From maradns at gmail.com Sun Apr 1 20:17:07 2012 From: maradns at gmail.com (Sam Trenholme) Date: Sun, 1 Apr 2012 20:17:07 -0400 Subject: [MaraDNS list] MaraDNS now has funding Message-ID: MaraDNS now has funding I am very pleased to let the community of MaraDNS users know that I have gotten a $1,048,576 USD grant from an anonymous donor. In light of this, I will be able to implement some features I have been meaning to implement in MaraDNS. == DNSSEC and DNSCurve == First of all, this funding will give me a chance to fully implement DNSSEC and DNSCurve. Due to the amount of code that needs to be written, I will hire Dan Kaminsky to help me implement the DNSSEC code, as well has contracting Daniel J. Bernstein to write the DNSCurve code. The code will be in separate modules and I hope it will be possible to compile MaraDNS and Deadwood with both DNSSEC and DNSCurve support at the same time; this is a logistical issue we will work out. == Random number generator == In addition to contracting Daniel J. Bernstein to write the DNSCurve code, I will also bring in Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche who will work with Bernstein in implementing a high-speed cryptographic block cipher with a 1024-bit block size on 32-bit platforms, a 2048-bit block size on 64-bit platforms, a 4096-bit block size on 128-bit platforms, as well as a 1152-bit block size on 36-bit platforms for our substantial number of users who run MaraDNS and Deadwood on PDP-10s. This block cipher primitive will be used in a sponge mode of operation as a pseudo-random number generator for Deadwood. We will also research making a hash compression primitive for 32-bit, 36-bit, 64-bit, and 128-bit platforms which is both very fast and cryptographically secure from collisions as long as our attacker doesn't know the primitive's randomly generated secret number. == Other plans == I was hoping to be able to implement a 20nm 128-bit version of the 6502 processor with memory management and protected mode, as well as a series of op codes to make processing DNS packets faster (such as FINDDNSLABEL). Unfortunately, my anonymous donor will not give me the $5 billion grant needed to implement this processor until our team successfully implements DNSSEC, DNSCurve, as well as the large-block-size cipher, not to mention the secure hash compressor. This should all be done within a year, and I will then be able to get a larger grant. I will let people know what that grant will let us do a year from today, on Monday, April 1, 2013. From dkowis at shlrm.org Sun Apr 1 21:17:39 2012 From: dkowis at shlrm.org (David Kowis) Date: Sun, 01 Apr 2012 20:17:39 -0500 Subject: [MaraDNS list] MaraDNS now has funding In-Reply-To: References: Message-ID: <4F78FE33.1020108@shlrm.org> +1 internets Well done :) On 4/1/2012 7:17 PM, Sam Trenholme wrote: > MaraDNS now has funding > I am very pleased to let the community of MaraDNS users know that I > have gotten a $1,048,576 USD grant from an anonymous donor. In light > of this, I will be able to implement some features I have been meaning > to implement in MaraDNS. > > == DNSSEC and DNSCurve == > > First of all, this funding will give me a chance to fully implement > DNSSEC and DNSCurve. Due to the amount of code that needs to be > written, I will hire Dan Kaminsky to help me implement the DNSSEC > code, as well has contracting Daniel J. Bernstein to write the > DNSCurve code. > > The code will be in separate modules and I hope it will be possible to > compile MaraDNS and Deadwood with both DNSSEC and DNSCurve support at > the same time; this is a logistical issue we will work out. > > == Random number generator == > > In addition to contracting Daniel J. Bernstein to write the DNSCurve > code, I will also bring in Guido Bertoni, Joan Daemen, Michael > Peeters, and Gilles Van Assche who will work with Bernstein in > implementing a high-speed cryptographic block cipher with a 1024-bit > block size on 32-bit platforms, a 2048-bit block size on 64-bit > platforms, a 4096-bit block size on 128-bit platforms, as well as a > 1152-bit block size on 36-bit platforms for our substantial number of > users who run MaraDNS and Deadwood on PDP-10s. > > This block cipher primitive will be used in a sponge mode of operation > as a pseudo-random number generator for Deadwood. > > We will also research making a hash compression primitive for 32-bit, > 36-bit, 64-bit, and 128-bit platforms which is both very fast and > cryptographically