DNSTSD
[/?]
[/SERVERIP address]
[/SERVERPORT port]
[/DOMAIN string]
DNSFSD is a server dæmon that provides specialized content DNS
service for DNS-based client blacklists or whitelists. Such blacklists
involve TXT resource records, which DNSTSD reads from a
database.
Version 4 IP addresses are encoded as domain names, of the form
d.c.b.a.domain, where d.c.b.a is the IP
address in little-endian dotted-decimal form and domain is the
superdomain that DNSTSD has been instructed to use. The convention for
such blacklists is that if a TXT resource record exists for
1.2.3.4.example.com., then the IP address 4.3.2.1 is on the
blacklist, otherwise it is not.
If an address is on the blacklist, DNSTSD publishes a TXT
resource record for it, and an A resource record for it
(listing the — again, conventional — IP address 127.0.0.6).
Otherwise, including for all other types of resource record, DNSTSD
publishes empty resource record sets for all
d.c.b.a.domain domain names. For any other forms of
domain name, DNSTSD responds with a "no such name" error.
DNSTSD marks all responses with a TTL of 1 day. To transfer this
information for empty resource record sets, and for "no such name"
responses, it constructs a dummy SOA resource record for
domain.
This specially constructed SOA resource records exist solely
because of a design flaw in the DNS protocol, which requires the use of such
resource records in order to convey TTL information for empty-set and
"no such name" answers. It is not expected in normal
practice that this resource record will be looked up itself,
explicitly.
Moreover, it is expected in normal practice that proxy DNS
servers will discard it as cache poison.
Because the special SOA resource record only serves one
function, only its
"MINIMUM" field
contains useful data. Its other fields, for database replication, DDNS
Update, and administrative contact, are given zero values. (The latter has
long since fallen into desuetude anyway.)
In normal operation, none of this information should be used by
anything. Anything that uses any information in this
SOA resource record apart from the negative/empty TTL
information is either incorrectly designed or misconfigured.
DNSTSD does not publish any resource records at all other than
TXT, A, AAAA, or SOA
resource records.
It does not provide name service over TCP. All responses will
easily fit into a 512 byte UDP packet, and hence the overhead of TCP
simply isn't worth the effort.
DNSTSD uses the contents of the Text/ directory, below the
current directory in which DNSTSD was started, as the database. In that
directory it expects to find files named "nnnnnnnn.TXT", where "nnnnnnnn"
is an IP address in big-endian hexadecimal form. So, for examples, the
file for the IP address 127.0.0.1 is Text/7F000001.TXT and
the file for the IP address FED0::0001 is
Text/FED00000000000000000000000000001.TXT.
If such a file is found, its content (up to a maximum of 256 bytes) is
taken to be the TXT record for the name d.c.b.a.domain
(for IP version 4 addresses) or
n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.n.domain
(for IP version 6 addresses).
Configuration of the database can be done with ordinary file commands. For example:
To add a TXT record for 10.1.2.3 :
echos This is some text for 10.1.2.3 > Text\Temp.TXT rename Text\Temp.TXT Text\0A010203.TXT
To delete the TXT record for 127.0.0.3 :
del Text\7F000003.TXT
The database may be modified whilst the server is running. DNSTSD does not retain information in memory and will see all changes immediately. Care must be taken when adding records, since files may be in an intermediate state during the execution of commands such as ECHOS and COPY. For safety, always create new records under a temporary name and use RENAME to atomically add them to the database.
DNSTSD would be invoked under RUNSVC, the Service Manager in the OS/2 Command Line Utilities version 2.2, with a run file similar to:
program %APPS%\JdeBP\IU\bin\DNSTSD.exe chdir %_BOOT%:\Config\Apps\JdeBP\IU\DNS\ argument DNSTSD argument /serverip:127.0.0.3 argument /domain:"rbl.local."
/DOMAIN