Menu
▾
▴
dnrd-user — User support for dnrd
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(4) |
Aug
(4) |
Sep
(7) |
Oct
(5) |
Nov
|
Dec
(9) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
(9) |
Feb
(11) |
Mar
|
Apr
(3) |
May
(6) |
Jun
(3) |
Jul
(3) |
Aug
(2) |
Sep
(1) |
Oct
|
Nov
(6) |
Dec
(5) |
| 2006 |
Jan
(1) |
Feb
(1) |
Mar
(1) |
Apr
|
May
(1) |
Jun
(2) |
Jul
(1) |
Aug
(4) |
Sep
(5) |
Oct
(8) |
Nov
(5) |
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(10) |
Jun
(4) |
Jul
(7) |
Aug
(2) |
Sep
|
Oct
|
Nov
(2) |
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(4) |
Jun
|
Jul
|
Aug
(6) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2014 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
|
From: Benjamin P <sou...@pe...> - 2015-12-28 23:29:56
|
Hey all, I'm the (admittedly completely inactive) maintainer of this project. In an attempt to bring things into 2016, I've moved this project over to Github here: https://github.com/benjaminpetrin/dnrd This should make it a bit easier to accept changes and put out new release as they are needed. I went ahead and packaged a new release with the fixes provided by Chris Kruger for modern OSX support (thanks Chris!). I also cleaned up the info that was in the HTML pages, condensing it to the README for format on Github and removed the layer of indirection that existed in the source directory structure (which had both the php pages and src). All history has been preserved. If anyone else has the capacity to maintain this project - I'd be happy to give it a better home! Cheers! |
|
From: Chris K. <sou...@kr...> - 2014-11-17 03:30:36
|
Hi Folks,
I’ve sent this patch to the maintainer already but just in case it is useful to somebody else I’ll include it here. It addresses the following two issues affecting Apple OSX 10.9 and above.
- OSX 10.9 and above does not support anonymous semaphores, only named ones. The patch below converts DNRD to use named semaphores - I assume this is fine for other *nixes, but did not test myself.
- The port test in init_socket incorrectly compares the address of the services entry struct allocated by getservebyname. I assume this works if there is only one entry in the services file for domain but on OSX this is not the case. The port for UDP and TCP are the same but there are two entries. This patch adds code to check the actual ports not just the entry struct address.
diff -ru dnrd-2.20.3/src/cache.c dnrd-2.20.3_osx_patch/src/cache.c
--- dnrd-2.20.3/src/cache.c 2005-08-02 22:08:13.000000000 +0800
+++ dnrd-2.20.3_osx_patch/src/cache.c 2014-11-17 10:17:23.000000000 +0800
@@ -198,7 +198,7 @@
* Ok, the packet is interesting for us. Let's put it into our
* cache list.
*/
- sem_wait(&dnrd_sem);
+ sem_wait(dnrd_sem);
cx = create_cx(x, &query, server);
append_cx(cx);
@@ -208,7 +208,7 @@
cx->lastused = time(NULL);
cx->expires = cx->lastused +
((cx->p->ancount > 0) ? CACHE_TIME : CACHE_NEGTIME);
- sem_post(&dnrd_sem);
+ sem_post(dnrd_sem);
return (0);
}
diff -ru dnrd-2.20.3/src/common.c dnrd-2.20.3_osx_patch/src/common.c
--- dnrd-2.20.3/src/common.c 2007-02-08 21:25:51.000000000 +0900
+++ dnrd-2.20.3_osx_patch/src/common.c 2014-11-14 11:42:50.000000000 +0800
@@ -74,7 +74,7 @@
#endif
const char* version = PACKAGE_VERSION;
int gotterminal = 1; /* 1 if attached to a terminal */
-sem_t dnrd_sem; /* Used for all thread synchronization */
+sem_t* dnrd_sem = NULL; /* Used for all thread synchronization */
int reactivate_interval = REACTIVATE_INTERVAL;
int stats_interval = 0;
@@ -278,7 +278,7 @@
/* int i;*/
/* Only let one process run this code) */
- sem_wait(&dnrd_sem);
+ sem_wait(dnrd_sem);
log_debug(1, "Shutting down...\n");
if (isock >= 0) close(isock);
diff -ru dnrd-2.20.3/src/common.h dnrd-2.20.3_osx_patch/src/common.h
