Dns-server (djbdns) Maintainer?
-
Hi,
Saw Goffredo Andreone in the tinydns.inc file, but no email or anything to get in contact. Found Benoit Guerin looking following the package info.
Is this package still maintained? IMHO the way it sets up a recursive DNS cache is seriously flawed, using tinydns, which is a potestative nameserver (not recursive!!) as the resolver…
-
Try bind package. It's close to a release version.
On github.com/pfsense you can check latest commits on any package.
-
thanks for your reply marcelloc, but I think I didn't make myself clear.
I have been using djbdns for a decade, just want to know if this package is still maintained, or not.
If it's still maintained I'll collaborate with the maintainer, if not I will fix it but would want to know why this weird setup.
-
here is the package changelog
https://github.com/pfsense/pfsense-packages/commits/master/config/tinydns
-
thanks! I guessed about Benoit Guerin thanks to that page…
I don't know how to contribute, and I don't know why this weird setup, when a recursive resolver is set (in fact it doesn't work).
With djbdns, when using a potestative nameserver (tinydns) to serve the local domain, and a recursive resolver (to resolve LAN DNS queries) the way to integrate both is set to set up dnscache as the accesible dns server on the LAN, and force it to send queries about the local domain directly to tinydns, by putting a file localdomain.com containing tinydns ip (127.0.0.1 typically) in dnscache/root/servers. That will force ONLY queries about localdomain.com to be forwarded to tinydns.
The way this package sets this up is the other way around, making djbdns to forward ALL queries to tinydns by changing the dnscache/servers/@ (root nameservers database used by dnscache) by the tinydns localhost IP. Also if there are more than one LAN interface, and several dnscache instances are set up on them, they're set up to forward queries to each other, which IMHO is also flawed, as if the master dnscache instance fails, so will do the rest.
I guess all these weird contortions are due to some specific need I may be missing?? monitoring?? May I just fix this and submit the patch somewhere???
-
djbdns focuses on security above all else, including separating privileges as much as possible.
On pfSense 2.1 you could just bind the DNS Forwarder to port 5353, forward queries to internal interface IPs at localhost:5353, and let tinydns handle the authoritative DNS on 53 for external queries.