[MaraDNS list] September 2012 MaraDNS update

Sam Trenholme maradns at gmail.com
Sat Sep 22 13:16:55 EDT 2012

This information is also available here:


==Deadwood update==

I have gotten an unconfirmed report of Deadwood no longer running
after a couple of days from a friend. While I am unable to recreate
this bug, I take reports like this very seriously. That in mind, I
have created a special debug version of Deadwood which logs all
packets Deadwood receives.

To use this debug version of Deadwood, enable the "SHOWPACKET"
compile-time tag (such as with export FLAGS='-Os -DSHOWPACKET' before
compiling Deadwood).

For Windows users, I have made a debug build of Deadwood with this
flag set. It has the name "Deadwood-showpacket-20120922.exe"; use this
binary to replace "Deadwood.exe" in Deadwood-3-2-02-win32.zip.

If this bug does not pop up again, I plan on releasing Deadwood 3.2.03
next month.

In addition, I have updated the documentation to reflect the fact that
Windows 7 and any RHEL6 clone are now the supported OSes for Deadwood,
added a note on Deadwood's use of malloc() (may not work with some
embedded systems), as well as having Deadwood give out a more useful
error message if chdir() fails (it now lets the user know which
directory it tried to go to).

Downloads are here:


==MaraDNS update==

In today's MaraDNS update, I have updated MaraDNS to use a new GPG key
(see below), use xz instead of bz2 compression for the snapshots, and
have changed the ej2txt tool to use lynx instead of links (since
CentOS 6 does not have a package for elinks). Note that Deadwood still
uses bzip2 compression because the old version of msys I recommend
people use doesn't have an xz binary, and won't compile xz.

It can be downloaded here:


==MaraDNS GPG sig update==

I have created a new MaraDNS signing key which is signed with the old
MaraDNS signing key. Barring a compromise of MaraDNS' private key,
this will be the last MaraDNS GPG key I will generate until 2017,
around the same time I update the OS MaraDNS is supported on.

It can be downloaded here:


==Knot DNS==

I just found out about a nice authoritative-only server called "Knot
DNS". Unlike MaraDNS, it has DNSSEC and full zone transfer support.
More information:


==See you next month==

I plan to work on MaraDNS/Deadwood again one day next month, after the
20th, unless a critical security bug with a CVE number is found.  This
will be my last email sent to the mailing list until then (Again,
barring a new CVE report for MaraDNS).

- Sam

More information about the list mailing list