pdnsd Homepage pdnsd FAQ Documentation GNU GPL (pdnsd's License) Download Section

The pdnsd Homepage

News

2000-10-19 Version 1.0.13 has been released. This has a security fix (contributed by Olaf Kirch): when changing user and group id, pdnsd failed to drop supplementary group memberships of the original user. It also has some other bugfixes and cleanups.
Update is strongly recommended;
2000-10-15 Version 1.0.12 has been released. This releases fixes some minor bugs, e.g. the failure of the pidfile support that some users noticed.
There are also some security enhancements: The tcp server has been hardened against denial-of-service attacks (although you should still disable it if you really fear those attacks, but that's not pdnsds fault), and a maximum process count has been introduced (new options proc_limit and procq_limit in the global section of the conf file).
Also, inclusion/exclusion lists for domains were introduced (new options include, exclude and policy in the server section of the conf file), so that you can control which servers are queried for certain domains.
2000-10-08 Version 1.0.11 has been released. This contains two security fixes: certain malformed packets could cause pdnsd to a.) crash, or b.) create a hung thread that would not terminate until pdnsd exited. This bugs did not involve arbitrary data being written on the stack.
Upgrade is highly recommended!
2000-09-05 Version 1.0.10 has been released. This contains a set of fixes for the IPv6 support contributed by Sverker Wiberg. 1.0.9 would not build correctly when configured with --enable-ipv6.
There are also fixes in the FreeBSD build.
If you do not use IPv6 or FreeBSD there is no need to upgrade.
2000-08-27 Version 1.0.9 has been released. This adds diald dial-on-demand support and fixes bugs and typos in the new dial-on-demand ppp device handling, in the config file parser and in some other places. Upgrading is recommended for dial-on-demand ppp users, and for others because the config file bugs can be annoying ;-)
2000-08-26 Version 1.0.8 has been released. This introduces special support for Linux dial-on-demand ppp devices with the new uptest=dev option contributed by Ron Yorston.
It also contains fixes for the "error in udp send"-Problem on Linux SMP machines, some autoconf problems (patch contributed by Alexandre Nunes) and miscellaneous small problems.
Note: former versions of the documentation failed to notice that the pidfile should not be placed in a directory writeable for untrusted users. This seems obvious, but I wanted to emphasize it ;-)
2000-08-07 Version 1.0.7 has been released. This introduces autoconf support contributed by Sourav K. Mandal, and a pdnsd run-time control program, pdnsd-ctl. There are new config file options that allow you to set parameters in the configuration file that were only accessible using command-line options previously. Also, there are new option for the server section, preset and proxy_only. It also contains many small fixes, and should eliminate UDP problems people experienced with older 2.2-Kernels.

About pdnsd

pdnsd is a proxy dns server with permanent caching (the cache contents are written to hard disk on exit) that is designed to cope with unreacheable or down dns servers (for example in dial-in networking).
It is licensed under the GNU General Public License (GPL, also available in html and translated into various languages.). This, in short, means that the sources are distributed togehter with the program, and that you are free to modify the sources and redistribute them as long as you also license them under the GPL. You do not need to pay anything for pdnsd. It also means that there is ABSOLUTELY NO WARRANTY for pdnsd or any part of it. For details, please read the GPL.

pdnsd can be used with applications that do dns lookups, eg on startup, and can't be configured to change that behaviour, to prevent the often minute-long hangs (or even crashes) that result from stalled dns queries. Some Netscape Navigator versions for Unix, for example, expose this behaviour.

pdnsd is configurable via a file and supports run-time configuration using the program pdnsd-ctl that comes with pdnsd. This allows you to set the status flags of servers that pdnsd knows (to influence which servers pdnsd will query), and the addition, deletion and invalidation of DNS records in pdnsd's cache.
Parallel name server queries are supported. This is a technique that allows querying several servers at the same time so that very slow or unavailable servers will not block the answer for one timeout interval.
Since version 1.0.0, pdnsd has full IPv6 support.