secure from collisions as long as our attacker > doesn't know the primitive's randomly generated secret number. > > == Other plans == > > I was hoping to be able to implement a 20nm 128-bit version of the > 6502 processor with memory management and protected mode, as well as a > series of op codes to make processing DNS packets faster (such as > FINDDNSLABEL). Unfortunately, my anonymous donor will not give me the > $5 billion grant needed to implement this processor until our team > successfully implements DNSSEC, DNSCurve, as well as the > large-block-size cipher, not to mention the secure hash compressor. > > This should all be done within a year, and I will then be able to get > a larger grant. I will let people know what that grant will let us do > a year from today, on Monday, April 1, 2013. > > !DSPAM:2,4f78f009135232628239487! > From dsevilla00 at hotmail.com Sun Apr 1 21:17:39 2012 From: dsevilla00 at hotmail.com (david sevilla) Date: Sun, 1 Apr 2012 20:17:39 -0500 Subject: [MaraDNS list] MaraDNS now has funding Message-ID: HOLY cow, congratulations and keep up the good work. -----Original Message----- From: Sam Trenholme Sent: 2 Apr 2012 00:17:15 GMT To: MaraDNS support mailing list Subject: [MaraDNS list] MaraDNS now has funding MaraDNS now has funding I am very pleased to let the community of MaraDNS users know that I have gotten a $1,048,576 USD grant from an anonymous donor. In light of this, I will be able to implement some features I have been meaning to implement in MaraDNS. == DNSSEC and DNSCurve == First of all, this funding will give me a chance to fully implement DNSSEC and DNSCurve. Due to the amount of code that needs to be written, I will hire Dan Kaminsky to help me implement the DNSSEC code, as well has contracting Daniel J. Bernstein to write the DNSCurve code. The code will be in separate modules and I hope it will be possible to compile MaraDNS and Deadwood with both DNSSEC and DNSCurve support at the same time; this is a logistical issue we will work out. == Random number generator == In addition to contracting Daniel J. Bernstein to write the DNSCurve code, I will also bring in Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche who will work with Bernstein in implementing a high-speed cryptographic block cipher with a 1024-bit block size on 32-bit platforms, a 2048-bit block size on 64-bit platforms, a 4096-bit block size on 128-bit platforms, as well as a 1152-bit block size on 36-bit platforms for our substantial number of users who run MaraDNS and Deadwood on PDP-10s. This block cipher primitive will be used in a sponge mode of operation as a pseudo-random number generator for Deadwood. We will also research making a hash compression primitive for 32-bit, 36-bit, 64-bit, and 128-bit platforms which is both very fast and cryptographically secure from collisions as long as our attacker doesn't know the primitive's randomly generated secret number. == Other plans == I was hoping to be able to implement a 20nm 128-bit version of the 6502 processor with memory management and protected mode, as well as a series of op codes to make processing DNS packets faster (such as FINDDNSLABEL). Unfortunately, my anonymous donor will not give me the $5 billion grant needed to implement this processor until our team successfully implements DNSSEC, DNSCurve, as well as the large-block-size cipher, not to mention the secure hash compressor. This should all be done within a year, and I will then be able to get a larger grant. I will let people know what that grant will let us do a year from today, on Monday, April 1, 2013. From jefsey at jefsey.com Sun Apr 1 21:36:31 2012 From: jefsey at jefsey.com (JFC Morfin) Date: Mon, 02 Apr 2012 03:36:31 +0200 Subject: [MaraDNS list] MaraDNS now has funding In-Reply-To: References: Message-ID: At 02:17 02/04/2012, Sam Trenholme wrote: >MaraDNS now has funding >I am very pleased to let the community of MaraDNS users know that I >have gotten a $1,048,576 USD grant from an anonymous donor. In light >of this, I will be able to implement some features I have been meaning >to implement in MaraDNS. BRAVO !!!! Technologically geat, ethically a justice for you and your family. jfc ---- PS. It would be great if you documented hooks that would permit to plug modules to support: - requests massaging (for example to support language conversion, variants, punycode) - CLASSes provided the request includes the CLASS to use. May be the code could be made reentrant (so support of classes would only be to reenter the same code with a different class?) jfc >== DNSSEC and DNSCurve == > >First of all, this funding will give me a chance to fully implement >DNSSEC and DNSCurve. Due to the amount of code that needs to be >written, I will hire Dan Kaminsky to help me implement the DNSSEC >code, as well has contracting Daniel J. Bernstein to write the >DNSCurve code. > >The code will be in separate modules and I hope it will be possible to >compile MaraDNS and Deadwood with both DNSSEC and DNSCurve support at >the same time; this is a logistical issue we will work out. > >== Random number generator == > >In addition to contracting Daniel J. Bernstein to write the DNSCurve >code, I will also bring in Guido Bertoni, Joan Daemen, Michael >Peeters, and Gilles Van Assche who will work with Bernstein in >implementing a high-speed cryptographic block cipher with a 1024-bit >block size on 32-bit platforms, a 2048-bit block size on 64-bit >platforms, a 4096-bit block size on 128-bit platforms, as well as a >1152-bit block size on 36-bit platforms for our substantial number of >users who run MaraDNS and Deadwood on PDP-10s. > >This block cipher primitive will be used in a sponge mode of operation >as a pseudo-random number generator for Deadwood. > >We will also research making a hash compression primitive for 32-bit, >36-bit, 64-bit, and 128-bit platforms which is both very fast and >cryptographically secure from collisions as long as our attacker >doesn't know the primitive's randomly generated secret number. > >== Other plans == > >I was hoping to be able to implement a 20nm 128-bit version of the >6502 processor with memory management and protected mode, as well as a >series of op codes to make processing DNS packets faster (such as >FINDDNSLABEL). Unfortunately, my anonymous donor will not give me the >$5 billion grant needed to implement this processor until our team >successfully implements DNSSEC, DNSCurve, as well as the >large-block-size cipher, not to mention the secure hash compressor. > >This should all be done within a year, and I will then be able to get >a larger grant. I will let people know what that grant will let us do >a year from today, on Monday, April 1, 2013. From baryluk at smp.if.uj.edu.pl Sun Apr 1 21:33:00 2012 From: baryluk at smp.if.uj.edu.pl (Witold Baryluk) Date: Mon, 2 Apr 2012 03:33:00 +0200 Subject: [MaraDNS list] MaraDNS now has funding In-Reply-To: References: Message-ID: <20120402013300.GO14287@smp.if.uj.edu.pl> On 04-01 20:17, david sevilla wrote: > HOLY cow, congratulations and keep up the good work. > > -----Original Message----- > > From: Sam Trenholme > Sent: 2 Apr 2012 00:17:15 GMT > To: MaraDNS support mailing list > Subject: [MaraDNS list] MaraDNS now has funding > > MaraDNS now has funding > I am very pleased to let the community of MaraDNS users know that I > have gotten a $1,048,576 USD grant from an anonymous donor. In light > of this, I will be able to implement some features I have been meaning > to implement in MaraDNS. > I just skiped this part, and didn't notice this ridiculus amount of money. I was thinkig more like $ 1,048.57 USD, which may be resonable. > == DNSSEC and DNSCurve == > > First of all, this funding will give me a chance to fully implement > DNSSEC and DNSCurve. Due to the amount of code that needs to be > written, I will hire Dan Kaminsky to help me implement the DNSSEC > code, as well has contracting Daniel J. Bernstein to write the > DNSCurve code. > EE? Really? Wow. > The code will be in separate modules and I hope it will be possible to > compile MaraDNS and Deadwood with both DNSSEC and DNSCurve support at > the same time; this is a logistical issue we will work out. > > == Random number generator == > > In addition to contracting Daniel J. Bernstein to write the DNSCurve > code, I will also bring in Guido Bertoni, Joan Daemen, Michael > Peeters, and Gilles Van Assche who will work with Bernstein in > implementing a high-speed cryptographic block cipher with a 1024-bit > block size on 32-bit platforms, a 2048-bit block size on 64-bit > platforms, why different ones? > a 4096-bit block size on 128-bit platforms, as well as a > 1152-bit block size on 36-bit platforms for our substantial number of > users who run MaraDNS and Deadwood on PDP-10s. > very funny. Then I checked begining. What? 1M$ ? Ah, 1st April. :) > This block cipher primitive will be used in a sponge mode of operation > as a pseudo-random number generator for Deadwood. It takes years to create safe crypto primities, and then use them (look at SHA-3, it takes few years to just review and choice already existing algorithms!), and 1M$ would not be enough to make this process any faster. > > We will also research making a hash compression primitive for 32-bit, > 36-bit, 64-bit, and 128-bit platforms which is both very fast and > cryptographically secure from collisions as long as our attacker > doesn't know the primitive's randomly generated secret number. > > == Other plans == > > I was hoping to be able to implement a 20nm 128-bit version of the > 6502 processor with memory management and protected mode, as well as a > series of op codes to make processing DNS packets faster (such as > FINDDNSLABEL). Unfortunately, my anonymous donor will not give me the > $5 billion grant needed to implement this processor until our team > successfully implements DNSSEC, DNSCurve, as well as the > large-block-size cipher, not to mention the secure hash compressor. > > Actually implementing such things should cost way below 1M$. You can prototype such things on FPGA, and actually create ASIC relativly cheaply, especially when cooperating with some univeristy. Of course if you want, because I dubt it will bring any significant speedup. > This should all be done within a year, and I will then be able to get > a larger grant. I will let people know what that grant will let us do > a year from today, on Monday, April 1, 2013. -- Witold Baryluk JID: witold.baryluk // jabster.pl From jefsey at jefsey.com Sun Apr 1 21:49:38 2012 From: jefsey at jefsey.com (JFC Morfin) Date: Mon, 02 Apr 2012 03:49:38 +0200 Subject: [MaraDNS list] MaraDNS now has funding In-Reply-To: <20120402013300.GO14287@smp.if.uj.edu.pl> References: <20120402013300.GO14287@smp.if.uj.edu.pl> Message-ID: At 03:33 02/04/2012, Witold Baryluk wrote: >Then I checked begining. What? 1M$ ? Ah, 1st April. :) Witold, In Europe we havde had our April 1st mails all the day long already. It was so nice to make as if we believed this Californian one which was so great. Who knows, may be some time, the joke could become true. Best jfc From baryluk at smp.if.uj.edu.pl Sun Apr 1 23:14:13 2012 From: baryluk at smp.if.uj.edu.pl (Witold Baryluk) Date: Mon, 2 Apr 2012 05:14:13 +0200 Subject: [MaraDNS list] MaraDNS now has funding In-Reply-To: <20120402014518.96398738653@woodlane.webconquest.com> References: <20120402013300.GO14287@smp.if.uj.edu.pl> <20120402014518.96398738653@woodlane.webconquest.com> Message-ID: <20120402031413.GP14287@smp.if.uj.edu.pl> On 04-02 03:49, JFC Morfin wrote: > At 03:33 02/04/2012, Witold Baryluk wrote: > >Then I checked begining. What? 1M$ ? Ah, 1st April. :) > > Witold, > > In Europe we havde had our April 1st mails all the day long already. > It was so nice to make as if we believed this Californian one which > was so great. > Who knows, may be some time, the joke could become true. > > Best > jfc > Ah, indeed, there is still around 20:00 in California. Sorry :) Anyway it was funny to read. Quite creative. Regards, Witek -- Witold Baryluk From test24 at mail.ru Mon Apr 2 04:06:47 2012 From: test24 at mail.ru (=?UTF-8?B?dGVzdDI0?=) Date: Mon, 02 Apr 2012 12:06:47 +0400 Subject: [MaraDNS list] =?utf-8?q?MaraDNS_now_has_funding?= In-Reply-To: References: Message-ID: May be you include fast and secure NTP, DayTime and Time protocol support as part of the MaraDNS and DeadWood. ? ? ?Reason ? may be here: 1)dns and time protocols are time critical protocols and runs on same computers. 2)I can not found (may be i am a bad searcher) realisation ?of all 3 protocols in one tool and for Windows too. Thanks/ Sun, 1 Apr 2012 20:17:07 -0400 ?? Sam Trenholme : MaraDNS now has funding I am very pleased to let the community of MaraDNS users know that I have gotten a $1,048,576 USD grant from an anonymous donor. In light of this, I will be able to implement some features I have been meaning to implement in MaraDNS. == DNSSEC and DNSCurve == First of all, this funding will give me a chance to fully implement DNSSEC and DNSCurve. Due to the amount of code that needs to be written, I will hire Dan Kaminsky to help me implement the DNSSEC code, as well has contracting Daniel J. Bernstein to write the DNSCurve code. The code will be in separate modules and I hope it will be possible to compile MaraDNS and Deadwood with both DNSSEC and DNSCurve support at the same time; this is a logistical issue we will