Go DNS Resolver is a small DNS utility library offering a high-level API for performing DNS queries against resolving name servers, recursive DNS resolution from the root servers, local DNSSEC validation and query tracing capabilities.
The creation of the DNS Lookup tool was driven by two primary motivations.
Firstly, I sought a straightforward method to resolve domain names while ensuring DNSSEC authentication. Although Go’s built-in net package (https://go.dev/src/net/lookup.go) provides a simple interface for domain name resolution, it lacks the capability to request data authentication. Conversely, the miekg/dns package (https://github.com/miekg/dns) supports data authentication requests but, by design, only offers a lower-level API. DNS Lookup aims to bridge this gap by combining the simplicity of Go’s net package with the robust functionality of miekg/dns.
Secondly, I wanted to explore the process of locally authenticating a DNSSEC chain. This involves starting from the queried Fully Qualified Domain Name (FQDN) and tracing the chain back to the root, validating signatures and delegation signers along the way. By manually setting the trust anchor Delegation Signer (DS) record, DNS Lookup allows for independent validation of the entire trust chain, ensuring a secure and reliable DNS resolution process.
A web version of the tool can be found at https://dns.nsmith.net/.