Hacker News Re-Imagined

DNS Toys

  • 946 points
  • β€’ 22 days ago

  • @edent
  • Created a post

DNS Toys


@kazinator β€’ 22 days

Replying to @edent πŸŽ™

"Prior art" for this is DNS block lists (DNSBLs).

Typically these are used like this: your mail server gets an SMTP connection from some address (let's use the familiar IPv4 example): 10.20.30.40.

You reverse these octets and do an "A" record dns query to some 40.30.10.10.dnsbl.example.com to look up that IP in example.com's list. If a match is returned, the address is listed. If you do a "TXT" record query, you can find out why it's listed.

Block lists are typically blacklists, but they can be whitelists as well.

DNSBL's are hammered with queries from vast numbers of mail servers; DNS keeps things efficient.

Reply


@Yajirobe β€’ 22 days

Replying to @edent πŸŽ™

ELIFreshman, please

Reply


@CAPSLOCKSSTUCK β€’ 22 days

Replying to @edent πŸŽ™

Fun :). It would be interesting to see how accurate one could get the time records (I see a TTL of 1 second, but what if the algorithm for reporting the time could try to measure latency between DNS client and itself and . . . yadda yadda yadda). Wish we had more submissions like this one.

Reply


@mvuksano β€’ 22 days

Replying to @edent πŸŽ™

Love it!

Reply


@cyansmoker β€’ 21 days

Replying to @edent πŸŽ™

Shameless plug:

Since I was in the process of implementing plugins for kittendns (https://github.com/fusion/kittendns), I felt I should at least implement the timezone toy as proof of concept. This forced me to implement 'fetch' in the javascript plugin so, I guess, everyone wins :)

Reply


@peter_d_sherman β€’ 21 days

Replying to @edent πŸŽ™

I love it!

I am not a DNS expert, but if one format for DNS queries is <x>.<y>, i.e., "mumbai.time", "berlin.weather" as seems to be the case -- then I think it would be interesting to see if a general-purpose query in this format -- could be passed along to a search engine, then get the result back from that, strip the HTML, and pass the resulting text back in the answer section...

Why?

Well, it could have emergency preparedness applications -- imagine that for whatever reason, all computers complex enough to run modern web browsers suddenly stopped working -- and all that still works are dumb terminals and mostly text-based computers from the 1980's...

In that scenario (and we hope it never happens!) -- it would be awesome, truly awesome, to have a way to still be able to query search engines and possibly other Internet services -- if most of the other infrastructure is no longer working.

It might also be possible to implement some type of rudimentary email system over this, as well...

Anyway, I think what you've done is absolutely brilliant!

Reply


@pmoriarty β€’ 22 days

Replying to @edent πŸŽ™

I guess you could deliver web pages over DNS too, if you wanted... though I'm not sure why you'd want to.

Instead of DoH it would be HoD.

Reply


@Klasiaster β€’ 22 days

Replying to @edent πŸŽ™

I think it would work to use "time" etc as subdomains instead of TLD to be able to use any DNS server for the query.

Reply


@kureikain β€’ 22 days

Replying to @edent πŸŽ™

Does this configured to handle DNS amplification attack our of the box?

Reply


@djbusby β€’ 22 days

Replying to @edent πŸŽ™

Neat! For unit conversions there is an older tool called 'unit' which can convert nearly anything.

Reply


@4oo4 β€’ 22 days

Replying to @edent πŸŽ™

This is awesome but I'm getting NXDOMAIN when I try to use it. Am I doing something wrong, perhaps something to do with EDNS?

    $ dig 42km-mi.unit @dns.toys 

    ; <<>> DiG 9.16.27-Debian <<>> @dns.toys 42km-mi.unit
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2059
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ; COOKIE: efe3c6f9e0b6e4da56aba44d62a4e63ba7a19bed262b0e1a (good)
    ;; QUESTION SECTION:
    ;42km-mi.unit.   IN A

    ;; AUTHORITY SECTION:
    .   6959 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022061100 1800 900 604800 86400

    ;; Query time: 44 msec
    ;; SERVER: 138.197.68.199#53(138.197.68.199)
    ;; WHEN: Sat Jun 11 14:00:11 CDT 2022
    ;; MSG SIZE  rcvd: 144

Reply


@itsmemattchung β€’ 22 days

Replying to @edent πŸŽ™

Awesome! Surprised to see the resolver correctly handle my typo:

$ dig seat2222tle.time @dns.toys +short "Seattle (America/Los_Angeles, US)" "Sat, 11 Jun 2022 08:22:42 -0700"

Reply


@ktpsns β€’ 22 days

Replying to @edent πŸŽ™

Picky overcorrect comment: Try

    dig +short
instead of

    dig +noall +answer +additional
i.e.

    dig +short mumbai.time @dns.toys
gives you the short and breve answer you probably expect :-)

Reply


@jcims β€’ 22 days

Replying to @edent πŸŽ™

Awesome idea and already with the requests lol: Would it be possible to add the resource records as subdomain of dns.toys?

Eg.

dig newyork.time.dns.toys with a low ttl?

This way folks operating in an environment where they can't egress on port 53 can still use the tools?

Reply


@Sami_Lehtinen β€’ 21 days

Replying to @edent πŸŽ™

dig -6 aaaa ip @dns.toys doesn't work.

Reply


@anonu β€’ 22 days

Replying to @edent πŸŽ™

really cool. wonder if it does any checks to ensure packet response stays within 512 bytes to avoid packet frags.

