Information About

Djbdns
  CATEGORIES ABOUT DJBDNS
   
dns software
   
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...




Software Information

  Name djbdns
  Developer Daniel J Bernstein
  Latest Release Version 105
  Latest Release Date February 11 , 2001
  Operating System Unix-like
  Genre DNS server
  License Licence-free Software
  Website http://crypto/djbdnshtml


The djbdns program is a simple and security-aware DNS implementation created by Daniel J. Bernstein due to his frustrations with repeated BIND Security Holes . There is an as-yet-unclaimed $500 prize (see External Links, below) for the first person to find a privilege escalation Security Hole in djbdns. There is a known security problem where an attacker can send a specially crafted TCP packet to force dnscache to restart (losing its cache). Since this attack is a Denial Of Service attack and not a privilege escalation attack, it does not qualify for the prize. Third party fixes for the problem are available here and here .

As of 2004 , it was the second most popular DNS server.1


THE COMPONENTS OF DJBDNS

The package contains:
  • six servers:

  • --- dnscache -- the local dns resolver and cache.

  • --- tinydns -- a database-driven dns server.

  • --- walldns -- a "reverse DNS wall", providing IP to domain name lookup only.

  • --- rbldns -- a server designed for dns blacklisting service.

  • --- pickdns -- a database-driven server that chooses from matching records depending on the requester's location. (This feature is now a standard part of tinydns.)

  • --- axfrdns -- a zone-transfer server.

  • a number of client tools:

  • --- axfr-get -- a zone-transfer client.

  • --- dnsip -- simple address from name lookup.

  • --- dnsipq -- address from name lookup with rewriting rules.

  • --- dnsname -- simple name from address lookup.

  • --- dnstxt -- simple text record from name lookup.

  • --- dnsmx -- mail exchanger lookup.

  • --- dnsfilter -- looks up names for addresses read from stdin, in parallel.

  • --- dnsqr -- recursive general record lookup.

  • --- dnsq -- non-recursive general record lookup, useful for debugging.

  • --- dnstrace (and dnstracesort) -- comprehensive testing of the chains of authority over dns servers and their names.

  • and associated configuration tools.


In djbdns, different features and services, like AXFR zone transfers, are split off into separate programs. Zone file parsing, DNS Caching , and Recursive Resolving are also implemented as separate programs. The result of these design decisions is a dramatic reduction in code size and complexity of the Daemon program that answers lookup requests. Daniel J. Bernstein (and many others) feel that this is true to the spirit of the Unix operating system, and makes security verification much simpler.

COPYRIGHT STATUS

Main article: Licence-Free Software

The package is distributed as License-Free Software ; the software does not meet the Open Source Definition . This stops djbdns from being included with some Linux distributions, such as Debian . The software is free for anyone to use, however; the source code is publicly available, can be downloaded by anyone free of charge, and is open for inspection and modification by users. The licensing issues have not deterred a large number of feature-enhancing augmentations from being published. The only limitation is that one can not legally distribute a modified version of djbdns; modifications have to be distributed as Diff patches.


SEE ALSO



REFERENCES







EXTERNAL LINKS