Browse Source

merge

master
boB Rudis 1 year ago
parent
commit
515e696d1d
No known key found for this signature in database GPG Key ID: 1D7529BE14E2BBA9
52 changed files with 1401 additions and 90 deletions
  1. +8
    -8
      DESCRIPTION
  2. +10
    -0
      NAMESPACE
  3. +83
    -0
      R/DNSHeader-class.R
  4. +43
    -0
      R/DNSLabel-class.R
  5. +51
    -0
      R/DNSQuestion-class.R
  6. +90
    -0
      R/DNSRecord-class.R
  7. +25
    -0
      R/RcppExports.R
  8. +9
    -1
      R/aaa.R
  9. +3
    -1
      R/clandnstine-package.R
  10. +98
    -0
      R/doh-query.R
  11. +118
    -0
      R/globals.R
  12. +7
    -0
      R/is.R
  13. +46
    -19
      R/resolver.R
  14. +1
    -0
      R/set-res-types.R
  15. +24
    -0
      R/to-inaddr-arpa.R
  16. +4
    -0
      R/utils-infix-helpers.R
  17. +9
    -0
      R/utils.R
  18. +62
    -16
      README.Rmd
  19. +159
    -40
      README.md
  20. +1
    -1
      man/clandnstine.Rd
  21. +29
    -0
      man/doh_post.Rd
  22. +32
    -0
      man/doh_servers.Rd
  23. +5
    -0
      man/gdns_context.Rd
  24. +5
    -0
      man/gdns_get_address.Rd
  25. +17
    -0
      man/gdns_get_hosts.Rd
  26. +17
    -0
      man/gdns_get_resolution_type.Rd
  27. +17
    -0
      man/gdns_get_resolvconf.Rd
  28. +31
    -0
      man/gdns_get_root_servers.Rd
  29. +17
    -0
      man/gdns_get_timeout.Rd
  30. +17
    -0
      man/gdns_get_tls_ca_file.Rd
  31. +17
    -0
      man/gdns_get_tls_ca_path.Rd
  32. +17
    -0
      man/gdns_get_transports.Rd
  33. +1
    -0
      man/gdns_lib_version.Rd
  34. +9
    -2
      man/gdns_query.Rd
  35. +18
    -1
      man/gdns_set_hosts.Rd
  36. +17
    -0
      man/gdns_set_resolution_type.Rd
  37. +17
    -0
      man/gdns_set_round_robin_upstreams.Rd
  38. +17
    -0
      man/gdns_set_timeout.Rd
  39. +17
    -0
      man/gdns_set_tls_ca_file.Rd
  40. +17
    -0
      man/gdns_set_tls_ca_path.Rd
  41. +18
    -1
      man/gdns_update_resolvers.Rd
  42. +15
    -0
      man/int_gdns_get_root_servers.Rd
  43. +14
    -0
      man/is_gctx.Rd
  44. +17
    -0
      man/tidy.Rd
  45. +16
    -0
      man/tidy.gdns_doh_response.Rd
  46. +14
    -0
      man/to_inaddr_arpa.Rd
  47. BIN
      src/.vscode/ipch/fbe8796a0b446fa3/mmap_address.bin
  48. BIN
      src/.vscode/ipch/fbe8796a0b446fa3/resolver.ipch
  49. +24
    -0
      src/RcppExports.cpp
  50. +51
    -0
      src/clandnstine-main.cpp
  51. +45
    -0
      src/from-wire.cpp
  52. +2
    -0
      src/resolver.cpp

+ 8
- 8
DESCRIPTION View File

@ -1,17 +1,14 @@
Package: clandnstine
Type: Package
Title: Perform Secure-by-default 'DNS' Queries
Version: 0.1.0
Date: 2019-01-18
Version: 0.2.1
Date: 2019-05-26
Authors@R: c(
person("Bob", "Rudis", email = "bob@rud.is", role = c("aut", "cre"),
comment = c(ORCID = "0000-0001-5670-2640"))
)
Maintainer: Bob Rudis <bob@rud.is>
Description: Methods are provided to query 'Domain Name System' ('DNS') stub
and recursive resolvers for all 'DNS' resource record types using 'UDP',
'TCP', and/or 'TLS' transport layers. 'DNS' query support is provided
by the 'getdns' (<getdnsapi.net>) C library.
Description: Perform and process 'DNS over TLS' and 'DNS over HTTPS' queries.
SystemRequirements: C++11; libgetdns v1.5.1 or higher
URL: https://gitlab.com/hrbrmstr/clandnstine
BugReports: https://gitlab.com/hrbrmstr/clandnstine/issues
@ -25,8 +22,11 @@ Depends:
Imports:
jsonlite,
Rcpp,
magrittr
magrittr,
glue,
httr,
R6
Roxygen: list(markdown = TRUE)
RoxygenNote: 6.1.1
LinkingTo:
Rcpp
Rcpp

+ 10
- 0
NAMESPACE View File

@ -2,12 +2,16 @@
S3method(print,gctx)
S3method(print,gdns_response)
S3method(tidy,gdns_doh_response)
export("%>%")
export(doh_post)
export(doh_servers)
export(gdns_context)
export(gdns_get_address)
export(gdns_get_hosts)
export(gdns_get_resolution_type)
export(gdns_get_resolvconf)
export(gdns_get_root_servers)
export(gdns_get_timeout)
export(gdns_get_tls_ca_file)
export(gdns_get_tls_ca_path)
@ -22,7 +26,13 @@ export(gdns_set_tls_ca_file)
export(gdns_set_tls_ca_path)
export(gdns_set_transports)
export(gdns_update_resolvers)
export(is_gctx)
export(tidy)
export(to_inaddr_arpa)
import(R6)
import(httr)
importFrom(Rcpp,sourceCpp)
importFrom(glue,glue_data)
importFrom(jsonlite,fromJSON)
importFrom(magrittr,"%>%")
useDynLib(clandnstine, .registration = TRUE)

+ 83
- 0
R/DNSHeader-class.R View File

@ -0,0 +1,83 @@
R6Class(
classname = "DNSHeader",
public = list(
q = NULL,
a = NULL,
id = NULL,
auth = NULL,
bitmap = 0L,
qr = NULL,
opcode = NULL,
aa = NULL,
tc = NULL,
rd = NULL,
ra = NULL,
z = NULL,
ad = NULL,
ar = NULL,
cd = NULL,
rcode = NULL,
set_rd = function(val) {
bits(self$bitmap, 8) <- as.integer(val)
},
initialize = function(id = NULL, bitmap = NULL, q = 0L,
a = 0L, auth = 0L, ar = 0L, ...) {
self$id <- id %||% sample(0:65535, 1)
self$bitmap <- bitmap %||% 0L
if (is.null(bitmap)) self$set_rd(1L)
self$q <- q
self$a <- a
self$auth <- auth
self$ar <- ar
valid <- c("qr", "opcode", "aa", "tc", "rd", "ra", "z", "ad", "cd", "rcode")
args <- list(...)
args <- setNames(args, tolower(colnames(args)))
args <- Filter(Negate(is.null), args[valid])
for (n in names(args)) self[[n]] <- args[[n]]
},
parse = function(buf, buf_pos = 1L) {
self$id <- readBin(buf[buf_pos:(buf_pos+1)], "int", size = 2, endian = "big")
self$bitmap <- readBin(buf[(buf_pos+2):(buf_pos+3)], "int", size = 2, endian = "big")
self$q <- readBin(buf[(buf_pos+4):(buf_pos+5)], "int", size = 2, endian = "big")
self$a <- readBin(buf[(buf_pos+6):(buf_pos+7)], "int", size = 2, endian = "big")
self$auth <- readBin(buf[(buf_pos+8):(buf_pos+9)], "int", size = 2, endian = "big")
self$ar <- readBin(buf[(buf_pos+10):(buf_pos+11)], "int", size = 2, endian = "big")
attr(self, "buflen") <- 12L
self
},
pack = function() {
c(
writeBin(as.integer(self$id), raw(), size = 2, endian = "big"),
writeBin(as.integer(self$bitmap), raw(), size = 2, endian = "big"),
writeBin(as.integer(self$q), raw(), size = 2, endian = "big"),
writeBin(as.integer(self$a), raw(), size = 2, endian = "big"),
writeBin(as.integer(self$auth), raw(), size = 2, endian = "big"),
writeBin(as.integer(self$ar), raw(), size = 2, endian = "big")
)
}
)
) -> DNSHeader

+ 43
- 0
R/DNSLabel-class.R View File

@ -0,0 +1,43 @@
R6Class(
classname = "DNSLabel",
public = list(
label = NULL,
initialize = function(label) {
if (inherits(label, "DNSLabel")) {
self$label <- label$label
} else if (length(label) > 1) {
self$label <- as.character(label)
} else if (is.character(label)) {
label <- sub("\\.$", "", label)
self$label <- unlist(strsplit(label, "\\."), use.names = FALSE)
}
},
encode = function() {
sz <- nchar(self$label)
out <- raw()
for (i in seq_along(self$label)) {
out <- c(out, as.raw(sz[[i]]), charToRaw(self$label[[i]]))
}
c(out, as.raw(0x00))
},
parse = function(buf, buf_pos) {
}
)
) -> DNSLabel

