Djbdns

djbdns
Developer(s)Daniel J. Bernstein
Initial releaseMarch 25, 2000; 24 years ago (2000-03-25)
Stable release
1.05 / February 11, 2001; 23 years ago (2001-02-11)
Operating systemUnix-like
TypeDNS server
LicensePublic domain
Websitecr.yp.to/djbdns.html

The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize[1] for the first person to find a security hole in djbdns, which was awarded[2] in March 2009 to Matthew Dempsky.

As of 2004, djbdns's tinydns component was the second most popular DNS server in terms of the number of domains for which it was the authoritative server, and third most popular in terms of the number of DNS hosts running it.[3]

djbdns has never been vulnerable to the widespread cache poisoning vulnerability reported in July 2008,[4][5] but it has been discovered that it is vulnerable to a related attack.[6]

The source code has not been centrally managed since its release in 2001, and was released into the public domain in 2007.[7] As of March 2009, there are a number of forks, one of which is dbndns (part of the Debian Project), and more than a dozen patches to modify the released version.[8]

While djbdns does not directly support DNSSEC, there are third party patches to add DNSSEC support to djbdns' authoritative-only tinydns component.[9]

Components

The djbdns software consists of servers, clients, and miscellaneous configuration tools.

Servers

  • dnscache — the DNS resolver and cache.
  • tinydns — a database-driven DNS server.
  • walldns — a "reverse DNS wall", providing IP address-to-domain name lookup only.
  • rbldns — a server designed for DNS blacklisting service.
  • pickdns — a database-driven server that chooses from matching records depending on the requestor's location. (This feature is now a standard part of tinydns.)
  • axfrdns — a zone transfer server.

Client tools

  • axfr-get — a zone-transfer client.
  • dnsip — simple address from name lookup.
  • dnsipq — address from name lookup with rewriting rules.
  • dnsname — simple name from address lookup.
  • dnstxt — simple text record from name lookup.
  • dnsmx — mail exchanger lookup.
  • dnsfilter — looks up names for addresses read from stdin, in parallel.
  • dnsqr — recursive general record lookup.
  • dnsq — non-recursive general record lookup, useful for debugging.
  • dnstrace (and dnstracesort) — comprehensive testing of the chains of authority over DNS servers and their names.

Design

In djbdns, different features and services are split off into separate programs. For example, zone transfers, zone file parsing, caching, and recursive resolving are implemented as separate programs. The result of these design decisions is a reduction in code size and complexity of the daemon program that provides the core function of answering lookup requests. Bernstein asserts that this is true to the spirit of the Unix operating system, and makes security verification much simpler.[citation needed]

On December 28, 2007, Bernstein released djbdns into the public domain.[10] Previously the package was distributed free of charge as license-free software. However this did not permit the distribution of modified versions of djbdns, which was one of the core principles of open-source software. Consequently, it was not included in those Linux distributions which required all components to be open-source.

See also

References

  1. ^ "The djbdns security guarantee". Archived from the original on 2012-07-06. Retrieved 2008-09-02.
  2. ^ "The djbdns prize claimed". Archived from the original on 2009-03-05. Retrieved 2009-03-04.
  3. ^ Moore, Don (2004). "DNS server survey". Archived from the original on 2005-01-06. Retrieved 2005-01-06.
  4. ^ "Multiple DNS implementations vulnerable to cache poisoning". Archived from the original on 2008-07-25. Retrieved 2008-08-05.
  5. ^ "An Astonishing Collaboration". 9 July 2008. Archived from the original on 2008-08-04. Retrieved 2008-08-05.
  6. ^ Day, Kevin (2009). "Rapid DNS Poisoning in djbdns". Archived from the original on 2009-02-21. Retrieved 2009-02-23.
  7. ^ "djbdns is placed in the public domain". Archived from the original on 2012-05-25. Retrieved 2008-01-01.
  8. ^ "Detailed overview of DNS server software by Rick Moen". Archived from the original on 2009-07-27. Retrieved 2009-07-13.
  9. ^ "DNSSEC for TinyDNS". Archived from the original on 2016-01-26. Retrieved 2016-01-19.
  10. ^ "Frequently asked questions from distributors". Archived from the original on 2012-05-25. Retrieved 2007-12-31.

 

Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve 
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9