DNS Server Software

Starting off this section is some information, and/or references to, some of the most common DNS Server Software.

[#bind]: Internet Systems Consortium (“ISC”)'s Berkeley Internet Name Daemon (“BIND”)

Many technicians do not pronounce the name of this executable like the word “named” (the past tense of the verb “name”, but rather as “name dee”. This is done to intentionally reflect that the executable provides the “name” lookup service, and that the executable is a “daemon”/server.

There's a fair amount of information about configuring this software. See: BIND

[#djbdns]: Daniel Julius Bernstein's djbdns

e.g. tinyDNS

Slashdot commentary was written by a user who found DJB's “you-must-be-a-moron-so-I-will-explain-everything-in-very-simple-terms documentation very informative, clear, and helpful.”

[#msdnssvr]: [#msdnssrv]: Microsoft's DNS server

Basic setup guide/info

This is on the Microsoft DNS Server installable Role page.

[#msdnseph]: Specifying which ephemeral ports are used

(This information appears to be system-wide. If this is true, and the DNS server is using system-wide settings, this unsurprisingly means that any such changes may affect more than just DNS.) (If true, this information may be moved to a more generalized location, not quite so specific about DNS. In such a case, this location will likely point to the new location.)

Microsoft KB 956188: issues (especially with UDP) related to DNS Server service security update 953230 (MS08-037) shows that (in Windows Server 2008) the current use of ports may be viewed with:

netsh int ipv6 show dynamic port TCP
netsh int ipv6 show dynamic port UDP
netsh int ipv4 show dynamic port TCP
netsh int ipv4 show dynamic port UDP

Another way, especially if using an older version of Windows that doesn't support those Netsh commands, may be to adjust the registry. TechNet: Win2K Registry Reference: MaxUserPort mentions that in HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters a REG_DWORD may be added to adjust the high port from 5000 to 65534.

[#msdnskpl]: Socket Pool/Size

There may not be much need for this. TechNet: Configuring the (DNS) socket pool says, “The default size of the socket pool is 2500. When you configure the socket pool, you can choose a size value from 0 to 10000. The larger the value, the greater protection you will have against DNS spoofing attacks. If you configure a socket pool size of zero, the DNS server will use a single socket for remote DNS queries.” However, the protection seems like it is likely minimal. Having higher values affects the amount of Non-Paged Pool kernel memory being used by Microsoft's DNS server.

This is controlled by registry configuration. The current values may be seen by using command line programs: TechNet: Configuring the (DNS) socket pool mentions one may use Dnscmd /Info /SocketPoolSize and (in Server 2008 R2 and not Server 2008?) Dnscmd /Info /SocketPoolExcludedPortRanges to determine the current configuration.

This behavior may be adjusted using a 32-bit DWORD value called SocketPoolSize in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters registry key. In addition to changing that registry key using standard methods, TechNet: Configuring the (DNS) socket pool shows this may be configured using:

dnscmd /Config /SocketPoolSize NewValue

TechNet: Configuring the (DNS) socket pool says, “If the DNS server is running Windows Server® 2008 R2, you can also configure a socket pool exclusion list.” If one wishes to remove any exclusions, that may be done with:

dnscmd /Config /SocketPoolExcludedPortRanges

In a supporting operating system (including Windows Server 2008 R2), if one wishes to set some new values, one may use:

dnscmd /Config /SocketPoolExcludedPortRanges NewLowPortNum-NewHighPortNum

It does appear (without having checked into this very heavily) that ephemeral port allocation by Microsoft's DNS server may also be related to this.

Free Multi-Protocol options
A server for DHCP, DNS, TFTP, and Syslog; and also a TFTP client.
Dual DHCP DNS Server
GPLv2. The SourceForge project page identifies this as having many features, including being for Windows and Linux. However, an icon suggests there is also compatability with at least FreeBSD.
Open DHCP DNS Server

Other DNS software:

[#maradns]: MaraDNS

See: message from 2008 showing Sam Trenholme's plans for MaraDNS.

A discontinued product

MaraDNS author Sam Trenholme describing open source development discusses open source projects that stopped being developed. He then said, “And, yes, I'm coming to the realization I need to put closure on MaraDNS. This means my next release of MaraDNS (MaraDNS 2.0) will be my last release of MaraDNS.” Later, “Do I want to finish up Deadwood and release MaraDNS 2.0? Yes. Am I going to do it anytime soon? Probably not.” “I don't think I'll do any MaraDNS development besides basic bug fixes after MaraDNS 2.0 comes out.”

That was posted on October 2, 2009. Then, on September 29, September 29, 2010 blog entry”, 362 days later, Sam states he intends to “fix important bugs brought up on the mailing list, and will naturally fix any critical security bug that may be found in MaraDNS. I will also answer emails on the mailing list when and if I have time to do so. But, I do not have any plans to add new features to MaraDNS at this time.”

Not implementing features

MaraDNS Blog page about why MaraDNS won't implement DNS Curve. The basic reason has to do with how software developers treat each other. The author “supported” Daniel Julius Bernstein (“DJB”)'s behavior of deciding to “falme all of the BIND developers”, a fact for which this blog posting offers no apology. Yet this article seems to criticize “the fact is that DJB has never apologized for his behavior” in other cases, and ends with this long sentence: “If DJB wants to have a DNS standard that other DNS implementors will want to implement, he needs to have more respect for the DNS standards process and for other people who have implemented DNS, including the BIND developers.” (Not having details about Daniel Julius Bernstein's actions, the author of this text is not meaning to pass judgement on whether Sam Trenholme may be overreacting, or whether DJB's behavior was so significant that Sam's reaction may be the only justifiable response. The point that is being made is simply that there is a publicly-known rift between these well-known developers.)

Even before the software was relegated to a status of development being essentially discontinued, MaraDNS wish list status listed some “won't do” items, and MaraDNS wish list describes a reluctance of adding certain features for free. Mailing list archive showed some further reluctance to make certain changes.

NLnet Labs Name Server Daemon (“NSD”) and Unbound

These were mentioned by some comments on OpenBSD Journal @ Undeadly.org. Also, another article on that site, Article about OpenSMTPd has comment(s) recommending servers nsd and unbound.