--- dnrd-2.20.3/src/common.h 2005-08-02 22:02:46.000000000 +0800
+++ dnrd-2.20.3_osx_patch/src/common.h 2014-11-17 10:20:20.000000000 +0800
@@ -48,6 +48,11 @@
#define SELECT_TIMEOUT 1
#endif
+/* Set the named semphore name */
+#ifndef NAMED_SEMAPHORE_NAME
+#define NAMED_SEMAPHORE_NAME "net.sourceforge.dnrd"
+#endif
+
/* Set the default timeout value for forward DNS. If we get no
* response from a DNS server within forward_timeout, deactivate the
* server. note that if select_timeout is greater than this, the
@@ -100,7 +105,7 @@
extern char master_config[256];
extern char blacklist[256];
#endif
-extern sem_t dnrd_sem; /* Used for all thread synchronization */
+extern sem_t* dnrd_sem; /* Used for all thread synchronization */
extern char dnrd_root[512];
extern char config_file[];
diff -ru dnrd-2.20.3/src/main.c dnrd-2.20.3_osx_patch/src/main.c
--- dnrd-2.20.3/src/main.c 2007-02-08 21:25:51.000000000 +0900
+++ dnrd-2.20.3_osx_patch/src/main.c 2014-11-17 10:22:30.000000000 +0800
@@ -139,17 +139,20 @@
/***************************************************************************/
void init_socket(void) {
- struct servent *servent; /* Let's be good and find the port numbers
- the right way */
+ /* Let's be good and find the port numbers the right way */
+ struct servent *servent_udp;
+ struct servent *servent_tcp;
+
/*
* Pretend we don't know that we want port 53
*/
- servent = getservbyname("domain", "udp");
- if (servent != getservbyname("domain", "tcp"))
+ servent_udp = getservbyname("domain", "udp");
+ servent_tcp = getservbyname("domain", "tcp");
+ if (servent_udp->s_port != servent_tcp->s_port)
log_err_exit(-1, "domain ports for udp & tcp differ. "
"Check /etc/services");
- recv_addr.sin_port = servent ? servent->s_port : htons(53);
+ recv_addr.sin_port = servent_udp ? servent_udp->s_port : htons(53);
/*
* Setup our DNS query reception socket.
@@ -247,8 +250,11 @@
/*
* Setup the thread synchronization semaphore
*/
- if (sem_init(&dnrd_sem, 0, 1) == -1)
+ if ((dnrd_sem = sem_open(NAMED_SEMAPHORE_NAME, (O_CREAT|O_EXCL), S_IRWXU, 1)) == SEM_FAILED)
+ {
+ int err = errno;
log_err_exit(-1, "Couldn't initialize semaphore");
+ }
init_socket();
diff -ru dnrd-2.20.3/src/master.c dnrd-2.20.3_osx_patch/src/master.c
--- dnrd-2.20.3/src/master.c 2007-02-08 22:47:55.000000000 +0900
+++ dnrd-2.20.3_osx_patch/src/master.c 2014-11-14 11:43:05.000000000 +0800
@@ -201,7 +201,7 @@
log_msg(LOG_NOTICE, "resetting master DNS");
- sem_wait(&dnrd_sem);
+ sem_wait(dnrd_sem);
for (i = 0; i < dbc; i++) {
free_dnsrec(dbv[i]);
@@ -217,7 +217,7 @@
dbc = 0;
dbmax = 0;
- sem_post(&dnrd_sem);
+ sem_post(dnrd_sem);
return (0);
}
diff -ru dnrd-2.20.3/src/sig.c dnrd-2.20.3_osx_patch/src/sig.c
--- dnrd-2.20.3/src/sig.c 2005-02-08 17:58:16.000000000 +0800
+++ dnrd-2.20.3_osx_patch/src/sig.c 2014-11-17 10:21:28.000000000 +0800
@@ -41,6 +41,8 @@
break;
#endif
default:
+ /* do not forget to unlink the named semaphore */
+ sem_unlink(NAMED_SEMAPHORE_NAME);
cleanexit(0);
}
signal(signo, sig_handler);
Chris Kruger
|
|
From: Paul D. <PC...@Fo...> - 2013-11-06 05:03:51
|
It appears to me the logic in cache.c to expire the oldest entries to bring the number of entries down to the low water point is backwards. In expire_oldest, the comments indicate the entries are sorted "in order of age, oldest first". However, cmp_cachemru returns >0 if the entry 1 is older than entry 2 and <0 if entry 2 is older than entry 1. This results in a list than is sorted in order age with the more recently used entries first. Given the function is called cmp_cachemru and log message in expire_oldest uses the term "mru expired", maybe the intent was to expire the most recently used entries. If that's the case, the code is right but the comments in expire_oldest are wrong. More likely, the desire is to expire the least recently used entries. In this case, the return line in cmp_cachemru should be changed from return ((*cy)->lastused - (*cx)->lastused); to return ((*cx)->lastused - (*cy)->lastused); -- Paul C Diem PC...@Fo... "The inherent vice of capitalism is the unequal sharing of the blessings. The inherent blessing of socialism is the equal sharing of misery." - Winston Churchill |
