[HN Gopher] Making a DNS query in Ruby from scratch ___________________________________________________________________ Making a DNS query in Ruby from scratch Author : guiambros Score : 85 points Date : 2022-11-06 16:40 UTC (6 hours ago) (HTM) web link (jvns.ca) (TXT) w3m dump (jvns.ca) | endorphine wrote: | Off-topic, but am I the only one that's annoyed by the lack of | publish dates in blogs? | inopinatus wrote: | It's in the URL: https://jvns.ca/blog/2022/11/06/making-a-dns- | query-in-ruby-f... | | and the HTML source also includes a machine-readable element: | <p class="meta"> <time datetime="2022-11-06T08:31:53" | pubdate="" data-updated="true"></time> </p> | | For my own journal, I tuck human-readable metadata inside a | <details> block (which defaults to hidden), with the title in | the nested <summary> (which defaults to visible). Thus, it's | available, if visitors activate the title to reveal it. | speedgoose wrote: | You can blame SEO. Old content is not ranked as well as new | content so it's better to remove the date and pretend the | articles are recent. | | The world may be a better place without SEO. | [deleted] | teddyh wrote: | Note: While educational, making a DNS query without DNSSEC | verification in 2022 is like making a HTTP query without | certificate verification (or without HTTPS support). | tptacek wrote: | This is so wildly untrue I'm wondering if you wrote it just to | prod someone to jump in here and start the DNSSEC argument. | Less than 4% of North American names are signed. Virtually | nobody uses DNSSEC. | | Further, this code implements a stub resolver querying 8.8.8.8 | --- in that scenario, there _is_ no DNSSEC verification, as you | know. For stub resolvers, the kind your browser or OS uses, | DNSSEC condenses down to a single bit in the header that the | server uses to say "trust me, I did DNSSEC". | teddyh wrote: | (I don't need to prod _you_ to comment on DNSSEC; you seem to | be able to find any and all mentions of DNSSEC here quite | well on your own.) | | > _Further, this code implements a stub resolver_ | | Fair enough, but... | | > _DNSSEC condenses down to a single bit in the header that | the server uses to say "trust me, I did DNSSEC"._ | | ...they did not ask (in the query) for DNSSEC verification, | nor did they check the bit in the response. | fweimer wrote: | It's not unusual to validate unconditionally in recursive | resolvers, even for clients that did not set the AD bit or | the DO bit. | eli wrote: | You ignored the part about nobody using it in the first | place. There's nothing to verify. | teddyh wrote: | He said "Less than 4% of North American names are | signed.". Don't you wonder why he specified North | American names? | tptacek wrote: | Because it's easy to grab that statistic and a lot more | annoying to get the global one, especially because global | deployment stats count "zones" and not delegations from | TLDs. But there are almost twice as many signed domains | in .COM (DNSSEC uptake: 1.6%) than there are in .NL, and | the number of signed delegations drops _rapidly_ after | .NL (from 3.5MM to 1MM in .CH, to below 1MM in .BR; by | the time we hit .UK, the graph is hard to read. My point | being: adding up all the signed European names (which are | signed automatically at registrars as security theater) | isn 't going to get you a more attractive uptake | percentage. | | It's possible that the reason I said "less than 4% of | North American domains" is that I simply made a mistake, | and should instead have said "less than 4% of all | domains". Again: .COM has a 1.6% uptake. There are years | in the last ~4 where DNSSEC uptake _fell_ in .COM. | | DNSSEC is moribund. | teddyh wrote: | > _DNSSEC is moribund._ | | For how many years have you been saying that? Meanwhile, | from what I can tell, DNSSEC usage keeps going _up_. | tptacek wrote: | Not so much, no. Now, could you acknowledge the comment I | just wrote? It's less than 4% of _all_ domains. So: what | were you trying to imply when you pointed out that I 'd | said "North American domains"? And, now that I've | corrected the comment, would you still have said it? | teddyh wrote: | I can't find any good statistics either, so I did not | comment on any specifics. I am simply wary of overly | specific qualifications with no obvious reason for their | specificity; most often, these sorts of arguments are | made in order to mislead readers. I don't know what the | actual numbers are. | | All I can say is that from personal experience when | working at a registrar and DNS service provider, the | number of people asking about and requesting DNSSEC is | increasing all the time, and show no signs of decreasing. | Also, all registries (i.e. TLDs) are also all pushing for | registrars and DNS service providers to provide DNSSEC, | so there is demand from _both_ sides. Note: I do not have | any financial incentive to push DNSSEC; in fact, strictly | speaking, DNSSEC makes my job _harder_. | | Also, as I have mentioned before, I have never seen | anyone argue against DNSSEC with any persistence (in | industry interest groups, at conferences, etc). Except | _you_ , here on HN. And you _really_ seem to have it in | for DNSSEC, even going so far as to keep making arguments | against the crypto, not only while it was obvious that it | could (and would) be fixed, but even making the same | argument _after_ it was actually fixed. You keep shifting | your arguments, but keep arguing against DNSSEC with | whatever you can find. This does not make you look | credible. And your sole remaining argument, that DNSSEC | has low usage, is not a very good one, if it is in fact | the case that the usage is actually (on the whole) | increasing. | Vecr wrote: | I'm not sure why I can't reply to the comment next to | mine, but quite a few .gov sites use DNSSEC, so there's | at least some point in using it. | faraaz98 wrote: | Great post! I feel like Ruby