I have released a new snapshot of MaraDNS today. In this snapshot, the recursive code has been updated to connect() to the remote DNS server. Rani pointed out to me that you can actually connect with a UDP connection; I looked at the relevant POSIX spec, and, lo and behold, he's right. This is useful because it makes certain DOS attacks more difficult; by connecting() and using send() and recv() instead of sendto() and recvfrom(), the only IP address allowed to connect to an open port is the IP address we are connected() to.
I have also verified that these changes work without problem in OpenBSD, Linux, and Win32. I have also done some basic stress testing of the MaraDNS server.
I have snapshots for both the stable and development versions of MaraDNS available:
Stable
Development
I will release MaraDNS 1.2.12.05 early next week after I do some more testing.
- Sam