+ 51
- 0
R/DNSQuestion-class.R View File

@ -0,0 +1,51 @@
R6Class(
classname = "DNSQuestion",
public = list(
qname = NULL,
qtype = NULL,
qclass = NULL,
initialize = function(qname = NULL, qtype = 1L, qclass = 1L) {
if (inherits(qname, "DNSLabel")) {
self$qname <- qname
} else {
if (length(qname)) self$qname <- DNSLabel$new(qname)
}
self$qtype <- qtype
self$qclass <- qclass
},
pack = function() {
c(
self$qname$encode(),
writeBin(as.integer(self$qtype), raw(), size = 2, endian = "big"),
writeBin(as.integer(self$qclass), raw(), size = 2, endian = "big")
)
},
parse = function(buf, buf_pos = 1L) {
ret <- DNSLabel$new()$parse(buf, buf_pos)
self$qname <- ret
buf_pos <- buf_pos + attr(ret, "buflen")
self$qtype <- readBin(buf[buf_pos:(buf_pos+1)], "int", size = 2, endian = "big")
self$qclass <- readBin(buf[(buf_pos+2):(buf_pos+3)], "int", size = 2, endian = "big")
attr(self, "buflen") <- attr(ret, "buflen") + 4L
self
}
)
) -> DNSQuestion

+ 90
- 0
R/DNSRecord-class.R View File

@ -0,0 +1,90 @@
R6Class(
classname = "DNSRecord",
public = list(
header = NULL,
questions = list(),
rr = list(),
auth = list(),
ar = list(),
initialize = function(header = NULL, questions = NULL,
rr = NULL, q = NULL, a = NULL,
auth = NULL, ar = NULL) {
self$header <- header %||% DNSHeader$new()
self$questions <- questions %||% list()
self$rr <- rr %||% list()
self$auth <- auth %||% list()
self$ar <- ar %||% list()
if (length(q)) self$questions <- append(self$questions, q)
if (length(a)) self$rr <- append(self$rr, a)
self$set_header_qa()
},
question = function(qname, qtype = "A", qclass = "IN") {
DNSRecord$new(
q = DNSQuestion$new(
qname = qname,
qtype = .qtype[toupper(qtype)],
qclass = .class[toupper(qclass)]
)
)
},
parse = function(buf, buf_pos = 1L) {
#self$header <- NULL
self$questions <- list()
self$rr <- list()
self$auth <- list()
self$ar <- list()
buf_pos <- 1L
ret <- DNSHeader$new()$parse(buf)
self$header <- ret
buf_pos <- attr(ret, "buflen") + 1L
message(buf_pos)
self$questions <- lapply(1:self$header$q, function(.idx) {
ret <- DNSQuestion$new()$parse(buf, buf_pos)
buf_pos <<- buf_pos + attr(ret, "buflen")
ret
})
self
},
# Reset header q/a/auth/ar counts to match numver of records (normally done transparently)
set_header_qa = function() {
self$header$q <- length(self$questions)
self$header$a <- length(self$rr)
self$header$auth <- length(self$auth)
self$header$ar <- length(self$ar)
},
pack = function() {
out <- self$header$pack()
for (q in self$questions) out <- c(out, q$pack())
out
}
),
private = list(
)
) -> DNSRecord

+ 25
- 0
R/RcppExports.R View File

@ -3,6 +3,7 @@
#' Return gdns library version
#'
#' @family utlity functions
#' @export
gdns_lib_version <- function() {
.Call(`_clandnstine_gdns_lib_version`)
@ -18,6 +19,7 @@ int_gdns_update_resolvers <- function(gctx, resolvers) {
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @param timeout number of milliseconds (integer; i.e. not-fractional)
#' @family context functions
#' @export
gdns_set_timeout <- function(gctx, timeout) {
.Call(`_clandnstine_gdns_set_timeout`, gctx, timeout)
@ -26,6 +28,7 @@ gdns_set_timeout <- function(gctx, timeout) {
#' Retreive the number of milliseconds to wait for request to return
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @family context functions
#' @export
gdns_get_timeout <- function(gctx) {
.Call(`_clandnstine_gdns_get_timeout`, gctx)
@ -37,6 +40,7 @@ gdns_get_timeout <- function(gctx) {
#' @md
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @param flag if `TRUE` (the default) round robin queries when using more than one stub resolver,
#' @family context functions
#' @export
gdns_set_round_robin_upstreams <- function(gctx, flag = TRUE) {
.Call(`_clandnstine_gdns_set_round_robin_upstreams`, gctx, flag)
@ -63,6 +67,7 @@ int_gdns_set_resolution_type <- function(gctx, res_type) {
#' Retreive what transports are used for DNS lookups.
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @family context functions
#' @export
gdns_get_transports <- function(gctx) {
.Call(`_clandnstine_gdns_get_transports`, gctx)
@ -71,6 +76,7 @@ gdns_get_transports <- function(gctx) {
#' Retreive the value of the localnames namespace
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @family context functions
#' @export
gdns_get_hosts <- function(gctx) {
.Call(`_clandnstine_gdns_get_hosts`, gctx)
@ -79,6 +85,7 @@ gdns_get_hosts <- function(gctx) {
#' Retreive the value with which the context's upstream recursive servers and suffixes were initialized
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @family context functions
#' @export
gdns_get_resolvconf <- function(gctx) {
.Call(`_clandnstine_gdns_get_resolvconf`, gctx)
@ -87,6 +94,7 @@ gdns_get_resolvconf <- function(gctx) {
#' Retreive the value with which the context's upstream recursive servers and suffixes were initialized
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @family context functions
#' @export
gdns_get_tls_ca_path <- function(gctx) {
.Call(`_clandnstine_gdns_get_tls_ca_path`, gctx)
@ -95,6 +103,7 @@ gdns_get_tls_ca_path <- function(gctx) {
#' Retreive the file location with CA certificates for verification purposes
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @family context functions
#' @export
gdns_get_tls_ca_file <- function(gctx) {
.Call(`_clandnstine_gdns_get_tls_ca_file`, gctx)
@ -104,6 +113,7 @@ gdns_get_tls_ca_file <- function(gctx) {
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @param ca_path directory with Certificate Authority certificates
#' @family context functions
#' @export
gdns_set_tls_ca_path <- function(gctx, ca_path) {
.Call(`_clandnstine_gdns_set_tls_ca_path`, gctx, ca_path)
@ -113,11 +123,24 @@ gdns_set_tls_ca_path <- function(gctx, ca_path) {
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @param ca_file file with Certificate Authority certificates
#' @family context functions
#' @export
gdns_set_tls_ca_file <- function(gctx, ca_file) {
.Call(`_clandnstine_gdns_set_tls_ca_file`, gctx, ca_file)
}
#' Retrieve the list of addresses in use for looking up top-level domains in use by the context.
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @keywords internal
int_gdns_get_root_servers <- function(gctx) {
.Call(`_clandnstine_int_gdns_get_root_servers`, gctx)
}
int_dns_wire_to_list <- function(buf) {
.Call(`_clandnstine_int_dns_wire_to_list`, buf)
}
#' Test whether an object is an external pointer
#'
#' @param x object to test
@ -144,6 +167,7 @@ int_gdns_context <- function(resolvers) {
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @param host to lookup
#' @family query functions
#' @export
#' @examples
#' x <- gdns_resolver()
@ -165,6 +189,7 @@ int_gdns_query <- function(gctx, name, rr, include_reporting = FALSE) {
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @export
#' @family context functions
#' @examples
#' x <- gdns_context()
#' gdns_get_resolution_type(x)


+ 9
- 1
R/aaa.R View File

@ -89,4 +89,12 @@ ta = 32768,
dlv = 32769
)
rr_types_rev <- set_names(names(rr_types), as.character(rr_types))
rr_types_rev <- set_names(names(rr_types), as.character(rr_types))
httr::user_agent(
sprintf(
"clandnstine package v%s: (<%s>)",
utils::packageVersion("clandnstine"),
utils::packageDescription("clandnstine")$URL
)
) -> .CLANDNSTINE_UA

+ 3
- 1
R/clandnstine-package.R View File

@ -1,4 +1,4 @@
#' Perform Secure-by-default 'DNS' Queries
#' Perform Secure-by-Default 'DNS' Queries
#'
#' Methods are provided to query 'Domain Name System' ('DNS') stub
#' and recursive resolvers for all 'DNS' resource record types using 'UDP',
@ -14,6 +14,8 @@
#' @docType package
#' @author Bob Rudis (bob@@rud.is)
#' @keywords internal
#' @import httr R6
#' @importFrom glue glue_data
#' @importFrom jsonlite fromJSON
#' @useDynLib clandnstine, .registration = TRUE
#' @importFrom Rcpp sourceCpp

