These are some minor softwares for use with Dan Bernstein's djbdns.
dnscache-showctl and tinydns-showctl are analogous to qmail-showctl, but are for use with the servers in djbdns. If you want to post details of your configuration to Dan Bernstein's DNS mailing list, run one of these scripts and paste its output into your message.
dnscache-showctl will output a summary of the configuration of one or more particular instances of dnscache. It treats its arguments as a list of one or more dnscache service directories.
tinydns-showctl will output a summary of the configuration of one or more particular instances of tinydns or axfrdns. It treats its arguments as a list of one or more tinydns or axfrdns service directories.
There are several problems with the way that tinydns-data operates. This patch modifies the behaviour of tinydns-data, to correct them, in the following ways:
tinydns-data will abort if a location code longer than 2 characters is used anywhere in the data file. (Location codes longer than 2 characters are not supported by djbdns.)
tinydns-data will abort if a TTL field anywhere in the data file contains non-digit characters.
tinydns-data will abort if a timestamp containing anything other than lowercase hexadecimal characters, or that is longer than 16 characters, is used anywhere in the data file. (The tinydns-data manual page explicitly specifies "16 lowercase hexadecimal characters".)
tinydns-data will abort if it cannot decode the IP address in the second field of a '.', '&', '@', '+', or '=' line.
tinydns-data will abort if the IP address in the second field of a '+' or '=' line is missing.
There are several problems with the way that dnscache handles client-side aliases, that become acutely apparent if one patches qmail to remove the workaround for a BIND version 4 problem. This patch modifies the behaviour of dnscache, to correct them, in the following ways:
dnscache will cache "CNAME" resource record sets (both empty and non-empty).
dnscache will correctly ignore a cached "CNAME" resource record set that happens to be empty (which will result if an explicit "CNAME" query is made against a domain name that has no client-side aliases).
dnscache will notice lame servers where the lame delegation is present at the end of a chain of client-side aliases. Any instances of tinydns that have not been patched to make them publish whole alias chains instead of just the first links will thus be logged as "lame".
dnscache will not issue redundant queries if it can follow an entire client-side alias chain to the end using the information that it already has in a response.
dnscache will cache any in-bailiwick information that it receives from lame servers. Any in-bailiwick client-side alias information and delegation information that are received from an otherwise "lame" server will no longer be thrown away along with the bath-water.
There are problems with the way that tinydns and axfrdns publish client-side aliases. This patch modifies the behaviours of tinydns and axfrdns, to correct them, such that they properly restart response processing, as per the algorithm in RFC1034 section 4.3.2, when they encounter an alias.
Note that it is possible to place contradictory requirements upon tinydns and axfrdns, by on the one hand telling them to publish resource records for the source name of an alias whilst simultaneously on the other hand telling them not to publish resource records for the target name. Correct publication of a client-side alias chain involves the ability to publish both.
For example: If one's database contains
then one has instructed tinydns and axfrdns to publish resource records for "source.example." and its subdomains but not to publish resource records for "target.example." and its subdomains. Correct publication of a response to a query against "www.source.example." involves doing both, since, as per RFC 1034 section 4.3.2, it involves publishing the client-side alias from "www.source.example." to "www.target.example." and then also whatever information there is for "www.target.example."..source.example.: Cwww.source.example.:www.target.example.
There are at least three ways of behaving when presented with such contradictory requirements (whereby at any point in the chain of client-side aliases, the administrator has instructed tinydns and axfrdns not to publish resource records for the target name):
However, it is strongly recommended that administrators not impose such contradictory requirements upon tinydns and axfrdns in the first place. If one has 'C' records in one's database, one should also have '.' or '&' records for (some suitable enclosing superdomain of) the names in their second fields.
dnsname is documented as printing only the first domain name that the IP address supplied to it maps to. The parsing interface for dnsname is that each entire line that it prints - including any whitespace, punctuation, or control characters - is a domain name. It is thus not possible to extend dnsname to print multiple domain names on a single line.
This patch adds a dnsnamex command to the package (which is not installed by default). This prints all of the domain names that the IP address supplied to it maps to, on a single line. The parsing interface for dnsnamex is thus the same as for dnsip: Each line that it prints contains zero or more domain names, each terminated by whitespace. (Domain names that themselves contain whitespace will cause parsing problems, therefore.)
There is a problem with dnscache when it is in "forwardonly" mode that permits the creation of a proxy loop.
This patch
modifies the behaviour of dnscache such that
"forwardonly" mode is fully enforced. Referrals will not be
followed, and only the servers listed in servers/*
will be queried.
With this patch, eliminating proxy loops is purely a local administrative matter. The DNS administrator is responsible for ensuring that dnscache is not configured to forward back to itself (either directly or indirectly, via other forwarding proxy DNS servers), by ensuring that
${IP}
,
servers/*
files.
In stock djbdns, both the database compilers (tinydns-data, pickdns-data, and rbldns-data) and the convenience tools for modifying the database source file (based upon tinydns-edit) use the same temporary filename, data.tmp, for the new file as it is being written.
It is unlikely that this clash of names will cause problems in practice, given that one normally only compiles the database after editing its source.
For completeness, however, this patch modifies the various database compilers to all use data.cdb.tmp for their temporary filename.
There is a problem with the djbdns DNS Client library that makes it too easy to make errors and difficult to use the tools in the obvious and intuitive way.
This patch modifies the djbdns DNS Client library to recognise the space character (and the Tab character and the LineFeed character) as the address separator character when parsing the value of the ${DNSCACHEIP} environment variable, instead of the full stop character.
With it applied, one can execute diagnostic commands such as
DNSCACHEIP=`dnsip multihomed.proxy.server` dnsqr a cr.yp.to
and the DNS Client library will correctly send its queries to all
(if necessary) of the IP addresses of the multi-homed proxy DNS server,
instead of to just the first one.
dnsqrx is analogous to dnsq, taking the same arguments in the same order, but is for querying proxy DNS servers, not content DNS servers. It takes three arguments
dnsqrx type name server
and invokes dnsqr to send a recursive DNS query to proxy DNS server server for records of type type under the domain name name.
The script requires that the patch to change the separator in ${DNSCACHEIP} to the space character has been applied.