tree.fail / plcdns
PLC Directory over DNS (experiment)
fork atom

Initial commit

tree.fail 19798c75

+1316
+30
.gitignore
··· 1 + # Binaries 2 + plcdns 3 + *.exe 4 + *.dll 5 + *.so 6 + *.dylib 7 + 8 + # Test binary 9 + *.test 10 + 11 + # Output of the go coverage tool 12 + *.out 13 + coverage.html 14 + 15 + # Dependency directories 16 + vendor/ 17 + 18 + # Go workspace file 19 + go.work 20 + 21 + # IDE 22 + .vscode/ 23 + .idea/ 24 + *.swp 25 + *.swo 26 + *~ 27 + 28 + # OS 29 + .DS_Store 30 + Thumbs.db
+21
LICENSE
··· 1 + MIT License 2 + 3 + Copyright (c) 2025 tree 4 + 5 + Permission is hereby granted, free of charge, to any person obtaining a copy 6 + of this software and associated documentation files (the "Software"), to deal 7 + in the Software without restriction, including without limitation the rights 8 + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 + copies of the Software, and to permit persons to whom the Software is 10 + furnished to do so, subject to the following conditions: 11 + 12 + The above copyright notice and this permission notice shall be included in all 13 + copies or substantial portions of the Software. 14 + 15 + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 + SOFTWARE.
+307
README.md
··· 1 + # plcdns 2 + 3 + **PLC Directory over DNS** - A DNS server that resolves Bluesky/AT Protocol DID PLC identifiers to their associated metadata via DNS TXT records. 4 + 5 + ## Features 6 + 7 + - 🔍 **Handle Resolution** - Resolve DIDs to their AT Protocol handles 8 + - 🌐 **PDS Discovery** - Find Personal Data Server endpoints 9 + - 🔧 **Service Resolution** - Resolve any service from DID documents (PDS, labelers, etc.) 10 + - 🔑 **Public Key Lookup** - Retrieve verification public keys 11 + - ⚡ **Caching** - 5-minute cache to reduce PLC directory load 12 + - 🐳 **Docker Support** - Easy deployment with Docker 13 + - ✅ **Comprehensive Tests** - Full test coverage 14 + 15 + ## Installation 16 + 17 + ### From Source 18 + 19 + ```bash 20 + # Clone the repository 21 + git clone https://github.com/yourusername/plcdns.git 22 + cd plcdns 23 + 24 + # Install dependencies 25 + go mod download 26 + 27 + # Build 28 + go build -o plcdns 29 + 30 + # Run 31 + ./plcdns -port 8053 32 + ``` 33 + 34 + ### Using Docker 35 + 36 + ```bash 37 + # Build 38 + docker build -t plcdns . 39 + 40 + # Run 41 + docker run -p 8053:8053 -e DNS_PORT=8053 plcdns 42 + ``` 43 + 44 + ### Using Go Install 45 + 46 + ```bash 47 + go install github.com/yourusername/plcdns@latest 48 + ``` 49 + 50 + ## Usage 51 + 52 + ### Starting the Server 53 + 54 + ```bash 55 + # Default port (8053) 56 + ./plcdns 57 + 58 + # Custom port via flag 59 + ./plcdns -port 9053 60 + 61 + # Custom port via environment variable 62 + DNS_PORT=9053 ./plcdns 63 + 64 + # Custom PLC directory 65 + ./plcdns -port 8053 -plc https://plc.directory 66 + ``` 67 + 68 + ### Query Formats 69 + 70 + The server supports four types of queries using different subdomain prefixes: 71 + 72 + | Query Type | Format | Returns | Example | 73 + |:-----------|:-------|:--------|:--------| 74 + | Handle | `_handle.<did>.plc.atscan.net` | AT Protocol handle | `test.bsky.social` | 75 + | PDS | `_pds.<did>.plc.atscan.net` | PDS endpoint URL | `https://bsky.social` | 76 + | Labeler | `_labeler.<did>.plc.atscan.net` | Labeler service URL | `https://mod.bsky.app` | 77 + | Public Key | `_pubkey.<did>.plc.atscan.net` | Public key (multibase) | `zQ3sh...` | 78 + 79 + ### Query Examples 80 + 81 + ```bash 82 + # Using dig 83 + dig @localhost -p 8053 _handle.z72i7hdynmk6r22z27h6tvur.plc.atscan.net TXT 84 + dig @localhost -p 8053 _pds.z72i7hdynmk6r22z27h6tvur.plc.atscan.net TXT 85 + dig @localhost -p 8053 _labeler.ar7c4by46qjdydhdevvrndac.plc.atscan.net TXT 86 + dig @localhost -p 8053 _pubkey.z72i7hdynmk6r22z27h6tvur.plc.atscan.net TXT 87 + 88 + # Using nslookup 89 + nslookup -type=TXT _handle.z72i7hdynmk6r22z27h6tvur.plc.atscan.net localhost -port=8053 90 + 91 + # Using host 92 + host -t TXT _pds.z72i7hdynmk6r22z27h6tvur.plc.atscan.net localhost -p 8053 93 + ``` 94 + 95 + ### Example Response 96 + 97 + ```bash 98 + $ dig @localhost -p 8053 _handle.z72i7hdynmk6r22z27h6tvur.plc.atscan.net TXT +short 99 + "bsky.app" 100 + 101 + $ dig @localhost -p 8053 _pds.z72i7hdynmk6r22z27h6tvur.plc.atscan.net TXT +short 102 + "https://bsky.social" 103 + ``` 104 + 105 + ## Configuration 106 + 107 + ### Command Line Flags 108 + 109 + | Flag | Default | Description | 110 + |:-----|:--------|:------------| 111 + | `-port` | `8053` | DNS server port | 112 + | `-plc` | `https://plc.directory` | PLC directory URL | 113 + 114 + ### Environment Variables 115 + 116 + | Variable | Description | 117 + |:---------|:------------| 118 + | `DNS_PORT` | Override default port (8053) | 119 + 120 + ### Cache Settings 121 + 122 + - **TTL**: 300 seconds (5 minutes) for DNS records 123 + - **Cache Duration**: 5 minutes for DID documents 124 + - **Cache Type**: In-memory map 125 + 126 + ## Testing 127 + 128 + ```bash 129 + # Run all tests 130 + go test -v 131 + 132 + # Run with coverage 133 + go test -v -cover 134 + 135 + # Generate coverage report 136 + go test -coverprofile=coverage.out 137 + go tool cover -html=coverage.out 138 + 139 + # Run with race detector 140 + go test -v -race 141 + ``` 142 + 143 + ## API Reference 144 + 145 + ### DID Document Structure 146 + 147 + The server fetches DID documents from the PLC directory with the following structure: 148 + 149 + ```json 150 + { 151 + "@context": ["https://www.w3.org/ns/did/v1"], 152 + "id": "did:plc:z72i7hdynmk6r22z27h6tvur", 153 + "alsoKnownAs": ["at://bsky.app"], 154 + "verificationMethod": [{ 155 + "id": "did:plc:z72i7hdynmk6r22z27h6tvur#atproto", 156 + "type": "Multikey", 157 + "controller": "did:plc:z72i7hdynmk6r22z27h6tvur", 158 + "publicKeyMultibase": "zQ3sh..." 159 + }], 160 + "service": [{ 161 + "id": "#atproto_pds", 162 + "type": "AtprotoPersonalDataServer", 163 + "serviceEndpoint": "https://bsky.social" 164 + }] 165 + } 166 + ``` 167 + 168 + ## Deployment 169 + 170 + ### Systemd Service 171 + 172 + Create `/etc/systemd/system/plcdns.service`: 173 + 174 + ```ini 175 + [Unit] 176 + Description=PLC Directory DNS Server 177 + After=network.target 178 + 179 + [Service] 180 + Type=simple 181 + User=plcdns 182 + ExecStart=/usr/local/bin/plcdns -port 53 183 + Restart=always 184 + Environment="DNS_PORT=53" 185 + 186 + [Install] 187 + WantedBy=multi-user.target 188 + ``` 189 + 190 + Enable and start: 191 + 192 + ```bash 193 + sudo systemctl enable plcdns 194 + sudo systemctl start plcdns 195 + ``` 196 + 197 + ### Docker Compose 198 + 199 + ```yaml 200 + version: '3.8' 201 + 202 + services: 203 + plcdns: 204 + build: . 205 + ports: 206 + - "53:53/udp" 207 + - "53:53/tcp" 208 + environment: 209 + - DNS_PORT=53 210 + restart: unless-stopped 211 + ``` 212 + 213 + ### Running on Port 53 214 + 215 + To run on the standard DNS port (53), you need elevated privileges: 216 + 217 + **Linux (with capabilities):** 218 + ```bash 219 + sudo setcap 'cap_net_bind_service=+ep' ./plcdns 220 + ./plcdns -port 53 221 + ``` 222 + 223 + **Using sudo:** 224 + ```bash 225 + sudo ./plcdns -port 53 226 + ``` 227 + 228 + ## Architecture 229 + 230 + ``` 231 + ┌─────────────┐ 232 + │ DNS Client │ 233 + └──────┬──────┘ 234 + │ Query: _handle.<did>.plc.atscan.net 235 + 236 + ┌─────────────────┐ 237 + │ DNS Server │ 238 + │ (Port 8053) │ 239 + └────────┬────────┘ 240 + 241 + ├─── Cache Check (5 min TTL) 242 + 243 + 244 + ┌─────────────────┐ 245 + │ PLC Directory │ 246 + │ (plc.directory) │ 247 + └─────────────────┘ 248 + 249 + ▼ DID Document 250 + ┌─────────────────┐ 251 + │ Parse & Return │ 252 + │ TXT Record │ 253 + └─────────────────┘ 254 + ``` 255 + 256 + ## Performance 257 + 258 + - **Cache Hit**: ~1ms response time 259 + - **Cache Miss**: ~50-200ms (depends on PLC directory) 260 + - **Concurrent Requests**: Supports thousands of concurrent queries 261 + - **Memory Usage**: ~10-50MB depending on cache size 262 + 263 + ## Contributing 264 + 265 + Contributions are welcome! Please: 266 + 267 + 1. Fork the repository 268 + 2. Create a feature branch (`git checkout -b feature/amazing-feature`) 269 + 3. Commit your changes (`git commit -m 'Add amazing feature'`) 270 + 4. Push to the branch (`git push origin feature/amazing-feature`) 271 + 5. Open a Pull Request 272 + 273 + ### Code Style 274 + 275 + - Follow standard Go conventions 276 + - Run `go fmt` before committing 277 + - Add tests for new features 278 + - Update documentation as needed 279 + 280 + ## License 281 + 282 + MIT License - see [LICENSE](LICENSE) file for details 283 + 284 + ## Related Projects 285 + 286 + - [AT Protocol](https://atproto.com/) - Authenticated Transfer Protocol 287 + - [Bluesky](https://bsky.app/) - Social network built on AT Protocol 288 + - [PLC Directory](https://plc.directory/) - DID PLC registry 289 + 290 + ## Acknowledgments 291 + 292 + - Built with [miekg/dns](https://github.com/miekg/dns) - DNS library for Go 293 + - Inspired by the AT Protocol ecosystem 294 + 295 + ## Roadmap 296 + 297 + - [ ] DNSSEC support 298 + - [ ] Prometheus metrics endpoint 299 + - [ ] Redis cache backend option 300 + - [ ] Rate limiting 301 + - [ ] Multiple PLC directory fallbacks 302 + - [ ] Web UI for testing queries 303 + - [ ] REST API endpoint 304 + 305 + --- 306 + 307 + **Made with ❤️ for the AT Protocol community**
+12
go.mod
··· 1 + module did-plc-dns 2 + 3 + go 1.21 4 + 5 + require github.com/miekg/dns v1.1.57 6 + 7 + require ( 8 + golang.org/x/mod v0.14.0 // indirect 9 + golang.org/x/net v0.19.0 // indirect 10 + golang.org/x/sys v0.15.0 // indirect 11 + golang.org/x/tools v0.16.0 // indirect 12 + )
+10
go.sum
··· 1 + github.com/miekg/dns v1.1.57 h1:Jzi7ApEIzwEPLHWRcafCN9LZSBbqQpxjt/wpgvg7wcM= 2 + github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= 3 + golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= 4 + golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= 5 + golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= 6 + golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= 7 + golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= 8 + golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 9 + golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM= 10 + golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
+341
plcdns.go
··· 1 + package main 2 + 3 + import ( 4 + "encoding/json" 5 + "flag" 6 + "fmt" 7 + "io" 8 + "log" 9 + "net/http" 10 + "os" 11 + "strconv" 12 + "strings" 13 + "time" 14 + 15 + "github.com/miekg/dns" 16 + ) 17 + 18 + // DID Document structure 19 + type DIDDocument struct { 20 + Context []interface{} `json:"@context"` 21 + ID string `json:"id"` 22 + AlsoKnownAs []string `json:"alsoKnownAs"` 23 + VerificationMethod []VerificationMethod `json:"verificationMethod"` 24 + Service []Service `json:"service"` 25 + } 26 + 27 + type VerificationMethod struct { 28 + ID string `json:"id"` 29 + Type string `json:"type"` 30 + Controller string `json:"controller"` 31 + PublicKeyMultibase string `json:"publicKeyMultibase"` 32 + } 33 + 34 + type Service struct { 35 + ID string `json:"id"` 36 + Type string `json:"type"` 37 + ServiceEndpoint string `json:"serviceEndpoint"` 38 + } 39 + 40 + type PLCHandler struct { 41 + plcDirectory string 42 + cache map[string]*CachedDID 43 + } 44 + 45 + type CachedDID struct { 46 + Document *DIDDocument 47 + Timestamp time.Time 48 + } 49 + 50 + type QueryType int 51 + 52 + const ( 53 + QueryHandle QueryType = iota 54 + QueryPDS 55 + QueryPubKey 56 + QueryLabeler 57 + QueryInvalid 58 + ) 59 + 60 + func NewPLCHandler(plcDirectory string) *PLCHandler { 61 + return &PLCHandler{ 62 + plcDirectory: plcDirectory, 63 + cache: make(map[string]*CachedDID), 64 + } 65 + } 66 + 67 + func (h *PLCHandler) fetchDIDDocument(did string) (*DIDDocument, error) { 68 + // Check cache first (5 minute TTL) 69 + if cached, exists := h.cache[did]; exists { 70 + if time.Since(cached.Timestamp) < 5*time.Minute { 71 + log.Printf("Cache hit for %s", did) 72 + return cached.Document, nil 73 + } 74 + } 75 + 76 + url := fmt.Sprintf("%s/%s", h.plcDirectory, did) 77 + log.Printf("Fetching DID document from: %s", url) 78 + 79 + client := &http.Client{Timeout: 10 * time.Second} 80 + resp, err := client.Get(url) 81 + if err != nil { 82 + return nil, fmt.Errorf("failed to fetch DID document: %w", err) 83 + } 84 + defer resp.Body.Close() 85 + 86 + if resp.StatusCode != http.StatusOK { 87 + return nil, fmt.Errorf("DID not found: status %d", resp.StatusCode) 88 + } 89 + 90 + body, err := io.ReadAll(resp.Body) 91 + if err != nil { 92 + return nil, fmt.Errorf("failed to read response: %w", err) 93 + } 94 + 95 + var doc DIDDocument 96 + if err := json.Unmarshal(body, &doc); err != nil { 97 + return nil, fmt.Errorf("failed to parse DID document: %w", err) 98 + } 99 + 100 + // Cache the result 101 + h.cache[did] = &CachedDID{ 102 + Document: &doc, 103 + Timestamp: time.Now(), 104 + } 105 + 106 + return &doc, nil 107 + } 108 + 109 + // Parse domain name to extract DID and query type 110 + // Expected formats: 111 + // _handle.