Djbdns
From Wikipedia, the free encyclopedia
- The correct title of this article is djbdns. The initial letter is shown capitalized due to technical restrictions.
| djbdns | |
| Developer: | Daniel J. Bernstein |
|---|---|
| Latest release: | 1.05 / February 11, 2001 |
| OS: | Unix-like |
| Use: | DNS server |
| License: | Licence-free software |
| Website: | http://cr.yp.to/djbdns.html |
The djbdns program is a simple and secure DNS implementation created by Daniel J. Bernstein due to his frustrations with repeated BIND security holes. There is an as-yet-unclaimed $500 prize (see External Links, below) for the first person to find a security hole in djbdns.
As of 2004, it was the second most popular DNS server.[1]
Contents |
[edit] The components of djbdns
The package contains:
- six servers:
- dnscache -- the local dns resolver and cache.
- tinydns -- a database-driven dns server.
- walldns -- a "reverse DNS wall", providing IP to domain name lookup only.
- rbldns -- a server designed for dns blacklisting service.
- pickdns -- a database-driven server that chooses from matching records depending on the requester's location. (This feature is now a standard part of tinydns.)
- axfrdns -- a zone-transfer server.
- a number of client tools:
- axfr-get -- a zone-transfer client.
- dnsip -- simple address from name lookup.
- dnsipq -- address from name lookup with rewriting rules.
- dnsname -- simple name from address lookup.
- dnstxt -- simple text record from name lookup.
- dnsmx -- mail exchanger lookup.
- dnsfilter -- looks up names for addresses read from stdin, in parallel.
- dnsqr -- recursive general record lookup.
- dnsq -- non-recursive general record lookup, useful for debugging.
- dnstrace (and dnstracesort) -- comprehensive testing of the chains of authority over dns servers and their names.
- and associated configuration tools.
In djbdns, different features and services, like AXFR zone transfers, are split off into separate programs. Zone file parsing, DNS caching, and recursive resolving are also implemented as separate programs. The result of these design decisions is a dramatic reduction in code size and complexity of the daemon program that answers lookup requests. Daniel J. Bernstein (and many others) feel that this is true to the spirit of the Unix operating system, and makes security verification much simpler.
[edit] Copyright status
- Main article: Licence-Free Software
The package is distributed as Licence-Free Software; the software does not meet the Open Source Definition. This stops djbdns from being included with some Linux distributions, such as Debian. This is also probably why many other Linux distributions do not include it. The software is free for anyone to use, however; the source code is publicly available, can be downloaded by anyone free of charge, and is open for inspection and modification by users. The licensing issues have not deterred a large number of feature-enhancing augmentations from being published. The only limitation is that one can not legally distribute a modified version of djbdns; modifications have to be distributed as diff patches.
[edit] See also
[edit] References
- ^ Moore, Don (2004). DNS server survey. Retrieved on 2005-01-06.
[edit] External links
- djbdns official homepage
- The $500 prize
- A guide to DJBDNS
- The djbdns section of FAQTS
- Unofficial website
- A djbdns guide and tutorial with addon
- Jonathan de Boyne Pollard's debunking of several myths relating to djbdns
- Jonathan de Boyne Pollard's list of the several known problems in djbdns
- Supporting newer record formats through generic records.
- LWN (Linux weekly news) looks at DjbDNS