+ 98
- 0
R/doh-query.R View File

@ -0,0 +1,98 @@
#' Make a DoH Request (POST/wireformat)
#'
#' Issue a `POST` wireformat query of type `type` for `name` to
#' the DoH endpoint specified at `server_path`.
#'
#' @param name name to query for
#' @param type DNS query type (defaults to "`A`")
#' @param server_path full URL path to the DoH server quer endpoint (defaults to Quad9).
#' @return `NULL` (if the query failed) or a `data.frame` (tibble)
#' @references <https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-05.html>
#' @export
#' @examples
#' doh_post("rud.is", "A")
doh_post <- function(name, type = "A", server_path = "https://dns.quad9.net/dns-query") {
DNSRecord$new()$question(
qname = tolower(name[1]),
qtype = toupper(type[1]),
qclass = "IN"
) -> q
# now, send it off to the server
httr::POST(
url = server_path[1],
httr::add_headers(
`Content-Type` = "application/dns-message",
`Accept` = "application/dns-message"
),
.CLANDNSTINE_UA,
encode = "raw",
body = q$pack()
) -> res
httr::stop_for_status(res)
res <- int_dns_wire_to_list(httr::content(res, as = "raw"))
if (length(res)) {
out <- jsonlite::fromJSON(res)
class(out) <- c("gdns_doh_response", "list")
out
} else {
NULL
}
}
#' Tidy generic
#'
#' @keywords internal
#' @export
#' @param x an object
#' @param ... unused
tidy <- function (x, ...) {
UseMethod("tidy")
}
#' Tidy a DoH POST response
#'
#' @param x a DoH POST response
#' @param ... unused
#' @export
tidy.gdns_doh_response <- function(x, ...) {
rawdat <- x$answer[, c("rdata")]
nr <- colnames(rawdat)
if ("txt_strings" %in% nr) {
vapply(rawdat[["txt_strings"]], function(.x) {
.x
}, FUN.VALUE = character(1)) -> rawdat[["txt_strings"]]
}
lapply(rawdat[["rdata_raw"]], function(.x) {
if (x$question$qtype %in% c(2, 5, 12)) {
charToRaw(.x)
} else {
as.raw(.x)
}
}) -> rawdat[["rdata_raw"]]
cbind.data.frame(
x$answer[, c("name", "class", "type", "ttl")],
rawdat,
stringsAsFactors = FALSE
) -> out
class(out) <- c("tbl_df", "tbl", "data.frame")
out
}

+ 118
- 0
R/globals.R View File

@ -0,0 +1,118 @@
c(
'A' = 1L, 'NS' = 2L, 'CNAME' = 5L, 'SOA' = 6L, 'PTR' = 12L, 'HINFO' = 13L,
'MX' = 15L, 'TXT' = 16L, 'RP' = 17L, 'AFSDB' = 18L, 'SIG' = 24L,
'KEY' = 25L, 'AAAA' = 28L, 'LOC' = 29, 'SRV' = 33L, 'NAPTR' = 35L,
'KX' = 36L, 'CERT' = 37L, 'A6' = 38L, 'DNAME' = 39L, 'OPT' = 41,
'APL' = 42L, 'DS' = 43L, 'SSHFP' = 44L, 'IPSECKEY' = 45L, 'RRSIG' = 46L,
'NSEC' = 47L, 'DNSKEY' = 48L, 'DHCID' = 49L, 'NSEC3' = 50L,
'NSEC3PARAM' = 51L, 'TLSA' = 52L, 'HIP' = 55L, 'CDS' = 59L,
'CDNSKEY' = 60L, 'OPENPGPKEY' = 61L, 'SPF' = 99L, 'TKEY' = 249L,
'TSIG' = 250L, 'IXFR' = 251L, 'AXFR' = 252L, 'ANY' = 255L,
'URI' = 256L, 'CAA' = 257L, 'TA' = 32768L, 'DLV' = 32769L
) -> .qtype
c(
'IN' = 1L,
'CS' = 2L,
'CH' = 3L,
'Hesiod' = 4L,
'None' = 254L,
'*' = 255L
) -> .class
.qr <- c('QUERY' = 0, 'RESPONSE' = 1)
c(
'NOERROR' = 0L,
'FORMERR' = 1L,
'SERVFAIL' = 2L,
'NXDOMAIN' = 3L,
'NOTIMP' = 4L,
'REFUSED' = 5L,
'YXDOMAIN' = 6L,
'YXRRSET' = 7L,
'NXRRSET' = 8L,
'NOTAUTH' = 9L,
'NOTZONE' = 10L
) -> .rcode
c(
'QUERY' = 0L,
'IQUERY' = 1L,
'STATUS' = 2L,
'UPDATE' = 5L
) -> .opcode
#' Built-in list of DoH Servers
#'
#' The `url` element has the URL for `GET`/`POST` requests and
#' the `extra_params` element has any needed query parameters
#' for `GET` requests.
#'
#' The list so far.
#' - `google`: <https://dns.google.com/experimental>
#' - `cloudflare`: <https://cloudflare-dns.com/dns-query>
#' - `quad9`: <https://dns.quad9.net/dns-query>
#' - `securedns_eu`: <https://doh.securedns.eu/dns-query>
#' - `dnswarden_adblock`: <https://doh.dnswarden.com/adblock>
#' - `dnswarden_uncensored`: <https://doh.dnswarden.com/uncensored>
#' - `cleanbrowsing_security`: <https://doh.cleanbrowsing.org/doh/security-filter/>
#' - `cleanbrowsing_family`: <https://doh.cleanbrowsing.org/doh/family-filter/>
#' - `cleanbrowsing_adult`: <https://doh.cleanbrowsing.org/doh/adult-filter/>
#' - `power_dns`: <https://doh.powerdns.org>
#' - `appliedprivacy`: <https://doh.appliedprivacy.net/query>
#'
#' @docType data
#' @export
list(
google = list(
url = "https://dns.google.com/experimental",
extra_params = list()
),
cloudflare = list(
url = "https://cloudflare-dns.com/dns-query",
extra_params = list(
cd = "false",
do = "true",
ct = "application/dns-json"
)
),
quad9 = list(
url = "https://dns.quad9.net/dns-query",
extra_params = list()
),
securedns_eu = list(
url = "https://doh.securedns.eu/dns-query",
extra_params = list(
edns_client_subnet = NULL
)
),
dnswarden_adblock = list(
url = "https://doh.dnswarden.com/adblock",
extra_params = list()
),
dnswarden_uncensored = list(
url = "https://doh.dnswarden.com/uncensored",
extra_params = list()
),
cleanbrowsing_security = list(
url = "https://doh.cleanbrowsing.org/doh/security-filter/",
extra_params = list(cd = "false")
),
cleanbrowsing_family = list(
url = "https://doh.cleanbrowsing.org/doh/family-filter/",
extra_params = list()
),
cleanbrowsing_adult = list(
url = "https://doh.cleanbrowsing.org/doh/adult-filter/",
extra_params = list()
),
power_dns = list(
url = "https://doh.powerdns.org",
extra_params = list()
),
appliedprivacy = list(
url = "https://doh.appliedprivacy.net/query",
extra_params = list()
)
) -> doh_servers

+ 7
- 0
R/is.R View File

@ -0,0 +1,7 @@
#' Test whether an object is a `gctx` context
#'
#' @param x object
#' @export
is_gctx <- function(x) {
inherits(x, "gctx")
}

