Skip to content

Entries tagged "dns".

Iodine - TCP over DNS - How have I not heard about this before?
This is brilliant!

PS: Good luck with it, David! :)


Yet another DnsCurve implementation:
We are happy to announce the first forwarding DNSCurve solution: CurveDNS.

With CurveDNS you are able to transform any authoritative name server in
a DNSCurve capable one. This is done by acting as a kind of proxy, i.e.
listening to DNS or DNSCurve queries and forwarding the non-protected
variants towards the real (existing) name server. The responses are then
send back to the client either protected (if the query was in DNSCurve)
or not.

In short, CurveDNS supports:
* Forwarding of regular (non-protected) DNS packets;
* Unboxing of DNSCurve queries and forwarding the regular DNS packets
* Boxing of regular DNS responses to DNSCurve responses;
* Both DNSCurve's streamlined- and TXT-format;
* Caching of shared secrets;
* Both UDP and TCP;
* Both IPv4 and IPv6.

This entire project is based on a master thesis named 'Shaping DNS
Security with Curves — A Comparative Security Analysis of DNSSEC and
DNSCurve', you can find this thesis at the CurveDNS website too.

Interested? More information, documentation, et cetera can be found at
the CurveDNS website:

This is fuckin big: Sunde working on an alternative to ICANN

This has definitely made my day, no - my week, actually this makes the whole year look better:
A small tweet turned into a lot of interest.

We haven’t organized yet, but trying to. The background for this project is that we want the internet to be uncensored! Having a centralised system thatcontrols our information flow is not acceptable.

By using existing technology for de-centralisation together with already having a crew with skilled programmers, communicators and network specialists, an alternative system is not far away. We’re not going to re-invent the wheel, we’re going to build on existing technology as much as possible.

There will be a press release shortly with more details.

If you’re interested in talking to us, we’re at the IRC channel #dns-p2p on EfNet.
Good luck, Sunde!

PowerAdmin 2.1.5 RC1 released

Erm, will have to make some time for upgrading my PowerAdmin installation:
A new version of Poweradmin has been released: 2.1.5 RC1. This is mainly a bug fix / minor enhancement release.

#340    html and css fixes
#343    language detection fixes in installer
#345    remove unreachable returns
#347    poweradmin-*-db-structure.sql are missing the new tables
#349    Connection fails with PostgreSQL
#354    problem with zone search
#355    MySQL port
#357    Remove usage of REQUEST_URI in confirm urls
#358    Fix sql error with pgsq
#363    add UTF8 encoding for installer
#366    Add master zone doesn't have "add zone" button
#368    fix installer translation
#376    Wrong notification in user creation
#383    Error when reloading page on record delete
#389    serial number increments after error
#395    Undefined variable: meta_edit

Enhancements/new features:
#386    get_zones() speed enhancement
#70     Only Ueberusers are now allowed to delete their own account.
#72     Installer now checks for requirements
#86 + #334      Add new db_type: mysqli
#296    Ability to set the string "PowerAdmin" used for page title/header in the config file
#327    German translation
#330    Improved usability for deleting records
#342    Check if _POST array has required value .
#348    Gracefull fail when zone_templ_records && zone_templ are missing
#356    Smarter sorting for reverse zones
#364    Direct link to install directory
#365    default language for installation should be English
#367    add favicon
#369    add checks for required php extensions
#371    Ability to edit template  name/description
#373    List all domains         link
#377    Cosmetic improvement: Order of fields differ
#379    Redo information saved in session files.
#390    Before checking if TLD is valid, convert to lowercase
#394    Make 'active' letters in the zone list stand out more.
#361    PHP 5.3 compatibility
#382    Cascading updates for all zones belonging to a certain template.

Please read the 2.1.5 RC1 release notes when you are about to install or upgrade to Poweradmin 2.1.5 RC1

You can download Poweradmin 2.1.5 RC1 from the download page.

If you have comments or suggestions, please send them to the mailinglist! Any help is appreciated.

PowerAdmin 2.1.5 Released

And the final release of 2.1.5 is here:
Poweradmin 2.1.5

A new version of Poweradmin has been released: 2.1.5. This is mainly a bug fix / minor enhancement release.

Various bugs found in RC1.
Enhancements/new features:

    * #34 added ability to delete multiple zones at once
    * #399 installer now creates correct table types (InnoDB or MyISAM)
    * #359 implemented bulk registration of zones 

Please read the 2.1.5 release notes when you are about to install or upgrade to Poweradmin 2.1.5

You can download Poweradmin 2.1.5 from the download page.

If you have comments or suggestions, please send them to the mailinglist! Any help is appreciated.

Speed up your Centos box by using the pdnsd caching name server

Update: these exact same instructions work on EL6, too (tested it on my ScientificLinux 6 workstation).