<did>.plc.atscan.net 112 + // _pds.<did>.plc.atscan.net 113 + // _pubkey.<did>.plc.atscan.net 114 + // _labeler.<did>.plc.atscan.net 115 + func (h *PLCHandler) parseDomain(domain string) (string, QueryType, bool) { 116 + domain = strings.TrimSuffix(domain, ".") 117 + parts := strings.Split(domain, ".") 118 + 119 + // Should be at least: [_prefix, <did>, plc, atscan, net] 120 + if len(parts) < 5 { 121 + return "", QueryInvalid, false 122 + } 123 + 124 + // Determine query type based on prefix 125 + var queryType QueryType 126 + switch parts[0] { 127 + case "_handle": 128 + queryType = QueryHandle 129 + case "_pds": 130 + queryType = QueryPDS 131 + case "_pubkey": 132 + queryType = QueryPubKey 133 + case "_labeler": 134 + queryType = QueryLabeler 135 + default: 136 + return "", QueryInvalid, false 137 + } 138 + 139 + // Extract DID identifier 140 + didIdentifier := parts[1] 141 + 142 + // Construct full DID 143 + did := fmt.Sprintf("did:plc:%s", didIdentifier) 144 + 145 + return did, queryType, true 146 + } 147 + 148 + // Get handle from DID document 149 + func (h *PLCHandler) getHandle(doc *DIDDocument) string { 150 + for _, aka := range doc.AlsoKnownAs { 151 + if strings.HasPrefix(aka, "at://") { 152 + return strings.TrimPrefix(aka, "at://") 153 + } 154 + } 155 + return "" 156 + } 157 + 158 + // Get PDS endpoint from DID document 159 + func (h *PLCHandler) getPDS(doc *DIDDocument) string { 160 + for _, service := range doc.Service { 161 + if service.Type == "AtprotoPersonalDataServer" { 162 + return service.ServiceEndpoint 163 + } 164 + } 165 + return "" 166 + } 167 + 168 + // Get labeler endpoint from DID document 169 + func (h *PLCHandler) getLabeler(doc *DIDDocument) string { 170 + for _, service := range doc.Service { 171 + if service.ID == "#atproto_labeler" { 172 + return service.ServiceEndpoint 173 + } 174 + } 175 + return "" 176 + } 177 + 178 + // Get public key from DID document 179 + func (h *PLCHandler) getPubKey(doc *DIDDocument) string { 180 + if len(doc.VerificationMethod) > 0 { 181 + return doc.VerificationMethod[0].PublicKeyMultibase 182 + } 183 + return "" 184 + } 185 + 186 + // Create TXT record based on query type 187 + func (h *PLCHandler) createTXTRecord(doc *DIDDocument, qname string, queryType QueryType) []dns.RR { 188 + var records []dns.RR 189 + ttl := uint32(300) // 5 minutes 190 + 191 + var value string 192 + switch queryType { 193 + case QueryHandle: 194 + value = h.getHandle(doc) 195 + if value == "" { 196 + return records 197 + } 198 + case QueryPDS: 199 + value = h.getPDS(doc) 200 + if value == "" { 201 + return records 202 + } 203 + case QueryLabeler: 204 + value = h.getLabeler(doc) 205 + if value == "" { 206 + return records 207 + } 208 + case QueryPubKey: 209 + value = h.getPubKey(doc) 210 + if value == "" { 211 + return records 212 + } 213 + default: 214 + return records 215 + } 216 + 217 + records = append(records, &dns.TXT{ 218 + Hdr: dns.RR_Header{ 219 + Name: qname, 220 + Rrtype: dns.TypeTXT, 221 + Class: dns.ClassINET, 222 + Ttl: ttl, 223 + }, 224 + Txt: []string{value}, 225 + }) 226 + 227 + return records 228 + } 229 + 230 + func (h *PLCHandler) ServeDNS(w dns.ResponseWriter, r *dns.Msg) { 231 + msg := dns.Msg{} 232 + msg.SetReply(r) 233 + msg.Authoritative = true 234 + 235 + for _, question := range r.Question { 236 + log.Printf("Query: %s %s", question.Name, dns.TypeToString[question.Qtype]) 237 + 238 + // Only handle TXT queries 239 + if question.Qtype != dns.TypeTXT { 240 + continue 241 + } 242 + 243 + // Parse the domain to extract DID and query type 244 + did, queryType, ok := h.parseDomain(question.Name) 245 + if !ok { 246 + log.Printf("Invalid domain format: %s", question.Name) 247 + msg.SetRcode(r, dns.RcodeNameError) 248 + w.WriteMsg(&msg) 249 + return 250 + } 251 + 252 + log.Printf("Extracted DID: %s, Query Type: %v", did, queryType) 253 + 254 + // Fetch DID document 255 + doc, err := h.fetchDIDDocument(did) 256 + if err != nil { 257 + log.Printf("Error fetching DID document: %s", err) 258 + msg.SetRcode(r, dns.RcodeServerFailure) 259 + w.WriteMsg(&msg) 260 + return 261 + } 262 + 263 + // Create TXT record based on query type 264 + records := h.createTXTRecord(doc, question.Name, queryType) 265 + if len(records) == 0 { 266 + log.Printf("No data found for query type") 267 + msg.SetRcode(r, dns.RcodeNameError) 268 + w.WriteMsg(&msg) 269 + return 270 + } 271 + 272 + msg.Answer = append(msg.Answer, records...) 