+ 46
- 19
R/resolver.R View File

@ -6,6 +6,7 @@
#' @param resolvers character vector of valid DNS over TLS resolvers;
#' Defaults to Quad9 (`9.9.9.9`).
#' @export
#' @family query functions
#' @examples
#' x <- gdns_context()
#' x <- gdns_context("1.1.1.1")
@ -19,10 +20,11 @@ gdns_context <- function(resolvers = "9.9.9.9") {
#' maintains a list of DNS over TLS servers.
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @param resolvers character vector of valid DNS over TLS resolvers
#' @family context functions
#' @export
#' @examples
#' x <- gdns_context()
#' x <- gdns_update_resolvers("1.1.1.1")
#' x <- gdns_update_resolvers(x, "1.1.1.1")
gdns_update_resolvers<- function(gctx, resolvers) {
int_gdns_update_resolvers(gctx, resolvers)
}
@ -33,15 +35,27 @@ gdns_update_resolvers<- function(gctx, resolvers) {
#' @param hosts_file path to a valid `hosts` file (e.g. "`/etc/hosts`). This value
#' will be [path.expand()]ed.
#' @export
#' @family context functions
#' @examples
#' x <- gdns_context()
#' x <- gdns_set_hosts(x, "/etc/hosts")
#' gdns_set_hosts(x, "/etc/hosts")
gdns_set_hosts<- function(gctx, hosts_file) {
hosts_file <- path.expand(hosts_file[1])
stopifnot(file.exists(hosts_file))
int_gdns_set_hosts(gctx, hosts_file)
}
#' Retrieve the list of addresses in use for looking up top-level domains in use by the context.
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @export
#' @family context functions
# x <- gdns_context()
# gdns_get_root_servers(x)
gdns_get_root_servers <- function(gctx) {
x <- int_gdns_get_root_servers(gctx);
if (length(x)) jsonlite::fromJSON(x) else NULL
}
#' Arbitrary DNS queries
#'
@ -142,19 +156,26 @@ gdns_set_hosts<- function(gctx, hosts_file) {
#' - `zonemd`
#'
#' @note Local hosts files are ignored when using this `getdns` API endpoint
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @param gctx gdns resolver context created with [gdns_resolver()]. If `NULL` a
#' temporary context will be created but is not ideal since there is overhead
#' associated with context creation and garbage collection.
#' @param name an entity to query for
#' @param rr_type what resource record type do you want to queyr for? See `Details`.
#' @param include_reporting if `TRUE` include debugging information for queries
#' such as the length of time it takes for each query. Default: `FALSE`
#' @references <https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml>
#' @family query functions
#' @export
#' @examples
#' x <- gdns_resolver()
#' gdns_query(x, "example.com")
gdns_query <- function(gctx, name, rr_type = "txt", rr_class = 1L,
gdns_query <- function(gctx = NULL, name, rr_type = "txt", rr_class = 1L,
include_reporting = FALSE) {
if (is.null(gctx)) gctx <- gdns_context()
stopifnot(is_gctx(gctx))
rr_class <- rr_class[1]
if (!rr_class %in% c(1, 3, 4, 254, 255)) rr_class <- 1
@ -171,21 +192,6 @@ gdns_query <- function(gctx, name, rr_type = "txt", rr_class = 1L,
}
list(
`1` = "ipv4_address",
`2` = "nsdname",
`6` = c("expire", "minimum", "mname", "refresh", "retry", "rname", "serial"),
`16` = "txt_strings",
`28` = "ipv6_address",
`43` = c("algorithm", "digest", "digest_type", "key_tag"),
`46` = c(
"algorithm", "key_tag", "labels", "original_ttl", "signature",
"signature_expiration", "signature_inception", "signers_name", "type_covered"
),
`47` = c("next_domain_name", "type_bit_maps"),
`48` = c("algorithm", "flags", "protocol", "public_key")
) -> rr_fields
#' Printer for gdns_response objects
#'
#' @param x a `gdns_response` object
@ -214,6 +220,20 @@ print.gdns_response <- function(x, ...) {
"\n", sep=""
)
},
"2" ={
cat(
"Answer: ",
paste0(ans$rdata$nsdname, collapse=", "),
"\n", sep=""
)
},
"15" = {
cat(
"Answer: \n",
paste0(glue::glue_data(ans$rdata, "{preference} {exchange}"), collapse="\n"),
"\n", sep=""
)
},
"16" = {
rd <- ans$rdata
typs <- ans$type
@ -233,6 +253,13 @@ print.gdns_response <- function(x, ...) {
"\n", sep=""
)
},
"257" = {
cat(
"Answer: \n",
paste0(glue::glue_data(ans$rdata, "{flags} {tag} {value}"), collapse="\n"),
"\n", sep=""
)
},
{
print(str(ans$rdata, give.attr = FALSE))
}


+ 1
- 0
R/set-res-types.R View File

@ -4,6 +4,7 @@
#'
#' @param gctx gdns resolver context created with [gdns_resolver()]
#' @param res_type length 1 character vector of either "`stub`" or "`recursive`"
#' @family context functions
#' @export
#' @examples
#' x <- gdns_context()


+ 24
- 0
R/to-inaddr-arpa.R View File

@ -0,0 +1,24 @@
ipv4_regex <-
"^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
#' Convert a vector of IPv4 addresses to in-addr.arpa format
#'
#' @md
#' @param ipv4 vector of ipv4 addresses
#' @export
to_inaddr_arpa <- function(ipv4) {
ifelse(
test = grepl(ipv4_regex, ipv4),
yes = paste0(
c(
rev(unlist(strsplit(ipv4, ".", 4), use.names = FALSE)),
"in-addr.arpa."
),
sep = "",
collapse = "."
),
no = ipv4
)
}

+ 4
- 0
R/utils-infix-helpers.R View File

@ -0,0 +1,4 @@
`%l0%` <- function(x, y) if (length(x) == 0) y else x
`%||%` <- function(x, y) if (is.null(x)) y else x
`%@%` <- function(x, name) attr(x, name, exact = TRUE)
`%nin%` <- function(x, table) match(x, table, nomatch = 0) == 0

+ 9
- 0
R/utils.R View File

@ -0,0 +1,9 @@
"bits" <- function(object, bit) {
(object %/% (2^bit)) %% 2
}
"bits<-" <- function(object, bit, value) {
mask <- 2^bit
object <- object+(value - ((object %/% mask) %% 2))*mask
object
}

