|
Claudiu COSTIN <claudiuc@kde.org> |
Jumbo Patch is a collection of 13 individual djbdns patches collected by me from various places on Internet, modified and aplied to original djbdns package. These patches raised from people need and not anyone can agree with their usefullness. This collection add new functionalities to DNS utilities and improve other features.
To patch your djbdns, first download jumbo-p13.patch.gz into some directory, for example /tmp. Please first check the MD5 sum which must be: c96a7cf19968f26ff1422cd197b1a72d:
md5sum jumbo-p13.patch.gz
Then get and unpack djbdns-1.05.tar.gz where you want, for example /tmp, and execute the following commands:
cd /tmp gtar xfz djbdns-1.05.tar.gz gunzip jumbo-p13.patch.gz cd /tmp/djbdns-1.05 patch -p1 < ../jumbo-p13.patchRead the usual DJBDNS instructions from http://cr.yp.to/djbdns/install.html or if you're in hurry just execute following commands to compile and install DJBDNS in /usr/local (you must be root to install it):
make make setup check
This is a combined patch that:
Sfqdn:ip:x:port:weight:priority:ttl:timestampStandard rules for ip, x, ttl, and timestamp apply. Port, weight, and priority all range from 0-65535. Weight and priority are optional. They default to zero if not provided. For example:
Sconsole.zoinks.example.com:1.2.3.4:rack102-con1:2001:69:7:300:
tinydns-data will use the contact address (with the first "." replaced with "@") specified via a line in the data file beginning with "D":
Ddanp.danp.netsets the address for following "." lines to danp@danp.net, while "D" tells tinydns-data to begin generating hostmaster@dom addresses again. It defines the contact address to be used for all subsequent records. An empty contact address means that tinydns-data should resume manufacturing a contact address. Note: should you happen to care about such things, note that this record creates a context that prevents you from re-ordering the data file.
This patch allows tinydns-data to allow command-line parameters as configuration files.
You can maintain multiple zones (group of DNS entries) independently (for example slave zones from
multiple hosts). Every zone file has it's own default SOA SERIAL entry, because every file has
independent mtime (modification time) entry in the file system. Using new feature is easy:
tinydns-data example.org.zone secondary/example.com.zone example.net
A little patch for dnscache to allow it to assume that all DNS clients are allowed to query (which is useful if you allow or deny access to your DNS server by some other method, like packet filtering). To activate it you must set the environment variable OKCLIENT for dnscache to something non-null:
echo > $ROOT/env/OKCLIENTwhere ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect. To disable this feature execute:
rm $ROOT/env/OKCLIENTand don't forget to restart dnscache.
This modification add support to dnscache to bind to multiple addresses. It's
very usefull when you don't want to fire up a server process for every IP you have.
To use this feature you must enter multiple IP's in a single line,
without spaces, and separated by "/" (slash) character. For example:
echo "127.0.0.1/192.168.0.10" > $ROOT/env/IPwhere ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect.
This patch enable dnscache to dump the current cache, or to load a previously dumped cache at startup. There are three new environment variables: DUMPCACHE, which is the name of the file into which the cache will be dumped; DUMPCACHETMP, which is the name of a temporary file, and SLURPCACHE, which is the name of a cache dump which will be read at startup. Don't forget that dnscache runs chrooted and under a special UID.
The modifications to dnscache-conf make it prepare for you a directory $ROOT/dump with the correct permissions, and set environment variables DUMPCACHE=dump/dumpcache, DUMPCACHETMP=dump/dumpcache.tmp and SLURPCACHE=dump/slurpcache in the env directory.
Upon startup, if the variable SLURPCACHE is not present, or if it is present but doesn't point to an existing file, dnscache starts with a blank cache (as it used to). If the file SLURPCACHE exists but can't be read, dnscache aborts. If the file contains at some point incorrect data, the rest of the data is ignored and not entered into the initial cache. Any data whose TTL has expired is not retained either (note that the TTL stored in the cache dump is an expiration date, not a TTL in seconds). You could for instance have a symbolic link from slurpcache to dumpcache so that the previously dumped cache is loaded at startup. If the file pointed by SLURPCACHE exists, a line like:
@400000003aae843722f41114 slurp 844will be written to the log at startup, to show the number of cache entries that were slurped. 0 means that no file with the given name was found.
To dump the cache, send a SIGALRM to dnscache, for instance by running:
svc -a /service/dnscacheA line like:
@400000003aae844537504934 dump err 0will be written to the log. 0 means that all is OK (the dump has been done), 9999 means that the variable DUMPCACHE or DUMPCACHETMP has not been set, any other number is the errno() that occured during the dump. Usually you'll get ENOENT or EACCES if you have forgotten that dnscache is chrooted.
This patch adds an option to the dnsfilter program: -r. It's use makes dnsfilter simply replace the IP address by the host name if possible. If the IP address cannot be determined for whatever reason then it will be left alone.
A patch to allow tinydns to bind to multiple IP addresses. This doesn't affect dnscache. Now tinydns read multiple IP addresses from the IP environment variable. Addresses have to be separated with a / (slash). This way you should add more services to be supervised. Here is an example:
192.168.0.1/172.16.1.1/193.231.126.196tinydns will bind to all above addresses without spawning another processes.
dnscache will now re-read configuration files when it receive a SIGHUP signal. This
is very usefull when you run dnscache with local DNS servers and want to have full
access to external DNS when you connect to Inernet by dialup or else method. What is interesting
here is that it doesn't loose the cached RR's. Example:
svc -h /service/dnscacheMost important, for dialup users this feature allow you to switch root DNS servers such that when you're not online and a DNS request is made, then imediately host not found will be returned. The usual Netscape hungs will go away.
When applied, if the NXDSPECIAL environment variable is set, when dnscache encounters an A (or ANY) query that results in NXDOMAIN, instead of giving the NXDOMAIN reply to the client, it will generate an A record pointing the nonexistent host to the IP in NXDSPECIAL. The TTL of the generated A record is the SOA TTL (or what's left of it if the NXDOMAIN has been cached) of the nonexistent host's domain. Example:
echo 1.2.3.4 > $ROOT/env/NXDSPECIALwhere ROOT environment variable contain directory name where dnscache run chrooted (usually is /etc/dnscache). You must restart dnscache in order to this change take effect. To disable this feature execute:
rm $ROOT/env/NXDSPECIALand don't forget to restart dnscache.
When applied, server.c applications (tinydns, rbldns, etc.) will log an X line (where the X replaces + for example) when they return NXDOMAIN. This is especially useful with tinydns since it gives a fine grain indication of what tinydns really knows about. Dan Peterson first came up with this patch when he was performing a big BIND changeover (to make sure that hand-converted data file didn't have errors).
The patch modify tinydns such that it write N in log line when a NOTIFY request is received. You could tail over the log and put a script to parse it and request updated DNS info from master servers for slave zones.
dnscache is modified to serve multiple A-records in non-iterative round-robin fashion. It would be usefull when you need to make a simple load balancing, at client. To enable this feature execute:
echo > $ROOT/env/ROUNDROBINand don't forget to restart dnscache.
Please note that: