Source

QUS /

Filename Size Date modified Message
clients
server
1.9 KB
QUS: Query Update Service
QUS is an authoratative-only DNS server that supports updating records via signed record requests.

Design and implementation by Lokkju Brennr <lokkju@lokkju.com>
Initial concept by Goldy <kyle.kwilliams@gmail.com>


The service will emulate an authoritative only DNS server for a single second level (xxx.tld) domain.
For any subdomain it is configured to handle:
 - if asked for subdomain.xxx.tld, it will return an ip address if it has it.
 - if asked for <encoded_string>.<hash>.<subdomain>.xxx.tld it will attempt
to parse the  encoded_string
  - the encoded_string shall consist of <timestamp>|<ipaddress>|<subdomain> in a modified base32 encoded form
(8 instead of = as the padding char)
    - the signature will be generated as
md5(<timestamp>|<ipaddress>|.<subdomain>|<private_hash>)
      - the private_hash is a shared secret between the service and
the end user.
  - if the encoded string is decoded successfully, and the service
validated the signature hash (constant time sig check), the service will updated it's internal
record of the ip for that <subdomain>, and return the new ip as the
response to the A record request
  - if there is any error, the service will return a record does not exist
  - if the provided ip is 255.255.255.255, the ip will be autodetected by QUS
  
Future ideas include using symmetrical encryption instead of just encoding

BASIC USAGE:
first, initialize your database:
#sqlite3 auth.sqlite < server/init.sql

on your server, run the following for each domain you want to handle:
(for instance: python qus.py adduser test.qus.py thisisasecret 10.0.0.1)
#python qus.py adduser <domain> <key> <ip>

then, start the service:
#python qus.py serve

now, on your client machine, you can use dig to ask for the ip:
#dig @<qus server ip> <domain>

or, you can use qusclient.py to update the ip:
#python qusclient.py -n <nameserver> -d <domain> -k <key> [-p <port>]