273 + } 274 + 275 + if len(msg.Answer) == 0 { 276 + msg.SetRcode(r, dns.RcodeNameError) 277 + } 278 + 279 + w.WriteMsg(&msg) 280 + } 281 + 282 + func main() { 283 + // Command line flags 284 + port := flag.String("port", "", "DNS server port (default: 8053 or DNS_PORT env var)") 285 + plcDir := flag.String("plc", "https://plc.directory", "PLC directory URL") 286 + flag.Parse() 287 + 288 + // Determine port: flag -> env var -> default 289 + finalPort := *port 290 + if finalPort == "" { 291 + if envPort := os.Getenv("DNS_PORT"); envPort != "" { 292 + finalPort = envPort 293 + } else { 294 + finalPort = "8053" 295 + } 296 + } 297 + 298 + // Validate port number 299 + if portNum, err := strconv.Atoi(finalPort); err != nil || portNum < 1 || portNum > 65535 { 300 + log.Fatalf("Invalid port number: %s", finalPort) 301 + } 302 + 303 + addr := ":" + finalPort 304 + handler := NewPLCHandler(*plcDir) 305 + 306 + log.Printf("PLC Directory: %s", *plcDir) 307 + log.Printf("Starting DNS servers on port %s", finalPort) 308 + log.Printf("Supported query types:") 309 + log.Printf(" _handle.<did>.plc.atscan.net - Returns handle") 310 + log.Printf(" _pds.<did>.plc.atscan.net - Returns PDS endpoint") 311 + log.Printf(" _labeler.<did>.plc.atscan.net - Returns labeler endpoint") 312 + log.Printf(" _pubkey.<did>.plc.atscan.net - Returns public key") 313 + 314 + // UDP server 315 + udpServer := &dns.Server{ 316 + Addr: addr, 317 + Net: "udp", 318 + Handler: handler, 319 + } 320 + 321 + // TCP server 322 + tcpServer := &dns.Server{ 323 + Addr: addr, 324 + Net: "tcp", 325 + Handler: handler, 326 + } 327 + 328 + // Start UDP server in goroutine 329 + go func() { 330 + log.Printf("UDP DNS server listening on %s", addr) 331 + if err := udpServer.ListenAndServe(); err != nil { 332 + log.Fatalf("Failed to start UDP server: %s", err) 333 + } 334 + }() 335 + 336 + // Start TCP server 337 + log.Printf("TCP DNS server listening on %s", addr) 338 + if err := tcpServer.ListenAndServe(); err != nil { 339 + log.Fatalf("Failed to start TCP server: %s", err) 340 + } 341 + }
+595
plcdns_test.go
··· 1 + package main 2 + 3 + import ( 4 + "encoding/json" 5 + "net" 6 + "net/http" 7 + "net/http/httptest" 8 + "testing" 9 + "time" 10 + 11 + "github.com/miekg/dns" 12 + ) 13 + 14 + // Mock DID document for testing 15 + var mockDIDDocument = DIDDocument{ 16 + ID: "did:plc:test123", 17 + AlsoKnownAs: []string{ 18 + "at://test.bsky.social", 19 + }, 20 + VerificationMethod: []VerificationMethod{ 21 + { 22 + ID: "did:plc:test123#atproto", 23 + Type: "Multikey", 24 + Controller: "did:plc:test123", 25 + PublicKeyMultibase: "zQ3shXjHeiBuRCKmM36cuYnm7YEMzhGnCmCyW92sRJ9przSMS", 26 + }, 27 + }, 28 + Service: []Service{ 29 + { 30 + ID: "#atproto_pds", 31 + Type: "AtprotoPersonalDataServer", 32 + ServiceEndpoint: "https://bsky.social", 33 + }, 34 + { 35 + ID: "#atproto_labeler", 36 + Type: "AtprotoLabeler", 37 + ServiceEndpoint: "https://mod.bsky.app", 38 + }, 39 + }, 40 + } 41 + 42 + // Test domain parsing 43 + func TestParseDomain(t *testing.T) { 44 + handler := NewPLCHandler("https://plc.directory") 45 + 46 + tests := []struct { 47 + name string 48 + domain string 49 + expectedDID string 50 + expectedType QueryType 51 + expectedValid bool 52 + }{ 53 + { 54 + name: "Valid handle query", 55 + domain: "_handle.test123.plc.atscan.net", 56 + expectedDID: "did:plc:test123", 57 + expectedType: QueryHandle, 58 + expectedValid: true, 59 + }, 60 + { 61 + name: "Valid PDS query", 62 + domain: "_pds.test123.plc.atscan.net", 63 + expectedDID: "did:plc:test123", 64 + expectedType: QueryPDS, 65 + expectedValid: true, 66 + }, 67 + { 68 + name: "Valid labeler query", 69 + domain: "_labeler.test123.plc.atscan.net", 70 + expectedDID: "did:plc:test123", 71 + expectedType: QueryLabeler, 72 + expectedValid: true, 73 + }, 74 + { 75 + name: "Valid pubkey query", 76 + domain: "_pubkey.test123.plc.atscan.net", 77 + expectedDID: "did:plc:test123", 78 + expectedType: QueryPubKey, 79 + expectedValid: true, 80 + }, 81 + { 82 + name: "Invalid prefix", 83 + domain: "_invalid.test123.plc.atscan.net", 