work out. == Random number generator == In addition to contracting Daniel J. Bernstein to write the DNSCurve code, I will also bring in Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche who will work with Bernstein in implementing a high-speed cryptographic block cipher with a 1024-bit block size on 32-bit platforms, a 2048-bit block size on 64-bit platforms, a 4096-bit block size on 128-bit platforms, as well as a 1152-bit block size on 36-bit platforms for our substantial number of users who run MaraDNS and Deadwood on PDP-10s. This block cipher primitive will be used in a sponge mode of operation as a pseudo-random number generator for Deadwood. We will also research making a hash compression primitive for 32-bit, 36-bit, 64-bit, and 128-bit platforms which is both very fast and cryptographically secure from collisions as long as our attacker doesn't know the primitive's randomly generated secret number. == Other plans == I was hoping to be able to implement a 20nm 128-bit version of the 6502 processor with memory management and protected mode, as well as a series of op codes to make processing DNS packets faster (such as FINDDNSLABEL). Unfortunately, my anonymous donor will not give me the $5 billion grant needed to implement this processor until our team successfully implements DNSSEC, DNSCurve, as well as the large-block-size cipher, not to mention the secure hash compressor. This should all be done within a year, and I will then be able to get a larger grant. I will let people know what that grant will let us do a year from today, on Monday, April 1, 2013. From maradns at gmail.com Mon Apr 2 11:05:26 2012 From: maradns at gmail.com (Sam Trenholme) Date: Mon, 2 Apr 2012 11:05:26 -0400 Subject: [MaraDNS list] MaraDNS now has funding In-Reply-To: References: Message-ID: > Sun, 1 Apr 2012 20:17:07 -0400 ?? Sam Trenholme : [...] > May be you include fast and secure NTP, DayTime and Time protocol support > as part of the MaraDNS and DeadWood. ? I agree that these are important things to have, but I have to get approval from my funding source before I can start implementing it. Unfortunately, said source is very very eccentric. They only approve new requisitions on the day of April 1. Next April 1, I will let you know what other features this funding source will let us have. Actually, come to think of it, this funding source will allow new features to be added if requested by people from Spain or Latin America on December 28. [1] Personally, I hope this funding source also lets us have DHCP integration; I've heard that the source to dnsmasq is pretty messy. - Sam [1] It's fitting that Spain and Latin America use the feast day for the Massacre of the Innocents as their prank day, since the Massacre of the Innocents itself never happened; I discuss that on my blog at http://bcd2.vk.tj [2] [2] vk.tj is not a link shortening service. It's my own link shortening domain. [3] The secret to a good April Fools joke is to think "wouldn't it be great if" and then make up something plausible sounding from that. [4] In all seriousness, it would take $50,000 for me to implement DNSSEC for Deadwood using an external library for the underlying crypto primitives (probably LibTomCrypt). From matthias at towiski.de Tue Apr 17 13:26:57 2012 From: matthias at towiski.de (Matthias Bethke) Date: Tue, 17 Apr 2012 11:26:57 -0600 Subject: [MaraDNS list] Config file parser bug Message-ID: <20120417172657.GC7829@aldous.lan> Hi, just another config parser bug in 1.4.03-1.1 (as it comes with Debian Squeeze) that I ran into today: if a list is supposed to be comma separated, forgetting the comma causes the rest to be silently ignored. This was what broke my config: | ipv4_bind_addresses = "127.0.0.1 188.40.77.81, 172.16.42.129" The result was the NS only listening on localhost. Haven't looked at the source yet but maybe someone who is familiar with it already will find it easy to fix. cheers, Matthias From maradns at gmail.com Tue Apr 24 13:52:46 2012 From: maradns at gmail.com (Sam Trenholme) Date: Tue, 24 Apr 2012 13:52:46 -0400 Subject: [MaraDNS list] Deadwood update Message-ID: I have updated Deadwood today. This will be my last MaraDNS and Deadwood update until late May. EasyDNS sometimes has given out packets marked "truncated" that, in violation of RFC1035 section 4.1.1, do not mean that "[the] message was truncated due to length greater than that permitted on the transmission channel.", but mean "our UDP server is