Djbdns

djbdns
Developer(s)	Daniel J. Bernstein
Initial release	March 25, 2000;24 years ago
Stable release	1.05 / February 11, 2001;23 years ago
Operating system	Unix-like
Type	DNS server
License	Public domain
Website	cr.yp.to/djbdns.html

Last updated March 26, 2024

The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize^[1] for the first person to find a security hole in djbdns, which was awarded^[2] in March 2009 to Matthew Dempsky.

Components

The djbdns software consists of servers, clients, and miscellaneous configuration tools.

Servers

dnscache — the DNS resolver and cache.
tinydns — a database-driven DNS server.
walldns — a "reverse DNS wall", providing IP address-to-domain name lookup only.
rbldns — a server designed for DNS blacklisting service.
pickdns — a database-driven server that chooses from matching records depending on the requestor's location. (This feature is now a standard part of tinydns.)
axfrdns — a zone transfer server.

Client tools

axfr-get — a zone-transfer client.
dnsip — simple address from name lookup.
dnsipq — address from name lookup with rewriting rules.
dnsname — simple name from address lookup.
dnstxt — simple text record from name lookup.
dnsmx — mail exchanger lookup.
dnsfilter — looks up names for addresses read from stdin, in parallel.
dnsqr — recursive general record lookup.
dnsq — non-recursive general record lookup, useful for debugging.
dnstrace (and dnstracesort) — comprehensive testing of the chains of authority over DNS servers and their names.

Design

In djbdns, different features and services are split off into separate programs. For example, zone transfers, zone file parsing, caching, and recursive resolving are implemented as separate programs. The result of these design decisions is a reduction in code size and complexity of the daemon program that provides the core function of answering lookup requests. Bernstein asserts that this is true to the spirit of the Unix operating system, and makes security verification much simpler.^{[ citation needed ]}

Copyright status

On December 28, 2007, Bernstein released djbdns into the public domain.^[10] Previously the package was distributed free of charge as license-free software. However this did not permit the distribution of modified versions of djbdns, which was one of the core principles of open-source software. Consequently, it was not included in those Linux distributions which required all components to be open-source.

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

BIND is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named, performs both of the main DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. As of 2015, it is the most widely used domain name server software, and is the de facto standard on Unix-like operating systems. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

Daniel Julius Bernstein is an American German mathematician, cryptologist, and computer scientist. He is a visiting professor at CASA at Ruhr University Bochum, as well as a research professor of Computer Science at the University of Illinois at Chicago. Before this, he was a visiting professor in the department of mathematics and computer science at the Eindhoven University of Technology.

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.

A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a * as the leftmost label (part) of a domain name, e.g. *.example.com. The exact rules for when a wildcard will match are specified in RFC 1034, but the rules are neither intuitive nor clearly specified. This has resulted in incompatible implementations and unexpected results when they are used.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

A Canonical Name (CNAME) record is a type of resource record in the Domain Name System (DNS) that maps one domain name to another.

The Web Proxy Auto-Discovery (WPAD) Protocol is a method used by clients to locate the URL of a configuration file using DHCP and/or DNS discovery methods. Once detection and download of the configuration file is complete, it can be executed to determine the proxy for a specified URL.

Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems.

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to any computer that the attacker chooses.

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

OpenDNS is an American company providing Domain Name System (DNS) resolution services—with features such as phishing protection, optional content filtering, and DNS lookup in its DNS servers—and a cloud computing security product suite, Umbrella, designed to protect enterprise customers from malware, botnets, phishing, and targeted online attacks. The OpenDNS Global Network processes an estimated 100 billion DNS queries daily from 85 million users through 25 data centers worldwide.

DNS management software is computer software that controls Domain Name System (DNS) server clusters. DNS data is typically deployed on multiple physical servers. The main purposes of DNS management software are:

Daniel Kaminsky was an American computer security researcher. He was a co-founder and chief scientist of Human Security, a computer security company. He previously worked for Cisco, Avaya, and IOActive, where he was the director of penetration testing. The New York Times labeled Kaminsky an "Internet security savior" and "a digital Paul Revere".