|
From: Kron <und...@ya...> - 2013-01-22 08:40:35
|
<div>Hi!</div><div> </div><div>I have a question with routing.</div><div>On the server with dnrd installed I have a 3 ip addresses.</div><div>All the ip`s is under the same subnet.</div><div>1-st ip - the main ip of the server</div><div>2-nd and 3-th ip - is the virtual ip that can be moved between two servers (heartbeat or keepalived).</div><div> </div><div>Problem #1:</div><div> </div><div>dnrd listens all the interfaces beacause as I know there is no possibility to use '-a' param more than once.</div><div>it`ll be great to have possibility chose multiple ip to listen and also possibility to exclude some ip from listening on it.</div><div> </div><div>Problem #2:</div><div> </div><div>again, in my case dnrd listens all the interfaces because I need him to serve on two virtual ip adresses.</div><div>we have 3 ip on the server:</div><div>192.168.1.10 - real server ip</div><div>192.168.1.11 - virtual server that can be moved between another server</div><div>192.168.1.12<span style="font-size:0.8em;"> </span><span style="font-size:0.8em;">- virtual server that can be moved between another server</span></div><div> </div><div>now example:</div><div> </div><div>on the client host, I define that dns server`s ip is 192.168.1.12.</div><div>client -> dns query -> 192.168.1.12 -> real dns server -> client</div><div>everything is fine except one thing.</div><div>the reply to client is returned from 192.168.1.10, not from 192.168.1.12 and this is the main problem.</div><div> </div><div>how can I force dnrd to listen more than one ip address and reply to queries from the ip address which recieved the request?</div><div> </div><div>Thanks in advance!</div> |
|
From: Guylhem A. <dn...@gu...> - 2011-08-31 17:17:03
|
Hello First a denial-of-service bug report : when dnrd runs in debug mode -d 4, I can systematically crash it with a dns2tcp style packet, too large to be printed. Apparently some size verification may be missing. Meanwhile, if you run DNRD in production, I strongly advise to remove debug mode (at least on MIPS - I can't say about i386 or x64) BTW If you use the master file, I'd be interested in how you test it with dig? I send a few queries but they all ended up in one of the servers given as a parameter - for which they were unknown. I'm just starting to play with DNS so I could be doing an obvious mistake. Guylhem |
|
From: 云风 <cl...@gm...> - 2011-07-26 05:34:43
|
I downloaded DNRD 2.20.3 yesterday . It doesn't work on some query. I read the source code and found these in src/dns.c y->type = ntohs(*(unsigned short *)(&msg[i])); i += 2; y->class = ntohs( *(unsigned short *)(&msg[i])); i += 2; On my ARM9 , " *(unsigned short *)(&msg[i]) " failed when the &msg[i] is not aligned . So y->type would be the wrong value. I saw the commented code below , too. // memcpy(&conv, here, sizeof(unsigned short int)); // y->type = ntohs(conv); // here += 2; I think using memcpy would be better solution . -- http://blog.codingnow.com |
|
From: <Kin...@cn...> - 2011-06-24 06:57:53
|
__________________
DEAR ALL:
Do you know that can the DNRD support the DNSSEC? Is there some
method to make it support it .we have a test web "www.dnssec.cero32.cl" to
test the DNRD package size ,but it can not pass anyone.
