MyDjbdns Site last update: 2005-06-12 21:13:30
home
my work
documentation
links
contact
about
printable version: HTML | PDF

Jumbo Patch

Intro

Jumbo Patch is a collection of 13 individual djbdns patches collected by me from various places on Internet, modified and aplied to original djbdns package. These patches raised from people need and not anyone can agree with their usefullness. This collection add new functionalities to DNS utilities and improve other features.

Download

To patch your djbdns, first download jumbo-p13.patch.gz into some directory, for example /tmp. Please first check the MD5 sum which must be: c96a7cf19968f26ff1422cd197b1a72d:

md5sum jumbo-p13.patch.gz

Then get and unpack djbdns-1.05.tar.gz where you want, for example /tmp, and execute the following commands:

cd /tmp
gtar xfz djbdns-1.05.tar.gz
gunzip jumbo-p13.patch.gz
cd /tmp/djbdns-1.05
patch -p1 < ../jumbo-p13.patch
Read the usual DJBDNS instructions from http://cr.yp.to/djbdns/install.html or if you're in hurry just execute following commands to compile and install DJBDNS in /usr/local (you must be root to install it):
 
make
make setup check

Using New Features and Improvements

Patch 1: tinydns-data SRV & axfr-get SRV/PTR support

This is a combined patch that:

  • adds a native SRV type to tinydns-data. Syntax is:
    Sfqdn:ip:x:port:weight:priority:ttl:timestamp
    Standard rules for ip, x, ttl, and timestamp apply. Port, weight, and priority all range from 0-65535. Weight and priority are optional. They default to zero if not provided. For example:
    Sconsole.zoinks.example.com:1.2.3.4:rack102-con1:2001:69:7:300:
    
  • makes axfr-get decompose SRV and PTR records and write them out in native format, rather than opaque. Again, this is necessary because if the DNAME fields in the records reference the same zone as fqdn, they can have compression pointers that are bogus outside the context of that specific packet, and which can't be correctly loaded into data.cdb by tinydns-data.

Patch 2: SOA contact address

tinydns-data will use the contact address (with the first "." replaced with "@") specified via a line in the data file beginning with "D":

Ddanp.danp.net
sets the address for following "." lines to danp@danp.net, while "D" tells tinydns-data to begin generating hostmaster@dom addresses again. It defines the contact address to be used for all subsequent records. An empty contact address means that tinydns-data should resume manufacturing a contact address. Note: should you happen to care about such things, note that this record creates a context that prevents you from re-ordering the data file.

Patch 3: tinydns-data accept multiple filenames on the command line

This patch allows tinydns-data to allow command-line parameters as configuration files. You can maintain multiple zones (group of DNS entries) independently (for example slave zones from multiple hosts). Every zone file has it's own default SOA SERIAL entry, because every file has independent mtime (modification time) entry in the file system. Using new feature is easy:

 
tinydns-data example.org.zone secondary/example.com.zone example.net

Patch 4: dnscache respond queries from everywhere

A little patch for dnscache to allow it to assume that all DNS clients are allowed to query (which is useful if you allow or deny access to your DNS server by some other method, like packet filtering). To activate it you must set the environment variable OKCLIENT for dnscache to something non-null:

 
echo > $ROOT/env/OKCLIENT
where ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect. To disable this feature execute:
 
rm $ROOT/env/OKCLIENT
and don't forget to restart dnscache.

Patch 5: dnscache listen on multiple IP

This modification add support to dnscache to bind to multiple addresses. It's very usefull when you don't want to fire up a server process for every IP you have. To use this feature you must enter multiple IP's in a single line, without spaces, and separated by "/" (slash) character. For example:

 
echo "127.0.0.1/192.168.0.10" > $ROOT/env/IP
where ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect.

Patch 6: dnscache can dump & load the cache

This patch enable dnscache to dump the current cache, or to load a previously dumped cache at startup. There are three new environment variables: DUMPCACHE, which is the name of the file into which the cache will be dumped; DUMPCACHETMP, which is the name of a temporary file, and SLURPCACHE, which is the name of a cache dump which will be read at startup. Don't forget that dnscache runs chrooted and under a special UID.

The modifications to dnscache-conf make it prepare for you a directory $ROOT/dump with the correct permissions, and set environment variables DUMPCACHE=dump/dumpcache, DUMPCACHETMP=dump/dumpcache.tmp and SLURPCACHE=dump/slurpcache in the env directory.

Upon startup, if the variable SLURPCACHE is not present, or if it is present but doesn't point to an existing file, dnscache starts with a blank cache (as it used to). If the file SLURPCACHE exists but can't be read, dnscache aborts. If the file contains at some point incorrect data, the rest of the data is ignored and not entered into the initial cache. Any data whose TTL has expired is not retained either (note that the TTL stored in the cache dump is an expiration date, not a TTL in seconds). You could for instance have a symbolic link from slurpcache to dumpcache so that the previously dumped cache is loaded at startup. If the file pointed by SLURPCACHE exists, a line like:

 
@400000003aae843722f41114 slurp 844
will be written to the log at startup, to show the number of cache entries that were slurped. 0 means that no file with the given name was found.

To dump the cache, send a SIGALRM to dnscache, for instance by running:

 
svc -a /service/dnscache
A line like:
 
@400000003aae844537504934 dump err 0
will be written to the log. 0 means that all is OK (the dump has been done), 9999 means that the variable DUMPCACHE or DUMPCACHETMP has not been set, any other number is the errno() that occured during the dump. Usually you'll get ENOENT or EACCES if you have forgotten that dnscache is chrooted.

