Minor softwares for use with djbdns

These are some minor softwares for use with Dan Bernstein's djbdns.

Summarising configuration information

dnscache-showctl and tinydns-showctl are analogous to qmail-showctl, but are for use with the servers in djbdns. If you want to post details of your configuration to Dan Bernstein's DNS mailing list, run one of these scripts and paste its output into your message.

dnscache-showctl will output a summary of the configuration of one or more particular instances of dnscache. It treats its arguments as a list of one or more dnscache service directories.

tinydns-showctl will output a summary of the configuration of one or more particular instances of tinydns or axfrdns. It treats its arguments as a list of one or more tinydns or axfrdns service directories.

Making tinydns-data abort on semantic errors

There are several problems with the way that tinydns-data operates. This patch modifies the behaviour of tinydns-data, to correct them, in the following ways:

Making dnscache handle client-side aliases ("CNAME" records) correctly

There are several problems with the way that dnscache handles client-side aliases, that become acutely apparent if one patches qmail to remove the workaround for a BIND version 4 problem. This patch modifies the behaviour of dnscache, to correct them, in the following ways:

Making tinydns and axfrdns publish complete client-side alias chains

There are problems with the way that tinydns and axfrdns publish client-side aliases. This patch modifies the behaviours of tinydns and axfrdns, to correct them, such that they properly restart response processing, as per the algorithm in RFC1034 section 4.3.2, when they encounter an alias.

Note that it is possible to place contradictory requirements upon tinydns and axfrdns, by on the one hand telling them to publish resource records for the source name of an alias whilst simultaneously on the other hand telling them not to publish resource records for the target name. Correct publication of a client-side alias chain involves the ability to publish both.

For example: If one's database contains

.source.example.:
Cwww.source.example.:www.target.example.
then one has instructed tinydns and axfrdns to publish resource records for "source.example." and its subdomains but not to publish resource records for "target.example." and its subdomains. Correct publication of a response to a query against "www.source.example." involves doing both, since, as per RFC 1034 section 4.3.2, it involves publishing the client-side alias from "www.source.example." to "www.target.example." and then also whatever information there is for "www.target.example.".

There are at least three ways of behaving when presented with such contradictory requirements (whereby at any point in the chain of client-side aliases, the administrator has instructed tinydns and axfrdns not to publish resource records for the target name):

However, it is strongly recommended that administrators not impose such contradictory requirements upon tinydns and axfrdns in the first place. If one has 'C' records in one's database, one should also have '.' or '&' records for (some suitable enclosing superdomain of) the names in their second fields.

Printing all of the domain names that an IP address maps to

dnsname is documented as printing only the first domain name that the IP address supplied to it maps to. The parsing interface for dnsname is that each entire line that it prints - including any whitespace, punctuation, or control characters - is a domain name. It is thus not possible to extend dnsname to print multiple domain names on a single line.

This patch adds a dnsnamex command to the package (which is not installed by default). This prints all of the domain names that the IP address supplied to it maps to, on a single line. The parsing interface for dnsnamex is thus the same as for dnsip: Each line that it prints contains zero or more domain names, each terminated by whitespace. (Domain names that themselves contain whitespace will cause parsing problems, therefore.)

Making dnscache ignore referral responses in "forwardonly" mode

There is a problem with dnscache when it is in "forwardonly" mode that permits the creation of a proxy loop.

This patch modifies the behaviour of dnscache such that "forwardonly" mode is fully enforced. Referrals will not be followed, and only the servers listed in servers/* will be queried.

With this patch, eliminating proxy loops is purely a local administrative matter. The DNS administrator is responsible for ensuring that dnscache is not configured to forward back to itself (either directly or indirectly, via other forwarding proxy DNS servers), by ensuring that

are not listed in any of the servers/* files.

Making the database compilers use a non-conflicting temporary filename

In stock djbdns, both the database compilers (tinydns-data, pickdns-data, and rbldns-data) and the convenience tools for modifying the database source file (based upon tinydns-edit) use the same temporary filename, data.tmp, for the new file as it is being written.

It is unlikely that this clash of names will cause problems in practice, given that one normally only compiles the database after editing its source.

For completeness, however, this patch modifies the various database compilers to all use data.cdb.tmp for their temporary filename.

Making the tools recognise a space character as the address separator in ${DNSCACHEIP}

There is a problem with the djbdns DNS Client library that makes it too easy to make errors and difficult to use the tools in the obvious and intuitive way.

This patch modifies the djbdns DNS Client library to recognise the space character (and the Tab character and the LineFeed character) as the address separator character when parsing the value of the ${DNSCACHEIP} environment variable, instead of the full stop character.

With it applied, one can execute diagnostic commands such as

DNSCACHEIP=`dnsip multihomed.proxy.server` dnsqr a cr.yp.to
and the DNS Client library will correctly send its queries to all (if necessary) of the IP addresses of the multi-homed proxy DNS server, instead of to just the first one.

Querying non-default proxy DNS servers

dnsqrx is analogous to dnsq, taking the same arguments in the same order, but is for querying proxy DNS servers, not content DNS servers. It takes three arguments


dnsqrx type name server

and invokes dnsqr to send a recursive DNS query to proxy DNS server server for records of type type under the domain name name.

The script requires that the patch to change the separator in ${DNSCACHEIP} to the space character has been applied.


© Copyright 2001–2004 Jonathan de Boyne Pollard. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp information is preserved.