Wednesday, August 11, 2010

Deadwood 2.3.06 released

I released Deadwood 2.3.06 today. This is a minor update to the older caching-only branch of Deadwood; most users of Deadwood will want to use the current 2.9 branch of Deadwood which has full recursion.

The update is one with possible (but not readily exploitable) security implications. There is a potential null pointer dereference in Deadwood’s underlying string library that the four-line patch assures never happens. As far as I know, there is no way to exploit this issue in Deadwood 2.3 (the bug only popped up when stressing the string library more in the recursive code in Deadwood 2.9), but it is prudent to update the older tiny branch of Deadwood.

Most of the work making this release was updating the tests to work with CentOS 5.5. CentOS 5.4 → 5.5 was supposed to be a bugfix-only update, but, not only did they update Valgrind to a newer version with different output, they also broke select(). The SQA tests have been updated to pass in CentOS 5.5.

The main advantage of the tiny branch of Deadwood is that its binary is only about 32 kilobytes in size, as opposed to Deadwood 2.9’s 64 kilobyte binary. There may be certain tiny embedded systems where this matters. Another advantage is that it can be optionally compiled without caching, making it act as a DNS load balancer. The main disadvantage is that it is a non-recursive cache; it needs another recursive server (like Deadwood 2.9) to do the “heavy lifting” of recursively solving DNS queries.

It can be looked at here:

http://maradns.org/deadwood/tiny

Since this is a maintenance update to an older branch of Deadwood, I have not made Windows binaries. Windows users: Please compile it yourself or, better yet, just use Deadwood 2.9 instead. Really, I can’t think of a machine out there that can run Windows XP (Deadwood won’t run on 95/98/Me because it is a service) where it matters whether the DNS server is 32 or 64 kilobytes in size. The 90s are, like, so over.