Python reimplementation of all-knowing-dns: authoritative DNS server for IPv6 reverse DNS synthesis
Project description
DNS-is-reverse
A Python reimplementation of all-knowing-dns: a tiny authoritative DNS server that synthesizes IPv6 reverse DNS (PTR) and matching forward AAAA records on the fly for SLAAC-style networks, avoiding gigantic zone files.
What it does
DNS-is-reverse answers DNS queries for IPv6 networks by synthesizing responses based on templates:
- PTR queries: For reverse DNS lookups (ip6.arpa), it extracts the host portion of the IPv6 address and generates a hostname using a configurable template
- AAAA queries: For forward DNS lookups, it parses hostnames matching the template and returns the corresponding IPv6 address within the configured network
- Upstream fallback: For PTR queries, it can optionally query an upstream DNS server first before synthesizing locally
Configuration Format
The configuration file uses a simple line-based format:
listen <address>
network <CIDR>
resolves to <template>
with upstream <address> # optional
Example Configuration
# Listen on IPv6 and IPv4
listen ::1
listen 127.0.0.1
# Configure a /64 network
network 2001:4d88:100e:ccc0::/64
resolves to ipv6-%DIGITS%.nutzer.raumzeitlabor.de
with upstream 2001:4860:4860::8888
# Configure a /56 network without upstream
network 2001:db8:100::/56
resolves to host-%DIGITS%.example.com
How %DIGITS% Works
The %DIGITS% placeholder in templates represents the host portion of IPv6 addresses as hexadecimal digits:
- For a
/64network: 64 host bits = 16 hex digits - For a
/56network: 72 host bits = 18 hex digits - For a
/80network: 48 host bits = 12 hex digits
Example for /64 network 2001:4d88:100e:ccc0::/64:
- IPv6 address:
2001:4d88:100e:ccc0:216:eaff:fecb:826 - Host portion:
0216eafffecb0826(16 hex digits, zero-padded) - Template:
ipv6-%DIGITS%.example.com - Generated hostname:
ipv6-0216eafffecb0826.example.com
Upstream Fallback
When a network has with upstream <address> configured:
- For PTR queries, DNS-is-reverse first queries the upstream server for
<original_ptr_qname>.upstream - If the upstream returns a PTR answer, that answer is relayed to the client
- If the upstream returns NXDOMAIN/timeout/no-answer, DNS-is-reverse synthesizes the response locally
- AAAA queries are always synthesized locally (no upstream fallback)
Installation
Native Installation
pip install -e .
Docker Installation
# Using docker-compose (recommended)
docker-compose up --build
# Or build and run manually
docker build -t dns-is-reverse .
docker run -p 53:53/udp -v ./test.conf:/etc/dns-is-reverse.conf:ro dns-is-reverse
Usage
Command Line Options
dns-is-reverse [options]
Options:
--configfile PATH Configuration file path (default: /etc/all-knowing-dns.conf)
--listen ADDRESS Additional listen address (can be used multiple times)
--port PORT Listen port (default: 53)
--querylog Enable query logging to stdout
Running on High Port (Non-root)
For development or non-root usage:
dns-is-reverse --configfile ./test.conf --port 5353 --querylog
Running with Docker
The Docker container runs on port 53 by default:
# Start with docker-compose
docker-compose up
# Or run directly with custom config
docker run -p 53:53/udp -v /path/to/config.conf:/etc/dns-is-reverse.conf:ro dns-is-reverse
Example Configuration File
Create test.conf:
listen ::1
listen 127.0.0.1
network 2001:db8::/64
resolves to test-%DIGITS%.local
network 2001:db8:100::/56
resolves to server-%DIGITS%.example.com
with upstream 8.8.8.8
Testing with dig
# Test AAAA query
dig @::1 -p 5353 test-1234567890abcdef.local AAAA
# Test PTR query
dig @::1 -p 5353 -x 2001:db8::1234:5678:9abc:def0
Supported Network Sizes
DNS-is-reverse works with any IPv6 network size where the host portion is a multiple of 4 bits:
/64networks: 16 hex digits (most common for SLAAC)/56networks: 18 hex digits/48networks: 20 hex digits/80networks: 12 hex digits- etc.
DNS Behavior
- Authoritative: All synthesized responses have the AA (Authoritative Answer) flag set
- TTL: All responses use a 60-second TTL
- Error handling: Returns NXDOMAIN for out-of-network queries or template mismatches
- Malformed queries: Returns FORMERR for unparseable DNS requests
- Query types: Only PTR and AAAA queries are supported; all others return NXDOMAIN
Development
Running Tests
pip install -e ".[dev]"
pytest
Type Checking
mypy dns_is_reverse/
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dns_is_reverse-1.0.0.tar.gz.
File metadata
- Download URL: dns_is_reverse-1.0.0.tar.gz
- Upload date:
- Size: 15.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f32431cf60bc07c308747c7aa120ef315edfc74fcb364111e0717833245cb0c9
|
|
| MD5 |
510a539067bba523ede6ab72b9d0c744
|
|
| BLAKE2b-256 |
04535082c6d287e62bcad8626b2ad9a6756829bd632513562c09aeb6b7ae926f
|
File details
Details for the file dns_is_reverse-1.0.0-py3-none-any.whl.
File metadata
- Download URL: dns_is_reverse-1.0.0-py3-none-any.whl
- Upload date:
- Size: 10.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6c58f900b8932fb813e676d8523868ff2f056613fd9483446ebb866eda94a6ae
|
|
| MD5 |
473ee726a5b42baf33e1dff060664b6f
|
|
| BLAKE2b-256 |
fe9dfa844b2540c9ac6b97459939033843649338d1fabcc9f29f429018e5a42d
|
