This page is a sneak preview of the forthcoming announcement of the Internet Utilities version 1.0.0, to give you a taster for what they will comprise. Pre-release testers are encouraged to also read the notes accompanying the pre-release distribution archives.
Announcing
version 1.0.0
by
Jonathan de Boyne Pollard
The Internet Utilities for OS/2 is a suite of native OS/2 utilities for using and providing various Internet-related services, including DNS, NNTP, HTTP, and SMTP.
The Internet Utilities comprise
inetd replacement
DNS servers
Proxy DNS server dæmons
Content DNS server dæmons
%ETC%\HOSTS
file
using the
dnshconv
utility.
DNS clients
DNS command-line lookup utilities
DNS client library
NICNAME server and client
NTP clients
Mail and news dæmons
Mail server dæmons
Mail processing dæmons
Mail utilities
Message and file transfer utilities
HTTP server dæmons
SRV
resource record lookup (emabling content server
owners to specify load balancing and controlled failover).
Other server dæmons
For full information, see the on-line documentation.
The Internet Utilities have several features:
Pure 32-bit code. The utilities contain no 16-bit code whatsoever, and use no 16-bit OS/2 subsystems. They are designed to always use the native paradigms of 32-bit OS/2 whereever possible, and to operate in a way that takes best advantage of the way that 32-bit OS/2 works and 32-bit OS/2 features.
Modularity and simplicity. Different executables perform different tasks. For examples: One doesn't need to learn about "zone files" and "boot files" simply in order to run a caching proxy DNS server, as is the case with certain other DNS servers. One doesn't need to configure local mailbox files, domain names, and user databases if one only wants to be able to send mail from one's machine.
Full support for provider-specified server load balancing and failover.
All of the various service clients are fully capable of using
SRV
resource records for locating services. They will
respect the priority and weight information given by the service
provider therein, and attempt to distribute client load across
servers, and fail-over from primary to secondary servers, in the ways
that the service-provider specifies.
The HTTP client in the HTTP proxy server, httppd, does the same; thus effectively augmenting WWW browsers that do not directly, themselves, support load balancing across HTTP content servers.
Clear mail service separation. The SMTP Relay server intentionally does not support the Old-fashioned Mail Injection Protocol. SMTP Relay can only be used to transfer "inbound" mail. Similarly, the SMTP Submission server intentionally requires authorisation, rendering it only suitable for transferring "outbound" mail.
No delays in processing queued mail. Other MTS softwares, including the Sendmail port supplied by IBM, employ a model whereby a "queue runner" dæmon runs at regular intervals. Of course, the natural consequences of this are
The granularity of mail transport processing is only as fine as the queue run interval. In other words: If the queue run interval is 2 hours, mail transport will always be retried in multiples of 2 hours.
An attempt to transfer a message is not made as soon as it enters the queue. One is forced to choose between fast delivery that happens immediately but that doesn't queue the message (what Sendmail calls "immediate/background modes") and delivery that queues the message but that doesn't immediately happen. (what Sendmail calls "queued mode").
The Internet Utilities has one option: "fast and queued". The mail submission agents in the Internet Utilities, mailto and smtpsd, trigger (via a semaphore) the smtppd dæmon when new mail is injected into the queue, causing it to run immediately. In its turn smtppd triggers smtpld and smtprcd whenever new local or remote mail has been routed, causing them to run immediately.
SMTP Relay client connection re-use. smtprcd attempts to transfer all mail to a given domain in a single batch, using a single SMTP Relay session.
Rejection of attempted DNS poisoning. dnsrcpd and dnsgetz both avoid DNS poisoning by discarding responses for names that are outside of the content DNS server's bailiwick. And yes, dnsrcpd and dnsfcpd are two proxy DNS server softwares, in use (by their author and pre-release testers at least) for some years now, that were using randomized IDs and source ports ab initio, but that Dan Bernstein didn't know about.
Privacy walls. dnsfsd can be used to prevent attackers from learning the names of hosts within an organization from their IP addresses, or even from learning the number of hosts within that organization from DNS data.
Handling dial-up IP blocks is simple. dnsfsd can be used by ISPs to automatically assign machine-generated names to the addresses in dial-up IP blocks, without needing large configuration files or lengthy databases listing all of the addresses explicitly.
Bounded memory use in the caching proxy DNS servers. dnsrcpd and dnsfcpd have a fixed size cache, that never grows. (BIND, by contrast, has no fetters on its cache growth. As a consequence, many authorities recommend that BIND be killed and restarted every few days lest it use up all available memory. The caching proxy servers in the Internet Utilities are designed to run indefinitely.)
EDNS0 capability. All of the DNS clients and servers support EDNS0.
The various DNS clients use EDNS0 to advertise large DNS/UDP datagram support for datagram sizes up to 32KiB, eliminating the need for DNS/TCP in most cases. (The sole reason that they don't advertise the maximum 64KiB, which they are fully capable of handling, is that doing so turns out to trigger a daft 16-bit sign extension bug in OS/2's supposedly 32-bit sockets library.)
"Split horizon" DNS service is simple to configure and to maintain. By modifying a single text file, any part of the DNS tree can be pruned away from the public DNS and redirected to an arbitrary set of alternative servers, that provide a different view of that particular portion of the namespace.
Several choices of "." content DNS servers available "out of the box". dnsrcpd can be configured to use any arbitrary set of root content servers. It is supplied "in the box" with a set of "drop in" configuration files allowing one to choose among the root content servers run by
The non-government organisations allow one to have access to names in many domains, including "arts.", "hotel.", "sport.", "food.", and "news." (e.g. www.bbc.news.).
Migration path from %ETC%\HOSTS. dnshconv allows easy migration from having a separate %ETC%\HOSTS file on every machine, with all of the hassles involved in keeping them identical, to a fully-fledged proper DNS setup (which the DNS Utilities provides all of the tools for) with a central DNS database. It allows one to easily convert %ETC%\HOSTS to the DNS Utilities database format.
"Relay block list" DNS service is simple to configure and to maintain. dnstsd serves up "TXT" records for names within an arbitrary domain, in the style of the services run by organisations such as MAPS and ORBS for barring the receipt of electronic mail. It can be used to serve up one's own private blacklists and whitelists, or even to provide a competitor to MAPS and ORBS if one wants to. The database format that it uses comprises ordinary text files.
Easy DNS database replication. The general-purpose content DNS servers in the Internet Utilities merely require that one copy an ordinary file, by whatever means one chooses, to keep their databases identical. (Replication of the database with other DNS servers running other softwares using the "zone transfer" database replication mechanism can be performed using dnszsd and dnszget, of course.)
IP version 6 capability. Although the underlying operating system may not support it, all of the tools support IP version 6. The DNS lookup tools can handle IP version 6 address information. The various service client tools can attempt to connect to IP version 6 servers. The various server tools can attempt to listen on IP version 6 addresses.