Tree


CHANGEScommits | blame
Makefile.freebsd7commits | blame
Makefile.freebsd8commits | blame
Makefile.linuxcommits | blame
Makefile.macosxcommits | blame
Makefile.netbsdcommits | blame
Makefile.openbsdcommits | blame
READMEcommits | blame
TODOcommits | blame
additional.ccommits | blame
axfr.ccommits | blame
bsd-arc4random.ccommits | blame
configure*commits | blame
db.hcommits | blame
dns.hcommits | blame
endian.hcommits | blame
example1.confcommits | blame
example11.confcommits | blame
example2.confcommits | blame
example3.confcommits | blame
example4.confcommits | blame
example6.confcommits | blame
example7.confcommits | blame
freebsd/
include.hcommits | blame
log.ccommits | blame
main.ccommits | blame
parse.ccommits | blame
recurse.ccommits | blame
region.ccommits | blame
reply.ccommits | blame
res_random.ccommits | blame
wildcard.ccommits | blame
wildcarddns.confcommits | blame
wildcarddnsd.8commits | blame
wildcarddnsd.cat8commits | blame

README

$Id: README,v 1.22 2011/09/19 20:50:40 pbug Exp $

1. README
2. WHY WILDCARDNS?
3. INSTALL HINTS
4. COMPATIBILITY
5. EXAMPLES
6. WHAT IT CAN'T DO
7. WARNING

1. README 
---------

Wildcarddns is a small authoritative nameserver.  It does not recurse nor 
search.  This program is written to a BSD Style License.  Sleepycat's 
BerkeleyDB is also used for the main in-memory database.

2. WHY WILDCARDDNS?
-------------------

DNS is simple.  Yet implementation of DNS servers is not so simple.
Wildcarddns is written for research into the DNS system so that perhaps one
day the author has a better understanding of it.  Comparing wildcarddns to
other DNS implementations is not fair since many of those implementation
fix Wildcarddns's faults on the Internet.  It is recommended that if this
daemon is used on the Internet that logging be turned on to learn from it
and the DNS system.  

Use the tool "dig" that comes with bind9 to debug Wildcarddns.  If you like to 
program, then you can fork Wildcarddns and make your own creation, or you
can send patches to the author who may implement them into the code.


3. INSTALL HINTS
----------------

To install, type sh ./configure on BSD and just ./configure on Linux.  This
will copy the proper Makefile to ./Makefile.  Then you would type make, 
followed by su'ing and make install.  Wildcarddnsd installs to /usr/local/sbin.
(In Linux make a user named "wdnsd" for the chroot to work, the pwd of wdnsd 
is where the chroot is set).

Under OpenSuse 10.3 and Ubuntu I noticed the following files missing:
cvs, gcc development and sleepycat's berkeley db (4.8) development.  These
had to be install prior to making wildcarddnsd.  You basically know when you
need to install these, when make barfs with db.h missing (or in extreme cases
sys/param.h missing).

By default installation the configuration file is not installed you need to
do this manually.  Also by default the config file is specified as 
/etc/wildcarddns.conf this can be changed by adding the -f option to 
wildcarddnsd.

Also make sure the /var/db directory exists as wildcardnsd's berkeley database
will be set in /var/db/wdns,  this is a new option starting in BETA_7 which
is slated for a 2012 release.

A sample config file exists with the sources.  example7.conf was a real life
config once. 

As of September 15th, 2010 wildcarddnsd uses OpenSSL if you run it under Linux
you may have to install openssl-dev packages.


4. COMPATIBILITY
----------------

------------------+--------------------+---------------------+
Operating System**| makes and compiles | responds to queries |
------------------+--------------------+---------------------+
FreeBSD 7.3	  |        yes	       |       yes           |
------------------+--------------------+---------------------+
FreeBSD 8.2	  |        yes	       |       yes           |
------------------+--------------------+---------------------+
NetBSD 5.1	  |        yes*        |       yes           |
------------------+--------------------+---------------------+
OpenBSD 5.0	  |        yes         |       yes           |
------------------+--------------------+---------------------+
Ubuntu 10.10      |        yes         |       yes           |
------------------+--------------------+---------------------+
Debian 6.0        |        yes         |       yes           |
------------------+--------------------+---------------------+

* there was a period in time that NetBSD didn't compile
** All Operating Systems require Berkeley DB 4.6 or higher.

5. EXAMPLES
-----------

in the directory "examples" are a few examples from working configs.


6. WHAT IT CAN'T DO
-------------------

* CNAME recursion.  When you look up www.yahoo.com you see this:

;; ANSWER SECTION:
www.yahoo.com.          58      IN      CNAME   fp.wg1.b.yahoo.com.
fp.wg1.b.yahoo.com.     2802    IN      CNAME   eu-fp.wa1.b.yahoo.com.
eu-fp.wa1.b.yahoo.com.  8       IN      A       87.248.122.122
eu-fp.wa1.b.yahoo.com.  8       IN      A       87.248.112.181

The recursive part of wildcarddnsd isn't able to recurse CNAME's and it 
also doesn't have loop detection of CNAME's.  This means that some lookups
will fail on a UNIX host using wildcarddnsd recursively, so it's useless
this needs fixing and the fix isn't simple.

* DNSSEC.  Signed zones are becoming more and more common on the Internet.
Wildcarddnsd can't do DNSSEC yet, unfortunately.

* Solaris.  Unless you port some functions to solaris it won't compile on
there.

* Recursive nameserver.  The recursive nameserver is broken.  It will work for
a little bit perhaps and then out of nowhere will try to flood some poor
nameserver.  There is a safety catch from that happening but it kills the
server.  This part will likely need to be rewritten and I don't have the 
time to do that.  The design is weak and I made it work with little planning.
So in wildcarddnsd beta 6 the functionality for recursivenes is there but
it doesn't work consistently.


7. WARNING
----------

Please read the following two hyperlinks:

http://queue.acm.org/detail.cfm?id=1647302

and

http://news.zdnet.co.uk/itmanagement/0,1000000308,39760362,00.htm?s_cid=260

Warning: WildcardDNS is research material and could cause problems when on 
the Internet. Understand the licensing if you plan to use it despite, I'm 
not liable and you've been warned. 

Try not to use the recursive nameserver as released with BETA 6.  It doesn't
work.