Reply


@vivekv β€’ 22 days

Replying to @edent πŸŽ™

brilliant!

Reply


@awill β€’ 22 days

Replying to @edent πŸŽ™

This is great. It's especially useful if you're already in a terminal. No special tools needed.

Reply


@BuildTheRobots β€’ 22 days

Replying to @edent πŸŽ™

Really pleasing - though the most surprising thing was learning a forward slash is a valid character in a domain name. Are there any real world examples?

Reply


@netfortius β€’ 21 days

Replying to @edent πŸŽ™

Interesting if "normal" (unrestricted) Internet connection. Fails if using a VPN solution (PIA and Mullvad, so far) - probably because they trap name resolution attempts, if forcing using their own.

Reply


@Razengan β€’ 21 days

Replying to @edent πŸŽ™

Isn’t this sort of a continuation/improvement on the ancient single-purpose protocols and commands like `finger` or `ident` etc. but consolidated into a single port/command?

Maybe we could formalize this into a new protocol? Send some text, get some text back, with minimal overhead. Let’s call it β€œask” or β€œq” (for query)

Reply


@mastazi β€’ 22 days

Replying to @edent πŸŽ™

the one where you can get the weather reminds me of graph.no, a service where you can retrieve the weather using the Finger Protocol.

e.g.

   finger new_york@graph.no

Reply


@trvr β€’ 22 days

Replying to @edent πŸŽ™

For years now I have published DNS TXT records for my domain that include my twitter handle, email address, and a Google Voice number. I always thought it would be a fun "protocol" for people to adopt, but never knew how to advance it.

  dig TXT trevormanternach.com

Reply


@pgl β€’ 22 days

Replying to @edent πŸŽ™

Rule 53: if you can think of it, someone's done it in the DNS.

Reply


@neomantra β€’ 22 days

Replying to @edent πŸŽ™

Fun tool! I use `pi.neomantra.net` for unit testing:

  > dig pi.neomantra.net +short
  3.141.59.26
  
  > dig pi.neomantra.net +short  -t AAAA
  3141:5926:5358:9793:2384:6264:3383:2795

Just added pi support to it: https://github.com/knadh/dns.toys/pull/9

Reply


@sabujp β€’ 22 days

Replying to @edent πŸŽ™

nice, some stuff for me to try on a plane

Reply


@1vuio0pswjnm7 β€’ 22 days

Replying to @edent πŸŽ™

Remember the bert.secret-wg.org RPN calculator via DNS from the old days. It's still going.

Recursive

   DNSCACHEIP=185.49.141.200 dnstxt 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org 
   dq txt 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org 
   drill 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org txt
   kdig 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org txt
   dig 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org txt
Non-recursive

   dnsq txt 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org 185.49.141.200  
   dq -a txt 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org 185.49.141.200
   drill -ord 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org @185.49.141.200 txt 
   kdig +nord 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org @185.49.141.200 txt
   dig +nord 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org @185.49.141.200 txt
Two different TXT RRs will be returned. The second one is new as of last year.

Read more at https://bert.secret-wg.org/Tools/index.html

Reply


@sjnair96 β€’ 22 days

Replying to @edent πŸŽ™

Ha, no one has pointed out who the author is yet - a CTO of one of India's recent unicorns.

Reply


@bradrn β€’ 22 days

Replying to @edent πŸŽ™

In case anyone else is as unfamiliar as I was with the commands here: https://en.wikipedia.org/wiki/Dig_(command)

Reply


@schleck8 β€’ 22 days

Replying to @edent πŸŽ™

Interesting find on this site: The Norwegian Meteorological Institute has a free weather API

https://developer.yr.no/featured-products/forecast/

Reply


@BMc2020 β€’ 22 days

Replying to @edent πŸŽ™

Copy and run the below commands to try it out.

I can't make it work from the explorer bar, powershell prompt, dos shell.

Bye.

Reply


@JoBrad β€’ 21 days

Replying to @edent πŸŽ™

I was expecting a collection of DNS utilities, but this is much more fun!

Reply


@corbet β€’ 22 days

Replying to @edent πŸŽ™

Hey cool somebody has reimplemented finger!

Reply


@WastedLife β€’ 22 days

Replying to @edent πŸŽ™

This is a fun tool, but it has some assumptions around IPv4.

It appears to work by responding with TXT records when given a query for A records. I have a `.digrc` file setup to query for AAAA records by default (since I mostly deal with IPv6 only networks). So I have to set the query for either A or TXT. Unfortunately, AAAA doesn't get the special treatment that A gets.

Reply


@Waterluvian β€’ 22 days

Replying to @edent πŸŽ™

β€œWhy? For fun.”

I love this. It doesn’t need a reason to exist. It’s interesting on its own.

That being said, can anyone think of additional interesting reasons for why this would be useful rather than the same toys over HTTP?

Reply


@punnerud β€’ 22 days

Replying to @edent πŸŽ™

To others, yr.no is a free weather service with API: https://developer.yr.no

I see that dns.toys use it.

Reply


@patrck β€’ 22 days

Replying to @edent πŸŽ™

Nice. like a command-line version of Charlie Cheever's bunny1. https://github.com/ccheever/bunny1

Reply


@fossdd β€’ 22 days

Replying to @edent πŸŽ™

this is insane cool. it's such an amazing creative idea. i hope people like them never stop having awesome ideas

Reply


About Us

site design / logo Β© 2022 Box Piper