test environment:
1. client DNS ---> DNRD ---> public DNS server
2. connect the client to the internet (we use the
ADSL),make sure you can open other web successfully.
3. open the web "www.dnssec.cero32.cl" with IE or firefox.
then the web will tell you if you DNS package size test passed.
we analyse the code of DNRD,we know that the NDRD can souport the maximum
package size is 4096. is there something wrong we understand? anyone help
me?Thanks.
Best Regards,
====================================================
KingKong Li(李金刚)
Wireless Digital Home Department.
|
|
From: Natanael C. <nat...@gm...> - 2010-08-26 12:34:02
|
On Tue, Aug 24, 2010 at 4:27 PM, S. Mena <sm...@sp...> wrote: > I have an instance of DNRD that is logging the following to syslog on a > frequent basis: > Aug 24 14:14:50 74 dnrd[2659]: bind: Address already in use > Aug 24 14:15:52 74 last message repeated 26 times > It appears to be working (in the sense that it is passing queries). This is > my command line: > /usr/local/sbin/dnrd -s x.x.x.x -s y.y.y.y -s z.z.z.z -u named -c off -l -m > off --max-sock=2500 --address q.q.q.q > I have attempted to bind it to one address as well as have it listen on all > (default, although there is only one IP bound on the box). > Can anyone offer some insight to this? sounds like you already have one instance of dnrd running, or some other dns software. Try netstat -lnp | grep 53 or similar to find out what listens on port 53 -- Natanael Copa |
|
From: <dn...@us...> - 2010-08-25 20:09:59
|
Do you have processes already listening as UDP servers on the port range that dnrd is using to allocate it's random ports from? Wayne On Tue, Aug 24, 2010 at 10:27:50AM -0400, S. Mena wrote: > I have an instance of DNRD that is logging the following to syslog on a > frequent basis: > > Aug 24 14:14:50 74 dnrd[2659]: bind: Address already in use > Aug 24 14:15:52 74 last message repeated 26 times > > It appears to be working (in the sense that it is passing queries). This is > my command line: > > /usr/local/sbin/dnrd -s x.x.x.x -s y.y.y.y -s z.z.z.z -u named -c off -l -m > off --max-sock=2500 --address q.q.q.q > > I have attempted to bind it to one address as well as have it listen on all > (default, although there is only one IP bound on the box). > > Can anyone offer some insight to this? > ------------------------------------------------------------------------------ > Sell apps to millions through the Intel(R) Atom(Tm) Developer Program > Be part of this innovative community and reach millions of netbook users > worldwide. Take advantage of special opportunities to increase revenue and > speed time-to-market. Join now, and jumpstart your future. > http://p.sf.net/sfu/intel-atom-d2d > _______________________________________________ > Dnrd-user mailing list > Dnr...@li... > https://lists.sourceforge.net/lists/listinfo/dnrd-user |
|
From: S. M. <sm...@sp...> - 2010-08-24 14:58:45
|
I have an instance of DNRD that is logging the following to syslog on a frequent basis: Aug 24 14:14:50 74 dnrd[2659]: bind: Address already in use Aug 24 14:15:52 74 last message repeated 26 times It appears to be working (in the sense that it is passing queries). This is my command line: /usr/local/sbin/dnrd -s x.x.x.x -s y.y.y.y -s z.z.z.z -u named -c off -l -m off --max-sock=2500 --address q.q.q.q I have attempted to bind it to one address as well as have it listen on all (default, although there is only one IP bound on the box). Can anyone offer some insight to this? |
|
From: Natanael C. <nat...@gm...> - 2010-08-16 12:24:26
|
On Fri, Aug 13, 2010 at 10:36 PM, Rakesh Pandit <rak...@gm...> wrote: > On 14 August 2010 01:42, Petrin, Benjamin wrote: >> Hi everyone, >> >> I've been in recent discussion with Natanael Copa who has been previously maintaining Dnrd. He mentioned he had been looking for a new maintainer and I decided to step up to the plate. I hope I can help keep the project alive! >> >> Best regards, >> > > Cool news. I hope Natanael Copa will be around as well (in free time) :) I'm not gonna be far away ;) Thanks! -- Natanael Copa |
|
From: Rakesh P. <rak...@gm...> - 2010-08-13 20:36:09
|
