Djbdns

From Wikipedia, the free encyclopedia

djbdns
Developer(s) Daniel J. Bernstein
Stable release 1.05 / February 11, 2001
Operating system Unix-like
Type DNS server
License Public domain
Website http://cr.yp.to/djbdns.html

The djbdns software package is a DNS implementation created by Daniel J. Bernstein due to his frustrations with repeated BIND security holes. A $1000 prize[1] for the first person to find a security hole in djbdns was awarded[2] in March 2009 to Matthew Dempsky.

As of 2004, djbdns's tinydns component was the second most popular DNS server (number of served domain).[3]

djbdns has never been vulnerable to the cache poisoning vulnerability reported in July 2008,[4][5] but it has been discovered that it is vulnerable to a related attack. [6]

The source code has not been centrally managed since 2001 and was released into the public domain in 2007.[7] As of March 2009, there are three forks, one of which is dbndns, the fork of the Debian Project, and more than a dozen patches to address shortcomings.[8]

The main djbdns components

The djbdns software consists of server, client, and some miscellaneous configuration tools.

Servers

  • dnscache the dns resolver and cache.
  • tinydns a database-driven dns server.
  • walldns a "reverse DNS wall", providing IP to domain name lookup only.
  • rbldns a server designed for dns blacklisting service.
  • pickdns a database-driven server that chooses from matching records depending on the requester's location. (This feature is now a standard part of tinydns.)
  • axfrdns a zone-transfer server.

Client tools

  • axfr-get a zone-transfer client.
  • dnsip simple address from name lookup.
  • dnsipq address from name lookup with rewriting rules.
  • dnsname simple name from address lookup.
  • dnstxt simple text record from name lookup.
  • dnsmx mail exchanger lookup.
  • dnsfilter looks up names for addresses read from stdin, in parallel.
  • dnsqr recursive general record lookup.
  • dnsq non-recursive general record lookup, useful for debugging.
  • dnstrace (and dnstracesort) comprehensive testing of the chains of authority over dns servers and their names.

Design

In djbdns, different features and services, such as AXFR zone transfers, are split off into separate programs. Zone file parsing, caching, and recursive resolving are also implemented as separate programs. The result of these design decisions is a dramatic reduction in code size and complexity of the daemon program that answers lookup requests. Daniel J. Bernstein (and many others) feel that this is true to the spirit of the Unix operating system, and makes security verification much simpler.

Copyright status

On December 28, 2007, Bernstein released djbdns into the public domain.[9] Until that day, the package was distributed as license-free software, which prevented the distribution of modified versions of djbdns which was in conflict with the principles of Open source software which made the inclusion in many Linux distributions infeasible if not impossible.

See also

References

  1. "The djbdns security guarantee". Retrieved 2008-09-02. 
  2. "The djbdns prize claimed". Retrieved 2009-03-04. 
  3. Moore, Don (2004). "DNS server survey". Retrieved 2005-01-06. 
  4. "Multiple DNS implementations vulnerable to cache poisoning". Retrieved 2008-08-05. 
  5. "An Astonishing Collaboration". Retrieved 2008-08-05. 
  6. Day, Kevin (2009). "Rapid DNS Poisoning in djbdns". Retrieved 2009-02-23. 
  7. "djbdns is placed in the public domain". 
  8. "Detailed overview of DNS server software by Rick Moen". Retrieved 2009-07-13. 
  9. "Frequently asked questions from distributors". Retrieved 2007-12-31. 

External links

This article is issued from Wikipedia. The text is available under the Creative Commons Attribution/Share Alike; additional terms may apply for the media files.