[MaraDNS list] Deadwood update
Sam Trenholme
maradns at gmail.com
Sat Jun 23 14:52:01 EDT 2012
Earlier this month, Deadwood was unable to resolve
es-us.noticias.yahoo.com (Deadwood's recursion problems always seem to
be caused by either Yahoo or EasyDNS).
Yahoo has since fixed things on their end. Since I recorded the DNS
packets when Deadwood had the issue, I was able to make a SQA test to
reproduce it.
Once I did that, it took me over an hour to find the problem and make
a one-line patch to fix it.
It can be downloaded here:
http://www.maradns.org/deadwood/snap/
I plan to work on MaraDNS/Deadwood again one day next month, after the
20th, unless a critical security bug is found.
Rich: Really quickly, I do agree that it would have been nice for
MaraDNS to handle malloc() failures more gracefully. If you had
brought up the issue in 2006 or 2007, I probably would even had done
something about it. You pointed out that you had an expectation that
a "security aware" program would handle malloc() failures without
bombing out.
In 2001, having a secure DNS server meant running a DNS server did not
expose you to remote root exploits, and this was the climate in which
I marketed MaraDNS as being "security aware". Things have changed
since then. Indeed, I no longer market MaraDNS as being security
aware:
http://samiam.org/blog/20120326.html
Everyone: This will be my last MaraDNS update or posting to the
mailing list until one day in July, after the 20th, unless a critical
security issue with a CVE number pops up.
- Sam
More information about the list
mailing list