+ 62
- 16
README.Rmd View File

@ -18,7 +18,7 @@ Perform Secure-by-default 'DNS' Queries
## Description
Methods are provided to query 'Domain Name System' ('DNS') stub and recursive resolvers for all 'DNS' resource record types using 'UDP', 'TCP', and/or 'TLS' transport layers. 'DNS' query support is provided by the 'getdns' (<getdnsapi.net>) C library.
Perform and process 'DNS over TLS' and 'DNS over HTTPS' queries.
## NOTE
@ -35,15 +35,15 @@ I've gotten this running on macOS and Ubuntu 16.04. For the latter I had to ensu
## TODO/WAT
I finally grok the getdns api so the package api is going to change wildly and fast. The default mode will be to perform queries using DNS over TLS but support is also provided for UDP and TCP transports and either stub or recursive resolvers.
I finally grok the getdns api so the package api is going to change wildly and fast. The default mode will be to perform queries using DNS over TLS but also supports UDP and TCP transports along with support for DNS over HTTPS.
## Why?
Well, for starters, to help research DNS over TLS servers. Plus, for fun!
Well, for starters, to help research DNS over TLS/DNS over HTTPS servers. Plus, for fun!
If you're asking "Why DNS over TLS at all?" then "faux" privacy. Why "faux"? Well, _something_ is handing your query and that something knows your IP address and what you looked for. So, you're relying on the good faith, honest nature and technical capability of the destination server to not mess with you. I don't trust Cloudflare or Google and am witholding judgement on Quad9 either way (they've been doing good things and are less "look at how cool we are" than CF is).
If you're asking "Why DNS over TLS/HTTPS at all?" then "faux" privacy. Why "faux"? Well, _something_ is handing your query and that something knows your IP address and what you looked for. So, you're relying on the good faith, honest nature and technical capability of the destination server to not mess with you. I don't trust Cloudflare or Google and am witholding judgement on Quad9 either way (they've been doing good things and are less "look at how cool we are" than CF is).
Also "faux" in that you're going to be using a standard port (853) and a TLS session for the queries so your internet provider will know you're doing _something_ and the current, sorry state of SSL certificates, certificate authorities, and authoritarian companies and regimes combined means confidentiality and integrity are always kinda in question unless done super-well.
Also "faux" in that you're going to be using (for DoT) a standard port (853) and a TLS session for the queries so your internet provider will know you're doing _something_ and the current, sorry state of SSL certificates, certificate authorities, and authoritarian companies and regimes combined means confidentiality and integrity are always kinda in question unless done super-well.
## What's Different About This vs Regular DNS?
@ -85,28 +85,42 @@ It's stupid slow, consumes more CPU and bandwidth but forces adversaries to work
The following functions are implemented:
### Utility
- `to_inaddr_arpa`: Convert a vector of IPv4 addresses to in-addr.arpa format
### DNS over HTTPS
- `doh_post`: Make a DoH Request (POST/wireformat)
- `doh_servers`: Built-in list of DoH servers.
- `tidy.gdns_doh_response`: Tidy a DoH POST response
### DNS over TLS
- `gdns_query`: Arbitrary DNS queries
- `gdns_context`: Create a gdns DNS over TLS context and populate it with a resolver for use in resolution functions
- `gdns_get_address`: Resolve a host to an addrss
- `gdns_get_resolution_type`: Get the current resolution type setting
- `gdns_get_resolution_type`: Get the current resolution type setting
- `gdns_get_timeout`: Retreive the number of milliseconds to wait for request to return
- `gdns_get_tls_ca_file`: Retreive the file location with CA certificates for verification purposes
- `gdns_get_tls_ca_path`: Retreive the value with which the context's upstream recursive servers and suffixes were initialized
- `gdns_get_transports`: Retreive what transports are used for DNS lookups.
- `gdns_get_tls_ca_file`: Retreive the file location with CA certificates for verification purposes
- `gdns_get_tls_ca_path`: Retreive the value with which the context's upstream recursive servers and suffixes were initialized
- `gdns_get_transports`: Retreive what transports are used for DNS lookups.
- `gdns_lib_version`: Return gdns library version
- `gdns_query`: Arbitrary DNS queries
- `gdns_set_hosts`: Initialized the context's local names namespace with values from the given hosts file.
- `gdns_set_resolution_type`: Specify whether DNS queries are performed with recursive lookups or as a stub resolver
- `gdns_set_resolution_type`: Specify whether DNS queries are performed with recursive lookups or as a stub resolver
- `gdns_set_round_robin_upstreams`: Set/unset context to round robin queries over the available upstreams when resolving with the stub resolution type.
- `gdns_set_timeout`: Specify the number of milliseconds to wait for request to return
- `gdns_set_tls_ca_file`: Specify the file with CA certificates for verification purposes
- `gdns_set_tls_ca_path`: Specify where the location for CA certificates for verification purposes are located
- `gdns_set_transports`: Specifies what transport(s) is/ar used for DNS lookups
- `gdns_set_tls_ca_file`: Specify the file with CA certificates for verification purposes
- `gdns_set_tls_ca_path`: Specify where the location for CA certificates for verification purposes are located
- `gdns_set_transports`: Specifies what transport(s) is/ar used for DNS lookups
- `gdns_update_resolvers`: Changes the list of resolvers in an already created context for use in resolution functions
## Installation
```{r install-ex, eval=FALSE}
devtools::install_git("https://gitlab.com/hrbrmstr/clandnstine.git")
devtools::install_git("https://git.sr.ht/~hrbrmstr/clandnstine")
# or
devtools::install_gitlab("hrbrmstr/clandnstine.git")
# or
devtools::install_github("hrbrmstr/clandnstine")
```
@ -155,6 +169,38 @@ sort(unlist(leno$replies_tree$answer[[1]]$rdata$txt_strings))
Yep. Advertising even in DNS `TXT` records (see item number 8).
### DOH
```{r doh}
str(doh_post("rud.is")$answer)
```
```{r doh2}
a <- doh_post("apple.com", "A")
tidy(a)
aaaa <- doh_post("rud.is", "AAAA")
tidy(aaaa)
mx <- doh_post("rud.is", "MX")
tidy(mx)
txt <- doh_post("lenovo.com", "TXT")
tidy(txt)
cname <- doh_post("dataassurance.pwc.com", "CNAME")
tidy(cname)
ns <- doh_post("rud.is", "NS")
tidy(ns)
soa <- doh_post("rud.is", "SOA")
tidy(soa)
ptr <- doh_post(to_inaddr_arpa("104.244.13.104"), "PTR")
tidy(ptr)
```
## clandnstine Metrics
```{r cloc, echo=FALSE}
@ -164,4 +210,4 @@ cloc::cloc_pkg_md()
## Code of Conduct
Please note that this project is released with a [Contributor Code of Conduct](CONDUCT.md).
By participating in this project you agree to abide by its terms.
By participating in this project you agree to abide by its terms.

+ 159
- 40
README.md View File

@ -11,10 +11,7 @@ Perform Secure-by-default ‘DNS’ Queries
## Description
Methods are provided to query ‘Domain Name System’ (‘DNS’) stub and
recursive resolvers for all ‘DNS’ resource record types using ‘UDP’,
‘TCP’, and/or ‘TLS’ transport layers. ‘DNS’ query support is provided
by the ‘getdns’ (\<getdnsapi.net\>) C library.
Perform and process ‘DNS over TLS’ and ‘DNS over HTTPS’ queries.
## NOTE
@ -39,34 +36,33 @@ extract it and `config`/`make`/`make install` (plus `ldconfig` after).
I finally grok the getdns api so the package api is going to change
wildly and fast. The default mode will be to perform queries using DNS
over TLS but support is also provided for UDP and TCP transports and
either stub or recursive resolvers.
over TLS but also supports UDP and TCP transports along with support for
DNS over HTTPS.
## Why?
Well, for starters, to help research DNS over TLS servers. Plus, for
fun\!
Well, for starters, to help research DNS over TLS/DNS over HTTPS
servers. Plus, for fun\!
If you’re asking “Why DNS over TLS at all?” then “faux” privacy. Why
“faux”? Well, *something* is handing your query and that something
If you’re asking “Why DNS over TLS/HTTPS at all?” then “faux” privacy.
Why “faux”? Well, *something* is handing your query and that something
knows your IP address and what you looked for. So, you’re relying on the
good faith, honest nature and technical capability of the destination
server to not mess with you. I don’t trust Cloudflare or Google and am
witholding judgement on Quad9 either way (they’ve been doing good things
and are less “look at how cool we are” than CF is).
Also “faux” in that you’re going to be using a standard port (853) and a
TLS session for the queries so your internet provider will know you’re
doing *something* and the current, sorry state of SSL certificates,
certificate authorities, and authoritarian companies and regimes
combined means confidentiality and integrity are always kinda in
Also “faux” in that you’re going to be using (for DoT) a standard port
(853) and a TLS session for the queries so your internet provider will
know you’re doing *something* and the current, sorry state of SSL
certificates, certificate authorities, and authoritarian companies and
regimes combined means confidentiality and integrity are always kinda in
question unless done super-well.
## What’s Different About This vs Regular DNS?
Well, if we lookup the addresses for `yahoo.com` the old-fashioned way
it’s cleartext UDP on the
wire:
it’s cleartext UDP on the wire:
1 0.000000 10.1.10.57 → 10.1.10.200 DNS 80 Standard query 0x8af8 A yahoo.com OPT
2 0.003297 10.1.10.200 → 10.1.10.57 DNS 176 Standard query response 0x8af8 A yahoo.com A 72.30.35.10 A 98.138.219.231 A 72.30.35.9 A 98.137.246.7 A 98.138.219.232 A 98.137.246.8 OPT
@ -79,8 +75,7 @@ server forwards all queries to a custom DNS over TLS server since I
really don’t trust any of the providers when it comes down to it. So, in
reality for me, it’s even slower than the below — at least initially).
This is the same query via DNS over
TLS
This is the same query via DNS over TLS
```
1 0.000000 10.1.10.57 → 9.9.9.9 TCP 78 52128 → 853 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=64 TSval=602885491 TSecr=0 SACK_PERM=1 TFO=R
@ -114,6 +109,20 @@ to work pretty hard to try to figure out what you’re looking for.
The following functions are implemented:
### Utility
- `to_inaddr_arpa`: Convert a vector of IPv4 addresses to in-addr.arpa
format
### DNS over HTTPS
- `doh_post`: Make a DoH Request (POST/wireformat)
- `doh_servers`: Built-in list of DoH servers.
- `tidy.gdns_doh_response`: Tidy a DoH POST response
### DNS over TLS
- `gdns_query`: Arbitrary DNS queries
- `gdns_context`: Create a gdns DNS over TLS context and populate it