Patch 7: dnsfilter replace IP's with names

This patch adds an option to the dnsfilter program: -r. It's use makes dnsfilter simply replace the IP address by the host name if possible. If the IP address cannot be determined for whatever reason then it will be left alone.

Patch 8: tinydns listen on multiple IP's

A patch to allow tinydns to bind to multiple IP addresses. This doesn't affect dnscache. Now tinydns read multiple IP addresses from the IP environment variable. Addresses have to be separated with a / (slash). This way you should add more services to be supervised. Here is an example:

 
192.168.0.1/172.16.1.1/193.231.126.196
tinydns will bind to all above addresses without spawning another processes.

Patch 9: dnscache reload configuration files

dnscache will now re-read configuration files when it receive a SIGHUP signal. This is very usefull when you run dnscache with local DNS servers and want to have full access to external DNS when you connect to Inernet by dialup or else method. What is interesting here is that it doesn't loose the cached RR's. Example:

 
svc -h /service/dnscache
Most important, for dialup users this feature allow you to switch root DNS servers such that when you're not online and a DNS request is made, then imediately host not found will be returned. The usual Netscape hungs will go away.

Patch 10: dnscache can return a special IP address for NXDOMAIN

When applied, if the NXDSPECIAL environment variable is set, when dnscache encounters an A (or ANY) query that results in NXDOMAIN, instead of giving the NXDOMAIN reply to the client, it will generate an A record pointing the nonexistent host to the IP in NXDSPECIAL. The TTL of the generated A record is the SOA TTL (or what's left of it if the NXDOMAIN has been cached) of the nonexistent host's domain. Example:

 
echo 1.2.3.4 > $ROOT/env/NXDSPECIAL
where ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect. To disable this feature execute:
 
rm $ROOT/env/NXDSPECIAL
and don't forget to restart dnscache.

Patch 11: tinydns log 'X' for NXDOMAIN

When applied, server.c applications (tinydns, rbldns, etc.) will log an X line (where the X replaces + for example) when they return NXDOMAIN. This is especially useful with tinydns since it gives a fine grain indication of what tinydns really knows about. Dan Peterson first came up with this patch when he was performing a big BIND changeover (to make sure that hand-converted data file didn't have errors).

Patch 12: tinydns react on notify queries

The patch modify tinydns such that it write N in log line when a NOTIFY request is received. You could tail over the log and put a script to parse it and request updated DNS info from master servers for slave zones.

Patch 13: dnscache serve round-robin'd A records

dnscache is modified to serve multiple A-records in non-iterative round-robin fashion. It would be usefull when you need to make a simple load balancing, at client. To enable this feature execute:

 
echo > $ROOT/env/ROUNDROBIN
and don't forget to restart dnscache.

Applied Patches

Please note that:

  • Name of patches is modified from original (although you should recognize them easily)
  • I've made some minor changes to some of them to work with djbdns-1.05, resolve conflicts between patches or even fix some minor errors (in round robin especialy)
  • I used documentation provided by patches authors and modified as needed.
PATCH1: rr-srv.patch
add support for SRV record for tinydns-data and axfr-get
author: Michael Handler; original filename: srv-patch;
PATCH2: rr-soa-contact.patch
now you can modify SOA email contact address from tinydns-data
author: Dan Peterson; original filename: tinydns-data-soa-contact.patch;
PATCH3: multi-data.patch
add support to tinydns-data to load multiple data files specified on command line
author: Balázs Nagy; original filename: djbdns-1.05-multi_tinydns_data.patch;
PATCH4: okclient.patch
dnscache will respond queries from everywhere clients when OKCLIENT envar is set.
author: Uwe Ohse; original filename: dnscache-0.61.okclient.patch;
PATCH5: mip-dnscache.patch
dnscache can now listen on multiple IP's listed on IP envar and seperated by slashes.
author: Dan Peterson; original filename: dnscache-multiple-ip.patch;
PATCH6: dumpcache.patch
add support to dnscache to dump cache from memory and load it from file when it start, or when it receive SIGALRM signal
author: Florent Guillaume; original filename: patch-dnscache-dumpcache-v4.txt;
PATCH7: dnsfilter-repl.patch
dnsfilter will replace IP-s with names
author: Uwe Ohse; original filename: djbdns-1.05-dnsfilter-replace.diff;
PATCH8: mip-tinydns.patch
tinydns can now listen on multiple IP's listed on IP envar and seperated by slashes.
author: Uwe Ohse; original filename: djbdns-1.05-multiip.diff;
PATCH9: reload-dnscache.patch
add support to dnscache reload configuration files when it receive SIGHUP signal
author: Matthias Andree; original filename: djbdns-1.05-sighup.patch;
PATCH10: nxd-dnscache.patch
add support to dnscache to return a special IP address for NXDOMAIN type A responses when NXDSPECIAL environment variable is set.
author: Dan Peterson; original filename: dnscache-1.05-nxdspecial.patch;
PATCH11: nxd-tinydns.patch
add support to tinydns to log 'X' instead of '+' when it return NXDOMAIN in answers.
author: Dan Peterson; original filename: server-1.05-nxdomain-logging.patch;
PATCH12: notify-tinydns.patch
add support to tinydns to react on notify queries and log 'N'.
author: ???; original filename: ???;
PATCH13: roundrobind-dnscache.patch
dnscache will serve round-robin'd records when are many A records in answer.
author: Thomas Mangin; original filename: round-robin.patch;

Related Links


Copyright 2002,2005 Claudiu Costin; Released under FDL