MaraDNS

Last updated
MaraDNS
Developer(s) Sam Trenholme
Stable release
3.5.0036 / May 2, 2023;14 months ago (2023-05-02) [1]
Repository
Operating system Unix-like, Windows
Standard(s)RFC1034, RFC1035
Type DNS server
License BSD license
Website https://maradns.samiam.org/

MaraDNS is an open-source (BSD licensed) Domain Name System (DNS) implementation, which acts as either a caching, recursive, or authoritative nameserver. [2] [3] [4] [5]

Contents

Features

MaraDNS has a string library, which is buffer overflow resistant and has its own random number generator. While MaraDNS does not directly support BIND zone files, its zone file format is similar and a converter to convert from BIND's zone file format is included. [6] MaraDNS runs as an unprivileged user inside of a chroot environment, while MaraDNS specifies the user and group to run as by user-ID, Simon Burnet has made a patch that makes it possible to supply a username [7] MaraDNS can add both IP records and the corresponding PTR "reverse DNS lookup" record. [8] It can be used as a master DNS server, and, with some caveats, as a slave DNS server. [9] MaraDNS currently does not support DNSSEC because of a lack of money for the developer to implement it using the LibTom library. [10]

Deadwood includes built-in "DNS wall" filtering (to protect against external domains which resolve to local IPs), the ability to read and write the cache to a file, DNS-over-TCP support, the ability to optionally reject MX, IPv6 AAAA, and PTR queries, code that stops AR-spoofing attacks, among other features. [11]

MaraDNS releases are distributed with a BSD-type license. [12]

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

BIND is a suite of software for interacting with the Domain Name System (DNS). Its most prominent component, named, performs both of the main DNS server roles, acting as an authoritative name server for DNS zones and as a recursive resolver in the network. As of 2015, it is the most widely used domain name server software, and is the de facto standard on Unix-like operating systems. Also contained in the suite are various administration tools such as nsupdate and dig, and a DNS resolver interface library.

The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize for the first person to find a security hole in djbdns, which was awarded in March 2009 to Matthew Dempsky.

A name server is a computer application that implements a network service for providing responses to queries against a directory service. It translates an often humanly meaningful, text-based identifier to a system-internal, often numeric identification or addressing component. This service is performed by the server in response to a service protocol request.

<span class="mw-page-title-main">Mac OS X Server</span> Server software for macOS

Mac OS X Server is a series of discontinued Unix-like server operating systems developed by Apple Inc. based on macOS. It provided server functionality and system administration tools, and tools to manage both macOS-based computers and iOS-based devices, network services such as a mail transfer agent, AFP and SMB servers, an LDAP server, and a domain name server, as well as server applications including a Web server, database, and calendar server.

<span class="mw-page-title-main">OpenLDAP</span>

OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP) developed by the OpenLDAP Project. It is released under its own BSD-style license called the OpenLDAP Public License.

The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

PowerDNS is a DNS server program, written in C++ and licensed under the GPL. It runs on most Unix derivatives. PowerDNS features a large number of different backends ranging from simple BIND style zonefiles to relational databases and load balancing/failover algorithms. A DNS recursor is provided as a separate program.

Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems.

DNS spoofing, also referred to as DNS cache poisoning, is a form of computer security hacking in which corrupt Domain Name System data is introduced into the DNS resolver's cache, causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to any computer that the attacker chooses.

The Name Service Switch (NSS) is an interface of glibc that connects a computer with a variety of sources of common configuration databases and name resolution mechanisms. These sources include local operating system files, the Domain Name System (DNS), the Network Information Service, and LDAP.

In computing, the Hesiod name service originated in Project Athena (1983–1991). It uses DNS functionality to provide access to databases of information that change infrequently. In Unix environments it often serves to distribute information kept in the /etc/passwd, /etc/group, and /etc/printcap files, among others. Frequently an LDAP server is used to distribute the same kind of information that Hesiod does. However, because Hesiod can leverage existing DNS servers, deploying it to a network is fairly easy.

This article presents a comparison of the features, platform support, and packaging of many independent implementations of Domain Name System (DNS) name server software.

dnsmasq Lightweight DNS and DHCP server software

dnsmasq is free software providing Domain Name System (DNS) caching, a Dynamic Host Configuration Protocol (DHCP) server, router advertisement and network boot features, intended for small computer networks.

DNS management software is computer software that controls Domain Name System (DNS) server clusters. DNS data is typically deployed on multiple physical servers. The main purposes of DNS management software are:

mysqlBind/unxsBind is a DNS management software system. It supports Internet Systems Consortium BIND Domain Name System (DNS) and is distributed as open source software under the GNU General Public License.

Unbound is a validating, recursive, and caching DNS resolver product from NLnet Labs. It is distributed free of charge in open-source form under the BSD license.

DNSCurve is a proposed secure protocol for the Domain Name System (DNS), designed by Daniel J. Bernstein. It encrypts and authenticates DNS packets between resolvers and authoritative servers.

Cisco Prime Network Registrar (CNR) is a Cisco software product that includes components for Domain Name System (DNS) services, Dynamic Host Configuration Protocol services, Trivial File Transfer Protocol (TFTP) services, and Simple Network Management Protocol functions. CNR provides a regional and local management structure and is supported on server hardware and software based on 32-bit and 64-bit architectures. This product is now called Cisco Prime Network Registrar.

References

  1. "MaraDNS changelog" . Retrieved 1 May 2023.
  2. Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 76–94. ISBN   978-0-9544529-9-5. This book devotes an entire chapter to MaraDNS
  3. Danchev, Dancho. "How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability". ZDNet. Archived from the original on July 29, 2008. Retrieved 2009-10-10.
  4. Jian Jiang; Jinjin Liang; Kang Li; Jun Li; Haixin Duan; Jianping Wu (2012), Ghost Domain Names: Revoked Yet Still Resolvable (PDF), p. 10, archived from the original (PDF) on 2013-04-25
  5. Schroder, Carla (2007). Linux Networking Cookbook (Paperback). O'Reilly. p. 545. ISBN   978-0-596-10248-7.
  6. "DNS Server (and Related) Software for Unix (MaraDNS section)" . Retrieved 2013-04-05.
  7. "Open Source Patches". Archived from the original on 2013-07-03. Retrieved 2013-04-05.
  8. Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 66, 81. ISBN   978-0-9544529-9-5.
  9. Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 87, 89. ISBN   978-0-9544529-9-5.
  10. "I would love DNSSEC for MaraDNS" . Retrieved 2017-10-26.
  11. "DNS Server (and Related) Software for Unix (Deadwood section)" . Retrieved 2013-04-05.
  12. Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. p. 97. ISBN   978-0-9544529-9-5. "The program is released under a BSD-type license"