Djbdns
   HOME

TheInfoList



Click Here for Items Related To - Djbdns
OR:
Djbdns on:   [Wikipedia]   [Google]   [Amazon]

The djbdns software package is a
DNS The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to ...
implementation. It was created by
Daniel J. Bernstein Daniel Julius Bernstein (sometimes known as djb; born October 29, 1971) is an American German mathematician, cryptologist, and computer scientist. He is a visiting professor at CASA at Ruhr University Bochum, as well as a research professor of ...
in response to his frustrations with repeated security holes in the widely used
BIND BIND () is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named (pronounced ''name-dee'': , short for ''name daemon''), performs both of the main DNS server roles, acting as an authoritative n ...
DNS software. As a challenge, Bernstein offered a $1000 prize for the first person to find a
security hole Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...
in djbdns, which was awarded in March 2009 to Matthew Dempsky. , djbdns's tinydns component was the second most popular DNS server in terms of the number of domains for which it was the authoritative server, and third most popular in terms of the number of DNS hosts running it. djbdns has never been vulnerable to the widespread
cache poisoning Cache poisoning refers to a computer security vulnerability where invalid entries can be placed into a cache, which are then assumed to be valid when later used. Two common varieties are DNS cache poisoning and ARP cache poisoning. involves the ...
vulnerability reported in July 2008, but it has been discovered that it is vulnerable to a related attack. The
source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...
has not been centrally managed since its release in 2001, and was released into the
public domain The public domain (PD) consists of all the creative work A creative work is a manifestation of creative effort including fine artwork (sculpture, paintings, drawing, sketching, performance art), dance, writing (literature), filmmaking, ...
in 2007. As of March 2009, there are a number of
forks In cutlery or kitchenware, a fork (from la, furca 'pitchfork') is a utensil, now usually made of metal, whose long handle terminates in a head that branches into several narrow and often slightly curved tines with which one can spear foods ei ...
, one of which is
dbndns dbndns was a fork of the djbdns software package, maintained by the Debian Project, made possible by the release of djbdns to the public domain. The fork was created so as to add many common patches to djbdns. Most notably, this now includes I ...
(part of the
Debian Project Debian (), also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project, which was established by Ian Murdock on August 16, 1993. The first version of Deb ...
), and more than a dozen patches to modify the released version. While djbdns does not directly support
DNSSEC The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol ...
, there are third party patches to add DNSSEC support to djbdns' authoritative-only tinydns component.


Components

The djbdns software consists of servers, clients, and miscellaneous configuration tools.


Servers

* dnscache — the DNS resolver and cache. * tinydns — a database-driven DNS server. * walldns — a "reverse DNS wall", providing IP address-to-domain name lookup only. * rbldns — a server designed for DNS blacklisting service. * pickdns — a database-driven server that chooses from matching records depending on the requestor's location. (This feature is now a standard part of tinydns.) * axfrdns — a zone transfer server.


Client tools

* axfr-get — a zone-transfer client. * dnsip — simple address from name lookup. * dnsipq — address from name lookup with rewriting rules. * dnsname — simple name from address lookup. * dnstxt — simple text record from name lookup. * dnsmx — mail exchanger lookup. * dnsfilter — looks up names for addresses read from stdin, in parallel. * dnsqr — recursive general record lookup. * dnsq — non-recursive general record lookup, useful for debugging. * dnstrace (and dnstracesort) — comprehensive testing of the chains of authority over DNS servers and their names.


Design

In djbdns, different features and services are split off into separate programs. For example, zone transfers, zone file parsing, caching, and
recursive Recursion (adjective: ''recursive'') occurs when a thing is defined in terms of itself or of its type. Recursion is used in a variety of disciplines ranging from linguistics to logic. The most common application of recursion is in mathematics ...
resolving are implemented as separate programs. The result of these design decisions is a reduction in code size and complexity of the
daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The word ...
program that provides the core function of answering lookup requests. Bernstein asserts that this is true to the spirit of the
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...
operating system, and makes security verification much simpler.


Copyright status

On December 28, 2007, Bernstein released djbdns into the
public domain The public domain (PD) consists of all the creative work A creative work is a manifestation of creative effort including fine artwork (sculpture, paintings, drawing, sketching, performance art), dance, writing (literature), filmmaking, ...
. Previously the package was distributed free of charge as
license-free software License-free software is computer software that is not explicitly in the public domain, but the authors appear to intend free use, modification, distribution and distribution of the modified software, similar to the freedoms defined for free softwa ...
. However this did not permit the distribution of modified versions of djbdns, which was one of the core principles of
open-source software Open-source software (OSS) is computer software that is released under a license in which the copyright holder grants users the rights to use, study, change, and distribute the software and its source code to anyone and for any purpose. Op ...
. Consequently, it was not included in those
Linux distribution A Linux distribution (often abbreviated as distro) is an operating system made from a software collection that includes the Linux kernel and, often, a package management system. Linux users usually obtain their operating system by downloading one ...
s which required all components to be open-source.


See also

*
Comparison of DNS server software This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software. Servers compared Each of these DNS servers is an independent implementati ...
*
dbndns dbndns was a fork of the djbdns software package, maintained by the Debian Project, made possible by the release of djbdns to the public domain. The fork was created so as to add many common patches to djbdns. Most notably, this now includes I ...
*
DNS management software DNS management software is computer software that controls Domain Name System (DNS) server clusters. DNS data is typically deployed on multiple physical servers. The main purposes of DNS management software are: *to reduce human error when editin ...


References


External links


djbdns official homepageN-DJBDNSA guide to djbdnsThe djbdns section of FAQTSA djbdns guide and tutorial with addon
* — Jonathan de Boyne Pollard's debunking of several myths relating to djbdns *{{cite web, url=http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/djbdns-problems.html, title=The known problems with Dan Bernstein's djbdns, author=Jonathan de Boyne Pollard, work=Frequently Given Answers, access-date=2009-09-20, archive-url=https://web.archive.org/web/20100425055845/http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/djbdns-problems.html, archive-date=2010-04-25, url-status=dead — Jonathan de Boyne Pollard's list of the several known problems in djbdns
Supporting newer record formats through generic records.LWN (Linux weekly news) looks at djbdns
DNS software Public-domain software with source code DNS server software for Linux