{"id":13556256,"url":"https://github.com/mirage/ocaml-dns","last_synced_at":"2025-04-04T15:09:59.342Z","repository":{"id":2193702,"uuid":"3141834","full_name":"mirage/ocaml-dns","owner":"mirage","description":"OCaml implementation of the DNS protocol","archived":false,"fork":false,"pushed_at":"2025-02-21T23:35:15.000Z","size":5374,"stargazers_count":105,"open_issues_count":31,"forks_count":43,"subscribers_count":20,"default_branch":"main","last_synced_at":"2025-03-28T14:09:00.630Z","etag":null,"topics":["dns","mirageos","ocaml","unikernel"],"latest_commit_sha":null,"homepage":"","language":"OCaml","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mirage.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGES.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2012-01-10T01:38:53.000Z","updated_at":"2025-02-21T23:35:20.000Z","dependencies_parsed_at":"2024-08-01T12:33:17.899Z","dependency_job_id":"3610ffb4-bbb3-4584-8543-157735e05c29","html_url":"https://github.com/mirage/ocaml-dns","commit_stats":{"total_commits":1249,"total_committers":35,"mean_commits":35.68571428571428,"dds":0.6357085668534828,"last_synced_commit":"1d73cfa96db7452e52b49804d546fad55154aca8"},"previous_names":[],"tags_count":73,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirage%2Focaml-dns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirage%2Focaml-dns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirage%2Focaml-dns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mirage%2Focaml-dns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mirage","download_url":"https://codeload.github.com/mirage/ocaml-dns/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247198463,"owners_count":20900080,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","mirageos","ocaml","unikernel"],"created_at":"2024-08-01T12:03:43.632Z","updated_at":"2025-04-04T15:09:59.300Z","avatar_url":"https://github.com/mirage.png","language":"OCaml","funding_links":[],"categories":["OCaml","others","Networking"],"sub_categories":[],"readme":"# ocaml-dns - a Domain Name System (DNS) library\n\n(c) 2017-2019 Hannes Mehnert (robur.io, Center for the Cultivation of Technology)\n\n%%VERSION%%\n\nThis library supports most of the domain name system used in the wild.  It\nadheres to strict conventions.  Failing early and hard.  It is mostly\nimplemented in the pure fragment of OCaml (no mutation, isolated IO, no\nexceptions).\n\nIt all started out as an experiment to run a recursive resolver, but after\ninitial prototypes it turned out that every configurable recursive resolver\nneeds a fully-fledged authoritative nameserver as well (for overriding various\nzones such as `.localhost` and reverse lookups of RFC 1918 IP ranges).\n\nLegacy resource record types are not dealt with, and there is no plan to support\n`ISDN`, `MAILA`, `MAILB`, `WKS`, `MB`, `HINFO`, ... .  `AXFR`, `IXFR`,\nand `UPDATE` is only handled via TCP connections.  The only resource class\nsupported is `IN` (the Internet).  Truncated hmac in `TSIG` are not supported\n(always the full length of the hash algorithm is used).\n\nPlease read [the blog article](https://hannes.robur.coop/Posts/DNS) for a more\ndetailed overview.\n\nThis library is published under the 2 clause BSD license.