Sam Trenholme's webpage
Support this website

October MaraDNS Updates


October 20 2013

I have updated MaraDNS and Deadwood this month.

==MaraDNS update==

I mentioned last month I was working on making MaraDNS more IPv6 compatible. I have finished that work. In the snap branch, if MaraDNS is compiled with IPv6 enabled, IPv6 glue records are now shown to the user. This makes it possible to, in theory, resolve DNS names using entirely IPv6 packets.

Note that Deadwood, MaraDNS’ recursor, still can not handle a glueless NS referral with only AAAA (IPv6) records. But, since most registrars have issues with IPv6 glue in their referrals, IPv4 is still needed to resolve DNS names.

This update can be downloaded here:
==Third party patch==

Last year, Tomasz Torcz provided a patch for running MaraDNS with systemd. Just a couple of weeks ago, he updated this patch. While I no longer accept third party patches, I have made a copy of his updated patch, which can be looked at here:
==Deadwood update==

In this month’s Deadwood update, I have added another question and answer to the FAQ.

It can be downloaded here:
==Forum update==

While I really can’t provide hand-holding support, I have been helping Vlodko Petrov on the MaraDNS support forum. By making this help public, Google and other spiders are indexing this information, allowing the help and answers I provide to be readily available in search engines.

==SipHash for Deadwood?==

While SipHash would make Deadwood a little more secure, this security improvement would be strictly academic. I have to balance making an academic security update against Deadwood’s code against the need to keep Deadwood small and fast.

That in mind, I have no plans to make my implementation of SipHash to Deadwood’s hash compression function at this time. However, the code has already been written should I wish to do this in the future.

If SipHash existed in 2001 when I implemented MaraDNS’ random number generator or in 2010 when I was still actively developing Deadwood and last updated its hash compression function, I probably would have had the code use a 32-bit SipHash variant.

But, with a full-time job as a software developer and a baby to take care of, I no longer am actively developing MaraDNS the way I was until 2010. There is a reason that I stopped marketing MaraDNS as being secure last year.

To post a comment about this blog entry, go to the forum (self-signed https). New accounts may post once I approve the account.