forked from SAPikachu/pdnsd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README.par
216 lines (185 loc) · 10.7 KB
/
README.par
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
pdnsd version 1.2.9a by Paul Rombouts
=====================================
This file describes the version of pdnsd that I maintain personally and am
making available so other people can enjoy the latest features and fixes. Thomas
Moestl no longer maintains pdnsd himself, so I am effectively the new
maintainer. This README describes the new features in version 1.2. This version
has a rather large number of internal changes and also some new features, which
I am rather pleased with, even if I say so myself. I think the changes are
significant enough to warrant increasing the minor version number from 1.1 to
1.2. The differences between my previous "official" release 1.1.11 and Thomas'
last release 1.1.7a are described in my previous README, which I have renamed
REAME.par.old. In this README I restrict myself to describing changes between
1.1.11 and 1.2.
The main difference between versions 1.2 and 1.2.1, aside from some minor
changes, is that 1.2.1 has (experimental) support for the Cygwin platform.
Version 1.2.2 has further improvements in portability and should in
particular now also compile on the Darwin (Apple Mac OS X) platform.
Version 1.2.4 has some important fixes for a memory leak, a minor buffer-
overflow problem and some situations which could cause pdnsd to exit
prematurely. Note that TCP-query support is now compiled in by default, but can
still be disabled using a configure option.
The main new feature of version 1.2.5 is the new query method "udp_tcp".
Version 1.2.6 has an updated license: GPL version 3. The main new feature of
version 1.2.6 is the "reject" option, which makes it possible to censor or
correct for unwanted IP addresses in replies.
Version 1.2.7 contains an important fix for a "dangling pointer" bug and
attempts to make pdnsd less vulnerable to the issues raised in CERT
vulnerability note VU#800113. It also contains some improvements for defining
local records interactively using the pdnsd-ctl utility.
The main new feature of version 1.2.8 is automatic discovery of root servers,
as well as some minor improvements in the resolver.
Version 1.2.9 among other things supports many addtional RR types, uses data
structures that should be more slightly more memory efficient and has support
for EDNS, which allows DNS UDP messages to be larger than 512 bytes.
Version 1.2.9a is a simple bugfix release that fixes a problem with compiling
1.2.9 after configuring with --enable-strict-rfc2181. Unless you use this option
to compile pdnsd, there is no need to upgrade from 1.2.9 to 1.2.9a.
For instructions how to compile and install pdnsd see doc/html/doc.html or
doc/txt/manual.txt. Note that I am no longer distributing a patch w.r.t. Thomas'
version because the (compressed) patch file is barely smaller than the
(compressed) tar archive.
Here follows a list of some of changes in version 1.2 from a user's perspective.
For a more technical description of some of the changes in the code see the ChangeLog.
For a short history about recent releases have a look at NEWS or doc/html/index.html.
- First of all, two potentially rather nasty bugs have been fixed in the code
for the handling of NXT and NAPTR records. A response from a remote server
containing NXT records (even well-formed ones) will very likely cause pdnsd to
crash. The code for handling NAPTR records contained incorrect ASSERT
statements, which could cause pdnsd to abort in a controlled fashion, but
completely unnecessarily.
- Sampo Lehtinen has remarked that pdnsd sometimes failed to resolve classless
reversed-delegated IP addresses, and that this has something to do with the
fact that pdnsd didn't accept '/' characters in domain names. After reading
some of the relevant RFCs I decided to remove all restrictions on the types
of characters that pdnsd accepts in domain names. Of course for most
applications, there are many characters which don't make sense in domain
names, but I feel that it is the responsibility of the client application to
reject these, not the proxy server.
- At the suggestion of Dan Tihelka, I have expanded to the server_ip= option to
allow the name of an interface to be specified instead of an IP address.
Presently this has been tested on Linux only. Can someone running pdnsd on
*BSD tell me if the code for getting the address of an interface is different
for Linux and BSD-type systems?
- At the suggestion of Juliusz Chroboczek I've added an new server availability
test which can be specified with uptest=query. This can be useful as an
alternative to "uptest=ping" in case the remote server does not respond to
ICMP_ECHO requests at all, which unfortunately is quite common these days.
"uptest=query" causes pdnsd to send an empty query to remote name servers. Any
well-formed response (apart from SERVFAIL) within the timeout period will be
interpreted as a sign that the server is "up".
- Instead of specifying the IP addresses of the name servers that pdnsd should
query in a server section of the config file, you may also specify a
resolv.conf-style file. Preferably this should not be /etc/resolv.conf. If the
contents of the resolv.conf type file changes while pdnsd is running, you can
make pdnsd aware of the changes with the "pdnsd-ctl config" command, see
below. Example:
server {
label=myisp;
file=/etc/ppp/resolv.conf;
timeout=10;
}
- There is a new option for "server" sections in the config file:
root_server=on/off.