broken, try using our TCP server". This in mind, I have updated Deadwood so that if we got a truncated packet and can not extract any useful information from the packet, unless Deadwood is using DNS-over-TCP, it's better to completely ignore the reply (when EasyDNS has had this issue, only some of their DNS servers have been affected). I have added a SQA test to ensure Deadwood correctly handles this abuse of the "truncated" DNS bit. EasyDNS: Please do not violate the DNS RFCs unless there is a compelling reason to do so. Sometimes, the RFCs are wrong, such as an issue I describe at http://samiam.org/blog/20110722.html , but TC should only mean "this packet is too long to fit in a 512-bit DNS-over-UDP packet", *not* "our UDP server is broken right now". Use "server fail" or just drop the packet. In addition, Makefile.ipv6 now works again. Keep in mind that, while Deadwood has IPv6 support, Deadwood with IPv6 has not been widely tested. It can be downloaded here: http://www.maradns.org/deadwood/snap/ I plan to work on MaraDNS/Deadwood again one day in May, after the 20th, unless a critical security bug is found. - Sam From maradns at gmail.com Tue Apr 24 13:57:37 2012 From: maradns at gmail.com (Sam Trenholme) Date: Tue, 24 Apr 2012 13:57:37 -0400 Subject: [MaraDNS list] Config file parser bug In-Reply-To: <20120417172657.GC7829@aldous.lan> References: <20120417172657.GC7829@aldous.lan> Message-ID: > just another config parser bug in 1.4.03-1.1 (as it comes with Debian > Squeeze) that I ran into today: if a list is supposed to be comma > separated, forgetting the comma causes the rest to be silently ignored. > This was what broke my config: > | ipv4_bind_addresses = "127.0.0.1 188.40.77.81, 172.16.42.129" > The result was the NS only listening on localhost. > > Haven't looked at the source yet but maybe someone who is familiar with > it already will find it easy to fix. If someone comes up with a fix, please post a patch to the mailing list and CC my email address with the patch (since the list sometimes scrubs attachments). I will not update MaraDNS 1 (MaraDNS 1 is *only* updated with security updates, see http://samiam.org/blog/20120101.html ) but would update MaraDNS 2 if someone else supplies the patch and I feel it's a good patch. Matthias: This issue is not critical enough for me to fix myself, but everyone on this list has access to the source and hopefully someone will make a fix. Unless a critical security issue is found with MaraDNS, this will be my last posting to the list until late May. - Sam From wayne.kroncke at tiscali.co.uk Tue Apr 24 15:59:38 2012 From: wayne.kroncke at tiscali.co.uk (wayne at tiscali) Date: Tue, 24 Apr 2012 20:59:38 +0100 Subject: [MaraDNS list] Deadwood update In-Reply-To: References: Message-ID: <4F97062A.9090107@tiscali.co.uk> thanx sam, i'll keep my eyes peeled for the windows version best regards wayne On 24 Apr 2012 18:52, Sam Trenholme wrote: > I have updated Deadwood today. This will be my last MaraDNS and > Deadwood update until late May. > > EasyDNS sometimes has given out packets marked "truncated" that, in > violation of RFC1035 section 4.1.1, do not mean that "[the] message > was truncated due to length greater than that permitted on the > transmission channel.", but mean "our UDP server is broken, try using > our TCP server". > > This in mind, I have updated Deadwood so that if we got a truncated > packet and can not extract any useful information from the packet, > unless Deadwood is using DNS-over-TCP, it's better to completely > ignore the reply (when EasyDNS has had this issue, only some of their > DNS servers have been affected). > > I have added a SQA test to ensure Deadwood correctly handles this > abuse of the "truncated" DNS bit. > > EasyDNS: Please do not violate the DNS RFCs unless there is a > compelling reason to do so. Sometimes, the RFCs are wrong, such as an > issue I describe at http://samiam.org/blog/20110722.html , but TC > should only mean "this packet is too long to fit in a 512-bit > DNS-over-UDP packet", *not* "our UDP server is broken right now". Use > "server fail" or just drop the packet. > > In addition, Makefile.ipv6 now works again. Keep in mind that, while > Deadwood has IPv6 support, Deadwood with IPv6 has not been widely > tested. > > It can be downloaded here: > > http://www.maradns.org/deadwood/snap/ > > I plan to work on MaraDNS/Deadwood again one day in May, after the > 20th, unless a critical security bug is found. > > - Sam