with a resolver for use in resolution functions
- `gdns_get_address`: Resolve a host to an addrss
@ -127,7 +136,6 @@ The following functions are implemented:
- `gdns_get_transports`: Retreive what transports are used for DNS
lookups.
- `gdns_lib_version`: Return gdns library version
- `gdns_query`: Arbitrary DNS queries
- `gdns_set_hosts`: Initialized the context’s local names namespace
with values from the given hosts file.
- `gdns_set_resolution_type`: Specify whether DNS queries are
@ -149,7 +157,9 @@ The following functions are implemented:
## Installation
``` r
devtools::install_git("https://gitlab.com/hrbrmstr/clandnstine.git")
devtools::install_git("https://git.sr.ht/~hrbrmstr/clandnstine")
# or
devtools::install_gitlab("hrbrmstr/clandnstine.git")
# or
devtools::install_github("hrbrmstr/clandnstine")
```
@ -161,7 +171,7 @@ library(clandnstine)
# current version
packageVersion("clandnstine")
## [1] '0.1.0'
## [1] '0.2.0'
```
### Get an address(es) from a name:
@ -189,12 +199,12 @@ gdns_lib_version()
## <gdns v1.5.1 resolver context; resolvers: [1.1.1.1]; timeout: 2,000 ms; lookup transport(s): [udp, tls, tcp]; resolution type: stub>
(gdns_get_address(x, "rud.is"))
## [1] "2604:a880:800:10::6bc:2001" "104.236.112.222"
## [1] "2602:ff16:3::4dfb:9ac5" "172.93.49.183"
(gdns_get_address(x, "yahoo.com"))
## [1] "2001:4998:44:41d::4" "2001:4998:58:1836::10" "2001:4998:58:1836::11" "2001:4998:c:1023::4"
## [5] "2001:4998:c:1023::5" "2001:4998:44:41d::3" "98.137.246.8" "98.138.219.231"
## [9] "98.138.219.232" "72.30.35.9" "72.30.35.10" "98.137.246.7"
## [5] "2001:4998:c:1023::5" "2001:4998:44:41d::3" "98.138.219.231" "98.138.219.232"
## [9] "72.30.35.9" "72.30.35.10" "98.137.246.7" "98.137.246.8"
(gdns_get_address(x, "yahoo.commmm"))
## character(0)
@ -207,35 +217,144 @@ str(leno <- gdns_query(x, "lenovo.com", "txt"), 1)
## List of 5
## $ answer_type : int 800
## $ canonical_name: chr "lenovo.com."
## $ replies_full : int [1, 1:600] 192 224 129 128 0 1 0 8 0 0 ...
## $ replies_full : int [1, 1:762] 81 128 129 128 0 1 0 10 0 0 ...
## $ replies_tree :'data.frame': 1 obs. of 7 variables:
## $ status : int 900
## - attr(*, "class")= chr [1:2] "gdns_response" "list"
sort(unlist(leno$replies_tree$answer[[1]]$rdata$txt_strings))
## [1] "a82c74b37aa84e7c8580f0e32f4d795d"
## [2] "ece42d7743c84d6889abda7011fe6f53"
## [3] "facebook-domain-verification=1r2am7c2bhzrxpqyt0mda0djoquqsi"
## [4] "google-site-verification=VxW_e6r_Ka7A518qfX2MmIMHGnkpGbnACsjSxKFCBw0"
## [5] "iHzQJvsKnyGP2Nm2qBgL3fyBJ0CC9z4GkY/flfk4EzLP8lPxWHDDPKqZWm1TkeF5kEIL+NotYOF1wo7JtUDXXw=="
## [6] "qh7hdmqm4lzs85p704d6wsybgrpsly0j"
## [7] "v=spf1 include:spf.messagelabs.com include:_netblocks.eloqua.com ~all"
## [8] "Visit www.lenovo.com/think for information about Lenovo products and services"
## [1] "a82c74b37aa84e7c8580f0e32f4d795d"
## [2] "ece42d7743c84d6889abda7011fe6f53"
## [3] "facebook-domain-verification=1r2am7c2bhzrxpqyt0mda0djoquqsi"
## [4] "google-site-verification=nGgukcp60rC-gFxMOJw1NHH0B4VnSchRrlfWV-He_tE"
## [5] "google-site-verification=sHIlSlj0U6UnCDkfHp1AolWgVEvDjWvc0TR4KaysD2c"
## [6] "google-site-verification=VxW_e6r_Ka7A518qfX2MmIMHGnkpGbnACsjSxKFCBw0"
## [7] "iHzQJvsKnyGP2Nm2qBgL3fyBJ0CC9z4GkY/flfk4EzLP8lPxWHDDPKqZWm1TkeF5kEIL+NotYOF1wo7JtUDXXw=="
## [8] "qh7hdmqm4lzs85p704d6wsybgrpsly0j"
## [9] "v=spf1 include:spf.messagelabs.com include:_netblocks.eloqua.com ~all"
## [10] "Visit www.lenovo.com/think for information about Lenovo products and services"
```
Yep. Advertising even in DNS `TXT` records (see item number
8).
Yep. Advertising even in DNS `TXT` records (see item number 8).
### DOH
``` r
str(doh_post("rud.is")$answer)
## 'data.frame': 1 obs. of 5 variables:
## $ class: int 1
## $ name : chr "rud.is."
## $ rdata:'data.frame': 1 obs. of 2 variables:
## ..$ ipv4_address: chr "172.93.49.183"
## ..$ rdata_raw :List of 1
## .. ..$ : int 172 93 49 183
## $ ttl : int 685
## $ type : int 1
```
``` r
a <- doh_post("apple.com", "A")
tidy(a)
## name class type ttl ipv4_address rdata_raw
## 1 apple.com. 1 1 738 17.142.160.59 11, 8e, a0, 3b
## 2 apple.com. 1 1 738 17.178.96.59 11, b2, 60, 3b
## 3 apple.com. 1 1 738 17.172.224.47 11, ac, e0, 2f
aaaa <- doh_post("rud.is", "AAAA")
tidy(aaaa)
## name class type ttl ipv6_address rdata_raw
## 1 rud.is. 1 28 43200 2602:ff16:3::4dfb:9ac5 26, 02, ff, 16, 00, 03, 00, 00, 00, 00, 00, 00, 4d, fb, 9a, c5
mx <- doh_post("rud.is", "MX")
tidy(mx)
## name class type ttl exchange preference
## 1 rud.is. 1 15 43200 alt2.aspmx.l.google.com. 30
## 2 rud.is. 1 15 43200 aspmx.l.google.com. 10
## 3 rud.is. 1 15 43200 aspmx2.googlemail.com. 40
## 4 rud.is. 1 15 43200 alt1.aspmx.l.google.com. 20
## rdata_raw
## 1 00, 1e, 04, 61, 6c, 74, 32, 05, 61, 73, 70, 6d, 78, 01, 6c, 06, 67, 6f, 6f, 67, 6c, 65, 03, 63, 6f, 6d, 00
## 2 00, 0a, 05, 61, 73, 70, 6d, 78, 01, 6c, 06, 67, 6f, 6f, 67, 6c, 65, 03, 63, 6f, 6d, 00
## 3 00, 28, 06, 61, 73, 70, 6d, 78, 32, 0a, 67, 6f, 6f, 67, 6c, 65, 6d, 61, 69, 6c, 03, 63, 6f, 6d, 00
## 4 00, 14, 04, 61, 6c, 74, 31, 05, 61, 73, 70, 6d, 78, 01, 6c, 06, 67, 6f, 6f, 67, 6c, 65, 03, 63, 6f, 6d, 00
txt <- doh_post("lenovo.com", "TXT")
tidy(txt)
## name class type ttl
## 1 lenovo.com. 1 16 4990
## 2 lenovo.com. 1 16 4990
## 3 lenovo.com. 1 16 4990
## 4 lenovo.com. 1 16 4990
## 5 lenovo.com. 1 16 4990
## 6 lenovo.com. 1 16 4990
## 7 lenovo.com. 1 16 4990
## 8 lenovo.com. 1 16 4990
## 9 lenovo.com. 1 16 4990
## 10 lenovo.com. 1 16 4990
## rdata_raw
## 1 44, 67, 6f, 6f, 67, 6c, 65, 2d, 73, 69, 74, 65, 2d, 76, 65, 72, 69, 66, 69, 63, 61, 74, 69, 6f, 6e, 3d, 73, 48, 49, 6c, 53, 6c, 6a, 30, 55, 36, 55, 6e, 43, 44, 6b, 66, 48, 70, 31, 41, 6f, 6c, 57, 67, 56, 45, 76, 44, 6a, 57, 76, 63, 30, 54, 52, 34, 4b, 61, 79, 73, 44, 32, 63
## 2 44, 67, 6f, 6f, 67, 6c, 65, 2d, 73, 69, 74, 65, 2d, 76, 65, 72, 69, 66, 69, 63, 61, 74, 69, 6f, 6e, 3d, 56, 78, 57, 5f, 65, 36, 72, 5f, 4b, 61, 37, 41, 35, 31, 38, 71, 66, 58, 32, 4d, 6d, 49, 4d, 48, 47, 6e, 6b, 70, 47, 62, 6e, 41, 43, 73, 6a, 53, 78, 4b, 46, 43, 42, 77, 30
## 3 45, 76, 3d, 73, 70, 66, 31, 20, 69, 6e, 63, 6c, 75, 64, 65, 3a, 73, 70, 66, 2e, 6d, 65, 73, 73, 61, 67, 65, 6c, 61, 62, 73, 2e, 63, 6f, 6d, 20, 69, 6e, 63, 6c, 75, 64, 65, 3a, 5f, 6e, 65, 74, 62, 6c, 6f, 63, 6b, 73, 2e, 65, 6c, 6f, 71, 75, 61, 2e, 63, 6f, 6d, 20, 7e, 61, 6c, 6c
## 4 58, 69, 48, 7a, 51, 4a, 76, 73, 4b, 6e, 79, 47, 50, 32, 4e, 6d, 32, 71, 42, 67, 4c, 33, 66, 79, 42, 4a, 30, 43, 43, 39, 7a, 34, 47, 6b, 59, 2f, 66, 6c, 66, 6b, 34, 45, 7a, 4c, 50, 38, 6c, 50, 78, 57, 48, 44, 44, 50, 4b, 71, 5a, 57, 6d, 31, 54, 6b, 65, 46, 35, 6b, 45, 49, 4c, 2b, 4e, 6f, 74, 59, 4f, 46, 31, 77, 6f, 37, 4a, 74, 55, 44, 58, 58, 77, 3d, 3d
## 5 20, 71, 68, 37, 68, 64, 6d, 71, 6d, 34, 6c, 7a, 73, 38, 35, 70, 37, 30, 34, 64, 36, 77, 73, 79, 62, 67, 72, 70, 73, 6c, 79, 30, 6a
## 6 20, 65, 63, 65, 34, 32, 64, 37, 37, 34, 33, 63, 38, 34, 64, 36, 38, 38, 39, 61, 62, 64, 61, 37, 30, 31, 31, 66, 65, 36, 66, 35, 33
## 7 4d, 56, 69, 73, 69, 74, 20, 77, 77, 77, 2e, 6c, 65, 6e, 6f, 76, 6f, 2e, 63, 6f, 6d, 2f, 74, 68, 69, 6e, 6b, 20, 66, 6f, 72, 20, 69, 6e, 66, 6f, 72, 6d, 61, 74, 69, 6f, 6e, 20, 61, 62, 6f, 75, 74, 20, 4c, 65, 6e, 6f, 76, 6f, 20, 70, 72, 6f, 64, 75, 63, 74, 73, 20, 61, 6e, 64, 20, 73, 65, 72, 76, 69, 63, 65, 73
## 8 44, 67, 6f, 6f, 67, 6c, 65, 2d, 73, 69, 74, 65, 2d, 76, 65, 72, 69, 66, 69, 63, 61, 74, 69, 6f, 6e, 3d, 6e, 47, 67, 75, 6b, 63, 70, 36, 30, 72, 43, 2d, 67, 46, 78, 4d, 4f, 4a, 77, 31, 4e, 48, 48, 30, 42, 34, 56, 6e, 53, 63, 68, 52, 72, 6c, 66, 57, 56, 2d, 48, 65, 5f, 74, 45
## 9 3b, 66, 61, 63, 65, 62, 6f, 6f, 6b, 2d, 64, 6f, 6d, 61, 69, 6e, 2d, 76, 65, 72, 69, 66, 69, 63, 61, 74, 69, 6f, 6e, 3d, 31, 72, 32, 61, 6d, 37, 63, 32, 62, 68, 7a, 72, 78, 70, 71, 79, 74, 30, 6d, 64, 61, 30, 64, 6a, 6f, 71, 75, 71, 73, 69
## 10 20, 61, 38, 32, 63, 37, 34, 62, 33, 37, 61, 61, 38, 34, 65, 37, 63, 38, 35, 38, 30, 66, 30, 65, 33, 32, 66, 34, 64, 37, 39, 35, 64
## txt_strings
## 1 google-site-verification=sHIlSlj0U6UnCDkfHp1AolWgVEvDjWvc0TR4KaysD2c
## 2 google-site-verification=VxW_e6r_Ka7A518qfX2MmIMHGnkpGbnACsjSxKFCBw0
## 3 v=spf1 include:spf.messagelabs.com include:_netblocks.eloqua.com ~all
## 4 iHzQJvsKnyGP2Nm2qBgL3fyBJ0CC9z4GkY/flfk4EzLP8lPxWHDDPKqZWm1TkeF5kEIL+NotYOF1wo7JtUDXXw==
## 5 qh7hdmqm4lzs85p704d6wsybgrpsly0j
## 6 ece42d7743c84d6889abda7011fe6f53
## 7 Visit www.lenovo.com/think for information about Lenovo products and services
## 8 google-site-verification=nGgukcp60rC-gFxMOJw1NHH0B4VnSchRrlfWV-He_tE
## 9 facebook-domain-verification=1r2am7c2bhzrxpqyt0mda0djoquqsi
## 10 a82c74b37aa84e7c8580f0e32f4d795d
cname <- doh_post("dataassurance.pwc.com", "CNAME")
tidy(cname)
## name class type ttl cname
## 1 dataassurance.pwc.com. 1 5 1346 f6759d2.x.incapdns.net.
## rdata_raw
## 1 66, 36, 37, 35, 39, 64, 32, 2e, 78, 2e, 69, 6e, 63, 61, 70, 64, 6e, 73, 2e, 6e, 65, 74, 2e
ns <- doh_post("rud.is", "NS")
tidy(ns)
## name class type ttl nsdname rdata_raw
## 1 rud.is. 1 2 43200 dns.mwebdns.eu. 64, 6e, 73, 2e, 6d, 77, 65, 62, 64, 6e, 73, 2e, 65, 75, 2e
## 2 rud.is. 1 2 43200 dns.mwebdns.de. 64, 6e, 73, 2e, 6d, 77, 65, 62, 64, 6e, 73, 2e, 64, 65, 2e
## 3 rud.is. 1 2 43200 dns.mwebdns.net. 64, 6e, 73, 2e, 6d, 77, 65, 62, 64, 6e, 73, 2e, 6e, 65, 74, 2e
soa <- doh_post("rud.is", "SOA")
tidy(soa)
## name class type ttl expire minimum mname
## 1 rud.is. 1 6 43200 604800 86400 dns.mwebdns.de.
## rdata_raw
## 1 03, 64, 6e, 73, 07, 6d, 77, 65, 62, 64, 6e, 73, 02, 64, 65, 00, 0a, 68, 6f, 73, 74, 6d, 61, 73, 74, 65, 72, 0a, 6d, 61, 6e, 64, 6f, 72, 61, 77, 65, 62, 02, 64, 65, 00, 77, ce, 5b, f3, 00, 00, 2a, 30, 00, 00, 0e, 10, 00, 09, 3a, 80, 00, 01, 51, 80
## refresh retry rname serial
## 1 10800 3600 hostmaster.mandoraweb.de. 2010012659
ptr <- doh_post(to_inaddr_arpa("104.244.13.104"), "PTR")
tidy(ptr)
## name class type ttl ptrdname
## 1 104.13.244.104.in-addr.arpa. 1 12 43200 archive.farsightsecurity.com.
## rdata_raw
## 1 61, 72, 63, 68, 69, 76, 65, 2e, 66, 61, 72, 73, 69, 67, 68, 74, 73, 65, 63, 75, 72, 69, 74, 79, 2e, 63, 6f, 6d, 2e
```
## clandnstine Metrics
| Lang | \# Files | (%) | LoC | (%) | Blank lines | (%) | \# Lines | (%) |
| :--- | -------: | ---: | --: | ---: | ----------: | ---: | -------: | ---: |
| C++ | 3 | 0.21 | 608 | 0.65 | 196 | 0.62 | 138 | 0.27 |
| R | 10 | 0.71 | 306 | 0.33 | 68 | 0.22 | 283 | 0.55 |
| Rmd | 1 | 0.07 | 19 | 0.02 | 51 | 0.16 | 97 | 0.19 |
| R | 20 | 0.80 | 686 | 0.49 | 188 | 0.40 | 370 | 0.58 |
| C++ | 4 | 0.16 | 681 | 0.49 | 220 | 0.46 | 163 | 0.25 |
| Rmd | 1 | 0.04 | 37 | 0.03 | 66 | 0.14 | 110 | 0.17 |
## Code of Conduct
Please note that this project is released with a [Contributor Code of
Conduct](CONDUCT.md). By participating in this project you agree to
abide by its terms.
abide by its terms.

