| Developer(s) | Sam Trenholme |
|---|---|
| Stable release | 3.5.0036
/ May 2, 2023
[1] |
| Repository | |
| Operating system | Unix-like, Windows |
| Standard(s) | RFC1034, RFC1035 |
| Type | DNS server |
| License | BSD license |
| Website | https://maradns.samiam.org/ |
MaraDNS is an open-source (BSD licensed) Domain Name System (DNS) implementation, which acts as either a caching, recursive, or authoritative nameserver. [2] [3] [4] [5]
Features
MaraDNS has a string library, which is buffer overflow resistant and has its own random number generator. While MaraDNS does not directly support BIND zone files, its zone file format is similar and a converter to convert from BIND's zone file format is included. [6] MaraDNS runs as an unprivileged user inside of a chroot environment, while MaraDNS specifies the user and group to run as by user-ID, Simon Burnet has made a patch that makes it possible to supply a username [7] MaraDNS can add both IP records and the corresponding PTR "reverse DNS lookup" record. [8] It can be used as a master DNS server, and, with some caveats, as a slave DNS server. [9] MaraDNS currently does not support DNSSEC because of a lack of money for the developer to implement it using the LibTom library. [10]
Deadwood includes built-in "DNS wall" filtering (to protect against external domains which resolve to local IPs), the ability to read and write the cache to a file, DNS-over-TCP support, the ability to optionally reject MX, IPv6 AAAA, and PTR queries, code that stops AR-spoofing attacks, among other features. [11]
MaraDNS releases are distributed with a BSD-type license. [12]
See also
References
- ^ "MaraDNS changelog". Retrieved 1 May 2023.
- ^ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 76–94. ISBN 978-0-9544529-9-5. This book devotes an entire chapter to MaraDNS
- ^ Danchev, Dancho. "How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability". ZDNet. Retrieved 2009-10-10.
- ^ Jian Jiang; Jinjin Liang; Kang Li; Jun Li; Haixin Duan; Jianping Wu (2012), Ghost Domain Names: Revoked Yet Still Resolvable (PDF), p. 10, archived from the original (PDF) on 2013-04-25
- ^ Schroder, Carla (2007). Linux Networking Cookbook (Paperback). O'Reilly. p. 545. ISBN 978-0-596-10248-7.
- ^ "DNS Server (and Related) Software for Unix (MaraDNS section)". Retrieved 2013-04-05.
- ^ "Open Source Patches". Archived from the original on 2013-07-03. Retrieved 2013-04-05.
- ^ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 66, 81. ISBN 978-0-9544529-9-5.
- ^ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 87, 89. ISBN 978-0-9544529-9-5.
- ^ "I would love DNSSEC for MaraDNS". Retrieved 2017-10-26.
- ^ "DNS Server (and Related) Software for Unix (Deadwood section)". Retrieved 2013-04-05.
- ^ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. p. 97. ISBN 978-0-9544529-9-5. "The program is released under a BSD-type license"
External links
- Official website
- Official blog
- Rick Moen on Deadwood (MaraDNS 2's recursive resolver)
- Rick Moen on MaraDNS
| Developer(s) | Sam Trenholme |
|---|---|
| Stable release | 3.5.0036
/ May 2, 2023
[1] |
| Repository | |
| Operating system | Unix-like, Windows |
| Standard(s) | RFC1034, RFC1035 |
| Type | DNS server |
| License | BSD license |
| Website | https://maradns.samiam.org/ |
MaraDNS is an open-source (BSD licensed) Domain Name System (DNS) implementation, which acts as either a caching, recursive, or authoritative nameserver. [2] [3] [4] [5]
Features
MaraDNS has a string library, which is buffer overflow resistant and has its own random number generator. While MaraDNS does not directly support BIND zone files, its zone file format is similar and a converter to convert from BIND's zone file format is included. [6] MaraDNS runs as an unprivileged user inside of a chroot environment, while MaraDNS specifies the user and group to run as by user-ID, Simon Burnet has made a patch that makes it possible to supply a username [7] MaraDNS can add both IP records and the corresponding PTR "reverse DNS lookup" record. [8] It can be used as a master DNS server, and, with some caveats, as a slave DNS server. [9] MaraDNS currently does not support DNSSEC because of a lack of money for the developer to implement it using the LibTom library. [10]
Deadwood includes built-in "DNS wall" filtering (to protect against external domains which resolve to local IPs), the ability to read and write the cache to a file, DNS-over-TCP support, the ability to optionally reject MX, IPv6 AAAA, and PTR queries, code that stops AR-spoofing attacks, among other features. [11]
MaraDNS releases are distributed with a BSD-type license. [12]
See also
References
- ^ "MaraDNS changelog". Retrieved 1 May 2023.
- ^ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 76–94. ISBN 978-0-9544529-9-5. This book devotes an entire chapter to MaraDNS
- ^ Danchev, Dancho. "How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability". ZDNet. Retrieved 2009-10-10.
- ^ Jian Jiang; Jinjin Liang; Kang Li; Jun Li; Haixin Duan; Jianping Wu (2012), Ghost Domain Names: Revoked Yet Still Resolvable (PDF), p. 10, archived from the original (PDF) on 2013-04-25
- ^ Schroder, Carla (2007). Linux Networking Cookbook (Paperback). O'Reilly. p. 545. ISBN 978-0-596-10248-7.
- ^ "DNS Server (and Related) Software for Unix (MaraDNS section)". Retrieved 2013-04-05.
- ^ "Open Source Patches". Archived from the original on 2013-07-03. Retrieved 2013-04-05.
- ^ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 66, 81. ISBN 978-0-9544529-9-5.
- ^ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. pp. 87, 89. ISBN 978-0-9544529-9-5.
- ^ "I would love DNSSEC for MaraDNS". Retrieved 2017-10-26.
- ^ "DNS Server (and Related) Software for Unix (Deadwood section)". Retrieved 2013-04-05.
- ^ Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. p. 97. ISBN 978-0-9544529-9-5. "The program is released under a BSD-type license"
External links
- Official website
- Official blog
- Rick Moen on Deadwood (MaraDNS 2's recursive resolver)
- Rick Moen on MaraDNS