[MaraDNS] Deadwood minor security update

Sam Trenholme maradns at gmail.com
Wed Aug 15 12:14:36 PDT 2018


I have made a minor security fix to Deadwood:

There was a theoretical issue with the cryptographic code in Deadwood,
where a standards-compliant compiler might not generate correct secure
random numbers (used for the query ID and query source port).  I can
not find a compiler which actually generates insecure code (I tested
against gcc 4.8.5, gcc 7.3.0, clang 3.4.2, and clang 5.0.1), but in
the interest of caution, I am making a security update, and have added
tests to make sure this bug does not manifest itself when run against
multiple compilers and compile flags (it's only an issue with -O2 and
-O3 in clang using a different implementation of RadioGatun[32]).

The updated Deadwood can be downloaded here:
https://maradns.samiam.org/deadwood/stable/

You may observe that the URL is in httpS form; I have updated my
websites to use https encryption, so please use
https://maradns.samiam.org to browse and download MaraDNS code.

I should also point out there are some other excellent DNS servers out
there; KnotDNS looks really good, and is available at
https://www.knot-dns.cz/

- Sam


More information about the List mailing list