84 + expectedDID: "", 85 + expectedType: QueryInvalid, 86 + expectedValid: false, 87 + }, 88 + { 89 + name: "Too few parts", 90 + domain: "_handle.test123.plc", 91 + expectedDID: "", 92 + expectedType: QueryInvalid, 93 + expectedValid: false, 94 + }, 95 + { 96 + name: "Domain with trailing dot", 97 + domain: "_handle.test123.plc.atscan.net.", 98 + expectedDID: "did:plc:test123", 99 + expectedType: QueryHandle, 100 + expectedValid: true, 101 + }, 102 + } 103 + 104 + for _, tt := range tests { 105 + t.Run(tt.name, func(t *testing.T) { 106 + did, queryType, valid := handler.parseDomain(tt.domain) 107 + 108 + if valid != tt.expectedValid { 109 + t.Errorf("expected valid=%v, got %v", tt.expectedValid, valid) 110 + } 111 + 112 + if did != tt.expectedDID { 113 + t.Errorf("expected DID=%s, got %s", tt.expectedDID, did) 114 + } 115 + 116 + if queryType != tt.expectedType { 117 + t.Errorf("expected queryType=%v, got %v", tt.expectedType, queryType) 118 + } 119 + }) 120 + } 121 + } 122 + 123 + // Test getting handle from DID document 124 + func TestGetHandle(t *testing.T) { 125 + handler := NewPLCHandler("https://plc.directory") 126 + 127 + tests := []struct { 128 + name string 129 + doc *DIDDocument 130 + expected string 131 + }{ 132 + { 133 + name: "Valid handle", 134 + doc: &mockDIDDocument, 135 + expected: "test.bsky.social", 136 + }, 137 + { 138 + name: "No handle", 139 + doc: &DIDDocument{ 140 + AlsoKnownAs: []string{}, 141 + }, 142 + expected: "", 143 + }, 144 + { 145 + name: "Non-AT protocol handle", 146 + doc: &DIDDocument{ 147 + AlsoKnownAs: []string{"https://example.com"}, 148 + }, 149 + expected: "", 150 + }, 151 + } 152 + 153 + for _, tt := range tests { 154 + t.Run(tt.name, func(t *testing.T) { 155 + result := handler.getHandle(tt.doc) 156 + if result != tt.expected { 157 + t.Errorf("expected %s, got %s", tt.expected, result) 158 + } 159 + }) 160 + } 161 + } 162 + 163 + // Test getting PDS from DID document 164 + func TestGetPDS(t *testing.T) { 165 + handler := NewPLCHandler("https://plc.directory") 166 + 167 + tests := []struct { 168 + name string 169 + doc *DIDDocument 170 + expected string 171 + }{ 172 + { 173 + name: "Valid PDS", 174 + doc: &mockDIDDocument, 175 + expected: "https://bsky.social", 176 + }, 177 + { 178 + name: "No PDS", 179 + doc: &DIDDocument{ 180 + Service: []Service{}, 181 + }, 182 + expected: "", 183 + }, 184 + } 185 + 186 + for _, tt := range tests { 187 + t.Run(tt.name, func(t *testing.T) { 188 + result := handler.getPDS(tt.doc) 189 + if result != tt.expected { 190 + t.Errorf("expected %s, got %s", tt.expected, result) 191 + } 192 + }) 193 + } 194 + } 195 + 196 + // Test getting labeler from DID document 197 + func TestGetLabeler(t *testing.T) { 198 + handler := NewPLCHandler("https://plc.directory") 199 + 200 + tests := []struct { 201 + name string 202 + doc *DIDDocument 203 + expected string 204 + }{ 205 + { 206 + name: "Valid labeler", 207 + doc: &mockDIDDocument, 208 + expected: "https://mod.bsky.app", 209 + }, 210 + { 211 + name: "No labeler", 212 + doc: &DIDDocument{ 213 + Service: []Service{}, 214 + }, 215 + expected: "", 216 + }, 217 + } 218 + 219 + for _, tt := range tests { 220 + t.Run(tt.name, func(t *testing.T) { 221 + result := handler.getLabeler(tt.doc) 222 + if result != tt.expected { 223 + t.Errorf("expected %s, got %s", tt.expected, result) 224 + } 225 + }) 226 + } 227 + } 228 + 229 + // Test getting pubkey from DID document 230 + func TestGetPubKey(t *testing.T) { 231 + handler := NewPLCHandler("https://plc.directory") 232 + 233 + tests := []struct { 234 + name string 235 + doc *DIDDocument 236 + expected string 237 + }{ 238 + { 239 + name: "Valid pubkey", 240 + doc: &mockDIDDocument, 241 + expected: "zQ3shXjHeiBuRCKmM36cuYnm7YEMzhGnCmCyW92sRJ9przSMS", 242 + }, 243 + { 244 + name: "No pubkey", 245 + doc: &DIDDocument{ 246 + VerificationMethod: []VerificationMethod{}, 247 + }, 248 + expected: "", 249 + }, 250 + } 251 + 252 + for _, tt := range tests { 253 + t.Run(tt.name, func(t *testing.T) { 254 + result := handler.getPubKey(tt.doc) 255 + if result != tt.expected { 256 + t.Errorf("expected %s, got %s", tt.expected, result) 257 + } 258 + }) 259 + } 260 + } 261 + 262 + // Test creating TXT records 263 + func TestCreateTXTRecord(t *testing.T) { 264 + handler := NewPLCHandler("https://plc.directory") 