can make a comeback if a lot more | people use it for more than just Rails | alwillis wrote: | Don't call it a comeback--Ruby hasn't gone anywhere. | | I get it that the hype around Ruby and Rails has--thankfully-- | subsided but Ruby is even better today than it was then. | byroot wrote: | It's _much_ better today. | | Sure when it was hype a decade ago you'd get lots of flashy | tools and library every other days, but a large part of it | was really wonky. | | Now that the dust settled, the tools that remain largely used | are much higher quality. | philsnow wrote: | I really, really like Ruby-the-language, and prefer it over | python. I don't love that it's joined at the hip with Rails. | | compared to Python, Ruby has: - first-class | symbols (yes python has sys.intern but it would take a PEP | giving them a pithy syntax to make them usable, plus python has | 25 years of stdlib and libraries using "strings" or enums for | constants instead of :symbols) - procs/blocks and better- | than-python lambdas - "open classes" / monkey-patching of | builtins (for better or for worse) - trivial | metaprogramming with method_missing (for better or for worse) | | some of these make fun one-off projects easier or faster, some | of them would be less welcome in large, mature codebases. | inferiorhuman wrote: | So I'm a Ruby fan and I largely agree with you. I started | dicking around with Stable Diffusion recently and was almost | immediately reminded of so many things I dislike about | Python. | | But just to be a bit contrary: | | - I don't see a huge value in symbols. In Ruby they are | literally just static strings which means they use memory | you'll never get back - potentially important if you're e.g. | parsing something large into a hash and symbolizing the keys. | If you have to put a non-alphanumeric character in a symbol | you still need to use quotes. | | - Procs, blocks, and lambdas - yes. | | - Metaprogramming and monkey patching? | dfjasdjldfjkdfjlkfdjldfoh4houfhufl. A double edged sword at | best and 100% not something I'd want to see in a larger | codebase. Javascript folks largely learned this lesson with | the shift from Prototype to jQuery. You can do some really | neat-o things but they're almost always unintuitive to the | uninitiated. | rco8786 wrote: | Monkey patching I agree with but IMO it's unfair to lump | metaprogramming into that same bucket. | Mikeb85 wrote: | Ruby never went away. It just used to have an extreme amount of | hype and now is a mature and, dare I say, slightly "boring" | language. | teddyh wrote: | With Python being so much more common, Ruby would have to have | something really remarkable in order to do that. Does it? | faraaz98 wrote: | Unfortunately no. There's been a sight increase in interest | ever since Ruby 3 but something else is needed for a spark | brightball wrote: | Ruby is the closest thing to Aspect Oriented Programming that | I've seen. Primary driver of the reason the Gem ecosystem is | so good. | teddyh wrote: | But is it better enough to warrant a switch? Python has | multiple inheritance (enabling "mixin" classes), | metaclasses and decorators, all of which can be used to | solve the problems which AOP aims to solve. Not to mention | numerous modules to make AOP easy, if that is what you | want. Again, it might be _easier_ in Ruby, but is it easier | _enough_? | brightball wrote: | I've read a few Python books and dove into it. All I can | say is that I enjoy programming with Ruby. I keep coming | back to it despite multiple other languages. | | I love Elixir as a language but I still find myself | coming back to Ruby frequently. | | Python exists, but there's nothing about the language | that makes me want to use it. Quite the opposite. I find | myself avoiding it whenever possible. | | As a prominent Python dev told me, "It's the okayest | language out there." | revskill wrote: | Could u tell me more details the "opposite" things here | in details ? | inferiorhuman wrote: | By far the biggest thing for me is package/environment | management. _All_ of the tools I 've used just suck. Pip, | virtualenv, conda. For me, at least, getting started with | anything non-trivial in Python involves grinding my teeth | and slogging through whatever unpleasantries. Recently | I've run into problems where some stuff seems to not work | between different minor versions of Python 3. Ruby is | generally easier and more portable - that a large subset | of Python folks have standardized on a model / management | tool like Conda that's not portable is something I can't | say anything civil about. I can't think of any other | language that's done something so boneheaded. | | Beyond that Python is _opinionated_. In a lot of ways | this is an improvement over e.g. Perl. However enjoyment | is largely predicated on liking the opinions, if you don | 't it's not fun. For instance I wanted to write a multi- | line lambda recently (mostly to make it easier to read). | With Ruby and Rust I can do this pretty easily. With | Python? No dice. Sure, there are good reasons to _not_ | make a lambda a multi-line ordeal but sometimes I just | want to. | ericpauley wrote: | "If you wish to make an apple pie from scratch you must first | invent the universe." | | -Carl Sagan | | With that said, it was cool to see a lower-level explanation than | just calling a library. | js2 wrote: | Making an ICMP echo query in Python from scratch: | | https://github.com/jaysoffian/eap_proxy/blob/78a058ffe67c253... | | The dnspython package is pure python and it's a lot of code, but | it supports pretty much everything related to DNS: | | https://github.com/rthalley/dnspython | fweimer wrote: | I can't really ready Ruby, but it seems to me that the code | fragment for implementing domain name compression does not handle | compression loops. ___________________________________________________________________ (page generated 2022-11-06 23:00 UTC)