Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
dns-packet
Advanced tools
An abstract-encoding compliant module for encoding / decoding DNS packets
The dns-packet npm package is a library for encoding/decoding DNS packets. It supports both Node.js and the browser and can handle various DNS record types. It is useful for creating custom DNS servers, clients, or for manipulating DNS packets for analysis or testing.
Encoding DNS packets
This feature allows you to encode a DNS packet into a buffer. The example code shows how to create a DNS query packet for the domain 'example.com'.
const dnsPacket = require('dns-packet');
const encodedPacket = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [{
type: 'A',
name: 'example.com'
}]
});
Decoding DNS packets
This feature allows you to decode a DNS packet from a buffer. The example code demonstrates how to decode a buffer into a DNS packet object.
const dnsPacket = require('dns-packet');
const buffer = Buffer.from('...'); // a buffer containing a DNS packet
const decodedPacket = dnsPacket.decode(buffer);
Streaming DNS packet encoding/decoding
This feature allows you to encode and decode DNS packets in a streaming fashion, which is useful for handling DNS packets in a network stream. The example code creates a simple DNS server that responds to all queries with the IP address '127.0.0.1'.
const dnsPacket = require('dns-packet');
const net = require('net');
const server = net.createServer((socket) => {
socket.pipe(dnsPacket.streamDecode())
.on('data', (packet) => {
console.log('received packet:', packet);
const response = dnsPacket.streamEncode({
type: 'response',
id: packet.id,
questions: packet.questions,
answers: [{
type: 'A',
name: packet.questions[0].name,
data: '127.0.0.1'
}]
});
socket.write(response);
});
});
server.listen(53);
This package is similar to dns-packet, offering low-level DNS packet encoding/decoding with a focus on Node.js. It is an alternative that might be used in scenarios where native Node.js Buffer handling is preferred.
dns2 is a more comprehensive DNS toolkit that includes packet encoding/decoding functionalities similar to dns-packet. It also provides higher-level DNS server and client implementations, making it a more feature-rich option.
node-dns is another DNS library that provides similar packet manipulation capabilities. It differs from dns-packet by offering a full DNS resolver and server implementation, potentially making it a better choice for more complex DNS-related tasks.
An abstract-encoding compliant module for encoding / decoding DNS packets. Lifted out of multicast-dns as a separate module.
npm install dns-packet
const dnsPacket = require('dns-packet')
const dgram = require('dgram')
const socket = dgram.createSocket('udp4')
const buf = dnsPacket.encode({
type: 'query',
id: 1,
flags: dnsPacket.RECURSION_DESIRED,
questions: [{
type: 'A',
name: 'google.com'
}]
})
socket.on('message', message => {
console.log(dnsPacket.decode(message)) // prints out a response from google dns
})
socket.send(buf, 0, buf.length, 53, '8.8.8.8')
Also see the UDP example.
While DNS has traditionally been used over a datagram transport, it is increasingly being carried over TCP for larger responses commonly including DNSSEC responses and TLS or HTTPS for enhanced security. See below examples on how to use dns-packet
to wrap DNS packets in these protocols:
var buf = packets.encode(packet, [buf], [offset])
Encodes a DNS packet into a buffer containing a UDP payload.
var packet = packets.decode(buf, [offset])
Decode a DNS packet from a buffer containing a UDP payload.
var buf = packets.streamEncode(packet, [buf], [offset])
Encodes a DNS packet into a buffer containing a TCP payload.
var packet = packets.streamDecode(buf, [offset])
Decode a DNS packet from a buffer containing a TCP payload.
var len = packets.encodingLength(packet)
Returns how many bytes are needed to encode the DNS packet
Packets look like this
{
type: 'query|response',
id: optionalIdNumber,
flags: optionalBitFlags,
questions: [...],
answers: [...],
additionals: [...],
authorities: [...]
