Post Reply 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
October MaraDNS Updates
10-20-2013, 06:14 AM (This post was last modified: 10-20-2013 06:32 AM by samiam.)
Post: #1
October MaraDNS Updates

Original blog post

I have updated MaraDNS and Deadwood this month.

MaraDNS update

I mentioned last month I was working on making MaraDNS more IPv6 compatible. I have finished that work. In the snap branch, if MaraDNS is compiled with IPv6 enabled, IPv6 glue records are now shown to the user. This makes it possible to, in theory, resolve DNS names using entirely IPv6 packets.

Note that Deadwood, MaraDNS’ recursor, still can not handle a glueless NS referral with only AAAA (IPv6) records. But, since most registrars have issues with IPv6 glue in their referrals, IPv4 is still needed to resolve DNS names.

This update can be downloaded here:

Third party patch

Last year, Tomasz Torcz provided a patch for running MaraDNS with systemd. Just a couple of weeks ago, he updated this patch. While I no longer accept third party patches, I have made a copy of his updated patch, which can be looked at here:

Deadwood update

In this month’s Deadwood update, I have added another question and answer to the FAQ.

It can be downloaded here:

Forum update

While I really can’t provide hand-holding support, I have been helping Vlodko Petrov on the MaraDNS support forum. By making this help public, Google and other spiders are indexing this information, allowing the help and answers I provide to be readily available in search engines.

SipHash for Deadwood?

While SipHash would make Deadwood a little more secure, this security improvement would be strictly academic. I have to balance making an academic security update against Deadwood’s code against the need to keep Deadwood small and fast.

That in mind, I have no plans to make my implementation of SipHash to Deadwood’s hash compression function at this time. However, the code has already been written should I wish to do this in the future.

If SipHash existed in 2001 when I implemented MaraDNS’ random number generator or in 2010 when I was still actively developing Deadwood and last updated its hash compression function, I probably would have had the code use a 32-bit SipHash variant.

But, with a full-time job as a software developer and a baby to take care of, I no longer am actively developing MaraDNS the way I was until 2010. There is a reason that I stopped marketing MaraDNS as being secure last year.

Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 

Forum Jump:

User(s) browsing this thread: 1 Guest(s)