|last update: 2005-06-12 21:13:30|
Jumbo Patch is a collection of 13 individual djbdns patches collected by me from various places on Internet, modified and aplied to original djbdns package. These patches raised from people need and not anyone can agree with their usefullness. This collection add new functionalities to DNS utilities and improve other features.
To patch your djbdns, first download jumbo-p13.patch.gz into some directory, for example /tmp. Please first check the MD5 sum which must be: c96a7cf19968f26ff1422cd197b1a72d:
Then get and unpack djbdns-1.05.tar.gz where you want, for example /tmp, and execute the following commands:
cd /tmp gtar xfz djbdns-1.05.tar.gz gunzip jumbo-p13.patch.gz cd /tmp/djbdns-1.05 patch -p1 < ../jumbo-p13.patchRead the usual DJBDNS instructions from http://cr.yp.to/djbdns/install.html or if you're in hurry just execute following commands to compile and install DJBDNS in /usr/local (you must be root to install it):
make make setup check
Using New Features and Improvements
Patch 1: tinydns-data SRV & axfr-get SRV/PTR support
This is a combined patch that:
Patch 2: SOA contact address
tinydns-data will use the contact address (with the first "." replaced with "@") specified via a line in the data file beginning with "D":
Ddanp.danp.netsets the address for following "." lines to firstname.lastname@example.org, while "D" tells tinydns-data to begin generating hostmaster@dom addresses again. It defines the contact address to be used for all subsequent records. An empty contact address means that tinydns-data should resume manufacturing a contact address. Note: should you happen to care about such things, note that this record creates a context that prevents you from re-ordering the data file.
Patch 3: tinydns-data accept multiple filenames on the command line
This patch allows tinydns-data to allow command-line parameters as configuration files.
You can maintain multiple zones (group of DNS entries) independently (for example slave zones from
multiple hosts). Every zone file has it's own default SOA SERIAL entry, because every file has
independent mtime (modification time) entry in the file system. Using new feature is easy:
tinydns-data example.org.zone secondary/example.com.zone example.net
Patch 4: dnscache respond queries from everywhere
A little patch for dnscache to allow it to assume that all DNS clients are allowed to query (which is useful if you allow or deny access to your DNS server by some other method, like packet filtering). To activate it you must set the environment variable OKCLIENT for dnscache to something non-null:
echo > $ROOT/env/OKCLIENTwhere ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect. To disable this feature execute:
rm $ROOT/env/OKCLIENTand don't forget to restart dnscache.
Patch 5: dnscache listen on multiple IP
This modification add support to dnscache to bind to multiple addresses. It's
very usefull when you don't want to fire up a server process for every IP you have.
To use this feature you must enter multiple IP's in a single line,
without spaces, and separated by "/" (slash) character. For example:
echo "127.0.0.1/192.168.0.10" > $ROOT/env/IPwhere ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect.
Patch 6: dnscache can dump & load the cache
This patch enable dnscache to dump the current cache, or to load a previously dumped cache at startup. There are three new environment variables: DUMPCACHE, which is the name of the file into which the cache will be dumped; DUMPCACHETMP, which is the name of a temporary file, and SLURPCACHE, which is the name of a cache dump which will be read at startup. Don't forget that dnscache runs chrooted and under a special UID.
The modifications to dnscache-conf make it prepare for you a directory $ROOT/dump with the correct permissions, and set environment variables DUMPCACHE=dump/dumpcache, DUMPCACHETMP=dump/dumpcache.tmp and SLURPCACHE=dump/slurpcache in the env directory.
Upon startup, if the variable SLURPCACHE is not present, or if it is present but doesn't point to an existing file, dnscache starts with a blank cache (as it used to). If the file SLURPCACHE exists but can't be read, dnscache aborts. If the file contains at some point incorrect data, the rest of the data is ignored and not entered into the initial cache. Any data whose TTL has expired is not retained either (note that the TTL stored in the cache dump is an expiration date, not a TTL in seconds). You could for instance have a symbolic link from slurpcache to dumpcache so that the previously dumped cache is loaded at startup. If the file pointed by SLURPCACHE exists, a line like:
@400000003aae843722f41114 slurp 844will be written to the log at startup, to show the number of cache entries that were slurped. 0 means that no file with the given name was found.
To dump the cache, send a SIGALRM to dnscache, for instance by running:
svc -a /service/dnscacheA line like:
@400000003aae844537504934 dump err 0will be written to the log. 0 means that all is OK (the dump has been done), 9999 means that the variable DUMPCACHE or DUMPCACHETMP has not been set, any other number is the errno() that occured during the dump. Usually you'll get ENOENT or EACCES if you have forgotten that dnscache is chrooted.
Patch 7: dnsfilter replace IP's with names
This patch adds an option to the dnsfilter program: -r. It's use makes dnsfilter simply replace the IP address by the host name if possible. If the IP address cannot be determined for whatever reason then it will be left alone.
Patch 8: tinydns listen on multiple IP's
A patch to allow tinydns to bind to multiple IP addresses. This doesn't affect dnscache. Now tinydns read multiple IP addresses from the IP environment variable. Addresses have to be separated with a / (slash). This way you should add more services to be supervised. Here is an example:
192.168.0.1/172.16.1.1/22.214.171.124tinydns will bind to all above addresses without spawning another processes.
Patch 9: dnscache reload configuration files
dnscache will now re-read configuration files when it receive a SIGHUP signal. This
is very usefull when you run dnscache with local DNS servers and want to have full
access to external DNS when you connect to Inernet by dialup or else method. What is interesting
here is that it doesn't loose the cached RR's. Example:
svc -h /service/dnscacheMost important, for dialup users this feature allow you to switch root DNS servers such that when you're not online and a DNS request is made, then imediately host not found will be returned. The usual Netscape hungs will go away.
Patch 10: dnscache can return a special IP address for NXDOMAIN
When applied, if the NXDSPECIAL environment variable is set, when dnscache encounters an A (or ANY) query that results in NXDOMAIN, instead of giving the NXDOMAIN reply to the client, it will generate an A record pointing the nonexistent host to the IP in NXDSPECIAL. The TTL of the generated A record is the SOA TTL (or what's left of it if the NXDOMAIN has been cached) of the nonexistent host's domain. Example:
echo 126.96.36.199 > $ROOT/env/NXDSPECIALwhere ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect. To disable this feature execute:
rm $ROOT/env/NXDSPECIALand don't forget to restart dnscache.
Patch 11: tinydns log 'X' for NXDOMAIN
When applied, server.c applications (tinydns, rbldns, etc.) will log an X line (where the X replaces + for example) when they return NXDOMAIN. This is especially useful with tinydns since it gives a fine grain indication of what tinydns really knows about. Dan Peterson first came up with this patch when he was performing a big BIND changeover (to make sure that hand-converted data file didn't have errors).
Patch 12: tinydns react on notify queries
The patch modify tinydns such that it write N in log line when a NOTIFY request is received. You could tail over the log and put a script to parse it and request updated DNS info from master servers for slave zones.
Patch 13: dnscache serve round-robin'd A records
dnscache is modified to serve multiple A-records in non-iterative round-robin fashion. It would be usefull when you need to make a simple load balancing, at client. To enable this feature execute:
echo > $ROOT/env/ROUNDROBINand don't forget to restart dnscache.
Please note that: