Tree


CHANGEScommits | blame
Makefile.freebsdcommits | blame
Makefile.linuxcommits | blame
Makefile.macosxcommits | blame
Makefile.netbsdcommits | blame
Makefile.openbsdcommits | blame
READMEcommits | blame
TODOcommits | blame
additional.ccommits | blame
axfr.ccommits | blame
bsd-arc4random.ccommits | blame
chacha_private.hcommits | blame
configure*commits | blame
db.hcommits | blame
dns.hcommits | blame
endian.hcommits | blame
example1.confcommits | blame
example11.confcommits | blame
example2.confcommits | blame
example3.confcommits | blame
example4.confcommits | blame
example6.confcommits | blame
example7.confcommits | blame
freebsd/
include.hcommits | blame
log.ccommits | blame
main.ccommits | blame
parse.ycommits | blame
recurse.ccommits | blame
region.ccommits | blame
reply.ccommits | blame
res_random.ccommits | blame
wildcard.ccommits | blame
wildcarddns.confcommits | blame
wildcarddnsd.8commits | blame

README

$Id: README,v 1.26 2014/04/13 14:11:07 pjp Exp $

1. README
2. WHY WILDCARDNS?
3. INSTALL HINTS
 3.1 Linux
 3.2 FreeBSD
 3.3 OpenBSD
 3.4 NetBSD
 3.5 Mac OS X
4. COMPATIBILITY
5. EXAMPLES
6. WHAT IT CAN'T DO
7. WARNING

1. README 
---------

Wildcarddns is a small authoritative nameserver.  It does not recurse nor 
search.  This program is written to a BSD Style License.  Sleepycat's 
BerkeleyDB is also used for the main in-memory database.

2. WHY WILDCARDDNS?
-------------------

DNS is simple.  Yet implementation of DNS servers is not so simple.
Wildcarddns is written for research into the DNS system so that perhaps one
day the author has a better understanding of it.  Comparing wildcarddns to
other DNS implementations is not fair since many of those implementation
fix Wildcarddns's faults on the Internet.  It is recommended that if this
daemon is used on the Internet that logging be turned on to learn from it
and the DNS system.  

Use the tool "dig" that comes with bind9 to debug Wildcarddns.  If you like to 
program, then you can fork Wildcarddns and make your own creation, or you
can send patches to the author who may implement them into the code.


3. INSTALL HINTS
----------------

To install, type sh ./configure on BSD and just ./configure on Linux.  This
will copy the proper Makefile to ./Makefile.  Then you would type make, 
followed by su'ing and make install.  Wildcarddnsd installs to /usr/local/sbin.

By default installation the configuration file is not installed you need to
do this manually.  Also by default the config file is specified as 
/etc/wildcarddns.conf this can be changed by adding the -f option to 
wildcarddnsd.

A sample config file exists with the sources.  example7.conf was a real life
config once. 

3.1 Linux
---------

## configure the platform
$ ./configure
## this will install the development programs you'll need (as root)
$ apt-get install bison cvs gcc libdb5.3-dev libssl-dev
## add a privsep user with a chroot directory (option -m) (as root)
$ useradd -m wdnsd
## create the db directory (as root)
$ mkdir -p /var/db/wdns 
## make the program
$ make
## install the binary (as root)
$ make install
## done, create a config file and start wildcarddnsd


3.2 FreeBSD
-----------

## configure the platform
$ sh configure
## this will install the development programs you'll need (as root)
$ cd /usr/ports/databases/db5 && make install clean
## add a privsep user with a chroot directory (as root)
$ vipw
## or
$ adduser
## create the db directory (as root)
$ mkdir -p /var/db/wdns 
## make the program
$ make
## install the binary (as root)
$ make install
## done, create a config file and start wildcarddnsd

3.3 OpenBSD
-----------

## configure the platform
$ sh configure
## this will install the development programs you'll need (as root)
$ pkg_add db-4.6.21p0v0
## add a privsep user with a chroot directory (as root)
$ vipw
## or
$ adduser
## create the db directory (as root)
$ mkdir -p /var/db/wdns 
## make the program
$ make
## install the binary (as root)
$ make install
## done, create a config file and start wildcarddnsd

3.4 NetBSD
----------

I don't have a NetBSD box handy at the moment.  Once I have one I'll look
at this process.

3.5 Mac OS X
------------

In Mac OS X Mountain Lion I installed berkeley db 4.8 through Mac Ports.


4. COMPATIBILITY
----------------

------------------+--------------------+---------------------+-------------+
Operating System**| makes and compiles | responds to queries | Berkeley DB |
------------------+--------------------+---------------------+-------------+
FreeBSD 10        |        yes         |       yes           | version 5   |
------------------+--------------------+---------------------+-------------+
NetBSD 5.1        |        yes*        |       yes           | version 4.6 |
------------------+--------------------+---------------------+-------------+
OpenBSD 5.4       |        yes         |       yes           | version 4.6 |
------------------+--------------------+---------------------+-------------+
Linux 		  |        yes         |       yes           | version 5   |
------------------+--------------------+---------------------+-------------+
Mac OS X Mountain |        yes         |       yes with      | version 4.6 |
         Lion     |                    |       debug mode    |		   |	
------------------+--------------------+---------------------+-------------+
Rasbian OS        |        yes ***     |       yes           | version 5   |
------------------+--------------------+---------------------+-------------+

* there was a period in time that NetBSD didn't compile
** All Operating Systems require Berkeley DB 4.6 or higher.
*** Raspbian OS (Raspberry Pi) only has support for Berkeley DB 5.0 or higher

5. EXAMPLES
-----------

in the directory "examples" are a few examples from working configs.


6. WHAT IT CAN'T DO
-------------------

* CNAME recursion.  When you look up www.yahoo.com you see this:

;; ANSWER SECTION:
www.yahoo.com.          58      IN      CNAME   fp.wg1.b.yahoo.com.
fp.wg1.b.yahoo.com.     2802    IN      CNAME   eu-fp.wa1.b.yahoo.com.
eu-fp.wa1.b.yahoo.com.  8       IN      A       87.248.122.122
eu-fp.wa1.b.yahoo.com.  8       IN      A       87.248.112.181

The recursive part of wildcarddnsd isn't able to recurse CNAME's and it 
also doesn't have loop detection of CNAME's.  This means that some lookups
will fail on a UNIX host using wildcarddnsd recursively, so it's useless
this needs fixing and the fix isn't simple.

* DNSSEC.  Signed zones are becoming more and more common on the Internet.
Wildcarddnsd can't do DNSSEC yet, unfortunately.

* Solaris.  Unless you port some functions to solaris it won't compile on
there.

* Recursive nameserver.  The recursive nameserver is broken.  It will work for
a little bit perhaps and then out of nowhere will try to flood some poor
nameserver.  There is a safety catch from that happening but it kills the
server.  This part will likely need to be rewritten and I don't have the 
time to do that.  The design is weak and I made it work with little planning.
So in wildcarddnsd beta 6 the functionality for recursivenes is there but
it doesn't work consistently.


7. WARNING
----------

Please read the following two hyperlinks:

http://queue.acm.org/detail.cfm?id=1647302

and

http://news.zdnet.co.uk/itmanagement/0,1000000308,39760362,00.htm?s_cid=260

Warning: WildcardDNS is research material and could cause problems when on 
the Internet. Understand the licensing if you plan to use it despite, I'm 
not liable and you've been warned. 

Try not to use the recursive nameserver as released with BETA 6.  It doesn't
work.