From maradns at gmail.com Thu May 23 16:39:22 2013 From: maradns at gmail.com (Sam Trenholme) Date: Thu, 23 May 2013 13:39:22 -0700 Subject: [MaraDNS list] MaraDNS/Deadwood update Message-ID: I have updated both MaraDNS and Deadwood. Mainly Deadwood. ==SQA tests== As I mentioned in a previous blog entry, I will, once every few months do nothing more than make sure all of the tests run fine. That is what I did this month; both MaraDNS and Deadwood pass all tests. ==A new Deadwood release== I have been silently updating the version of Deadwood available at http://maradns.org/deadwood as well as the version bundled with MaraDNS. Deadwood 3.2.03a is simply Deadwood 3.2.03 with a one-line bugfix patch which I have been testing for the last three months; no problems have arisen so I am declaring this patch stable. Currently the numbering is a little strange: * MaraDNS 2.0.07a is MaraDNS 2.0.06 with the one-line Deadwood patch applied. * MaraDNS 2.0.07b is MaraDNS 2.0.06 with the one-line Deadwood patch, as well as having the Windows Deadwood binary stripped (to keep it under 65,536 bytes--64k--in size) * Deadwood 3.2.03a is Deadwood 3.2.03 with the one-line patch * MaraDNS-20130523 is the latest release: It?s MaraDNS 2.0.06 with the one-line patch in Deadwood, as well as a copy of the actual patch in deadwood-3.2.03a/update. This is the version which passed all SQA tests this morning. If nothing else, in early 2014 I will release MaraDNS 2.0.07 and Deadwood 3.2.04 with this patch. MaraDNS-20130523 can be downloaded here: http://www.maradns.org/download/2.0/snap/ Deadwood 3.2.03a is here: http://maradns.org/deadwood/stable/ I plan to work on MaraDNS/Deadwood again one day in a couple of months unless a critical security bug with a CVE number is found. From Bradley at NorthTech.US Thu May 23 20:37:24 2013 From: Bradley at NorthTech.US (Bradley D. Thornton) Date: Thu, 23 May 2013 17:37:24 -0700 Subject: [MaraDNS list] MaraDNS/Deadwood update In-Reply-To: References: Message-ID: <519EB644.9000109@NorthTech.US> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 On 05/23/2013 01:39 PM, Sam Trenholme wrote: > I have updated both MaraDNS and Deadwood. Mainly Deadwood. > > ==SQA tests== > > As I mentioned in a previous blog entry, I will, once every few months > do nothing more than make sure all of the tests run fine. That is what > I did this month; both MaraDNS and Deadwood pass all tests. Hey Sam, I have a question for you. I dont know why I haven't asked before. You often mention that you support, or perhaps that MaraDNS is supported on, or designed for, Scientific Linux, or certified for use on Scientific Linux or CentOs/Redat... something like that. I don't really understand that. I mean, I can understand you saying, MaraDNS' requirements are as follows: this lib >= version x.x.x; that lib, any version; Linux kernel x.x.x w/blah compiled in or support for blah module, But basically, MaraDNS runs on any modern Linux distro - compile, install, run. It has nothing really to do with any particular distro. I run MaraDNS and Deadwood on debian, CentOS, Slackware, Gentoo, Sorcerer, and a couple of others. No problem. So why the impression that it doesn't run on Linux, unless one is using only certain distributions - you don't even list the versions of those Distros for the Linux OS, and I kinda doubt it would run on Redhat 4.2 or Redhat 5.1 - versions that existed long before there was even a Fedora distro. Can you shed some light on the reasons for explaining supported platforms that way? > unless a critical security bug with a CVE number is found. Nice of you to say that, but really, how often does that happen lol. It's not like we're talking about BIND ;) Kindest regards, - -- Bradley D. Thornton Manager Network Services NorthTech Computer TEL: +1.310.388.9469 (US) TEL: +44.203.318.2755 (UK) TEL: +41.43.508.05.10 (CH) http://NorthTech.US -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Find this cert at x-hkp://pool.sks-keyservers.net