Eon – An Effects-Based OCaml Nameserver

Summary

Eon is an Effects-based OCaml Nameserver using MirageOS’s functionally pure Domain Name System (DNS) library with direct-style IO (as opposed to monadic IO) using OCaml 5’s effect handlers [1] created as the basis to implement some of ideas from the Spatial Name System. §DNS Tunnelling DNS is well-known to be used for data exfiltration and tunneling, since DNS is one of the few protocols that’s almost always allowed through a firewall (at least through a recursive resolver) since it’s so fundamental to the operation of the Internet. I’ve implemented a transport layer over DNS in Eon, a simple netcat example shows how this can be used to transport data using DNS queries. Many thanks to Paul-Elliot for helping clean up the transport interface and making it more idiomatically functional. At the moment there’s no multiplexing – a server can only handle one communication at a time, but that could addresses by adding a demultiplexing field (a ‘port’). The well-defined interfaces that OCaml gives us allows this to be combined in interesting ways, such as a shell over DNS (SoD), or an IP tunnel. Note that you wouldn’t want to use this in production without some form of encryption (maybe ocaml-tls?) and authentication (e.g. public/private keys, or capabilities). A standalone example of a capability interface to a shell can be found at capability-shell. There’s some interesting performance characteristics of this tunneling in a variable asymmetry of latency between the sender and receiver, since we’re retrofitting bidirectional packet switching onto a request response protocol. That is, for the DNS server to send data to a client it has to have a query to respond to. We can’t wait to respond to a query until we have data, since recursive resolvers aggressively timeout and return a SERVFAIL in the case of a delayed reply. So we have the client periodically poll the server with queries containing no data, so the latency of the server to client link is bounded by the period of t...