DJBDNS is a simple and secure DNS implementation by Prof. Daniel J. Bernstein, because he feels that BIND's security history is very poor.
DJBDNS consists of 6 parts:
- dnscache - the local dns cache/resolver.
- tinydns - the local dns server.
- walldns - a "reverse DNS wall".
- rbldns - a dns blackholing service.
- axfrdns - a zone-transfer server.
- axfr-get - a zone-transfer client.
DJBDNS also implements parsing of host data as a separate program. DNS caching and recursive resolving is also implemented as a separate program. The result of these design decisions is a dramatic reduction in code size and complexity of the daemon program that answers lookup requests. Prof. Bernstein (and many others) feel that this is true to the spirit of the Unix operating system, and makes security verification much simpler.
DJBDNS is licensed to permit free redistribution and use, and the source code is publicly disclosed, but the license does not permit distribution of modifications (and is thus not open source or free software).
External link