On 14 August 2010 01:42, Petrin, Benjamin wrote: > Hi everyone, > > I've been in recent discussion with Natanael Copa who has been previously maintaining Dnrd. He mentioned he had been looking for a new maintainer and I decided to step up to the plate. I hope I can help keep the project alive! > > Best regards, > Cool news. I hope Natanael Copa will be around as well (in free time) :) Regards, -- Rakesh Pandit https://fedoraproject.org/wiki/User:Rakesh freedom, friends, features, first |
|
From: Petrin, B. <b.p...@WP...> - 2010-08-13 20:33:18
|
Hi everyone, I've been in recent discussion with Natanael Copa who has been previously maintaining Dnrd. He mentioned he had been looking for a new maintainer and I decided to step up to the plate. I hope I can help keep the project alive! Best regards, Benjamin Petrin |
|
From: Natanael C. <nat...@gm...> - 2010-05-25 15:54:06
|
On Mon, May 24, 2010 at 9:58 PM, MACIAS, MICHAEL SHANE (MIKE) <mic...@av...> wrote: > Thank you for the input Natanael. I was a little vague in my original description, the DNS queries are originating from a public address, but requesting resolution for an invalid IP, 10.x.x.x. For this reason, I don't think I can use the firewall. My understanding is that the firewall does not have the capability to reject a packet based on its contents. The equipment originating this request is a traffic generation tools and for some reason DNS queries are leaking back through the management port. right. you'd need some deep packet inspection for that. maybe l7-filter can do that. I dont know. > I used the method you described to generate a range and it worked great, but I need to reject 10.0.0.0/8, the example I provided in the original message was just the latest problem I have experienced. Users at my site use a wide range of 10 net addresses, so I need to cover them all. Just an FYI, the file size generated with the command below was 777K, but the file generated with the range I need was 220M. ok thats not a workable solution then, yes. > More details from testing: > When a request does not match an entry in the blacklist there are 28 messages transmitted, 7 queries, 7 query responses from real DNS servers, 7 query responses and 7 forwarded messages from dnrd. The requesting machine receives the following: > Host 1.0.0.10.in-addr.arpa. not found: 3(NXDOMAIN) > > When a request matches an entry in the black list there are only two messages transmitted, the query and the query response from dnrd. The requesting machine receives the following: > 0.0.0.10.in-addr.arpa has no PTR record (This behavior is ideal) So what you really need is add *.10.in-addr.arpa in the blacklist. It might be it works to add 10.in-addr.arpa im blacklist but it also might it that will require some patching. > NOTE: I have caching turned off just to see the real behavior, I plan on using the cache and this helps alleviate the load on the real DNS servers after the initial query is forwarded from dnrd, but I am afraid the dnrd server will become overloaded with the unnecessary extra 6 queries the originator sends after receiving the initial query response. I have a load balancer at my disposal to distribute across two dnrd servers, if needed. Disabling cache is a good idea. dnrd cache does not respect the TTL properly. > Other possible solution: > If the firewall can analyze the payload and reject based on 10.0.0.0/8 and generate an instant reject, please help in the syntax for the rule. I dont htink you can. Might be l7-filter can do it as i said but I don't know really. > Thanks for all the help, I really like the product and I know this is not an ordinary operating condition. well, dnrd was orignally for non-ordinary operation conditions, so i understand that part. > > Mike > -- Natanael Copa |
|
From: MACIAS, M. S. (MIKE) <mic...@av...> - 2010-05-24 19:59:10
|
