djbdns
From Wikipedia, the free encyclopedia
Developed by | Daniel J. Bernstein |
---|---|
Latest release | 1.05 / February 11, 2001 |
Operating system | Unix-like |
Type | DNS server |
License | Public domain |
Website | http://cr.yp.to/djbdns.html |
The djbdns software package is a DNS implementation created by Daniel J. Bernstein due to his frustrations with repeated BIND security holes. A $1000 prize[1] for the first person to find a privilege escalation security hole in djbdns was awarded[2] in March of 2009 to Matthew Dempsky.
As of 2004[update], djbdns's tinydns component was the second most popular DNS server.[3]
djbdns has never been vulnerable to the cache poisoning vulnerability reported in July 2008 [4][5], but it has been discovered that it is vulnerable to a related attack [6].
Contents |
[edit] The main djbdns components
The djbdns software consists of server, client, and some miscellaneous configuration tools.
[edit] Servers
- dnscache — the dns resolver and cache.
- tinydns — a database-driven dns server.
- walldns — a "reverse DNS wall", providing IP to domain name lookup only.
- rbldns — a server designed for dns blacklisting service.
- pickdns — a database-driven server that chooses from matching records depending on the requester's location. (This feature is now a standard part of tinydns.)
- axfrdns — a zone-transfer server.
[edit] Client tools
- axfr-get — a zone-transfer client.
- dnsip — simple address from name lookup.
- dnsipq — address from name lookup with rewriting rules.
- dnsname — simple name from address lookup.
- dnstxt — simple text record from name lookup.
- dnsmx — mail exchanger lookup.
- dnsfilter — looks up names for addresses read from stdin, in parallel.
- dnsqr — recursive general record lookup.
- dnsq — non-recursive general record lookup, useful for debugging.
- dnstrace (and dnstracesort) — comprehensive testing of the chains of authority over dns servers and their names.
[edit] Design
In djbdns, different features and services, such as AXFR zone transfers, are split off into separate programs. Zone file parsing, DNS caching, and recursive resolving are also implemented as separate programs. The result of these design decisions is a dramatic reduction in code size and complexity of the daemon program that answers lookup requests. Daniel J. Bernstein (and many others) feel that this is true to the spirit of the Unix operating system, and makes security verification much simpler.
[edit] Copyright status
On December 28, 2007, Bernstein released djbdns into the public domain.[7] Formerly, the package was distributed as license-free software, which created challenges for inclusion in some Linux distributions.
[edit] See also
[edit] References
- ^ "The djbdns security guarantee". http://cr.yp.to/djbdns/guarantee.html. Retrieved on 2008-09-02.
- ^ "The djbdns prize claimed". http://article.gmane.org/gmane.network.djbdns/13864. Retrieved on 2009-03-04.
- ^ Moore, Don (2004). "DNS server survey". http://mydns.bboy.net./survey/. Retrieved on 2005-01-06.
- ^ "Multiple DNS implementations vulnerable to cache poisoning". http://www.kb.cert.org/CERT_WEB%5Cservices%5Cvul-notes.nsf/id/800113. Retrieved on 2008-08-05.
- ^ "An Astonishing Collaboration". http://www.doxpara.com/?p=1162. Retrieved on 2008-08-05.
- ^ Day, Kevin (2009). "Rapid DNS Poisoning in djbdns". http://www.your.org/dnscache/. Retrieved on 2009-02-23.
- ^ "Frequently asked questions from distributors". http://cr.yp.to/distributors.html. Retrieved on 2007-12-31.
[edit] External links
- djbdns official homepage
- A guide to djbdns
- The djbdns section of FAQTS
- Unofficial website
- A djbdns guide and tutorial with addon
- Jonathan de Boyne Pollard. "Some of what is said about djbdns is wrong.". Frequently Given Answers. http://homepages.tesco.net./~J.deBoynePollard/FGA/djbdns-myths-dispelled.html. — Jonathan de Boyne Pollard's debunking of several myths relating to djbdns
- Jonathan de Boyne Pollard. "The known problems with Dan Bernstein's djbdns". Frequently Given Answers. http://homepages.tesco.net./~J.deBoynePollard/FGA/djbdns-problems.html. — Jonathan de Boyne Pollard's list of the several known problems in djbdns
- Supporting newer record formats through generic records.
- LWN (Linux weekly news) looks at djbdns