README ¶
Eclipso - High performance DNS daemon
┌─┐┌─┐┬ ┬┌─┐┌─┐┌─┐
├┤ │ │ │├─┘└─┐│ │
└─┘└─┘┴─┘┴┴ └─┘└─┘
v1.0.1
Project objectives
- High performance - Speed wins
- Lightweight - Bloat and large dependencies are not welcome
- Container first - Built to be run as a container with support for Amazon ECS/EKS and Kubernetes
- Ease of use - K.I.S.S
Installation
git clone https://github.com/benduncan/eclipso
cd eclipso
make build
Running eclipso
./bin/eclipso
Zone file storage engines
- Local filesystem (default)
- S3 bucket (Env variable configuration required)
- DynamoDB (Roadmap)
Zone file resync
Given the performance requirements, Eclipso maintains a local hashmap containing the zone file database and does not introduce an external database or additional network latency to DNS domain requests.
Eclipso will monitor the following to live reload zone file changes:
- Local filesystem - Automatically live reload zone files based on filesystem events (add, modified & removed files)
- S3 Bucket Sync - Periodic scheduler to compare the remote S3 bucket to the local zone database
- S3 Bucket events - Roadmap, receive S3 events via SQS/SNS to live changes in the bucket
- DynamoDB Stream - Roadmap, receive a live stream from DynamoDB to sync local state
Environment variables
Configuration of Eclipso is made via environment variables.
Local directory config
ZONE_DIR="config/domains"
S3 configuration
To read configuration files from a specified S3 bucket
AWS_ACCESS_KEY="XXX"
AWS_SECRET_ACCESS_KEY="YYY"
ZONE_DIR="s3://bucket-name"
AWS_REGION="us-west-1"
Optional parameters
S3_SYNC_RETRY="120"
Specify the S3 bucket sync period in seconds (default 60).
Global config
PORT=5353
Run Eclpiso on the specified (UDP) port 5353. Default 53.
ECLIPSO_LOG_IGNORE=1
Disable verbose logging
ECLIPSO_LOG_DEBUG=1
Enable additional debug logs
Zone configuration file
Example configuration file
# Domain configuration file in TOML format.
version = 1.0
# Domain settings
[domain]
domain = "hello_a.net"
created = 2021-05-27T07:32:00Z
modified = 2022-05-27T07:32:00Z
verified = true
active = true
ownerid = 10
# Default settings if not defined in each [[records]]
[defaults]
ttl = 3600
type = 1
class = 1
# Domain entry, one entry per record
# A record for root domain, hello_a.net > 203.100.1.1
[[records]]
domain = ""
address = "203.100.1.1"
# A record for www.hello_a.net > 203.100.1.1
[[records]]
domain = "www."
address = "203.100.1.1"
# A record for host-1.hello_a.net > 203.100.1.2
[[records]]
domain = "host-1."
address = "203.100.1.2"
# A record for host-1.hello_a.net > 203.100.1.3
[[records]]
domain = "host-2."
address = "203.100.1.3"
# MX record for hello_a.net, with MX preference set.
[[records]]
domain = ""
type = 15
preference = 10
address = "host-1.hello_a.net."
# MX record for hello_a.net, with MX preference set.
[[records]]
domain = ""
type = 15
preference = 20
address = "host-2.hello_a.net."
# TXT record to specify SPF record
[[records]]
domain = ""
type = 16
address = "v=spf1 ip:203.100.1.2 ip:203.100.1.3 mx a -all"
# Sample TXT record for google-site-verification
[[records]]
domain = ""
type = 16
address = "google-site-verification=3a13e1788d7a1c3b4602afc083e855de"
To run Eclipso with the sample domain, append the configuration file to ./config/domains/hello_a.net.toml
Run Eclpiso:
ZONE_DIR="./config/domains" ./bin/eclipso
Query the local instance to validate:
$ dig @127.0.0.1 hello_a.net txt
;; QUESTION SECTION:
;hello_a.net. IN TXT
;; ANSWER SECTION:
hello_a.net. 3600 IN TXT "v=spf1 ip:203.100.1.2 ip:203.100.1.3 mx a -all"
hello_a.net. 3600 IN TXT "google-site-verification=3a13e1788d7a1c3b4602afc083e855de"
$ dig @127.0.0.1 hello_a.net mx
; <<>> DiG 9.10.6 <<>> @127.0.0.1 hello_a.net mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43492
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;hello_a.net. IN MX
;; ANSWER SECTION:
hello_a.net. 3600 IN MX 10 host-1.hello_a.net.
hello_a.net. 3600 IN MX 20 host-2.hello_a.net.