Thank you for the input Natanael. I was a little vague in my original description, the DNS queries are originating from a public address, but requesting resolution for an invalid IP, 10.x.x.x. For this reason, I don't think I can use the firewall. My understanding is that the firewall does not have the capability to reject a packet based on its contents. The equipment originating this request is a traffic generation tools and for some reason DNS queries are leaking back through the management port. I used the method you described to generate a range and it worked great, but I need to reject 10.0.0.0/8, the example I provided in the original message was just the latest problem I have experienced. Users at my site use a wide range of 10 net addresses, so I need to cover them all. Just an FYI, the file size generated with the command below was 777K, but the file generated with the range I need was 220M. More details from testing: When a request does not match an entry in the blacklist there are 28 messages transmitted, 7 queries, 7 query responses from real DNS servers, 7 query responses and 7 forwarded messages from dnrd. The requesting machine receives the following: Host 1.0.0.10.in-addr.arpa. not found: 3(NXDOMAIN) When a request matches an entry in the black list there are only two messages transmitted, the query and the query response from dnrd. The requesting machine receives the following: 0.0.0.10.in-addr.arpa has no PTR record (This behavior is ideal) NOTE: I have caching turned off just to see the real behavior, I plan on using the cache and this helps alleviate the load on the real DNS servers after the initial query is forwarded from dnrd, but I am afraid the dnrd server will become overloaded with the unnecessary extra 6 queries the originator sends after receiving the initial query response. I have a load balancer at my disposal to distribute across two dnrd servers, if needed. Other possible solution: If the firewall can analyze the payload and reject based on 10.0.0.0/8 and generate an instant reject, please help in the syntax for the rule. Thanks for all the help, I really like the product and I know this is not an ordinary operating condition. Mike |
|
From: Natanael C. <nat...@gm...> - 2010-05-21 07:09:05
|
On Fri, May 21, 2010 at 4:02 AM, MACIAS, MICHAEL SHANE (MIKE) <mic...@av...> wrote: > I have a problem with hosts sending recursive queries for 10.x.x.x > addresses. The hosts that perform the queries are recursively requesting > 10.0.1.1 – 10.0.150.254. I need to block any request for a 10 net address, > but I do not know if this is possible and/or the syntax for the blacklist > file. blacklist is just a list of hostnames that dnrd will consider itself as the authority for. I think you might be able to generate the range: for i in $(seq 1 150); do for j in $(1 254); do echo 10.0.$i.$j; done; done > blacklist Might be you could do it at firewalllevel otherwise, reject outgoing udp packets from dnrd server to 10.0.0.0/16 port 53. dnrd would get an instant reject. -- Natanael Copa |
|
From: MACIAS, M. S. (MIKE) <mic...@av...> - 2010-05-21 02:03:09
|
I have a problem with hosts sending recursive queries for 10.x.x.x addresses. The hosts that perform the queries are recursively requesting 10.0.1.1 - 10.0.150.254. I need to block any request for a 10 net address, but I do not know if this is possible and/or the syntax for the blacklist file. Thanks, Mike |
|
From: Jarrod <dn...@rr...> - 2008-11-11 16:48:10
|
2008/11/11 Jarrod <dn...@rr...>: > The attached patch (against 2.20.3) implements Round-Robin responses into DNRD. Oh, I forgot - it actually depends on 2.20.3 plus my previous expiry time patch (which is now in SVN) - but purely because I add some lines nearby a change from that patch. I just grabbed the SVN version now, and it patches fine except for one debugging line in main.c, which isn't needed. I know that needs cleaning up, but I want to get some other people debugging it beforehand. DNS now hurts my head :( P.S. The web interface to the SVN repository seems to be unavailable. |
|
From: Jarrod <dn...@rr...> - 2008-11-11 16:24:55
|