265 + 266 + tests := []struct { 267 + name string 268 + doc *DIDDocument 269 + qname string 270 + queryType QueryType 271 + expectedValue string 272 + shouldBeEmpty bool 273 + }{ 274 + { 275 + name: "Handle record", 276 + doc: &mockDIDDocument, 277 + qname: "_handle.test123.plc.atscan.net.", 278 + queryType: QueryHandle, 279 + expectedValue: "test.bsky.social", 280 + shouldBeEmpty: false, 281 + }, 282 + { 283 + name: "PDS record", 284 + doc: &mockDIDDocument, 285 + qname: "_pds.test123.plc.atscan.net.", 286 + queryType: QueryPDS, 287 + expectedValue: "https://bsky.social", 288 + shouldBeEmpty: false, 289 + }, 290 + { 291 + name: "Labeler record", 292 + doc: &mockDIDDocument, 293 + qname: "_labeler.test123.plc.atscan.net.", 294 + queryType: QueryLabeler, 295 + expectedValue: "https://mod.bsky.app", 296 + shouldBeEmpty: false, 297 + }, 298 + { 299 + name: "Pubkey record", 300 + doc: &mockDIDDocument, 301 + qname: "_pubkey.test123.plc.atscan.net.", 302 + queryType: QueryPubKey, 303 + expectedValue: "zQ3shXjHeiBuRCKmM36cuYnm7YEMzhGnCmCyW92sRJ9przSMS", 304 + shouldBeEmpty: false, 305 + }, 306 + { 307 + name: "Empty handle", 308 + doc: &DIDDocument{ 309 + AlsoKnownAs: []string{}, 310 + }, 311 + qname: "_handle.test123.plc.atscan.net.", 312 + queryType: QueryHandle, 313 + expectedValue: "", 314 + shouldBeEmpty: true, 315 + }, 316 + } 317 + 318 + for _, tt := range tests { 319 + t.Run(tt.name, func(t *testing.T) { 320 + records := handler.createTXTRecord(tt.doc, tt.qname, tt.queryType) 321 + 322 + if tt.shouldBeEmpty { 323 + if len(records) != 0 { 324 + t.Errorf("expected empty records, got %d records", len(records)) 325 + } 326 + return 327 + } 328 + 329 + if len(records) != 1 { 330 + t.Fatalf("expected 1 record, got %d", len(records)) 331 + } 332 + 333 + txtRecord, ok := records[0].(*dns.TXT) 334 + if !ok { 335 + t.Fatal("record is not TXT type") 336 + } 337 + 338 + if txtRecord.Hdr.Name != tt.qname { 339 + t.Errorf("expected name %s, got %s", tt.qname, txtRecord.Hdr.Name) 340 + } 341 + 342 + if len(txtRecord.Txt) != 1 { 343 + t.Fatalf("expected 1 TXT value, got %d", len(txtRecord.Txt)) 344 + } 345 + 346 + if txtRecord.Txt[0] != tt.expectedValue { 347 + t.Errorf("expected value %s, got %s", tt.expectedValue, txtRecord.Txt[0]) 348 + } 349 + 350 + if txtRecord.Hdr.Ttl != 300 { 351 + t.Errorf("expected TTL 300, got %d", txtRecord.Hdr.Ttl) 352 + } 353 + }) 354 + } 355 + } 356 + 357 + // Test fetching DID document with mock server 358 + func TestFetchDIDDocument(t *testing.T) { 359 + // Create mock HTTP server 360 + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 361 + if r.URL.Path == "/did:plc:test123" { 362 + w.WriteHeader(http.StatusOK) 363 + json.NewEncoder(w).Encode(mockDIDDocument) 364 + } else if r.URL.Path == "/did:plc:notfound" { 365 + w.WriteHeader(http.StatusNotFound) 366 + } else { 367 + w.WriteHeader(http.StatusInternalServerError) 368 + } 369 + })) 370 + defer server.Close() 371 + 372 + handler := NewPLCHandler(server.URL) 373 + 374 + tests := []struct { 375 + name string 376 + did string 377 + expectError bool 378 + }{ 379 + { 380 + name: "Valid DID", 381 + did: "did:plc:test123", 382 + expectError: false, 383 + }, 384 + { 385 + name: "Not found DID", 386 + did: "did:plc:notfound", 387 + expectError: true, 388 + }, 389 + } 390 + 391 + for _, tt := range tests { 392 + t.Run(tt.name, func(t *testing.T) { 393 + doc, err := handler.fetchDIDDocument(tt.did) 394 + 395 + if tt.expectError { 396 + if err == nil { 397 + t.Error("expected error, got nil") 398 + } 399 + return 400 + } 401 + 402 + if err != nil { 403 + t.Fatalf("unexpected error: %v", err) 404 + } 405 + 406 + if doc.ID != mockDIDDocument.ID { 407 + t.Errorf("expected ID %s, got %s", mockDIDDocument.ID, doc.ID) 408 + } 409 + }) 410 + } 411 + } 412 + 413 + // Test caching 414 + func TestCaching(t *testing.T) { 415 + callCount := 0 416 + 417 + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 418 + callCount++ 419 + w.WriteHeader(http.StatusOK) 420 + json.NewEncoder(w).Encode(mockDIDDocument) 421 + })) 422 + defer server.Close() 423 + 424 + handler := NewPLCHandler(server.URL) 425 + 426 + // First call 427 + _, err := handler.fetchDIDDocument("did:plc:test123") 428 + if err != nil { 429 + t.Fatalf("unexpected error: %v", err) 430 + } 431 + 432 + if callCount != 1 { 433 + t.Errorf("expected 1 HTTP call, got %d", callCount) 434 + } 435 + 436 + // Second call (should use cache) 437 + _, err = handler.fetchDIDDocument("did:plc:test123") 438 + if err != nil { 439 + t.Fatalf("unexpected error: %v", err) 440 + } 441 + 442 + if callCount != 1 { 443 + t.Errorf("expected 1 HTTP call (cached), got %d", callCount) 444 + } 445 + 446 + // Invalidate cache by modifying timestamp 447 + handler.cache["did:plc:test123"].Timestamp = time.Now().Add(-10 * time.Minute) 448 + 449 + // Third call (cache expired, should fetch again) 450 + _, err = handler.fetchDIDDocument("did:plc:test123") 451 + if err != nil { 452 + t.Fatalf("unexpected error: %v", err) 453 + } 454 + 455 + if callCount != 2 { 456 + t.Errorf("expected 2 HTTP calls (cache expired), got %d", callCount) 457 + } 458 + } 459 + 460 + // Integration test for DNS server 461 + func TestDNSServerIntegration(t *testing.T) { 462 + // Create mock HTTP server 463 + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { 464 + w.WriteHeader(http.StatusOK) 465 + json.NewEncoder(w).Encode(mockDIDDocument) 466 + })) 467 + defer server.Close() 468 + 469 + handler := NewPLCHandler(server.URL) 470 + 471 + tests := []struct { 472 + name string 473 + qname string 474 + qtype uint16 475 + expectedValue string 476 + expectError bool 477 + }{ 478 + { 479 + name: "Query handle", 480 + qname: "_handle.test123.plc.atscan.net.", 481 + qtype: dns.TypeTXT, 482 + expectedValue: "test.bsky.social", 483 + expectError: false, 484 + }, 485 + { 486 + name: "Query PDS", 487 + qname: "_pds.test123.plc.atscan.net.", 488 + qtype: dns.TypeTXT, 489 + expectedValue: "https://bsky.social", 490 + expectError: false, 491 + }, 492 + { 493 + name: "Query labeler", 494 + qname: "_labeler.test123.plc.atscan.net.", 495 + qtype: dns.TypeTXT, 496 + expectedValue: "https://mod.bsky.app", 497 + expectError: false, 498 + }, 499 + { 500 + name: "Query pubkey", 501 + qname: "_pubkey.test123.plc.atscan.net.", 502 + qtype: dns.TypeTXT, 503 + expectedValue: "zQ3shXjHeiBuRCKmM36cuYnm7YEMzhGnCmCyW92sRJ9przSMS", 504 + expectError: false, 505 + }, 506 + { 507 + name: "Invalid query type", 508 + qname: "_handle.test123.plc.atscan.net.", 509 + qtype: dns.TypeA, 510 + expectError: true, 511 + }, 512 + { 513 + name: "Invalid domain", 514 + qname: "invalid.domain.com.", 515 + qtype: dns.TypeTXT, 516 + expectError: true, 517 + }, 518 + } 519 + 520 + for _, tt := range tests { 521 + t.Run(tt.name, func(t *testing.T) { 522 + // Create DNS request 523 + m := new(dns.Msg) 524 + m.SetQuestion(tt.qname, tt.qtype) 525 + 526 + // Create response writer 527 + rw := &testResponseWriter{msg: new(dns.Msg)} 528 + 529 + // Handle request 530 + handler.ServeDNS(rw, m) 531 + 532 + if tt.expectError { 533 + if rw.msg.Rcode == dns.RcodeSuccess && len(rw.msg.Answer) > 0 { 534 + t.Error("expected error response, got success") 535 + } 536 + return 537 + } 538 + 539 + if rw.msg.Rcode != dns.RcodeSuccess { 540 + t.Errorf("expected success, got rcode %d", rw.msg.Rcode) 541 + } 542 + 543 + if len(rw.msg.Answer) != 1 { 544 + t.Fatalf("expected 1 answer, got %d", len(rw.msg.Answer)) 545 + } 546 + 547 + txtRecord, ok := rw.msg.Answer[0].(*dns.TXT) 548 + if !ok { 549 + t.Fatal("answer is not TXT record") 550 + } 551 + 552 + if len(txtRecord.Txt) != 1 { 553 + t.Fatalf("expected 1 TXT value, got %d", len(txtRecord.Txt)) 554 + } 555 + 556 + if txtRecord.Txt[0] != tt.expectedValue { 557 + t.Errorf("expected value %s, got %s", tt.expectedValue, txtRecord.Txt[0]) 558 + } 559 + }) 560 + } 561 + } 562 + 563 + // Test response writer for DNS testing 564 + type testResponseWriter struct { 565 + msg *dns.Msg 566 + } 567 + 568 + func (w *testResponseWriter) LocalAddr() net.Addr { 569 + return nil 570 + } 571 + 572 + func (w *testResponseWriter) RemoteAddr() net.Addr { 573 + return nil 574 + } 575 + 576 + func (w *testResponseWriter) WriteMsg(m *dns.Msg) error { 577 + w.msg = m 578 + return nil 579 + } 580 + 581 + func (w *testResponseWriter) Write([]byte) (int, error) { 582 + return 0, nil 583 + } 584 + 585 + func (w *testResponseWriter) Close() error { 586 + return nil 587 + } 588 + 589 + func (w *testResponseWriter) TsigStatus() error { 590 + return nil 591 + } 592 + 593 + func (w *testResponseWriter) TsigTimersOnly(bool) {} 594 + 595 + func (w *testResponseWriter) Hijack() {}