Today I was looking into installing a dns caching server on my Centos box so it wastes less time looking up hostnames. I wanted something as light on resources as possible (my dom0 server has only 512MB RAM).
First I thought of dnsmasq, but then I reconsidered as I didn't want something that can also do DHCP, and anyway, AFAIK dnsmasq doesn't use the dns root servers, but your upstream ISP name servers.
My second thought was dnscache (from the djbdns suite), but I really didn't feel like compiling all that stuff (daemontools, ucspi etc). And anyway.. dnscache is _old_.
After all that fuss I remembered reading about pdnsd somewhere so I checked it out: exactly what I needed!

Why do I like it?
- It's small
- It's fast
- It's secure (goes around dns cache poisoning)
- Does persistent caching (good for not permanent connections, also for machines rebooting often)
- Knows IPv6
- Installation is very easy

Installing it on Centos 5 was a no brainer. The RPM package is not in any 3rd party repos that I use (mostly EPEL nowadays - and of course my own :> ). Luckily the developer also mantains RPMs for Centos x86_32 and x86_64:
rpm -ivh
(It's a good idea to check the homepage as newer versions might be available)

The configuration is equally easy (a sample config file comes with the rpm package). Here's mine, should work on most servers:
// Sample pdnsd configuration file. Must be customized to obtain a working pdnsd setup!
// Read the pdnsd.conf(5) manpage for an explanation of the options.
// Add or remove '#' in front of options you want to disable or enable, respectively.
// Remove '/*' and '*/' to enable complete sections.

global {
#	pid_file = /var/run/;
	server_ip =;  # Use eth0 here if you want to allow other
				# machines on your network to query pdnsd.
	status_ctl = on;
#	paranoid=on;       # This option reduces the chance of cache poisoning
	                   # but may make pdnsd less efficient, unfortunately.
	min_ttl=15m;       # Retain cached entries at least 15 minutes.
	max_ttl=1w;        # One week.
	timeout=10;        # Global timeout option (10 seconds).

# The following section is most appropriate if you have a fixed connection to
# the Internet and an ISP which provides good DNS servers.
server {
	label = "root-servers";
	root_server = discover; # Query the name servers listed below
				# to obtain a full list of root servers.
	randomize_servers = on; # Give every root server an equal chance
	                        # of being queried.
	ip =,     # This list will be expanded to the full; # list on start up.
	timeout = 5;
	uptest = query;         # Test availability using empty DNS queries.
	interval = 30m;         # Test every half hour.
	ping_timeout = 300;     # Test should time out after 30 seconds.
	purge_cache = off;
	exclude = .localdomain;
	policy = included;
	preset = off;

source {
#	serve_aliases=on;

include {file="/etc/pdnsd.include";}	# Read additional definitions from /etc/pdnsd.include.

rr {
neg {;
	types=domain;   # This will also block, etc.

neg {;   # Badly behaved server you don't want to connect to.

Just save the above as /etc/pdnsd.conf and start the daemon:
service pdnsd start

Have it started upon boot:
chkconfig pdnsd on

And update your resolv.conf file:
echo nameserver > /etc/resolv.conf


Disable DNS caching in Firefox

Many times I have noticed Firefox spends quite a while "looking up" stuff when on the same system other programs are a lot faster to resolve.
Now I think I have found the culprit, actually Manu has found it:
Firefox seems to mantain its own DNS cache which apparently, contrary to its purpose, can slow things down if your ISP provides fast resolving server or if you run your own locally.
Anyway, this is the case for me so I followed Manu's advice and disabled DNS caching in Firefox and as a result average browsing experience does seem faster. How about that ...


Yesterday I needed to migrate a very old dns server running djbdns/tinydns on Centos 5 to a Centos 6 machine.
My 2 options were to convert the tinydns zones in BIND format and use this which comes by default in EL6 or install djbdns on the machine.
I really was not looking forward to "make, make install" sessions, but also converting the djbdns data was not very appealing - luckily though there's a fork of djbdns in Fedora nowadays called "ndjbdns" (new djbdns) which is fully compatible with the original implementation! All I had to do was to install it move the "data" and "Makefile" files over in /etc/ndjbdns/ and run "make".

The Fedora SRPM is quite RHEL/EL friendly so building it for Centos 6 was a breeze! You can find the RPMS in my nux-misc repo. Enjoy!

No whois server is known for this kind of object

I make extensive use of whois in my work and since they introduced all these fancy TLDs in recent years I've noticed the standard linux whois client is failing for many of them.
Ever tried to whois e.g. and got this instead?
No whois server is known for this kind of object

Well, apparently it's as simple as adding the new servers to the whois client config file. Here's how my /etc/whois.conf looks like.
Feel free to copy/paste.

Credits go to