#MaraDNS 3.5.0034 released.

In this release, I have added a bunch of code so that Deadwood can quickly block up to around 30 million hosts while using very little memory: The new code blocks over 200,000 hosts using under 10 megabytes of memory (the older code needed over 200 megabytes to block that many hosts).

The code also has wildcard blocking support.

As always: https://maradns.samiam.org/

#DNS #OpenSource #MaraDNS

#MaraDNS can now support a large list of hosts to block while using very little memory. For example, to block just over 200,000 hosts, the old code needed around 240 megabytes; the new code can do it in under 10 megabytes without any real performance penalty.

I will work on adding wildcard support then document it; in the meantime, this Git commit has a pretty good summary of how to do it: https://github.com/samboy/MaraDNS/commit/ee1e3fc777912fc3ba5c04ad9a8beb22a99a63d7

#opensource #MaraDNS #DNS

MaraDNS has some other daughter projects which are part of the overall #MaraDNS toolchain:

https://maradns.samiam.org/HalfSipTest/ Make correct HalfSipHash1-3 test vectors

https://maradns.samiam.org/maramake/ Make sure MaraDNS can compile with a (mostly) POSIX201X compliant implementation of Make

https://maradns.samiam.org/lunacy/ MaraDNS’s scripting language for the scripts that make plain text and *ROFF man pages of MaraDNS’s documentation, run tests, and power coLunacyDNS. It’s a fork of Lua 5.1

#DNS #opensource

MaraDNS has some other daughter projects which are part of the overall #MaraDNS
toolchain:

https://maradns.samiam.org/HalfSipTest/ Make correct HalfSipHash1-3 test vectors

https://maradns.samiam.org/maramake/ Make sure MaraDNS can compile with a (mostly) POSIX201X compliant implementation of Make

https://maradns.samiam.org/lunacy/ MaraDNS’s scripting language for the scripts that make plain text and *ROFF man pages of MaraDNS’s documentation, run tests, and power coLunacyDNS. It’s a fork of Lua 5.1

#DNS #opensource

#MaraDNS minor update: I’ve added some more HalfSiphash1-3 test vectors by taking the official reference implementation of HalfSipHash, and calling it in such a way as to make test vectors suitable for MaraDNS: https://maradns.samiam.org/HalfSipTest/

I have release version 3.5.0033 of #MaraDNS In this release, the Lunacy (Lua 5.1) source has been updated to be in sync with the Github version of Lunacy.

https://maradns.samiam.org/download.html

#DNS #OpenSource

#OpenRC users: I am looking for someone to make a pull request for #MaraDNS so that it has a proper OpenRC system start up file.

While MaraDNS does work with OpenRC, someone on the OpenRC development team told me my hack to an old #sysvinit script to make it work with OpenRC is not the correct way to add OpenRC support.

Pull requests can be made on #GitHub

https://github.com/samboy/MaraDNS

Now that "make install" and "make uninstall" have **finally** after decades gotten a makeover to work with modern systemd based Linux distributions, I have released MaraDNS 3.5.0032 with these updates.

Also:

* coLunacyDNS, a Lua-based DNS server, is now installed
* lunacy, my Lua 5.1 fork for coLunacyDNS and some of the document generation and testing scripts, is also now installed
* Old sysvinit scripts are **not** deprecated, but are no longer actively supported

#opensource #MaraDNS

MaraDNS will now do the right thing in Ubuntu 22.04 and other systems with systemd.

For years, MaraDNS needed a helper, Duende, to make MaraDNS a daemon on systems with classic *NIX style init. With systemd, it’s no longer needed to use the Duende helper.

Instead, systemd handles the daemonization of the MaraDNS services.

This is much simpler at the development level, since systemd now handles a lof of complexity the old init systems forced networking services to handle.

#MaraDNS #opensource

On the heels of my 3.5.0029 release of MaraDNS, I have released both MaraDNS 3.4.09 and MaraDNS 3.5.0030.

These releases add RFC8482 support to the authoritative MaraDNS service. With this change, all three MaraDNS services (MaraDNS, Deadwood, and coLunacyDNS) now reject ANY queries, as per RFC8482.

No, this will not break Qmail, and, yes, this helps stops some kinds of denial of service attacks.

It can be downloaded here: https://maradns.samiam.org/download.html

#MaraDNS #DNS #security #opensource

I have release MaraDNS 3.5.0029 today. This release updates Deadwood to reject ANY queries as per RFC8482, since ANY queries can be used as denial of service amplifiers.

The download is at https://maradns.samiam.org/download.html

As always, MaraDNS is free and open source software.

#MaraDNS #Opensource #DNS #DDOS

Since I have had to do this twice in the past week: If you ask for a given feature for any of my #opensource projects after I tell you “no” once, the conversation will be locked.

If you are obnoxious about it in your second response, the conversation will be locked, the obnoxious comment will be deleted, and your account will be blocked.

“No” means “no”, and anything besides “I understand” after my first “no” means you will be shown the door.

#MaraDNS #NoMeansNo #Boundaries

I spent all morning making a legacy 3.4 branch of MaraDNS. This is the older branch which is only updated with security and other important updates.

Namely, I backported the Y2038 fixes back to the 3.4 branch. These fixes are important, so I have also, for the first time since 2020, made new Windows binaries of the 3.4 files.

Barring a security hold, this will be the last 3.4 release for a while.

It’s here: https://maradns.samiam.org/download.html

#OpenSource #MaraDNS #DNS

@ekaitz_zarraga @civodul

So, my operating theory, having not deeply read the code but hinted at in a comment, was as a fallback if /dev/urandom was available (e.g. windows) ... though honestly I'd prefer it to just fail.

Really need to take this upstream to #maradns but haven't had a chance to follow-up on that... happy if someone else would!