Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dns-server (djbdns) Maintainer?

    pfSense Packages
    3
    6
    1345
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pukkita last edited by

      Hi,

      Saw Goffredo Andreone in the tinydns.inc file, but no email or anything to get in contact. Found Benoit Guerin looking following the package info.

      Is this package still maintained? IMHO the way it sets up a recursive DNS cache is seriously flawed, using tinydns, which is a potestative nameserver (not recursive!!) as the resolver…

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        Try bind package.  It's close to a release version.

        On github.com/pfsense you can check latest commits on any package.

        1 Reply Last reply Reply Quote 0
        • P
          pukkita last edited by

          thanks for your reply marcelloc, but I think I didn't make myself clear.

          I have been using djbdns for a decade, just want to know if this package is still maintained, or not.

          If it's still maintained I'll collaborate with the maintainer, if not I will fix it but would want to know why this weird setup.

          1 Reply Last reply Reply Quote 0
          • marcelloc
            marcelloc last edited by

            here is the package changelog

            https://github.com/pfsense/pfsense-packages/commits/master/config/tinydns

            1 Reply Last reply Reply Quote 0
            • P
              pukkita last edited by

              thanks! I guessed about Benoit Guerin thanks to that page…

              I don't know how to contribute, and I don't know why this weird setup, when a recursive resolver is set (in fact it doesn't work).

              With djbdns, when using a potestative nameserver (tinydns) to serve the local domain, and a recursive resolver (to resolve LAN DNS queries) the way to integrate both is set to set up dnscache as the accesible dns server on the LAN, and force it to send queries about the local domain directly to tinydns, by putting a file localdomain.com containing tinydns ip (127.0.0.1 typically) in dnscache/root/servers.  That will force ONLY queries about localdomain.com to be forwarded to tinydns.

              The way this package sets this up is the other way around, making djbdns to forward ALL queries to tinydns by changing the dnscache/servers/@ (root nameservers database used by dnscache) by the tinydns localhost IP. Also if there are more than one LAN interface, and several dnscache instances are set up on them, they're set up to forward queries to each other, which IMHO is also flawed, as if the master dnscache instance fails, so will do the rest.

              I guess all these weird contortions are due to some specific need I may be missing?? monitoring?? May I just fix this and submit the patch somewhere???

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                djbdns focuses on security above all else, including separating privileges as much as possible.

                On pfSense 2.1 you could just bind the DNS Forwarder to port 5353, forward queries to internal interface IPs at localhost:5353, and let tinydns handle the authoritative DNS on 53 for external queries.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy