Name

walldns — an opaque content DNS server using the UDP protocol

Synopsis

walldns

Description

walldns is a content DNS server that speaks the DNS/UDP protocol. It accepts DNS queries from hosts around the Internet, and responds with fixed information. The queries ask about various IP addresses, taking the form of a reverse lookup, to which it supplies generic responses that avoid revealing local host information.

When it starts walldns changes its root to the directory specified by the ROOT environment variable, and drops privileges to run as the user ID and group ID specified by the UID and GID environment variables. The latter can be set up with envuidgid(1).

Normally walldns is run via a server program such as udp-socket-listen to listen for DNS/UDP queries from hosts around the Internet. It understands the LISTEN_PID and LISTEN_FDS environment variable convention for having an already-listening socket passed to it by such a program, and uses the last open file descriptor in the list that refers to a UDP/IPv4 socket. If no such open file descriptor is provided it falls back to opening its own UDP/IPv4 socket, bound to port 53 of the IP address given by the value of the IP environment variable. It does not handle DNS/TCP.

walldns rejects zone-transfer requests, inverse queries, non-Internet-class queries, truncated packets, packets that contain anything other than a single query, query types other than A, PTR, or ANY, and queries for domain names not beneath in-addr.arpa or ip6.arpa.

ANY queries are answered with a single synthesized HINFO resource record set. walldns otherwise answers queries in a fixed form. It does not include any NS or SOA resource records in its responses; and uses TTLs of one week.

walldns creates a bidirectional mapping that maps IP addresses to domain names that map back to those same IP addresses.

  • For IP version 4, reverse lookup domain names take the form d.c.b.a.in-addr.arpa, where a.b.c.d is the IP address being looked up. walldns publishes PTR responses mapping the domain name back to itself. It publishes A responses mapping the domain name to the IP address a.b.c.d.

  • For IP version 6, reverse lookup domain names take the form 5.4.3.2.1.0.z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.ip6.arpa, where abcd:efgh:ijkl:mnop:qrst:uvwx:yz01:2345 is the IP address being looked up. walldns publishes PTR responses mapping the domain name back to itself. It publishes AAAA responses mapping the domain name to the IP address abcd:efgh:ijkl:mnop:qrst:uvwx:yz01:2345.

History

walldns was originally part of Daniel J. Bernstein's djbdns toolset in 2000.

Author

Original code and documentation by Daniel J. Bernstein. Documentation modernizations by Jonathan de Boyne Pollard.