\n\n## Supported RFCs\n\n* [RFC 1034](https://tools.ietf.org/html/rfc1034) Domain Names - Concepts and Facilities\n* [RFC 1035](https://tools.ietf.org/html/rfc1035) Domain Names - Implementation and Specification\n* [RFC 1876](https://tools.ietf.org/html/rfc1876) A Means for Expressing Location Information in the Domain Name System\n* [RFC 1912](https://tools.ietf.org/html/rfc1912) Common DNS Operational and Configuration Errors\n* [RFC 1995](https://tools.ietf.org/html/rfc1995) Incremental Zone Transfer in DNS\n* [RFC 1996](https://tools.ietf.org/html/rfc1996) A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)\n* [RFC 2136](https://tools.ietf.org/html/rfc2136) Dynamic Updates in the domain name system (DNS UPDATE)\n* [RFC 2181](https://tools.ietf.org/html/rfc2181) Clarifications to the DNS Specification\n* [RFC 2308](https://tools.ietf.org/html/rfc2308) Negative Caching of DNS Queries (DNS NCACHE)\n* [RFC 2782](https://tools.ietf.org/html/rfc2782) A DNS RR for specifying the location of services (DNS SRV)\n* [RFC 2845](https://tools.ietf.org/html/rfc2845) Secret Key Transaction Authentication for DNS (TSIG)\n* [RFC 3596](https://tools.ietf.org/html/rfc3596) DNS Extensions to Support IP Version 6\n* [RFC 4033](https://tools.ietf.org/html/rfc4033) DNS Security Introduction and Requirements\n* [RFC 4034](https://tools.ietf.org/html/rfc4034) Resource Records for the DNS Security Extensions\n* [RFC 4035](https://tools.ietf.org/html/rfc4035) Protocol Modifications for the DNS Security Extensions\n* [RFC 4255](https://tools.ietf.org/html/rfc4255) Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints\n* [RFC 4343](https://tools.ietf.org/html/rfc4343) Domain Name System (DNS) Case Insensitivity Clarification\n* [RFC 4509](https://tools.ietf.org/html/rfc4509) Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records (RRs)\n* [RFC 4592](https://tools.ietf.org/html/rfc4592) The Role of Wildcards in the Domain Name System\n* [RFC 4635](https://tools.ietf.org/html/rfc4635) HMAC SHA TSIG Algorithm Identifiers\n* `*` [RFC 5001](https://tools.ietf.org/html/rfc5001) DNS Name Server Identifier (NSID) Option\n* [RFC 5155](https://tools.ietf.org/html/rfc5155) DNS Security (DNSSEC) Hashed Authenticated Denial of Existence\n* [RFC 5358](https://tools.ietf.org/html/rfc5358) Preventing Use of Recursive Nameservers in Reflector Attacks\n* [RFC 5452](https://tools.ietf.org/html/rfc5452) Measures for Making DNS More Resilient against Forged Answers\n* [RFC 5936](https://tools.ietf.org/html/rfc5936) DNS Zone Transfer Protocol (AXFR)\n* [RFC 6594](https://tools.ietf.org/html/rfc6594) Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records\n* [RFC 6605](https://tools.ietf.org/html/rfc6605) Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC\n* [RFC 6698](https://tools.ietf.org/html/rfc6698.html) The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA\n* [RFC 6761](https://tools.ietf.org/html/rfc6761) Special-Use Domain Names\n* `*` [RFC 6762](https://tools.ietf.org/html/rfc6762) Multicast DNS\n* [RFC 6844](https://tools.ietf.org/html/rfc6844) DNS Certification Authority Authorization (CAA) Resource Record\n* [RFC 6890](https://tools.ietf.org/html/rfc6890) Special-Purpose IP Address Registries\n* [RFC 6891](https://tools.ietf.org/html/rfc6891) Extension Mechanisms for DNS (EDNS(0))\n* [RFC 6895](https://tools.ietf.org/html/rfc6895) Domain Name System (DNS) IANA Considerations (BCP 42)\n* [RFC 7129](https://tools.ietf.org/html/rfc7129) Authenticated Denial of Existence in the DNS\n* [RFC 7479](https://tools.ietf.org/html/rfc7479) Using Ed25519 in SSHFP Resource Records\n* [RFC 7626](https://tools.ietf.org/html/rfc7626) DNS Privacy Considerations\n* [RFC 7766](https://tools.ietf.org/html/rfc7766) DNS Transport over TCP - Implementation Requirements\n* [RFC 7816](https://tools.ietf.org/html/rfc7816) DNS Query Name Minimisation to Improve Privacy\n* [RFC 7828](https://tools.ietf.org/html/rfc7828) The edns-tcp-keepalive EDNS0 Option\n* `*` [RFC 7830](https://tools.ietf.org/html/rfc7830) The EDNS(0) Padding Option\n* `*` [RFC 7873](https://tools.ietf.org/html/rfc7873) Domain Name System (DNS) Cookies\n* [RFC 8080](https://tools.ietf.org/html/rfc8080) Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC\n* [RFC 8109](https://tools.ietf.org/html/rfc8109) Initializing a DNS Resolver with Priming Queries\n* [draft-ietf-dnsop-let-localhost-be-localhost-02](https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02) Let 'localhost' be localhost.