A lot of users of MaraDNS let me know one thing they were very happy about with MaraDNS is how nicely it works in embedded environments. That in mind, when I began working on Deadwood, my goal was to make a small, high-performance DNS server that can work in the smallest of 32-bit environments.

When I started developing Deadwood, my goals were:

I believe I have succeeded. Here is a comparison of Deadwood (MaraDNS 2.0's recursor) against all other currently maintained open-source DNS servers with Windows binaries:
DNS server		Binary size [1]
---------------------	-------------------
BIND 9.7.1-P2		4,055,552
Unbound 1.4.5		1,745,920
PowerDNS 2.9.15 [2]	  503,860
Deadwood 2.9.02		   62,976
[1] The binary size includes all .dll files needed to run the program.

[2] Only the size of PowerDNS 2.9.15's recursor (pdns_recursor) and the PthreadVCE.dll needed to run said recursor are counted

As you can see, PowerDNS' recursor is nearly eight times the size of Deadwood, Unbound is over 27 times the size of Deadwood, and BIND weighs in at nearly 64 times Deadwood's size.

Deadwood is a fraction of the size of any other open-source DNS server with Windows binaries.

Note, however, that Deadwood is not the smallest recursive resolver for Linux. That honor goes to DJBdns' dnscache program. The zinq-djbdns-0.08 version of dnscache is only 45,016 bytes (compiled with -Os and stripped); compare this to Deadwood on the same platform, which weighs in at 61,528 bytes; it's only 3/4 of Deadwood's size.

Then again, Deadwood has, in those 16,512 bytes, a number of features dnscache does not have, including the ability to bind to multiple IPs, read and write the cache to disk, DNS wall functionality, a dwood3rc parser complete with the ability to read other files while parsing the file (dnscache gets all of its configuration from the environment), DNS "resurrections", ip_blacklist to counteract NXDOMAIN redirects, multiple inflight merging, code that stops AR-injection spoof attacks, an LRU cache (allowing Deadwood to more effectively cache entries when we are processing more entries than what the cache can hold), the ability to redirect thousands of domains without significantly impacting performance, as well as the ability to compile in full IPv6 support without applying third-party patches.

I think having all of these features is worth Deadwood being 40% larger. Of course, by the same token, if you need a feature PowerDNS' recursor, Unbound, or BIND has that Deadwood does not have (such as DNSSEC), it may be necessary to use a larger program.

Deadwood has all of the essentials for a reliable, scalable, and secure DNS server on today's internet, supporting both IPv4 and IPv6. Short of DNSSEC (which has yet to see widespread adoption), Deadwood utilizes the strongest anti-spoofing techniques DNS can have (cryptographically strong random query ID and source port; protection against AR-injection spoofing attacks; multiple inflight merging) in a binary utilizing a memory footprint small enough to run on your broadband router, an older PC, or unobtrusively on your PC.

Deadwood is fully cross-platform, working equally well in both UNIX-like operating systems and in Windows. It runs as a service in Windows and is daemonized in UNIX clones using the included "duende" daemonizer.