Merge pull request #176 from Tantalor93/ednsdoc

add EDNS0 and DNSSEC docs
Tantalor93 · Nov 8, 2023 · 45715de · 45715de
2 parents fa83a86 + eb833ea
commit 45715de
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 19 deletions.
diff --git a/docs/edns0.md b/docs/edns0.md
@@ -0,0 +1,30 @@
+---
+title: EDNS0 and DNSSEC
+layout: default
+parent: Examples
+---
+
+# EDNS0 and DNSSEC
+*dnspyre* supports sending DNS requests with [EDNS0](https://datatracker.ietf.org/doc/html/rfc6891) extension, currently these EDNS0 features are supported:
+
+## UDP message size
+advertisement for support of larger DNS response size (UDP message size) using `--edns0` flag
+```
+dnspyre  --server '1.1.1.1' google.com --edns0=1024
+```
+
+## DNSSEC
+[DNSSEC](https://datatracker.ietf.org/doc/html/rfc9364) security extension using `--dnssec` flag, by using this flag the *dnspyre* will also
+count the **number of domains that were successfully validated by DNS resolver**
+```
+dnspyre  --server '1.1.1.1' cloudflare.com --dnssec
+```
+
+## EDNS0 options
+sending various EDNS0 options using `--ednsopt` flag, you have to specify the decimal **EDNS0 option code** (see [IANA registry](https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-11)) and hex-string representing **EDNS0 option data**,
+data format depends on the EDNS0 option
+
+for example to send [client subnet EDNS0 option](https://datatracker.ietf.org/doc/html/rfc7871) for subnet `81.0.198.170/24` you specify code `8` and data `000118005100c6` (`0001` = IPv4 Family, `18` = source mask `/24`, `00` = no additional scope, `5100C6AA` = `81.0.198.170` )
+```
+dnspyre  --server '8.8.8.8' aws.amazon.com --ednsopt '8:000118005100c6'
+```
diff --git a/docs/examples.md b/docs/examples.md
@@ -83,13 +83,6 @@ roughly every third hostname from the datasource will be used by the each concur
 dnspyre --duration 30s -c 10 --server 8.8.8.8  --probability 0.33  https://raw.githubusercontent.com/Tantalor93/dnspyre/master/data/1000-domains
 ```
 
-## EDNSOPT usage
-you can also specify EDNS option with arbitrary payload, here we are specifying EDNSOPT `65518`
-coming from the local/experimental range with payload `fddddddd100000000000000000000001`
-```
-dnspyre -n 10 -c 10 idnes.cz --server 127.0.0.1 --ednsopt=65518:fddddddd100000000000000000000001
-```
-
 ## Output benchmark results as JSON
 By specifying `--json` flag, *dnspyre* can output benchmark results in a JSON format, which is better for further automatic processing
 ```

diff --git a/docs/index.md b/docs/index.md
@@ -30,18 +30,28 @@ A high QPS DNS benchmark.
 
