djbdns
| djbdns | |
|---|---|
| Basic data
|
|
| developer | Daniel J. Bernstein |
| Current version | 1.05 (February 11, 2001) |
| operating system | various Unix derivatives |
| programming language | C. |
| category | DNS server |
| License | public domain |
| German speaking | No |
| https://cr.yp.to/djbdns.html | |
djbdns is a DNS server developed by Daniel J. Bernstein . One reason for the development of djbdns was the recurring security problems within BIND . Daniel Bernstein, a developer whose main focus is on the security of his applications, has tendered $ 1000 to the person who finds and can prove a security problem with djbdns. So far, this price has only been paid for a very special problem, which proponents see as an indication of safety. Critics, on the other hand, refer to the qmail software , also written by Bernstein , in which the existence of possible bugs is harshly discussed by Bernstein, among others.
Details
The concept of djbdns is in stark contrast to that of BIND. While BIND packs all functionality from the DNS server to the zone transfer service in a daemon , this functional scope is divided into several components with djbdns (not all components are dealt with here):
dnscache
The dnscache component is a DNS resolver and DNS cache. It answers queries via FQDN ( fully qualified domain names ) by removing the corresponding domain name from the root zone (.) Piece by piece. The results are then held until the set cache size has been exceeded or the TTL ( time to live ) of the respective domain name has expired.
tinydns
The tinydns component is a DNS server that only answers inquiries about domain names that are in its own database; other inquiries are rejected without further reaction. The configuration of tinydns is very different from that of BIND. While with BIND a zone file is set up individually for each IP subnet , with tinydns this division does not exist. A single central configuration file is used.
rbldns
Spam mails were / are becoming more and more of a problem, which is why blacklist servers were made available to expose open relays and other spammers via their IP address . Daniel Bernstein has written and published a daemon with rbldns that can receive such requests and forwards them to the appropriate blacklist server and cache the result.
axfrdns
This daemon is responsible for responses via TCP , which are necessary, for example, if response packets are too long for UDP (longer than 512 bytes). It uses the same database as tinydns and can be seen as a supplement to it. Furthermore, the operation of a daemon that listens for TCP is required by RFC 1035 : "The Internet supports name server access using TCP on server port 53 (decimal) as well as datagram access using UDP on UDP port 53 (decimal)." Bernstein's position on this is that you did something wrong when queries need to be answered via TCP. Axfrdns also supports zone transfers via AXFR , but this is deactivated by default and should be activated individually for each zone and slave IP.
License
Since December 28, 2007, djbdns has been released as public domain .
Before that, the source code was made publicly available, but Bernstein did not allow the distribution of modified source code, nor the distribution of executable files compiled from the source code . Adjustments could therefore only be passed on as a patch .
Web links
- djbdns: Domain Name System Tools (English)
Individual evidence
- ↑ The djbdns Open Source Project on Open Hub: Languages Page . In: Open Hub . (accessed on July 18, 2018).
- ↑ Mail To News And Back Again . Gmane. Archived from the original on March 5, 2009. Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. Retrieved July 12, 2010.
- ↑ How to answer TCP queries . Cr.yp.to. Retrieved July 12, 2010.
- ↑ Frequently asked questions from distributors . Cr.yp.to. Retrieved July 12, 2010.