The attached patch (against 2.20.3) implements Round-Robin responses into DNRD. The first time a packet it returned from the cache, it will disassemble it (into the new hdr->disassembly structure). Every time a packet is pulled from the cache it will use hdr->disassembly to rebuild the packet, but: The AN and AR sections will be "rotated" to provide round-robin responses The TTL fields will be decremented appropriately If it fails to parse or rebuild the packet, the original packet will be returned This is to be considered highly experimental - I don't think it should go into a numbered version quite yet! It has worked so far in my testing, but needs to be used much more extensively to ensure there are no bugs. I have tried to ensure that any potential buffer overflows are caught - in fact I am more likely to have a bug whereby you can't use the last byte of a buffer - but there are no guarantees associated, and I don't recommend running this anywhere critical yet. Stylistically, it could do with some tidying up :) DNRD will still not carry data from one query into another, and as such is still immune to the recent spate of NS poisoning attacks, I believe. Please give it a try, and see if you can break it. -- Jarrod Lowe |
|
From: Natanael C. <nat...@gm...> - 2008-08-19 09:03:11
|
On Tue, 2008-08-19 at 11:59 +0530, Madhan Balaji wrote: > > > Hi all, > > I am using DNRD 2.20.3. I want to add an IPv6 address as > the nameserver. Is IPv6 support is there in the current release? Or I > have to apply a patch for this? Please help me regarding this. hi. there is no supoprt for ipv6 in dnrd and as far i know there are no patches for that either. sorry -nc |
|
From: Madhan B. <mad...@gm...> - 2008-08-19 06:29:24
|
Hi all,
I am using DNRD 2.20.3. I want to add an IPv6 address as the
nameserver. Is IPv6 support is there in the current release? Or I have to
apply a patch for this? Please help me regarding this.
--
Thanks in Advance,
Madhan
D-Link
|
|
From: Natanael C. <nat...@gm...> - 2008-07-24 06:07:15
|
On Wed, 2008-07-23 at 12:20 -0400, Wayne Cuddy wrote: > In file tcp.c, line 330, the following line needs to be inserted. > > close(arp->connect); > > This only effects the fork()ing model when tcp queries are enabled. > Without it the parent never closes the new socket and you eventually run > out of file descriptors. commited to svn. Thanks! -nc |
|
From: Natanael C. <nat...@gm...> - 2008-07-24 06:03:48
|
On Mon, 2008-07-21 at 23:27 -0400, dn...@us... wrote: > I've been correcting various alignment issues scattered throughout the > code. I'm seeing crashes more often on TCP rather than UDP packets but it > can easily happen on both types of requests. I think the TCP code was just bolted on and is not so well tested. > The problems stem from the fact the much of the packet parsing logic > casts "unsigned char *" to "unsigned short *" and then attempts to > dereference those pointers. > > What I have done to correct these problems is use memcpy to load the > unaligned buffers into aligned buffers and then convert the data to > host-byte-order. I've seen a few places in the code where this was done > at one time... loading the data into a temporary variable "conv" and > then converting it. But it seems to be commented out for some reason? I don't know really. > Anyway I have made multiple fixes in dns.c and a few other places which > seems to have stabilized my build... but more testing is necessary. > These fixes have been applied against 2.20.3 which I don't think is the > latest/greatest from the trunk. Once these are tested I'll work at > posting diffs against the latest/greatest. That would be great! Thanks! -nc |
|
From: Wayne C. <dn...@us...> - 2008-07-23 16:29:43
|
Oppp... s/arp/arg/ On Wed, Jul 23, 2008 at 12:20:17PM -0400, Wayne Cuddy wrote: > In file tcp.c, line 330, the following line needs to be inserted. > > close(arp->connect); > > This only effects the fork()ing model when tcp queries are enabled. > Without it the parent never closes the new socket and you eventually run > out of file descriptors. > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Dnrd-user mailing list > Dnr...@li... > https://lists.sourceforge.net/lists/listinfo/dnrd-user |
|
From: Wayne C. <dn...@us...> - 2008-07-23 16:20:08
|
In file tcp.c, line 330, the following line needs to be inserted. close(arp->connect); This only effects the fork()ing model when tcp queries are enabled. Without it the parent never closes the new socket and you eventually run out of file descriptors. |
15 messages has been excluded from this view by a project administrator.