}
The bit flags available are
packet.RECURSION_DESIRED
packet.RECURSION_AVAILABLE
packet.TRUNCATED_RESPONSE
packet.AUTHORITATIVE_ANSWER
packet.AUTHENTIC_DATA
packet.CHECKING_DISABLED
To use more than one flag bitwise-or them together
var flags = packet.RECURSION_DESIRED | packet.RECURSION_AVAILABLE
And to check for a flag use bitwise-and
var isRecursive = message.flags & packet.RECURSION_DESIRED
A question looks like this
{
type: 'A', // or SRV, AAAA, etc
class: 'IN', // one of IN, CS, CH, HS, ANY. Default: IN
name: 'google.com' // which record are you looking for
}
And an answer, additional, or authority looks like this
{
type: 'A', // or SRV, AAAA, etc
class: 'IN', // one of IN, CS, CH, HS
name: 'google.com', // which name is this record for
ttl: optionalTimeToLiveInSeconds,
(record specific data, see below)
}
A
{
data: 'IPv4 address' // fx 127.0.0.1
}
AAAA
{
data: 'IPv6 address' // fx fe80::1
}
CAA
{
flags: 128, // octet
tag: 'issue|issuewild|iodef',
value: 'ca.example.net',
issuerCritical: false
}
CNAME
{
data: 'cname.to.another.record'
}
DNAME
{
data: 'dname.to.another.record'
}
DNSKEY
{
flags: 257, // 16 bits
algorithm: 1, // octet
key: Buffer
}
DS
{
keyTag: 12345,
algorithm: 8,
digestType: 1,
digest: Buffer
}
HINFO
{
data: {
cpu: 'cpu info',
os: 'os info'
}
}
MX
{
preference: 10,
exchange: 'mail.example.net'
}
NAPTR
{
data:
{
order: 100,
preference: 10,
flags: 's',
services: 'SIP+D2U',
regexp: '!^.*$!sip:customer-service@example.com!',
replacement: '_sip._udp.example.com'
}
}
NS
{
data: nameServer
}
NSEC
{
nextDomain: 'a.domain',
rrtypes: ['A', 'TXT', 'RRSIG']
}
NSEC3
{
algorithm: 1,
flags: 0,
iterations: 2,
salt: Buffer,
nextDomain: Buffer, // Hashed per RFC5155
rrtypes: ['A', 'TXT', 'RRSIG']
}
NULL
{
data: Buffer('any binary data')
}
OPT
EDNS0 options.
{
type: 'OPT',
name: '.',
udpPayloadSize: 4096,
flags: packet.DNSSEC_OK,
options: [{
// pass in any code/data for generic EDNS0 options
code: 12,
data: Buffer.alloc(31)
}, {
// Several EDNS0 options have enhanced support
code: 'PADDING',
length: 31,
}, {
code: 'CLIENT_SUBNET',
family: 2, // 1 for IPv4, 2 for IPv6
sourcePrefixLength: 64, // used to truncate IP address
scopePrefixLength: 0,
ip: 'fe80::',
}, {
code: 'TCP_KEEPALIVE',
timeout: 150 // increments of 100ms. This means 15s.
}, {
code: 'KEY_TAG',
tags: [1, 2, 3],
}]
}
The options PADDING
, CLIENT_SUBNET
, TCP_KEEPALIVE
and KEY_TAG
support enhanced de/encoding. See optionscodes.js for all supported option codes. If the data
property is present on a option, it takes precedence. On decoding, data
will always be defined.
PTR
{
data: 'points.to.another.record'
}
RP
{
mbox: 'admin.example.com',
txt: 'txt.example.com'
}
SSHFP
{
algorithm: 1,
hash: 1,
fingerprint: 'A108C9F834354D5B37AF988141C9294822F5BC00'
}
RRSIG
{
typeCovered: 'A',
algorithm: 8,
labels: 1,
originalTTL: 3600,
expiration: timestamp,
inception: timestamp,
keyTag: 12345,
signersName: 'a.name',
signature: Buffer
}
SOA
{
data:
{
mname: domainName,
rname: mailbox,
serial: zoneSerial,
refresh: refreshInterval,
retry: retryInterval,
expire: expireInterval,
minimum: minimumTTL
}
}
SRV
{
data: {
port: servicePort,
target: serviceHostName,
priority: optionalServicePriority,
weight: optionalServiceWeight
}
}
TLSA
{
usage: 3,
selector: 1,
matchingType: 1,
certificate: Buffer
}
TXT
{
data: 'text' || Buffer || [ Buffer || 'text' ]
}
When encoding, scalar values are converted to an array and strings are converted to UTF-8 encoded Buffers. When decoding, the return value will always be an array of Buffer.
If you need another record type, open an issue and we'll try to add it.
MIT
FAQs
An abstract-encoding compliant module for encoding / decoding DNS packets
We found that dns-packet demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.