Thursday, March 22, 2007

MaraDNS 1.3.04 released; Chortle update

I have just released MaraDNS 1.3.04. This has a number of bug fixes and improvments in the development branch of MaraDNS compared to the last last release. From the changelog:

  • Remco pointed out that MaraDNS is not RFC4074 section 4.2 compliant. Fixed.
  • Update of recursive server to make it more robust against certain DOS attacks.
  • The port range that the recursive resolver binds to can now be changed in the mararc file.
  • FAQ and SQA updates

DjbDNS is harmful

DjbDNS is harmful to use because the code has not been updated for over five years. This, in spite of the fact DjbDNS has the following bugs:

  • There are problems resolving some domains with DjbDNS' resolver. This is the 'akamai djbdns' problem.
  • DjbDNS does not correctly periodically check upstream DNS servers to make sure a given domain has not moved.
  • The list of root servers included with DjbDNS is out of date.
  • DjbDNS can not compile in Linux without using a special incantation.
  • There is a denial of service problem where a remote attacker can clear DjbDNS' recursive cache by sending a single "packet of death" to a dnscache server.

It is not feasable for a third party to fix any of these bugs because of DjbDNS' restrictive non-open-source license, and DJB appears to have no intention of fixing the bugs in his program.

In fact, MaraDNS has a better security record than DjbDNS. MaraDNS also has had denial of service problems. The difference between MaraDNS and DjbDNS is that the bugs in MaraDNS are fixed.

More information about DjbDNS' problems can be found in the MaraDNS advocacy document.

There is also a problem with the DjbDNS user base, who have all the fanatism of Jihadists.

To be fair, here are some criticisms about MaraDNS that I added to the MaraDNS Wikipedia article:

MaraDNS has limited support for being a slave DNS server. While MaraDNS includes a tool that can receive zone files, this process needs to be automated via an external program, such as crontab, and MaraDNS needs to be restarted to load the zone in question.

While MaraDNS can resolve almost any site that other DNS servers can resolve, it does not resolve all names the same way other DNS servers do. CNAME and ANY records, in particular, are resolved differently.

MaraDNS spawns a thread for each recursive DNS request that is not already cached.

I have updated the Chortle font, and have released version 0.21 of this font today. I'm hitting the point where I'm looking at this font too much and starting to second-guess myself. So, I'm taking a break from my embedded Linux project and will be working on MaraDNS (and my day job as an English teacher) for the time being.