\n\n`*`: Please note that the RFCs marked with `*` are only partially implemented\n(i.e. only wire format, but no logic handling the feature).\n\n## Installation\n\nYou first need to install [OCaml](https://ocaml.org) (at least 4.08.2) and\n[opam](https://opam.ocaml.org), the OCaml package manager (at least 2.0.0) on\nyour machine (you can use opam to install an up-to-date OCaml (`opam switch\n4.08.2`)).\n\nYou may want to follow the [mirage installation\ninstructions](https://mirage.io/wiki/install) to get `mirage` installed on your\ncomputer.\n\nTo minimize the amount of run-time dependencies for each individual\nfunctionality, the library is split into multiple opam packages (core, server,\nclient, resolver, cli, certify), with multiple ocamlfind libraries for the\ndifferent backends (no optional dependencies) -- i.e. `dns-server.mirage`\ncontains the MirageOS-specific DNS server code.\n\nNow the µDNS library is installed, and you can try out the examples.  Find some\nexamples at the [unikernel repository](https://github.com/roburio/unikernels).\n\n## Documentation\n\nAPI documentation [is available online](https://mirage.github.io/ocaml-dns/).\n\n## Transition from older versions\n\nThe pre-4.0.0 versions of ocaml-dns had a significantly different interface,\nand so applications using them will need to be rewritten to follow the\nstricter coding style used in the post-4.0.0 branches.  The major improvements\nfrom 1.x to the 4.x series are:\n\n- data (rrset) is defined in a single GADT in `Rr_map`\n- added support for: notify, dynamic update, zone transfer, tsig (hmac authentication), edns\n- no mutable data structures, leading to easier reasoning about library state\n- switched to an independent `domain_name` library which uses a faster and more\n  compact `string array` instead of `string list` for storing domain names\n- integration with LetsEncrypt for provisioning valid X.509 certificates\n- no use of exceptions, instead preferring explicit result values from API functions\n\nPlease get in touch on \u003cmirageos-devel@lists.xenproject.org\u003e or on the Discuss forum\nat \u003chttps://discuss.ocaml.org\u003e (with the `mirageos` tag) if you have any questions\nabout migrating (or just general questions).\n\n## Development\n\nTo work with the [opam](https://opam.ocaml.org/) packages provided when\ndeveloping modifications to DNS, or when pinning a specific version,\nyou will have to pin the same *version* for all of them:\n\n```csh\n: csh syntax\nset version=4.99.0\nset repo=git+https://github.com/mirage/ocaml-dns.git\n\n# the -y parameter means \"force\" or\n# \"do go ahead and register a new package\"\n\n# the -n parameter means\n# \"just register the pin, don't actually install it yet\"\n\nforeach pkg ( dns dns-{certify,cli,client,resolver,server,mirage,tsig,stub} )\n  opam pin add -y -n $pkg.$version --dev $repo\nend\n```\n\n```bash\n: bash syntax\nversion=4.99.0\nrepo=git+https://github.com/mirage/ocaml-dns.git\n\nfor pkg in dns dns-{certify,cli,client,resolver,server,mirage,tsig,stub}\ndo\n  opam pin add -y -n $pkg.$version --dev $repo\ndone\n```\n\nNow you can install the packages you need, for instance:\n```shell\nopam install dns-client\n```\nor\n```shell\nopam install dns-resolver\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmirage%2Focaml-dns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmirage%2Focaml-dns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmirage%2Focaml-dns/lists"}