[HN Gopher] Making a DNS query in Ruby from scratch
___________________________________________________________________
Making a DNS query in Ruby from scratch
Author : guiambros
Score : 85 points
Date : 2022-11-06 16:40 UTC (6 hours ago)
(HTM) web link (jvns.ca)
(TXT) w3m dump (jvns.ca)
| endorphine wrote:
| Off-topic, but am I the only one that's annoyed by the lack of
| publish dates in blogs?
| inopinatus wrote:
| It's in the URL: https://jvns.ca/blog/2022/11/06/making-a-dns-
| query-in-ruby-f...
|
| and the HTML source also includes a machine-readable element:
| <p class="meta"> <time datetime="2022-11-06T08:31:53"
| pubdate="" data-updated="true"></time> </p>
|
| For my own journal, I tuck human-readable metadata inside a
| <details> block (which defaults to hidden), with the title in
| the nested <summary> (which defaults to visible). Thus, it's
| available, if visitors activate the title to reveal it.
| speedgoose wrote:
| You can blame SEO. Old content is not ranked as well as new
| content so it's better to remove the date and pretend the
| articles are recent.
|
| The world may be a better place without SEO.
| [deleted]
| teddyh wrote:
| Note: While educational, making a DNS query without DNSSEC
| verification in 2022 is like making a HTTP query without
| certificate verification (or without HTTPS support).
| tptacek wrote:
| This is so wildly untrue I'm wondering if you wrote it just to
| prod someone to jump in here and start the DNSSEC argument.
| Less than 4% of North American names are signed. Virtually
| nobody uses DNSSEC.
|
| Further, this code implements a stub resolver querying 8.8.8.8
| --- in that scenario, there _is_ no DNSSEC verification, as you
| know. For stub resolvers, the kind your browser or OS uses,
| DNSSEC condenses down to a single bit in the header that the
| server uses to say "trust me, I did DNSSEC".
| teddyh wrote:
| (I don't need to prod _you_ to comment on DNSSEC; you seem to
| be able to find any and all mentions of DNSSEC here quite
| well on your own.)
|
| > _Further, this code implements a stub resolver_
|
| Fair enough, but...
|
| > _DNSSEC condenses down to a single bit in the header that
| the server uses to say "trust me, I did DNSSEC"._
|
| ...they did not ask (in the query) for DNSSEC verification,
| nor did they check the bit in the response.
| fweimer wrote:
| It's not unusual to validate unconditionally in recursive
| resolvers, even for clients that did not set the AD bit or
| the DO bit.
| eli wrote:
| You ignored the part about nobody using it in the first
| place. There's nothing to verify.
| teddyh wrote:
| He said "Less than 4% of North American names are
| signed.". Don't you wonder why he specified North
| American names?
| tptacek wrote:
| Because it's easy to grab that statistic and a lot more
| annoying to get the global one, especially because global
| deployment stats count "zones" and not delegations from
| TLDs. But there are almost twice as many signed domains
| in .COM (DNSSEC uptake: 1.6%) than there are in .NL, and
| the number of signed delegations drops _rapidly_ after
| .NL (from 3.5MM to 1MM in .CH, to below 1MM in .BR; by
| the time we hit .UK, the graph is hard to read. My point
| being: adding up all the signed European names (which are
| signed automatically at registrars as security theater)
| isn 't going to get you a more attractive uptake
| percentage.
|
| It's possible that the reason I said "less than 4% of
| North American domains" is that I simply made a mistake,
| and should instead have said "less than 4% of all
| domains". Again: .COM has a 1.6% uptake. There are years
| in the last ~4 where DNSSEC uptake _fell_ in .COM.
|
| DNSSEC is moribund.
| teddyh wrote:
| > _DNSSEC is moribund._
|
| For how many years have you been saying that? Meanwhile,
| from what I can tell, DNSSEC usage keeps going _up_.
| tptacek wrote:
| Not so much, no. Now, could you acknowledge the comment I
| just wrote? It's less than 4% of _all_ domains. So: what
| were you trying to imply when you pointed out that I 'd
| said "North American domains"? And, now that I've
| corrected the comment, would you still have said it?
| teddyh wrote:
| I can't find any good statistics either, so I did not
| comment on any specifics. I am simply wary of overly
| specific qualifications with no obvious reason for their
| specificity; most often, these sorts of arguments are
| made in order to mislead readers. I don't know what the
| actual numbers are.
|
| All I can say is that from personal experience when
| working at a registrar and DNS service provider, the
| number of people asking about and requesting DNSSEC is
| increasing all the time, and show no signs of decreasing.
| Also, all registries (i.e. TLDs) are also all pushing for
| registrars and DNS service providers to provide DNSSEC,
| so there is demand from _both_ sides. Note: I do not have
| any financial incentive to push DNSSEC; in fact, strictly
| speaking, DNSSEC makes my job _harder_.
|
| Also, as I have mentioned before, I have never seen
| anyone argue against DNSSEC with any persistence (in
| industry interest groups, at conferences, etc). Except
| _you_ , here on HN. And you _really_ seem to have it in
| for DNSSEC, even going so far as to keep making arguments
| against the crypto, not only while it was obvious that it
| could (and would) be fixed, but even making the same
| argument _after_ it was actually fixed. You keep shifting
| your arguments, but keep arguing against DNSSEC with
| whatever you can find. This does not make you look
| credible. And your sole remaining argument, that DNSSEC
| has low usage, is not a very good one, if it is in fact
| the case that the usage is actually (on the whole)
| increasing.
| Vecr wrote:
| I'm not sure why I can't reply to the comment next to
| mine, but quite a few .gov sites use DNSSEC, so there's
| at least some point in using it.
