MaraDNS
Encyclopedia
MaraDNS is a security
-aware Domain Name System
(DNS) implementation
. Along with BIND
, NSD
, djbdns
, and PowerDNS
, it is one of a small number of DNS servers with published source code. Like BIND and djbdns, MaraDNS can function either as an authoritative DNS server, as a "recursive" DNS cache that uses the DNS root nameserver
s, or as a "forwarder" cache reliant on other recursive DNS servers.
The first version of MaraDNS was released on June 21, 2002
and a number of releases have been made since then. In October 2009 the author announced plans to stop any further development beyond basic bug fixes after the release of MaraDNS 2.0.
At least one independent book has recommended MaraDNS for public facing DNS servers
While MaraDNS can resolve almost any site that other DNS servers can resolve, it does not resolve all names the same way other DNS servers do. CNAME and ANY records, in particular, are resolved differently.
MaraDNS spawns a thread for each recursive DNS request that is not already cached.
MaraDNS has had a few security problems, as described in the MaraDNS security document. MaraDNS 1.2 has recently been shown to be vulnerable to three Denial-of-service attack
s via memory leak errors; all three memory leaks do not exist in MaraDNS 1.0, and have been patched in MaraDNS 1.2.12.06. There was also a memory leak that was patched in MaraDNS 1.2.12.01 and MaraDNS 1.0.39, and a memory leak in MaraDNS 1.2.12.06 that is only triggered when a parameter not set in the default installation is set.
. MaraDNS 1.2 releases are copyright
ed but are distributed with a simplified two-clause BSD licence.
Computer insecurity
Computer insecurity refers to the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security, and those looking to circumvent security.-Security and systems design:...
-aware Domain Name System
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
(DNS) implementation
. Along with BIND
BIND
BIND , or named , is the most widely used DNS software on the Internet.On Unix-like operating systems it is the de facto standard.Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley , the name originates as an acronym from...
, NSD
NSD
In Internet computing, NSD is an open-source server program for the Domain Name System. It was developed by NLnet Labs of Amsterdam in cooperation with the RIPE NCC, from scratch as an authoritative name server...
, djbdns
Djbdns
The djbdns software package is a DNS implementation created by Daniel J. Bernstein due to his frustrations with repeated BIND security holes. A $1000 prize for the first person to find a privilege escalation security hole in djbdns was awarded in March 2009 to Matthew Dempsky., djbdns's tinydns...
, and PowerDNS
PowerDNS
PowerDNS is a DNS server, written in C++ and licensed under the GPL. It runs on most Unix derivatives and on Microsoft Windows. PowerDNS features a large number of different backends ranging from simple BIND style zonefiles to relational databases and load balancing/failover algorithms...
, it is one of a small number of DNS servers with published source code. Like BIND and djbdns, MaraDNS can function either as an authoritative DNS server, as a "recursive" DNS cache that uses the DNS root nameserver
Root nameserver
A root name server is a name server for the Domain Name System's root zone. It directly answers requests for records in the root zone and answers other requests returning a list of the designated authoritative name servers for the appropriate top-level domain...
s, or as a "forwarder" cache reliant on other recursive DNS servers.
The first version of MaraDNS was released on June 21, 2002
and a number of releases have been made since then. In October 2009 the author announced plans to stop any further development beyond basic bug fixes after the release of MaraDNS 2.0.
At least one independent book has recommended MaraDNS for public facing DNS servers
Criticisms
MaraDNS has limited support for being a slave DNS server. While MaraDNS includes a tool that can receive zone files, this process needs to be automated via an external program, such as crontab, and MaraDNS needs to be restarted to load the zone in question.While MaraDNS can resolve almost any site that other DNS servers can resolve, it does not resolve all names the same way other DNS servers do. CNAME and ANY records, in particular, are resolved differently.
MaraDNS spawns a thread for each recursive DNS request that is not already cached.
MaraDNS has had a few security problems, as described in the MaraDNS security document. MaraDNS 1.2 has recently been shown to be vulnerable to three Denial-of-service attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
s via memory leak errors; all three memory leaks do not exist in MaraDNS 1.0, and have been patched in MaraDNS 1.2.12.06. There was also a memory leak that was patched in MaraDNS 1.2.12.01 and MaraDNS 1.0.39, and a memory leak in MaraDNS 1.2.12.06 that is only triggered when a parameter not set in the default installation is set.
Licensing
MaraDNS 1.0 releases (including all current bug fixes) have been released to the public domainPublic domain
Works are in the public domain if the intellectual property rights have expired, if the intellectual property rights are forfeited, or if they are not covered by intellectual property rights at all...
. MaraDNS 1.2 releases are copyright
Copyright
Copyright is a legal concept, enacted by most governments, giving the creator of an original work exclusive rights to it, usually for a limited time...
ed but are distributed with a simplified two-clause BSD licence.