu." "clearsky_day" "15:30, Sun"
  "Mumbai (IN)" "28.10C (82.58F)" "56.00% hu." "fair_day" "17:30, Sun"
  ...

Havoc · 2024-01-07T11:21:59

I see - thanks for explaining

Uptrenda · 2024-01-07T08:39:38

I like it. I just wish that dig were installed on every platform. I'm always annoyed that it isn't available on Windows and when I checked Debian doesn't have it by default (though easily installable.) OpenBSD and Mac OS X have it though so that's good.

emmanueloga_ · 2024-01-07T10:35:18

Dog is cross platform and has some nice features, like json output.

https://dns.lookup.dog/

quesera · 2024-01-07T13:14:41

You don't need to use dig. nslookup or host work also.

Surely Windows has some kind of DNS lookup tool!

jodrellblank · 2024-01-07T15:32:06

Yes, in Powershell:

   Resolve-DnsName

ulrischa · 2024-01-07T08:43:38

Nice, but why over DNS? Perhaps I simply didn't get the point.

m3047 · 2024-01-07T19:12:15

DNS is everywhere. It offers massive caching potential. It is well-understood and there are multiple, interoperating, implementations. It is a data diode, which is to say read-only, which can simplify some risk assessments related to attack surface.

The README for this project may explain some of the general benefits (my project): https://github.com/m3047/rkvdns

HTTP is everywhere. I think SOAP sucks, but it's everywhere and it works well enough. (For that matter XHR sucks, but even I use it occasionally.)

(This is not the first time DNS Toys has shown up on Hacker News, there's a link in another comment.)

martyvis · 2024-01-07T10:14:01

Often passed through firewalls or effectively proxied through resolvers

jenoer · 2024-01-07T08:53:01

For fun.

dxroshan · 2024-01-08T05:25:06

Because it is fun.

WanderPanda · 2024-01-07T09:57:40

dns clients come preinstalled on virtually any os

anjanb · 2024-01-07T10:23:08

what dns clients does one have in windows 8 or windows 10 ?

kemotep · 2024-01-07T10:48:56

`nslookup` for a command prompt utility, the `DnsClient` PowerShell module, and the DNS Client graphical utility.

TheNorthman · 2024-01-07T10:48:02

`nslookup`

n_plus_1_acc · 2024-01-07T18:53:06

nslookup comes with the OS

（评论） (comments)

（评论）
(comments)