| faraaz98 wrote:
| Great post! I feel like Ruby can make a comeback if a lot more
| people use it for more than just Rails
| alwillis wrote:
| Don't call it a comeback--Ruby hasn't gone anywhere.
|
| I get it that the hype around Ruby and Rails has--thankfully--
| subsided but Ruby is even better today than it was then.
| byroot wrote:
| It's _much_ better today.
|
| Sure when it was hype a decade ago you'd get lots of flashy
| tools and library every other days, but a large part of it
| was really wonky.
|
| Now that the dust settled, the tools that remain largely used
| are much higher quality.
| philsnow wrote:
| I really, really like Ruby-the-language, and prefer it over
| python. I don't love that it's joined at the hip with Rails.
|
| compared to Python, Ruby has: - first-class
| symbols (yes python has sys.intern but it would take a PEP
| giving them a pithy syntax to make them usable, plus python has
| 25 years of stdlib and libraries using "strings" or enums for
| constants instead of :symbols) - procs/blocks and better-
| than-python lambdas - "open classes" / monkey-patching of
| builtins (for better or for worse) - trivial
| metaprogramming with method_missing (for better or for worse)
|
| some of these make fun one-off projects easier or faster, some
| of them would be less welcome in large, mature codebases.
| inferiorhuman wrote:
| So I'm a Ruby fan and I largely agree with you. I started
| dicking around with Stable Diffusion recently and was almost
| immediately reminded of so many things I dislike about
| Python.
|
| But just to be a bit contrary:
|
| - I don't see a huge value in symbols. In Ruby they are
| literally just static strings which means they use memory
| you'll never get back - potentially important if you're e.g.
| parsing something large into a hash and symbolizing the keys.
| If you have to put a non-alphanumeric character in a symbol
| you still need to use quotes.
|
| - Procs, blocks, and lambdas - yes.
|
| - Metaprogramming and monkey patching?
| dfjasdjldfjkdfjlkfdjldfoh4houfhufl. A double edged sword at
| best and 100% not something I'd want to see in a larger
| codebase. Javascript folks largely learned this lesson with
| the shift from Prototype to jQuery. You can do some really
| neat-o things but they're almost always unintuitive to the
| uninitiated.
| rco8786 wrote:
| Monkey patching I agree with but IMO it's unfair to lump
| metaprogramming into that same bucket.
| Mikeb85 wrote:
| Ruby never went away. It just used to have an extreme amount of
| hype and now is a mature and, dare I say, slightly "boring"
| language.
| teddyh wrote:
| With Python being so much more common, Ruby would have to have
| something really remarkable in order to do that. Does it?
| faraaz98 wrote:
| Unfortunately no. There's been a sight increase in interest
| ever since Ruby 3 but something else is needed for a spark
| brightball wrote:
| Ruby is the closest thing to Aspect Oriented Programming that
| I've seen. Primary driver of the reason the Gem ecosystem is
| so good.
| teddyh wrote:
| But is it better enough to warrant a switch? Python has
| multiple inheritance (enabling "mixin" classes),
| metaclasses and decorators, all of which can be used to
| solve the problems which AOP aims to solve. Not to mention
| numerous modules to make AOP easy, if that is what you
| want. Again, it might be _easier_ in Ruby, but is it easier
| _enough_?
| brightball wrote:
| I've read a few Python books and dove into it. All I can
| say is that I enjoy programming with Ruby. I keep coming
| back to it despite multiple other languages.
|
| I love Elixir as a language but I still find myself
| coming back to Ruby frequently.
|
| Python exists, but there's nothing about the language
| that makes me want to use it. Quite the opposite. I find
| myself avoiding it whenever possible.
|
| As a prominent Python dev told me, "It's the okayest
| language out there."
| revskill wrote:
| Could u tell me more details the "opposite" things here
| in details ?
| inferiorhuman wrote:
| By far the biggest thing for me is package/environment
| management. _All_ of the tools I 've used just suck. Pip,
| virtualenv, conda. For me, at least, getting started with
| anything non-trivial in Python involves grinding my teeth
| and slogging through whatever unpleasantries. Recently
| I've run into problems where some stuff seems to not work
| between different minor versions of Python 3. Ruby is
| generally easier and more portable - that a large subset
| of Python folks have standardized on a model / management
| tool like Conda that's not portable is something I can't
| say anything civil about. I can't think of any other
| language that's done something so boneheaded.
|
| Beyond that Python is _opinionated_. In a lot of ways
| this is an improvement over e.g. Perl. However enjoyment
| is largely predicated on liking the opinions, if you don
| 't it's not fun. For instance I wanted to write a multi-
| line lambda recently (mostly to make it easier to read).
| With Ruby and Rust I can do this pretty easily. With
| Python? No dice. Sure, there are good reasons to _not_
| make a lambda a multi-line ordeal but sometimes I just
| want to.
| ericpauley wrote:
| "If you wish to make an apple pie from scratch you must first
| invent the universe."
|
| -Carl Sagan
|
| With that said, it was cool to see a lower-level explanation than
| just calling a library.
| js2 wrote:
| Making an ICMP echo query in Python from scratch:
|
| https://github.com/jaysoffian/eap_proxy/blob/78a058ffe67c253...
|
| The dnspython package is pure python and it's a lot of code, but
| it supports pretty much everything related to DNS:
|
| https://github.com/rthalley/dnspython
| fweimer wrote:
| I can't really ready Ruby, but it seems to me that the code
| fragment for implementing domain name compression does not handle
| compression loops.
___________________________________________________________________
(page generated 2022-11-06 23:00 UTC)