Introducing the SCRIPT DNS record type

April 1, 2022

Nate Sales

Ever wanted to define your DNS records as code? How about programmatically adjusting answers on the fly? Maybe you want to use your favorite DNS query tool to decide which dessert to have?

Introducing the SCRIPT record type!

SCRIPT records contain a JavaScript function that’s executed on each DNS query to determine the corresponding answer. Contrary to standard records that all DNS server implementations understand, SCRIPT isn’t a valid RR type and isn’t part of any normal DNS server.

Let’s say you’re in need of a tasty dessert but don’t want to leave your command line:

~ $ dig +short TXT dessert.script.packetframe.com @script-ns.packetframe.com
"Salted Caramel Cake with Whipped Cream"

Under the hood, this is just a simple asynchronous JavaScript function that calls out to an API to retreive random desserts.

async function handleQuery(query) {
  return await fetch("https://random-data-api.com/api/dessert/random_dessert")
    .then(resp => resp.json())
    .then(data => {
      return {
      "authoritative": true,
      "rrs": [
        {
          name: query.name,
          ttl: 300,
          type: "TXT",
          value: '"' + data["flavor"] + " " + data["variety"] + " with " + data["topping"] + '"'
        }
      ]
    }
  })
}

More practically speaking, SCRIPT records simplify popular GeoIP DNS routing and open up a whole new range of new DNS-based load balancing, DDoS mitigation, and traffic engineering possibilities.

We pass a query object to handleQuery and await the promise. Here’s a quick example of what that query object currently contains:

~ $ dig +short +subnet=192.0.2.0/24 TXT query.script.packetframe.com @script-ns.packetframe.com
"{'name':'query.script.packetframe.com.','type':'TXT','subnet':'192.0.2.0/24/0','cookie':'d551f2af83ce9fda'}"
async function handleQuery(query) {
    return {
        "authoritative": true,
        "rrs": [
            {
                name: query.name,
                ttl: 86400,
                type: "TXT",
                value: JSON.stringify(query).replaceAll('"', "'")
            }
        ]
    }
}

As always, the code behind SCRIPT records is entirely open source, found in the api repo.

And no, this isn’t a joke! Select the SCRIPT record type from the dashboard, try it out, and let us know what you build with them!

© Packetframe 2022