Run within docker
Using docker-compose (S3 bucket):
AWS_ACCESS_KEY="X" AWS_SECRET_ACCESS_KEY="Y" ZONE_DIR="s3://my-bucket" AWS_REGION="us-west-1" docker-compose up -d
Standalone docker (filesystem method):
docker run --mount src=~/eclipso/config/domains,target=/config/domains,type=bind -e ZONE_DIR="/config/domains" -p 53:53/udp calacode/eclipso-dns
Run as a standalone daemon
ZONE_DIR=./config/domains ./bin/eclipso
High-level Roadmap
Version 1.0.X:
- DNS server framework
- Filesystem support for zone files
- Filesystem live-reload events
- S3 Bucket support for zone files
- S3 resync period for live-reload
- Implement a hashmap for the local zone database
- Docker support
Immediate roadmap:
- Support additional zone types (SRV)
- DynamoDB support
- DynamoDB stream support
- Improve benchmarking
- Improve CLI flag support and env usage
General roadmap:
- Optimise local hashmap use Net.IP (v4/v6) types
- Additional API daemon to add/delete/update zone files
- Health-check support, change return address if end-point not answering
- DNS resolver option - Raw lookups via root-servers to act as a DNS forwarder
Benchmarking
Install benchstat
to compare multiple benchmarks for a more accurate reading
go get golang.org/x/perf/cmd/benchstat
Next, run the benchmark:
make bench
This will simulate 24 domains (hello_a.net ... hello_z.net) with ~255 sub-domains (host-1 ... host-255) with sample TXT records. The benchmark script will query the local instance each record for benchmarking purposes.
ECLIPSO_LOG_IGNORE=1 go test -bench=. ./pkg/backend -count 5 -benchmem | tee benchmark.out
goos: darwin
goarch: amd64
pkg: github.com/benduncan/eclipso/pkg/backend
cpu: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
BenchmarkDNSQueryA-8 8972 175261 ns/op 3088 B/op 58 allocs/op
BenchmarkDNSQueryA-8 8598 163153 ns/op 3087 B/op 58 allocs/op
BenchmarkDNSQueryA-8 8149 162703 ns/op 3089 B/op 58 allocs/op
BenchmarkDNSQueryA-8 6561 155536 ns/op 3088 B/op 58 allocs/op
BenchmarkDNSQueryA-8 8355 140921 ns/op 3088 B/op 58 allocs/op
BenchmarkDNSQueryTXT-8 7900 145299 ns/op 3682 B/op 68 allocs/op
BenchmarkDNSQueryTXT-8 8028 168382 ns/op 3681 B/op 68 allocs/op
BenchmarkDNSQueryTXT-8 7179 154651 ns/op 3681 B/op 68 allocs/op
BenchmarkDNSQueryTXT-8 7720 204199 ns/op 3680 B/op 68 allocs/op
BenchmarkDNSQueryTXT-8 8929 186801 ns/op 3680 B/op 68 allocs/op
BenchmarkDNSQueryMX-8 7741 174948 ns/op 4049 B/op 76 allocs/op
BenchmarkDNSQueryMX-8 9464 152655 ns/op 4050 B/op 76 allocs/op
BenchmarkDNSQueryMX-8 7480 153643 ns/op 4049 B/op 76 allocs/op
BenchmarkDNSQueryMX-8 6700 181419 ns/op 4049 B/op 76 allocs/op
BenchmarkDNSQueryMX-8 8418 148584 ns/op 4051 B/op 76 allocs/op
PASS
ok github.com/benduncan/eclipso/pkg/backend 31.133s
benchstat benchmark.out
name time/op
DNSQueryA-8 160µs ±12%
DNSQueryTXT-8 172µs ±19%
DNSQueryMX-8 162µs ±12%
name alloc/op
DNSQueryA-8 3.09kB ± 0%
DNSQueryTXT-8 3.68kB ± 0%
DNSQueryMX-8 4.05kB ± 0%
name allocs/op
DNSQueryA-8 58.0 ± 0%
DNSQueryTXT-8 68.0 ± 0%
DNSQueryMX-8 76.0 ± 0%