Tuesday, May 19, 2009

Deadwood snapshot update

Well, instead of implementing new features, I looked at the new code I have written and did some auditing and hardening of it. I made sure the new string manipulation functions don't write to memory without bounds checking; I have also added a new dwood2rc parameter, tcp_listen, that must be set to 1 in order to have DNS-over-TCP.

DNS-over-TCP is very rarely used; it's best to disable it by default because having DNS-over-TCP does increase the surface of vulnerability the daemon has.

I have also spell checked the changelog and DwMain man pages.

Tomorrow, I will continue work on allowing separate upstream DNS servers for subtrees of the DNS space. This should be done later this week.

The latest snapshot, as always, can be downloaded at maradns.org/deadwood/snap.