MaraDNS is an open-source Domain Name System (DNS) implementation, which acts as either a caching, recursive, or authoritative nameserver.

DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.

Google Public DNS is a Domain Name System (DNS) service offered to Internet users worldwide by Google. It functions as a recursive name server. Google Public DNS was announced on December 3, 2009, in an effort described as "making the web faster and more secure." As of 2018, it is the largest public DNS service in the world, handling over a trillion queries per day. Google Public DNS is not related to Google Cloud DNS, which is a DNS hosting service.

A public recursive name server is a name server service that networked computers may use to query the Domain Name System (DNS), the decentralized Internet naming system, in place of name servers operated by the local Internet service provider (ISP) to which the devices are connected. Reasons for using these services include:

References

↑ "The djbdns security guarantee". Archived from the original on 2012-07-06. Retrieved 2008-09-02.
↑ "The djbdns prize claimed". Archived from the original on 2009-03-05. Retrieved 2009-03-04.
↑ Moore, Don (2004). "DNS server survey". Archived from the original on 2005-01-06. Retrieved 2005-01-06.
↑ "Multiple DNS implementations vulnerable to cache poisoning". Archived from the original on 2008-07-25. Retrieved 2008-08-05.
↑ "An Astonishing Collaboration". 9 July 2008. Archived from the original on 2008-08-04. Retrieved 2008-08-05.
↑ Day, Kevin (2009). "Rapid DNS Poisoning in djbdns". Archived from the original on 2009-02-21. Retrieved 2009-02-23.
↑ "djbdns is placed in the public domain". Archived from the original on 2012-05-25. Retrieved 2008-01-01.
↑ "Detailed overview of DNS server software by Rick Moen". Archived from the original on 2009-07-27. Retrieved 2009-07-13.
↑ "DNSSEC for TinyDNS". Archived from the original on 2016-01-26. Retrieved 2016-01-19.
↑ "Frequently asked questions from distributors". Archived from the original on 2012-05-25. Retrieved 2007-12-31.

External links

djbdns official homepage
N-DJBDNS
A guide to djbdns
The djbdns section of FAQTS
A djbdns guide and tutorial with addon
Jonathan de Boyne Pollard. "Some of what is said about djbdns is wrong". Frequently Given Answers. Archived from the original on 2011-02-13.— Jonathan de Boyne Pollard's debunking of several myths relating to djbdns
Jonathan de Boyne Pollard. "The known problems with Dan Bernstein's djbdns". Frequently Given Answers. Archived from the original on 2010-04-25. Retrieved 2009-09-20.— Jonathan de Boyne Pollard's list of the several known problems in djbdns
Supporting newer record formats through generic records. Archived 2005-06-07 at the Wayback Machine
LWN (Linux weekly news) looks at djbdns

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "The djbdns security guarantee". Archived from the original on 2012-07-06. Retrieved 2008-09-02.

[2] "The djbdns prize claimed". Archived from the original on 2009-03-05. Retrieved 2009-03-04.

[3] Moore, Don (2004). "DNS server survey". Archived from the original on 2005-01-06. Retrieved 2005-01-06.

[4] "Multiple DNS implementations vulnerable to cache poisoning". Archived from the original on 2008-07-25. Retrieved 2008-08-05.

[5] "An Astonishing Collaboration". 9 July 2008. Archived from the original on 2008-08-04. Retrieved 2008-08-05.

[6] Day, Kevin (2009). "Rapid DNS Poisoning in djbdns". Archived from the original on 2009-02-21. Retrieved 2009-02-23.

[7] "djbdns is placed in the public domain". Archived from the original on 2012-05-25. Retrieved 2008-01-01.

[8] "Detailed overview of DNS server software by Rick Moen". Archived from the original on 2009-07-27. Retrieved 2009-07-13.

[9] "DNSSEC for TinyDNS". Archived from the original on 2016-01-26. Retrieved 2016-01-19.

[10] "Frequently asked questions from distributors". Archived from the original on 2012-05-25. Retrieved 2007-12-31.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]