+ 1
- 1
man/clandnstine.Rd View File

@ -4,7 +4,7 @@
\name{clandnstine}
\alias{clandnstine}
\alias{clandnstine-package}
\title{Perform Secure-by-default 'DNS' Queries}
\title{Perform Secure-by-Default 'DNS' Queries}
\description{
Methods are provided to query 'Domain Name System' ('DNS') stub
and recursive resolvers for all 'DNS' resource record types using 'UDP',


+ 29
- 0
man/doh_post.Rd View File

@ -0,0 +1,29 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/doh-query.R
\name{doh_post}
\alias{doh_post}
\title{Make a DoH Request (POST/wireformat)}
\usage{
doh_post(name, type = "A",
server_path = "https://dns.quad9.net/dns-query")
}
\arguments{
\item{name}{name to query for}
\item{type}{DNS query type (defaults to "\code{A}")}
\item{server_path}{full URL path to the DoH server quer endpoint (defaults to Quad9).}
}
\value{
\code{NULL} (if the query failed) or a \code{data.frame} (tibble)
}
\description{
Issue a \code{POST} wireformat query of type \code{type} for \code{name} to
the DoH endpoint specified at \code{server_path}.
}
\examples{
doh_post("rud.is", "A")
}
\references{
\url{https://tools.ietf.org/id/draft-ietf-doh-dns-over-https-05.html}
}

+ 32
- 0
man/doh_servers.Rd View File

@ -0,0 +1,32 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/globals.R
\docType{data}
\name{doh_servers}
\alias{doh_servers}
\title{Built-in list of DoH Servers}
\format{An object of class \code{list} of length 11.}
\usage{
doh_servers
}
\description{
The \code{url} element has the URL for \code{GET}/\code{POST} requests and
the \code{extra_params} element has any needed query parameters
for \code{GET} requests.
}
\details{
The list so far.
\itemize{
\item \code{google}: \url{https://dns.google.com/experimental}
\item \code{cloudflare}: \url{https://cloudflare-dns.com/dns-query}
\item \code{quad9}: \url{https://dns.quad9.net/dns-query}
\item \code{securedns_eu}: \url{https://doh.securedns.eu/dns-query}
\item \code{dnswarden_adblock}: \url{https://doh.dnswarden.com/adblock}
\item \code{dnswarden_uncensored}: \url{https://doh.dnswarden.com/uncensored}
\item \code{cleanbrowsing_security}: \url{https://doh.cleanbrowsing.org/doh/security-filter/}
\item \code{cleanbrowsing_family}: \url{https://doh.cleanbrowsing.org/doh/family-filter/}
\item \code{cleanbrowsing_adult}: \url{https://doh.cleanbrowsing.org/doh/adult-filter/}
\item \code{power_dns}: \url{https://doh.powerdns.org}
\item \code{appliedprivacy}: \url{https://doh.appliedprivacy.net/query}
}
}
\keyword{datasets}