In case a server section contains only addresses of root servers, which
usually only give the name servers of top level domains in their reply,
setting root_server=on will enable certain optimizations. This involves using
cached information to reduce queries to the root servers, thus speeding up the
resolving of new names.
- New option for "rr" sections in the config file: reverse=on/off.
If you want a locally defined name to resolve to a numeric address and vice
versa, you can now achieve this by setting reverse=on before defining the A
record, making it unnecessary to define a separate PTR record for the reverse
resolving.
Example:
rr {
name = localhost;
reverse = on;
a = 127.0.0.1;
}
has the same effect as:
rr {
name = localhost;
a = 127.0.0.1;
}
rr {
name = 1.0.0.127.in-addr.arpa;
ptr = localhost;
}
- In rr sections it is now possible to specify a wildcard name, i.e. a name
starting with the label *. The * in a wildcard can match one or more labels in
a queried name, but only whole labels. For example, *.mydomain will match
a.mydomain or www.a.mydomain, but not mydomain. Before you can specify an rr
section with name=*.mydomain you must define some records for mydomain,
typically NS and/or SOA records.
Example:
rr {
name = mydomain;
ns = localhost;
soa = localhost, root.localhost, 42, 86400, 900, 86400, 86400;
}
rr {
name = *.mydomain;
a = 192.168.1.10;
}
- There is a slight backwards compatibility problem which involves the name= and
owner= options in rr sections. The new version does not allow you to place
owner= before name=. On the other hand, you may now freely mix the owner
option with the a,ptr,cname,mx and soa options and define as many records of
this type as you like (including zero).
- pdnsd-ctl has three new commands:
config: Reloads pdnsd's configuration file. This is more efficient than
restarting pdnsd, and should not cause only noticeable interruption in DNS
service. However, some types of configuration changes cannot be put into
effect this way, and you will be prompted to restart pdnsd instead.
empty-cache: Empties the cache completely, freeing all existing entries.
In version 1.2.3 you can specify a selection of entries to delete by providing
a list of include/exclude patterns.
dump: Prints information about all the names stored in the cached. This is
mainly useful for diagnostic purposes.
- There is now a pdnsd.conf(5) man page, describing pdnsd's configuration file.
The man page has been generated from the html documentation using a customized
Perl script.
- New in version 1.2.4: Time intervals in the configuration files can now be
expressed in seconds, minutes, hours, days and weeks, using the suffixes
s,m,h,d,and w.
Example: 2h30m is interpreted as 2*60*60 + 30*60 = 9000 seconds.
- Version 1.2.5 introduces a new configuration option, contributed by Jan-Marek
Glogowski, called "use_nss" which can be turned off to prevent nasty delays in
certain situations.
Besides the query methods "udp_only", "tcp_only" and "tcp_udp" you can now
also specify "udp_tcp", which more closely adheres to the behaviour
recommended by DNS standards.
- Version 1.2.6 introduces the "randomize_servers" and "reject" options. By
setting "randomize_servers" on you can give each server in a server section an
equal chance of being queried, which is useful when resolving from root
servers, for instance. The "reject" option can be used to censor certain IP
addresses or correct for unwanted replies from servers you don't completely
trust.
- Version 1.2.7 contains support for "include" files which can be referenced
from configuration files or read interactively using pdnsd-ctl. These files
can be used to add local definitions to the cache without reconfiguring pdnsd.
The new "pdnsd-ctl eval" command can be used to interactively define local
records that could previously only be defined in configuration files but not
with the "pdnsd-ctl add" command.
- Version 1.2.8 contains support for automatic discovery of root servers.
Instead of supplying a complete list of IP addresses of root servers in a
server section of the configuration file, you need only enter one or two
addresses of name servers which know the names and addresses of the root
servers and set "root_server=discover".
The "neg_rrs_pol" option has a new default setting, which should allow
sensible negative caching of RRs in most situations, even if "proxy_only=on".
- Version 1.2.9 contains support for EDNS (Extension mechanisms for DNS), which
allows UDP messages to be larger than 512 bytes. Whether pdnsd uses EDNS in
outgoing queries is determined by the configuration option "edns_query". If
pdnsd receives a query using EDNS, it will reply using EDNS regardless of the
configuration settings.
Local TXT records can now be defined in the configuration file.
If the query uptest fails due to remote servers ignoring empty queries, this
can now be remedied using the new "query_test_name" config option.
The new features are described in greater detail in the manual doc/html/doc.html
or doc/txt/manual.txt.
Enjoy!
If you have any questions about my version of pdnsd, you can send these
to <p.a.rombouts@home.nl>. Questions about the original (unmaintained) pdnsd
version should be sent to <tmoestl@gmx.net> or <t.moestl@tu-bs.de>.