PowerDNS was the only DNS server at the time to use a relational database, and they supported several, including Oracle, which is what won me over. I embarked on an epic journey to make PowerDNS a first class citizen on Solaris 10. It took me five years, but boy did it pay off with massive dividends in stability and scalability!
PowerDNS isn't a perfect piece of software though: it has two major weaknesses, first that it is written in C++ as opposed to C and that made it a bitch to port to Solaris, and second that it depends on Boost, which is also a massive, bloated C++ monster which is a nightmare to get to build on any platform, let alone Solaris.
However, the software itself is a damn good DNS server, resistant to most attacks and constantly improving having had loving care from its user community, some which could be core PowerDNS developers in their own right. Finally it bears writing that the owners of PowerDNS are some of the kindest, sweetest guys one ever had the pleasure of working with, and they are open to considering suggestions and accepting contributions in patches and features. They were an absolute blast to work with over the years and could serve as poster children on how open source collaboration could work and make money off of at the same time.
The one aspect that concerns me about that is the bootstrap step of resolving the database server name. How is that done? hosts file?
Database name, user and password are then configured in powerdns.conf(4). When linked with Oracle client libraries, pdns(1M) Oracle backend module makes the database connection over "OCI", the Oracle client interface.
Other database backends, like for example SQLite run on the same server so pdns(1M) "gsqlite" backend module opens the database file directly.
Neither of elinks/lynx renders it correctly either.
Markdeep is the single best Markdown implementation I have ever used. The generated pages are beautiful and it supports a vast number of features. If I want to save a processed page as plain HTML, I just have to save the page's current state.
I dont use Chrome. Cant comment on that.
<meta charset="utf-8" emacsmode="-*- markdown -*-">
**A warm welcome to DNS**
# Hello, and welcome to DNS!
This series of documents attempts to provide a correct introduction to the
Domain Name System as of 2018. The original RFCs remain the authoritative
source of normative text, but this document tries to make this venerable
protocol more accessible, while maintaining full alignment with all relevant
and useful RFCs.
If I recall correctly many years ago on the djbdns mailing list djb said you did not know what you are talking about or something to that effect. At the time I thought maybe he was being a little harsh. As usual, he was right. You are annoying.
I appreciate that this is a work in progress but this section is misleading. As all too briefly mentioned elsewhere on the page, EDNS allows extending this. In practice most of the resolvers I connect to do support EDNS and a buffer of 4096. So yes 512 may be needed as a fallback (depending on what you're doing) but you'll almost certainly have more room to breathe than that. IPv6 and DNSSEC practically make the extra space a necessity.
> DNS names can (and often MUST) be compressed.
I don't think I've ever seen label compression in actual use? RFC 6891 (https://tools.ietf.org/html/rfc6891) seems to suggest they're obsolete.
That critique aside, it seems like this will become a good tutorial. And if you're looking for a reference I'd point to the IANA's page on DNS parameters (https://www.iana.org/assignments/dns-parameters/dns-paramete...) it lists and organises most of the relevant RFCs. RFC 6895 (https://tools.ietf.org/html/rfc6895) is a particularly useful resource for best practices.
EDNS is fundamental DNS knowledge that any DNS server implementer knows and Bert is one. He's talking about "when DNS was created" in that context, i.e., the current DNS's RFC 1034/1035 times.
so if anyone has lost their mind looking for a complete list of DNS RFC's and their relationship / timeline, ... knock yourselves out: https://emaillab.jp/dns/dns-rfc/
It's an unfortunate naming collision.
My meaning: http://dnscookie.com/
RFC 7873 meaning: https://tools.ietf.org/html/rfc7873
What about programs run by clients that look things up over at authoritative servers? (Programs that do not look things up over at resolvers.)
"Zone files are one way of storing DNS data, but these are not integral to the operation of a nameserver. The zone file format is standardized, but it is highly non-trivial to parse.
Of specific note, many people have attempted to write a grammar (parser) for zonefiles and it is almost impossible."
I am guessing this statement is only referring to "BIND" zone file format.
I wonder how that could be a desirable or even acceptable state of affairs: having a "standardized" format that is "almost impossible" to parse.
The author suggests zone files are "not integral" to operation of a nameserver.
If zonefiles are optional does that also leave the programmer the option to use a zonefile format of their own choosing?
IME, parsing a tinydns zonefile is not difficult at all, because the author did not use the "standardized" BIND zonefile format.
I had to build a DNS zone file parser +3 years ago for the web application firewall that I was building for my employer. I have to agree that I had a lot of problems implementing the different formats but ultimately — implementing the most common ones — succeeded. The project later became the CDN of one of the biggest hosting providers in the US, and as far as I know, there hasn't been any problems with the configuration files.
BIND zone files are (for the most part) very straightforward.
It seems to be a straightforward format for expressing tabular data using whitespace. I'm pretty sure that it was designed to be parsed using hand-written code iterating over an array of characters. Most formats that were defined by their implementation using a hand-written parser tend to be difficult to force into a grammar-based paradigm, because context-sensitivity is much easier to introduce when you write the parser yourself.
C is similarly difficult to parse with a grammar, since pointer declarations like char * ptr and multiplications like x * y are only distinguishable using context about the available types.
Aside from the utilities like dig, I call those “resolvers” too. Doesn’t matter if they’re client-specific. The term still fits, it describes what the code is doing.
"Stub resolvers are "minimal DNS resolvers that use recursive query mode to offload most of the work of DNS resolution to a recursive name server."
A stub resolver will simply forward a request to a recursive name server..."
dig can send both recursive and non-recursive queries.
This appears to meet the definition of a "stub resolver" according the definition above.
However I am asking about programs that send only non-recursive queries and only send them to authoritative nameservers.
(FWIW I do not consider caches to be authoritative for any name.)
Is there a well-understood term to describe this type of program?
Rather than looking at Wikipedia I suggest consulting RFC 7719 "DNS Terminology", https://tools.ietf.org/html/rfc7719 where you will find that your program is simply called a "resolver": "A program that extract[s] information from name servers in response to client requests."
That RFC further describes some specific classes of resolver, but dig is most definitely not a "stub resolver" because these are characterised by what they cannot do, whilst dig is a swiss-army knife utility that can do a great deal - which merely happens to include, amongst other things, sending the same queries that a stub resolver might send.
In terms of implementation details, your specific description: "programs that send only non-recursive queries and only send them to authoritative nameservers" describes the principal activity of the resolver side of most implementations of a full-service resolver. However if you read that RFC you'll see that it equivocates about the implementation details of full-service resolvers in general, because in classification the role and outcome matters more than the action.
Tools like dig, zonemaster , etc. are out of the classification's scope. Oftentimes they can do everything DNS and hence fit none and all of the categories. I would call those "DNS powertools" or something like that.