There is also a limited support for local zone records, intended for defining 1.0.0.127.in-addr.arpa. and localhost. , since some clients request that information and it must be served even if the cached servers are not available or do not serve these records. pdnsd may also read your /etc/hosts file (this file is normally used by your local resolver and usually contains information for localhost as well as for your machines FQDN) and serve its contents.

pdnsd was started on Linux, and has since been ported to FreeBSD. 90% of the source code should be easily portable to POSIX- and BSD-compatible systems, provided that those systems support the POSIX threads (pthreads). The rest might need OS-specific rewrites.

Currently, pdnsd is only compileable by gcc. This should be easy to fix, but I just do not have documentation for other compilers. If you are not able or do not want to use gcc, I would recommend you just try to do the minor changes.

pdnsd must be started as root in some cases (raw sockets are needed for icmp echoes for the option uptest=ping, and the default port is 53, this must be >1024 to allow non-root execution). However, pdnsd can be configured to change it's user and group id to those of a non-privileged user after opening the sockets needed for this.

The server should support the full standard dns queries following the rfcs 1034 and 1035. As of version 1.0.0, the rfc compliance has been improved again, and pdnsd is now believed (or hoped?) to be fully rfc-compatible. It completely follows rfc 2181 (except for one minor issue in the FreeBSD port, see the documentation). It does not support the following features, of which most are marked optional, experimental or obsolete in these rfcs:

The following record types, that are extensions to the original DNS standard, are supported for caching at a compile time option (if you do not need them, you do not need to compile support for them into pdnsd and save cache and executable space):

If you have questions left, you should take a look into the FAQ.
Bugfixes, patches and compatability fixes for other OSs are very welcome!

Features in detail

This section describes some of pdnsds features in detail. Most of the options are set in the config file. For more information on the configuration file, see the documenation page.


Uptests

pdnsd provides several methods to test whether a remote dns server should be regarded available (so that pdnsd can query it), in addition to the obvious "p.d." definition (the server is always regarded available). These tests are:

Local Records ("Zones")

As mentioned above, there are only very basic local record types (ie the record types that you may use in record declarations in your local configuration for records that pdnsd shall serve in addion to the cached ones). They are organized roughly in zones but have not complete zone declarations, so I generally do not use the term "zone" for them, but rather "local records". These are the local record types pdnsd can understand: You can specify these records in the configuration file.
You may "source" a file in a format like that used in the /etc/hosts file, that means that pdnsd reads this file, extracts addresses and domain names from it and automatically generates A records for name to address mapping, PTR records for address to name mapping and NS records (name server specifiation) for each entry in the file.

System requirements

As mentioned, pdnsd currently runs under Linux and FreeBSD. Other BSD flavours may or may not work (feedback is very welcome!). The system and software requirements under Linux are: The system requirements under FreeBSD are: The common software requirements for all supported systems are:

Download

If you want to download pdnsd, please visit the download page.

Authors

pdnsd was written by Thomas Moestl <tmoestl@gmx.net>

Daniel Smolik has contributed RedHat RPM's.
Torben Janssen contributed start scripts for Red Hat Linux. Soenke J. Peters contributed patches and suggestions for Red Hat compatability.
Wolfgang Ocker has contributed the code and documentation for the server_ip option.
Markus Mohr contributed a Debian rc script.
Nikita V. Youschenko contributed extensions to the "if" uptest.
Lyonel Vincent extended the serve_aliases option to support an arbitrary number of aliases.
Sourav K. Mandal wrote the autoconf scripts and contributed many fixes and suggestions.
Stephan Boettcher contributed the SCHEME= option.
Ron Yorston contributed the uptest for Linux ppp dial-on-demand devices.
Alexandre Nunes fixed some bugs in the autoconf files.
Sverker Wiberg contributed fixes for IPv6.
Carsten Block contributed configure-able rc scripts.
Olaf Kirch contributed a security fix for the run_as code.

Special thanks to Bert Frederiks for letting me do a late-night debugging run on his machine to spot obscure bugs!

Thanks to the following persons for reporting bugs and being helpful:
Joachim Dorner,
Mike Hammer,
Jonathan Hudson,
Byrial Jensen,
Patrick Loschmidt,
James MacLean,
Fraser McCrossan,
Daniel Smolik,
Milan P. Stanic,
Norbert Steinl,
Brian Schroeder,
Alan Swanson



Thomas Moestl

$Id: index.html,v 1.31 2000/10/19 16:38:31 thomas Exp $