dns-packet

An abstract-encoding compliant module for encoding / decoding DNS packets. Lifted out of multicast-dns as a separate module.

npm install dns-packet

UDP Usage

1const dnsPacket = require('dns-packet')
2const dgram = require('dgram')
3
4const socket = dgram.createSocket('udp4')
5
6const buf = dnsPacket.encode({
7  type: 'query',
8  id: 1,
9  flags: dnsPacket.RECURSION_DESIRED,
10  questions: [{
11    type: 'A',
12    name: 'google.com'
13  }]
14})
15
16socket.on('message', message => {
17  console.log(dnsPacket.decode(message)) // prints out a response from google dns
18})
19
20socket.send(buf, 0, buf.length, 53, '8.8.8.8')

Also see the UDP example.

TCP, TLS, HTTPS

While DNS has traditionally been used over a datagram transport, it is increasingly being carried over TCP for larger responses commonly including DNSSEC responses and TLS or HTTPS for enhanced security. See below examples on how to use dns-packet to wrap DNS packets in these protocols:

• TCP
• DNS over TLS
• DNS over HTTPS

API

var buf = packets.encode(packet, [buf], [offset])

Encodes a DNS packet into a buffer containing a UDP payload.

var packet = packets.decode(buf, [offset])

Decode a DNS packet from a buffer containing a UDP payload.

var buf = packets.streamEncode(packet, [buf], [offset])

Encodes a DNS packet into a buffer containing a TCP payload.

var packet = packets.streamDecode(buf, [offset])

Decode a DNS packet from a buffer containing a TCP payload.

var len = packets.encodingLength(packet)

Returns how many bytes are needed to encode the DNS packet

Packets

Packets look like this

1{
2  type: 'query|response',
3  id: optionalIdNumber,
4  flags: optionalBitFlags,
5  questions: [...],
6  answers: [...],
7  additionals: [...],
8  authorities: [...]
9}

The bit flags available are

1packet.RECURSION_DESIRED
2packet.RECURSION_AVAILABLE
3packet.TRUNCATED_RESPONSE
4packet.AUTHORITATIVE_ANSWER
5packet.AUTHENTIC_DATA
6packet.CHECKING_DISABLED

To use more than one flag bitwise-or them together

1var flags = packet.RECURSION_DESIRED | packet.RECURSION_AVAILABLE

And to check for a flag use bitwise-and

1var isRecursive = message.flags & packet.RECURSION_DESIRED

A question looks like this

1{
2  type: 'A', // or SRV, AAAA, etc
3  class: 'IN', // one of IN, CS, CH, HS, ANY. Default: IN
4  name: 'google.com' // which record are you looking for
5}

And an answer, additional, or authority looks like this

1{
2  type: 'A', // or SRV, AAAA, etc
3  class: 'IN', // one of IN, CS, CH, HS
4  name: 'google.com', // which name is this record for
5  ttl: optionalTimeToLiveInSeconds,
6  (record specific data, see below)
7}

Supported record types

A

1{
2  data: 'IPv4 address' // fx 127.0.0.1
3}

AAAA

1{
2  data: 'IPv6 address' // fx fe80::1
3}

CAA

1{
2  flags: 128, // octet
3  tag: 'issue|issuewild|iodef',
4  value: 'ca.example.net',
5  issuerCritical: false
6}

CNAME

1{
2  data: 'cname.to.another.record'
3}

DNAME

1{
2  data: 'dname.to.another.record'
3}

DNSKEY

1{
2  flags: 257, // 16 bits
3  algorithm: 1, // octet
4  key: Buffer
5}

DS

1{
2  keyTag: 12345,
3  algorithm: 8,
4  digestType: 1,
5  digest: Buffer
6}

HINFO

1{
2  data: {
3    cpu: 'cpu info',
4    os: 'os info'
5  }
6}

MX

1{
2  preference: 10,
3  exchange: 'mail.example.net'
4}

NAPTR

1{
2  data:
3    {
4      order: 100,
5      preference: 10,
6      flags: 's',
7      services: 'SIP+D2U',
8      regexp: '!^.*$!sip:customer-service@example.com!',
9      replacement: '_sip._udp.example.com'
10    }
11}

NS

1{
2  data: nameServer
3}

NSEC

1{
2  nextDomain: 'a.domain',
3  rrtypes: ['A', 'TXT', 'RRSIG']
4}

NSEC3

1{
2  algorithm: 1,
3  flags: 0,
4  iterations: 2,
5  salt: Buffer,
6  nextDomain: Buffer, // Hashed per RFC5155
7  rrtypes: ['A', 'TXT', 'RRSIG']
8}

NULL

1{
2  data: Buffer('any binary data')
3}

OPT

EDNS0 options.

1{
2  type: 'OPT',
3  name: '.',
4  udpPayloadSize: 4096,
5  flags: packet.DNSSEC_OK,
6  options: [{
7    // pass in any code/data for generic EDNS0 options
8    code: 12,
9    data: Buffer.alloc(31)
10  }, {
11    // Several EDNS0 options have enhanced support
12    code: 'PADDING',
13    length: 31,
14  }, {
15    code: 'CLIENT_SUBNET',
16    family: 2, // 1 for IPv4, 2 for IPv6
17    sourcePrefixLength: 64, // used to truncate IP address
18    scopePrefixLength: 0,
19    ip: 'fe80::',
20  }, {
21    code: 'TCP_KEEPALIVE',
22    timeout: 150 // increments of 100ms.  This means 15s.
23  }, {
24    code: 'KEY_TAG',
25    tags: [1, 2, 3],
26  }]
27}

The options PADDING, CLIENT_SUBNET, TCP_KEEPALIVE and KEY_TAG support enhanced de/encoding. See optionscodes.js for all supported option codes. If the data property is present on a option, it takes precedence. On decoding, data will always be defined.

PTR

1{
2  data: 'points.to.another.record'
3}

RP

1{
2  mbox: 'admin.example.com',
3  txt: 'txt.example.com'
4}

SSHFP

1{
2  algorithm: 1,
3  hash: 1,
4  fingerprint: 'A108C9F834354D5B37AF988141C9294822F5BC00'
5}

RRSIG

1{
2  typeCovered: 'A',
3  algorithm: 8,
4  labels: 1,
5  originalTTL: 3600,
6  expiration: timestamp,
7  inception: timestamp,
8  keyTag: 12345,
9  signersName: 'a.name',
10  signature: Buffer
11}

SOA

1{
2  data:
3    {
4      mname: domainName,
5      rname: mailbox,
6      serial: zoneSerial,
7      refresh: refreshInterval,
8      retry: retryInterval,
9      expire: expireInterval,
10      minimum: minimumTTL
11    }
12}

SRV

1{
2  data: {
3    port: servicePort,
4    target: serviceHostName,
5    priority: optionalServicePriority,
6    weight: optionalServiceWeight
7  }
8}

TLSA

1{
2  usage: 3,
3  selector: 1,
4  matchingType: 1,
5  certificate: Buffer
6}

TXT

1{
2  data: 'text' || Buffer || [ Buffer || 'text' ]
3}

When encoding, scalar values are converted to an array and strings are converted to UTF-8 encoded Buffers. When decoding, the return value will always be an array of Buffer.

If you need another record type, open an issue and we'll try to add it.

License

MIT