New-DJBDNS 1.06

Hello..!!!

I’m extremely happy to announce, the release 1.06 of the New-DJBDNS is now available for general usage. New updates are pushed to Fedora repositories and shall soon be available via stable channels. It’s a landmark 10’th release of the project. 🙂

        See -> http://pjp.dgplug.org/ndjbdns/

A major highlight of this release is the couple of security fixes for potential Denial of Service (DoS) flaws. One happens by a subtle hash collision attack, while the other is a result of excessive read(2) calls. It is highly recommended to upgrade your set-up to use 1.06 release. Nevertheless, CVE requests for these vulnerabilities were rejected on non-technical grounds.
See:
        -> http://www.openwall.com/lists/oss-security/2014/02/10/4
        -> http://www.openwall.com/lists/oss-security/2014/02/17/3

Apart from these issues, 1.06 release fixes an important time zone bug(discussed -> here) to account for the Daylight Savings Time(DST) and introduces new command line options to read from non-default configuration file. This will help to run multiple instances of servers with different configuration parameters. Thanks to Francisco M Biete for writing a patch to introduce new options and to Don Ky for reporting the time zone issue.

Another major highlight of this release is an excellent documentation contributed by Satya K. It was the last pending packaging goal set in the early days, now met! 🙂

        See -> http://pjp.dgplug.org/ndjbdns/document.html

If you find a bug or spot anything amiss, please let me know, I’ll fix it. With last of the initial goals met, this release truly marks an important milestone in the evolution of the New-DJBDNS. Many people have contributed, in various ways, to this progress & the growth of New-DJBDNS. I sincerely thank them all for the constant support and encouragement they have offered me. It’s bliss!

Now, it’s time to set new achievable goals. It’s time to define the new possibilities. One of the long-standing inherent drawback of the New-DJDBNS is its inability to communicate over IPv6. In the second spell of its development, I plan to rid New-DJBDNS of this very inability. Apart from this super goal, if you have suggestions, feature requests or patches that you’d like to see merged in New-DJBDNS, I’m all ears, please feel free to write to me.

Thank you! 🙂

Advertisements

ndjbdns-1.05.5

Hi, happy new year! 🙂

I’m happy to announce the latest release of New DJBDNS version 1.05.5. This release is special. It includes two very important security patches reported here -> BZ#838965. These patches protect dnscache resolver from cache poisoning attacks. Please do # yum update to this latest release asap.

Second, I’m pleased to introduce my new co-maintainer – Mr Simone Caronni aka Slaanesh. Slaanesh is an avid Fedora user and an expert developer. He recently submitted useful patches for NDJBDNS and offered to co-maintain the package. It’s encouraging to receive patches and comments from your users. Slaanesh’s offer to co-maintain the package was overwhelming. When I look back, I think it’s a significant progress from a point when nobody wanted to review NDJBDNS for years, to having a co-maintainer for the package. Please join me in welcoming Simone(Slaanesh) aboard the NDJBDNS wagon:

    Welcome aboard Simone! Thanks so much for being the super NDJBDNS user. 🙂

I have already pushed the latest NDJBDNS package to the Fedora stable repositories, soon you should be able to do

    # yum install ndjbdns
    # yum update ndjbdns

Another good news is, NDJBDNS is now available as EPEL 5/6 package(courtesy Simone:). Now you can use NDJBDNS on the Enterprise Linux Platforms of your choice.

Lastly, I want to thank Mark Johnson for reporting the bugs and helping me with code reviews and useful updated information. I also wish to thank all NDJBDNS users for the constant encouragement via comments and patches.

Thanks so much and happy new year! 🙂

Of patches, review request and a Jasmine plant.

Hi,

Past week was intriguing. Last week-end I spent time digging into the source of LibNSS to find memory leaks that were report by Valgrind(1) with the caching server of feedmug.com. Valgrind(1) produces the call stack and shows precisely where the memory was allocated, finding where it was leaked is yet another exercise. It took some time and jumping from one function to another to find the exact point where it was leaked. It’s very easy to lose track while manully unfolding the call stack like this.

===
mozilla/security/nss/lib/nss/nssinit.c:687
mozilla/security/nss/lib/nss/nssinit.c:719
mozilla/security/nss/lib/base/error.c:281
mozilla/security/nss/lib/ckfw/instance.c:245
mozilla/security/nss/lib/ckfw/wrap.c:205
===

Just when I submitted this patch to LibNSS, I received another one from Jose(jmalv04) offering the systemd(1) unit file for the dnscache(1) server of New djbdns. It was one pending task Rahul had asked for. It’s really nice to receive these patches for New djbdns. Every now and again I keep getting mails from people asking for configuration help or saying that they use this package everyday and find it really helpful. 🙂

I’ve added the new systemd(1) unit files for dnscache(1) as well as tinydns(1) server and have also updated the long standing review request

at -> https://bugzilla.redhat.com/show_bug.cgi?id=480724.

This review request has almost become a case study by itself. I filed it more than two years ago, they had intense arguments over it, some liked the effort while others criticised a little. It is ironic how users want to use this package, they like it, even defend it at times. Yet nobody wants to approve it just becasue it was originally conceived and written by a notorious professor. Who then left it and moved on. 😦

You can access the new updated source and F16 RPMs from

-> http://pjp.dgplug.org/djbdns/ndjbdns-1.05.4.tar.gz
-> http://pjp.dgplug.org/djbdns/ndjbdns-1.05.4-4.fc16.src.rpm
-> http://pjp.dgplug.org/djbdns/ndjbdns-1.05.4-4.fc16.x86_64.rpm

For the concluding note – After long time today, I went to the nursery. It looked strangely deserted of plants. I guess they are doing some restructring there. I went to get a Chilli plant but couldn’t find one. The lady there said why not take Jasmine plant sir? I smiled to myself. The thing with Jsamine is I LOVE it and I’ve had many of them so far, they just don’t stay for long. I guess they need some direct sun light which is never available in my balcony through-out the year. But it’s Jsamine, why not try once more?! 🙂

Radio plays excellent music Sunday nights, No RJs. 🙂