DNS Toys

"Prior art" for this is DNS block lists (DNSBLs).

Typically these are used like this: your mail server gets an SMTP connection from some address (let's use the familiar IPv4 example): 10.20.30.40.

You reverse these octets and do an "A" record dns query to some 40.30.10.10.dnsbl.example.com to look up that IP in example.com's list. If a match is returned, the address is listed. If you do a "TXT" record query, you can find out why it's listed.

Block lists are typically blacklists, but they can be whitelists as well.

DNSBL's are hammered with queries from vast numbers of mail servers; DNS keeps things efficient.

ELIFreshman, please

Fun :). It would be interesting to see how accurate one could get the time records (I see a TTL of 1 second, but what if the algorithm for reporting the time could try to measure latency between DNS client and itself and . . . yadda yadda yadda). Wish we had more submissions like this one.

Love it!

Shameless plug:

Since I was in the process of implementing plugins for kittendns (https://github.com/fusion/kittendns), I felt I should at least implement the timezone toy as proof of concept. This forced me to implement 'fetch' in the javascript plugin so, I guess, everyone wins :)

I love it!

I am not a DNS expert, but if one format for DNS queries is <x>.<y>, i.e., "mumbai.time", "berlin.weather" as seems to be the case -- then I think it would be interesting to see if a general-purpose query in this format -- could be passed along to a search engine, then get the result back from that, strip the HTML, and pass the resulting text back in the answer section...

Why?

Well, it could have emergency preparedness applications -- imagine that for whatever reason, all computers complex enough to run modern web browsers suddenly stopped working -- and all that still works are dumb terminals and mostly text-based computers from the 1980's...

In that scenario (and we hope it never happens!) -- it would be awesome, truly awesome, to have a way to still be able to query search engines and possibly other Internet services -- if most of the other infrastructure is no longer working.

It might also be possible to implement some type of rudimentary email system over this, as well...

Anyway, I think what you've done is absolutely brilliant!

I guess you could deliver web pages over DNS too, if you wanted... though I'm not sure why you'd want to.

Instead of DoH it would be HoD.

I think it would work to use "time" etc as subdomains instead of TLD to be able to use any DNS server for the query.

Does this configured to handle DNS amplification attack our of the box?

Neat! For unit conversions there is an older tool called 'unit' which can convert nearly anything.

This is awesome but I'm getting NXDOMAIN when I try to use it. Am I doing something wrong, perhaps something to do with EDNS?

    $ dig 42km-mi.unit @dns.toys 

    ; <<>> DiG 9.16.27-Debian <<>> @dns.toys 42km-mi.unit
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2059
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ; COOKIE: efe3c6f9e0b6e4da56aba44d62a4e63ba7a19bed262b0e1a (good)
    ;; QUESTION SECTION:
    ;42km-mi.unit.   IN A

    ;; AUTHORITY SECTION:
    .   6959 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022061100 1800 900 604800 86400

    ;; Query time: 44 msec
    ;; SERVER: 138.197.68.199#53(138.197.68.199)
    ;; WHEN: Sat Jun 11 14:00:11 CDT 2022
    ;; MSG SIZE  rcvd: 144

Awesome! Surprised to see the resolver correctly handle my typo:

$ dig seat2222tle.time @dns.toys +short "Seattle (America/Los_Angeles, US)" "Sat, 11 Jun 2022 08:22:42 -0700"

Picky overcorrect comment: Try

    dig +short

    dig +noall +answer +additional

    dig +short mumbai.time @dns.toys

Awesome idea and already with the requests lol: Would it be possible to add the resource records as subdomain of dns.toys?

Eg.

dig newyork.time.dns.toys with a low ttl?

This way folks operating in an environment where they can't egress on port 53 can still use the tools?

dig -6 aaaa ip @dns.toys doesn't work.

really cool. wonder if it does any checks to ensure packet response stays within 512 bytes to avoid packet frags.

brilliant!

This is great. It's especially useful if you're already in a terminal. No special tools needed.

Really pleasing - though the most surprising thing was learning a forward slash is a valid character in a domain name. Are there any real world examples?

Interesting if "normal" (unrestricted) Internet connection. Fails if using a VPN solution (PIA and Mullvad, so far) - probably because they trap name resolution attempts, if forcing using their own.

Isn’t this sort of a continuation/improvement on the ancient single-purpose protocols and commands like `finger` or `ident` etc. but consolidated into a single port/command?

Maybe we could formalize this into a new protocol? Send some text, get some text back, with minimal overhead. Let’s call it “ask” or “q” (for query)

the one where you can get the weather reminds me of graph.no, a service where you can retrieve the weather using the Finger Protocol.

e.g.

   finger new_york@graph.no

For years now I have published DNS TXT records for my domain that include my twitter handle, email address, and a Google Voice number. I always thought it would be a fun "protocol" for people to adopt, but never knew how to advance it.

  dig TXT trevormanternach.com

Rule 53: if you can think of it, someone's done it in the DNS.

Fun tool! I use `pi.neomantra.net` for unit testing:

  > dig pi.neomantra.net +short
  3.141.59.26
  
  > dig pi.neomantra.net +short  -t AAAA
  3141:5926:5358:9793:2384:6264:3383:2795

nice, some stuff for me to try on a plane

Remember the bert.secret-wg.org RPN calculator via DNS from the old days. It's still going.

Recursive

   DNSCACHEIP=185.49.141.200 dnstxt 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org 
   dq txt 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org 
   drill 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org txt
   kdig 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org txt
   dig 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org txt

   dnsq txt 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org 185.49.141.200  
   dq -a txt 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org 185.49.141.200
   drill -ord 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org @185.49.141.200 txt 
   kdig +nord 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org @185.49.141.200 txt
   dig +nord 4.9.+.3.+.7.+.7.+.7.+.5.+.rp.secret-wg.org @185.49.141.200 txt

Read more at https://bert.secret-wg.org/Tools/index.html

Ha, no one has pointed out who the author is yet - a CTO of one of India's recent unicorns.

In case anyone else is as unfamiliar as I was with the commands here: https://en.wikipedia.org/wiki/Dig_(command)

Interesting find on this site: The Norwegian Meteorological Institute has a free weather API

https://developer.yr.no/featured-products/forecast/

Copy and run the below commands to try it out.

I can't make it work from the explorer bar, powershell prompt, dos shell.

Bye.

I was expecting a collection of DNS utilities, but this is much more fun!

Hey cool somebody has reimplemented finger!

This is a fun tool, but it has some assumptions around IPv4.

It appears to work by responding with TXT records when given a query for A records. I have a `.digrc` file setup to query for AAAA records by default (since I mostly deal with IPv6 only networks). So I have to set the query for either A or TXT. Unfortunately, AAAA doesn't get the special treatment that A gets.

“Why? For fun.”

I love this. It doesn’t need a reason to exist. It’s interesting on its own.

That being said, can anyone think of additional interesting reasons for why this would be useful rather than the same toys over HTTP?

To others, yr.no is a free weather service with API: https://developer.yr.no

I see that dns.toys use it.

Nice. like a command-line version of Charlie Cheever's bunny1. https://github.com/ccheever/bunny1

this is insane cool. it's such an amazing creative idea. i hope people like them never stop having awesome ideas