iQEcBAEBAwAGBQJRnrZEAAoJEE1wgkIhr9j3gLsIAJn7WMX6cV8t7fisp4A9ajYL JlxTKtGPLjIB5AG2T0A4Fpkoo8DV/dID1PPWiq1ku8lD961kA1ZkUzDOP7pQbmdm VMEARxQSIQRYhMVTLirLKAhW75igKXCKyrorSnQfELU0hRd9l1LNIAaCJiiwbt8z gaiPOIGjnT2nog2VO+AJ+xuwWzauSCLhGrw+hTJv6o6OZEF96MB5IlxxTGU0iot3 Zm8vhq5cODJIWl9S4ShSjAwHJmJMxRcurxQXtZwJTLtyH3criZu89HX65lv8obTs aclRqImyWQ078PKCbBWuDdM6pBTfbVFGTfVWUzyEipTCYG/zJiHf4Fsyi1pQ7sw= =G2ws -----END PGP SIGNATURE----- From maradns at gmail.com Thu May 23 22:37:40 2013 From: maradns at gmail.com (Sam Trenholme) Date: Thu, 23 May 2013 19:37:40 -0700 Subject: [MaraDNS list] MaraDNS/Deadwood update In-Reply-To: <519EB644.9000109@NorthTech.US> References: <519EB644.9000109@NorthTech.US> Message-ID: > Can you shed some light on the reasons for explaining supported > platforms that way? The supported OSes for MaraDNS are now any RHEL6 clone and Windows 7. "Supported" is a question of responsibility. I can answer questions asked by people using those other versions of Linux or whatever; MaraDNS hasn?t been tested by me on anything besides Windows 7/CentOS 6 and I can?t help with issues on those platforms. It?s akin to "removing this seal voids the warranty". Sure, things will probably work after removing the seal--but they might not, and I can't help after one has decided to use PC Linux or whatever. Just because MaraDNS/Deadwood is only fully supported in Scientific Linux 6 and Windows 7 doesn't mean Deadwood doesn't run on other platforms. It just means that, if you wish to run Deadwood on another platform, it's up to you to make the port. I have made the code portable; there should not be any endian issues (this has not been tested since I don't have access to a big-endian computer) nor non-standard libraries needed to compile this; I ensure Deadwood compiles with no warnings when compiled with -Wall in GCC 3, GCC 4.3, and GCC 4.4. Note that Deadwood uses stdint.h, which some non-standards-compilant proprietary compilers (Microsoft, *cough* *cough*) may not have. If you wish to compile Deadwood with one of these compilers, please find a version of stdint.h for your compiler; I know there is a pstdint.h out there that works with most Microsoft and Borland compilers. Note also that some UNIX systems, such as Mac OS X, do not have the POSIX-compliant clock_gettime() call, which is used so Deadwood can retry more quickly when a DNS server upstream does not reply to our query. To compile Deadwood on a UNIX system without clock_gettime(), use the "Makefile.fallback" file. From the src/ directory: make -f Makefile.fallback The Scientific Linux 6 Makefile should work on other Linux variants, as well as other *NIX clones, but no guarantees. For example, there is a Cygwin Makefile included in the "src/" directory; while I haven't tested this in a while, I once verified that Deadwood 2.4 compiles in Cygwin without problem. This may even make it possible to have a version of Deadwood in Windows with IPv6 support; I believe Cygwin 1.7 and later have IPv6 and it might be possible to compile in IPv6 this way. Again, if this is something you're interested in, feel free to send patches to the MaraDNS mailing list. From maradns at gmail.com Thu May 23 22:44:34 2013 From: maradns at gmail.com (Sam Trenholme) Date: Thu, 23 May 2013 19:44:34 -0700 Subject: [MaraDNS list] MaraDNS/Deadwood update In-Reply-To: <519EB644.9000109@NorthTech.US> References: <519EB644.9000109@NorthTech.US> Message-ID: >> unless a critical security bug with a CVE number is found. > > Nice of you to say that, but really, how often does that happen lol. > It's not like we're talking about BIND ;) MaraDNS has had, in its 11 years of existence, 11 CVE security reports. 4 of those are ones I found myself (2002-2097, 2011-5055, 2011-5056, and 2012-0024) and the other seven by third parties (albeit two: 2008-0061 and 2010-2444, as simple non-security bugs). So, yeah, another one may pop up. Of the 11 bugs, only two (2010-2444 and 2012-1570) come from post-1.0 code. MaraDNS 1.0 was a somewhat sloppy rush job. - Sam