Security & privacy: lots of http: URLs changed for https:. Closes #42

Stephane Bortzmeyer 4 years ago
parent 726230774f
commit 74ff2addf1
  1. 2
  2. 24
  3. 2
  4. 8

@ -1,7 +1,7 @@
[This is the description of the JSON output format produced by the
*current* code. A work is going on at the IETF to specify a
DNS-in-JSON format
<>. The tool and
<>. The tool and
the IETF document may not agree at every moment.]
A DNS response is represented as a JSON object. The main members of

@ -4,22 +4,22 @@ General
This software is a "DNS looking glass". The DNS (Domain Name System)
is the distributed database used to retrieve data (typically IP
addresses) from domain
names. <>
names. <>
A "looking glass", among Internet engineers, typically refers to a
server on one network which serves information seen from this network
(two points of the Internet may see different things, that's why
looking glasses are important). Their main use, today, is to see BGP
<> routes from
<> routes from
another point of view
<>. But it is time
<>. But it is time
to extend them to the DNS.
The "DNS looking glass" allows you to get DNS data from another
server. This is useful to check site-dependent behavior. Among the
many reasons why the DNS data can be different in various places:
* cache poisoning, for instance by a Kaminsky attack
* DNSSEC validation enabled at some places but not others,
* network problems making name servers unreachable from some places,
* caching effects (data in the cache at some places but not others),
@ -40,16 +40,16 @@ We assume that someone installed the software. If you install it
yourself, see the next section.
The major usage of this program is through REST requests
<> (if you
<> (if you
do not know REST, do not worry; basically, it means we use ordinary
HTTP requests). If the program is installed at
<>, the URL for the requests will be
<$DOMAIN[/$TYPE][/$CLASS]> where DOMAIN is the
<>, the URL for the requests will be
<$DOMAIN[/$TYPE][/$CLASS]> where DOMAIN is the
domain name and TYPE a DNS record type (such as AAAA or MX).
More formally, following the language of URI Templates (RFC 6570), the
URLs of this service are
There is a non-standard pseudo-querytype ADDR to request both A and
AAAA, specially for the links in the HTML output.
@ -66,7 +66,7 @@ If content negotiation does not suit you, you can add in the URL the
option format=FORMAT where FORMAT is XML, HTML, TEXT, ZONE or JSON
(see next section). So, for instance, to get the IPv6 address of in XML, it will be
You can add an option to select the name server to query (the default
one is chosen by the server, typically the default resolver(s) of the
@ -88,10 +88,10 @@ with the value you want. Setting it to 0 will disable EDNS.
For finding a domain name from an IP address, you can do requests with
the arpa domain name, for instance
<> but you can also
<> but you can also
use the option reverse to ask for the address to be turned into an
arpa domain name, for instance
There is a rate-limiter so, if you receive HTTP status code 429, it
means you have been too aggressive.
@ -195,7 +195,7 @@ No API, Web only REST URLs but no API
See also a more up-to-date list at the end of
Other code for DNS looking glasses

@ -47,7 +47,7 @@ except ImportError:
return os.spawnl(os.P_WAIT, sys.executable, *args) == 0

@ -5,15 +5,15 @@
# url_documentation
# Address of a Web page describing this service
# url_css =
# url_css =
# url_opensearch =
# url_opensearch =
# URL of an OpenSearch description.
# favicon = ...
# Local path of a favicon.ico file. Optional. You can reuse the
# "official" favicon of DNS-LG at
# <>. Otherwise, to create one,
# <>. Otherwise, to create one,
# see for instance <>. To download an existing
# favicon, browse <>.
@ -25,7 +25,7 @@
# description_html =
# This string will be used for HTML output. It can include HTML
# elements for instance "Machine hosted at <a
# href="">Gandi</a>". It is your responsability
# href="">Gandi</a>". It is your responsability
# to ensure it is legal HTML. If "description_html" is not set,
# "description" will be used instead.