 Flags:
       --[no-]help              Show context-sensitive help (also try --help-long and --help-man).
-  -s, --server="127.0.0.1"     DNS server IP:port to test. IPv6 is also supported, for example '[fddd:dddd::]:53'. DoH (DNS over HTTPS) servers are supported such as `https://1.1.1.1`, when such server is provided, the benchmark automatically switches to
-                               the use of DoH. Note that by default path `/dns-query` is assumed for DoH queries, if no path is provided in server parameter. DoQ (DNS over QUIC) servers are also supported, such as `quic://dns.adguard-dns.com`, when such
-                               server is provided the benchmark switches to the use of DoQ.
-  -t, --type=A ...             Query type. Repeatable flag. If multiple query types are specified then each query will be duplicated for each type.
-  -n, --number=NUMBER          How many times the provided queries are repeated. Note that the total number of queries issued = types*number*concurrency*len(queries).
+  -s, --server="127.0.0.1"     DNS server IP:port to test. IPv6 is also supported, for example '[fddd:dddd::]:53'. DoH (DNS over HTTPS) servers
+                               are supported such as `https://1.1.1.1`, when such server is provided, the benchmark automatically switches to the
+                               use of DoH. Note that by default path `/dns-query` is assumed for DoH queries, if no path is provided in server
+                               parameter. DoQ (DNS over QUIC) servers are also supported, such as `quic://dns.adguard-dns.com`, when such server
+                               is provided the benchmark switches to the use of DoQ.
+  -t, --type=A ...             Query type. Repeatable flag. If multiple query types are specified then each query will be duplicated for each
+                               type.
+  -n, --number=NUMBER          How many times the provided queries are repeated. Note that the total number of queries issued =
+                               types*number*concurrency*len(queries).
   -c, --concurrency=1          Number of concurrent queries to issue.
   -l, --rate-limit=0           Apply a global questions / second rate limit.
       --rate-limit-worker=0    Apply a questions / second rate limit for each concurrent worker specified by --concurrency option.
-      --query-per-conn=0       Queries on a connection before creating a new one. 0: unlimited. Applicable for plain DNS and DoT, this option is not considered for DoH or DoQ.
+      --query-per-conn=0       Queries on a connection before creating a new one. 0: unlimited. Applicable for plain DNS and DoT, this option is
+                               not considered for DoH or DoQ.
   -r, --[no-]recurse           Allow DNS recursion. Enabled by default.
-      --probability=1          Each provided hostname will be used with provided probability. Value 1 and above means that each hostname will be used by each concurrent benchmark goroutine. Useful for randomizing queries across benchmark goroutines.
-      --ednsopt=""             code[:value], Specify EDNS option with code point code and optionally payload of value as a hexadecimal string. code must be an arbitrary numeric value.
+      --probability=1          Each provided hostname will be used with provided probability. Value 1 and above means that each hostname will be
+                               used by each concurrent benchmark goroutine. Useful for randomizing queries across benchmark goroutines.
+      --ednsopt=""             code[:value], Specify EDNS option with code point code and optionally payload of value as a hexadecimal string.
+                               code must be an arbitrary numeric value.
+      --[no-]dnssec            Allow DNSSEC (sets DO bit for all DNS requests to 1)
+      --edns0=0                Configures EDNS0 usage in DNS requests send by benchmark and configures EDNS0 buffer size to the specified value.
+                               When 0 is configured, then EDNS0 is not used.
       --[no-]tcp               Use TCP for DNS requests.
       --[no-]dot               Use DoT (DNS over TLS) for DNS requests.
       --write=1s               write timeout.
@@ -62,11 +72,15 @@ Flags:
       --doh-method=post        HTTP method to use for DoH requests. Supported values: get, post.
       --doh-protocol=1.1       HTTP protocol to use for DoH requests. Supported values: 1.1, 2 and 3.
       --[no-]insecure          Disables server TLS certificate validation. Applicable for DoT, DoH and DoQ.
-  -d, --duration=1m            Specifies for how long the benchmark should be executing, the benchmark will run for the specified time while sending DNS requests in an infinite loop based on the data source. After running for the specified duration,
-                               the benchmark is canceled. This option is exclusive with --number option. The duration is specified in GO duration format e.g. 10s, 15m, 1h.
+  -d, --duration=1m            Specifies for how long the benchmark should be executing, the benchmark will run for the specified time while
+                               sending DNS requests in an infinite loop based on the data source. After running for the specified duration,
+                               the benchmark is canceled. This option is exclusive with --number option. The duration is specified in GO duration
+                               format e.g. 10s, 15m, 1h.
       --[no-]version           Show application version.
 
 Args:
-  <queries>  Queries to issue. It can be a local file referenced using @<file-path>, for example @data/2-domains. It can also be resource accessible using HTTP, like https://raw.githubusercontent.com/Tantalor93/dnspyre/master/data/1000-domains, in that
-             case, the file will be downloaded and saved in-memory. These data sources can be combined, for example "google.com @data/2-domains https://raw.githubusercontent.com/Tantalor93/dnspyre/master/data/2-domains"
+  <queries>  Queries to issue. It can be a local file referenced using @<file-path>, for example @data/2-domains. It can also be resource
+             accessible using HTTP, like https://raw.githubusercontent.com/Tantalor93/dnspyre/master/data/1000-domains, in that case,
+             the file will be downloaded and saved in-memory. These data sources can be combined, for example "google.com @data/2-domains
+             https://raw.githubusercontent.com/Tantalor93/dnspyre/master/data/2-domains"
 ```