+ 5
- 0
man/gdns_context.Rd View File

@ -23,3 +23,8 @@ maintains a list of DNS over TLS servers.
x <- gdns_context()
x <- gdns_context("1.1.1.1")
}
\seealso{
Other query functions: \code{\link{gdns_get_address}},
\code{\link{gdns_query}}
}
\concept{query functions}

+ 5
- 0
man/gdns_get_address.Rd View File

@ -19,3 +19,8 @@ x <- gdns_resolver()
gdns_get_address(x, "yahoo.com")
x \%>\% gdns_get_address("yahoo.com")
}
\seealso{
Other query functions: \code{\link{gdns_context}},
\code{\link{gdns_query}}
}
\concept{query functions}

+ 17
- 0
man/gdns_get_hosts.Rd View File

@ -12,3 +12,20 @@ gdns_get_hosts(gctx)
\description{
Retreive the value of the localnames namespace
}
\seealso{
Other context functions: \code{\link{gdns_get_resolution_type}},
\code{\link{gdns_get_resolvconf}},
\code{\link{gdns_get_root_servers}},
\code{\link{gdns_get_timeout}},
\code{\link{gdns_get_tls_ca_file}},
\code{\link{gdns_get_tls_ca_path}},
\code{\link{gdns_get_transports}},
\code{\link{gdns_set_hosts}},
\code{\link{gdns_set_resolution_type}},
\code{\link{gdns_set_round_robin_upstreams}},
\code{\link{gdns_set_timeout}},
\code{\link{gdns_set_tls_ca_file}},
\code{\link{gdns_set_tls_ca_path}},
\code{\link{gdns_update_resolvers}}
}
\concept{context functions}

+ 17
- 0
man/gdns_get_resolution_type.Rd View File

@ -16,3 +16,20 @@ Get the current resolution type setting
x <- gdns_context()
gdns_get_resolution_type(x)
}
\seealso{
Other context functions: \code{\link{gdns_get_hosts}},
\code{\link{gdns_get_resolvconf}},
\code{\link{gdns_get_root_servers}},
\code{\link{gdns_get_timeout}},
\code{\link{gdns_get_tls_ca_file}},
\code{\link{gdns_get_tls_ca_path}},
\code{\link{gdns_get_transports}},
\code{\link{gdns_set_hosts}},
\code{\link{gdns_set_resolution_type}},
\code{\link{gdns_set_round_robin_upstreams}},
\code{\link{gdns_set_timeout}},
\code{\link{gdns_set_tls_ca_file}},
\code{\link{gdns_set_tls_ca_path}},
\code{\link{gdns_update_resolvers}}
}
\concept{context functions}

+ 17
- 0
man/gdns_get_resolvconf.Rd View File

@ -12,3 +12,20 @@ gdns_get_resolvconf(gctx)
\description{
Retreive the value with which the context's upstream recursive servers and suffixes were initialized
}
\seealso{
Other context functions: \code{\link{gdns_get_hosts}},
\code{\link{gdns_get_resolution_type}},
\code{\link{gdns_get_root_servers}},
\code{\link{gdns_get_timeout}},
\code{\link{gdns_get_tls_ca_file}},
\code{\link{gdns_get_tls_ca_path}},
\code{\link{gdns_get_transports}},
\code{\link{gdns_set_hosts}},
\code{\link{gdns_set_resolution_type}},
\code{\link{gdns_set_round_robin_upstreams}},
\code{\link{gdns_set_timeout}},
\code{\link{gdns_set_tls_ca_file}},
\code{\link{gdns_set_tls_ca_path}},
\code{\link{gdns_update_resolvers}}
}
\concept{context functions}

+ 31
- 0
man/gdns_get_root_servers.Rd View File

@ -0,0 +1,31 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/resolver.R
\name{gdns_get_root_servers}
\alias{gdns_get_root_servers}
\title{Retrieve the list of addresses in use for looking up top-level domains in use by the context.}
\usage{
gdns_get_root_servers(gctx)
}
\arguments{
\item{gctx}{gdns resolver context created with \code{\link[=gdns_resolver]{gdns_resolver()}}}
}
\description{
Retrieve the list of addresses in use for looking up top-level domains in use by the context.
}
\seealso{
Other context functions: \code{\link{gdns_get_hosts}},
\code{\link{gdns_get_resolution_type}},
\code{\link{gdns_get_resolvconf}},
\code{\link{gdns_get_timeout}},
\code{\link{gdns_get_tls_ca_file}},
\code{\link{gdns_get_tls_ca_path}},
\code{\link{gdns_get_transports}},
\code{\link{gdns_set_hosts}},
\code{\link{gdns_set_resolution_type}},
\code{\link{gdns_set_round_robin_upstreams}},
\code{\link{gdns_set_timeout}},
\code{\link{gdns_set_tls_ca_file}},
\code{\link{gdns_set_tls_ca_path}},
\code{\link{gdns_update_resolvers}}
}
\concept{context functions}

+ 17
- 0
man/gdns_get_timeout.Rd View File

@ -12,3 +12,20 @@ gdns_get_timeout(gctx)
\description{
Retreive the number of milliseconds to wait for request to return
}
\seealso{
Other context functions: \code{\link{gdns_get_hosts}},
\code{\link{gdns_get_resolution_type}},
\code{\link{gdns_get_resolvconf}},
\code{\link{gdns_get_root_servers}},
\code{\link{gdns_get_tls_ca_file}},
\code{\link{gdns_get_tls_ca_path}},
\code{\link{gdns_get_transports}},
\code{\link{gdns_set_hosts}},
\code{\link{gdns_set_resolution_type}},
\code{\link{gdns_set_round_robin_upstreams}},
\code{\link{gdns_set_timeout}},
\code{\link{gdns_set_tls_ca_file}},
\code{\link{gdns_set_tls_ca_path}},
\code{\link{gdns_update_resolvers}}
}
\concept{context functions}

+ 17
- 0
man/gdns_get_tls_ca_file.Rd View File

@ -12,3 +12,20 @@ gdns_get_tls_ca_file(gctx)
\description{
Retreive the file location with CA certificates for verification purposes
}
\seealso{
Other context functions: \code{\link{gdns_get_hosts}},
\code{\link{gdns_get_resolution_type}},
\code{\link{gdns_get_resolvconf}},
\code{\link{gdns_get_root_servers}},
\code{\link{gdns_get_timeout}},
\code{\link{gdns_get_tls_ca_path}},
\code{\link{gdns_get_transports}},
\code{\link{gdns_set_hosts}},
\code{\link{gdns_set_resolution_type}},
\code{\link{gdns_set_round_robin_upstreams}},
\code{\link{gdns_set_timeout}},
\code{\link{gdns_set_tls_ca_file}},
\code{\link{gdns_set_tls_ca_path}},
\code{\link{gdns_update_resolvers}}
}
\concept{context functions}

+ 17
- 0
man/gdns_get_tls_ca_path.Rd View File

@ -12,3 +12,20 @@ gdns_get_tls_ca_path(gctx)
\description{
Retreive the value with which the context's upstream recursive servers and suffixes were initialized
}
\seealso{
Other context functions: \code{\link{gdns_get_hosts}},
\code{\link{gdns_get_resolution_type}},
\code{\link{gdns_get_resolvconf}},
\code{\link{gdns_get_root_servers}},
\code{\link{gdns_get_timeout}},
\code{\link{gdns_get_tls_ca_file}},
\code{\link{gdns_get_transports}},
\code{\link{gdns_set_hosts}},
\code{\link{gdns_set_resolution_type}},
\code{\link{gdns_set_round_robin_upstreams}},
\code{\link{gdns_set_timeout}},
\code{\link{gdns_set_tls_ca_file}},
\code{\link{gdns_set_tls_ca_path}},
\code{\link{gdns_update_resolvers}}
}
\concept{context functions}

+ 17
- 0
man/gdns_get_transports.Rd View File

@ -12,3 +12,20 @@ gdns_get_transports(gctx)
\description{
Retreive what transports are used for DNS lookups.
}
\seealso{
Other context functions: \code{\link{gdns_get_hosts}},
\code{\link{gdns_get_resolution_type}},
\code{\link{gdns_get_resolvconf}},
\code{\link{gdns_get_root_servers}},
\code{\link{gdns_get_timeout}},
\code{\link{gdns_get_tls_ca_file}},
\code{\link{gdns_get_tls_ca_path}},
\code{\link{gdns_set_hosts}},
\code{\link{gdns_set_resolution_type}},
\code{\link{gdns_set_round_robin_upstreams}},
\code{\link{gdns_set_timeout}},
\code{\link{gdns_set_tls_ca_file}},
\code{\link{gdns_set_tls_ca_path}},
\code{\link{gdns_update_resolvers}}
}
\concept{context functions}

+ 1
- 0
man/gdns_lib_version.Rd View File

@ -9,3 +9,4 @@ gdns_lib_version()
\description{
Return gdns library version
}
\concept{utlity functions}

+ 9
- 2
man/gdns_query.Rd View File

@ -4,11 +4,13 @@