djbdns explained

djbdns
Developer:Daniel J. Bernstein
Latest Release Version:1.05
Operating System:Unix-like
Genre:DNS server
License:Public domain

The djbdns software package is a DNS implementation. It was created by Daniel J. Bernstein in response to his frustrations with repeated security holes in the widely used BIND DNS software. As a challenge, Bernstein offered a $1000 prize[1] for the first person to find a security hole in djbdns, which was awarded[2] in March 2009 to Matthew Dempsky.

, djbdns's tinydns component was the second most popular DNS server in terms of the number of domains for which it was the authoritative server, and third most popular in terms of the number of DNS hosts running it.[3]

djbdns has never been vulnerable to the widespread cache poisoning vulnerability reported in July 2008,[4] [5] but it has been discovered that it is vulnerable to a related attack.[6]

The source code has not been centrally managed since its release in 2001, and was released into the public domain in 2007.[7] As of March 2009, there are a number of forks, one of which is dbndns (part of the Debian Project), and more than a dozen patches to modify the released version.[8]

While djbdns does not directly support DNSSEC, there are third party patches to add DNSSEC support to djbdns' authoritative-only tinydns component.[9]

Components

The djbdns software consists of servers, clients, and miscellaneous configuration tools.

Servers

Client tools

Design

In djbdns, different features and services are split off into separate programs. For example, zone transfers, zone file parsing, caching, and recursive resolving are implemented as separate programs. The result of these design decisions is a reduction in code size and complexity of the daemon program that provides the core function of answering lookup requests. Bernstein asserts that this is true to the spirit of the Unix operating system, and makes security verification much simpler.

Copyright status

On December 28, 2007, Bernstein released djbdns into the public domain.[10] Previously the package was distributed free of charge as license-free software. However this did not permit the distribution of modified versions of djbdns, which was one of the core principles of open-source software. Consequently, it was not included in those Linux distributions which required all components to be open-source.

See also

External links

Notes and References

  1. Web site: The djbdns security guarantee. 2008-09-02. 2012-07-06. https://web.archive.org/web/20120706100825/http://cr.yp.to/djbdns/guarantee.html. live.
  2. Web site: The djbdns prize claimed. 2009-03-04. https://web.archive.org/web/20090305125545/http://article.gmane.org/gmane.network.djbdns/13864. 2009-03-05. dead.
  3. Web site: Moore . Don . 2004 . DNS server survey . 2005-01-06 . 2005-01-06 . https://web.archive.org/web/20050106083440/http://mydns.bboy.net/survey/ . live .
  4. Web site: Multiple DNS implementations vulnerable to cache poisoning . 2008-08-05 . 2008-07-25 . https://web.archive.org/web/20080725050549/http://www.kb.cert.org/CERT_WEB%5Cservices%5Cvul-notes.nsf/id/800113 . live .
  5. Web site: An Astonishing Collaboration . 9 July 2008 . 2008-08-05 . 2008-08-04 . https://web.archive.org/web/20080804192451/http://www.doxpara.com/?p=1162 . live .
  6. Web site: Rapid DNS Poisoning in djbdns . Day . Kevin . 2009 . 2009-02-23 . 2009-02-21 . https://web.archive.org/web/20090221073711/http://www.your.org/dnscache/ . live .
  7. Web site: djbdns is placed in the public domain . 2008-01-01 . 2012-05-25 . https://web.archive.org/web/20120525075454/http://cr.yp.to/distributors.html . live .
  8. Web site: Detailed overview of DNS server software by Rick Moen. 2009-07-13. 2009-07-27. https://web.archive.org/web/20090727202448/http://linuxmafia.com/faq/Network_Other/dns-servers.html#djbdns. live.
  9. Web site: DNSSEC for TinyDNS . 2016-01-19 . 2016-01-26 . https://web.archive.org/web/20160126233920/http://www.tinydnssec.org/ . live .
  10. Web site: Frequently asked questions from distributors . 2007-12-31 . 2012-05-25 . https://web.archive.org/web/20120525075454/http://cr.yp.to/distributors.html . live .