1
--- deadwood-3.1.03/doc/Deadwood.ej 2011-12-21 13:44:37.000000000 -0600
2
+++ deadwood-3.2.01/doc/Deadwood.ej 2012-01-17 15:49:15.932749534 -0600
4
<li>Ability to use expired entries in the cache when it is impossible to
5
contact upstream DNS servers.
7
-<li>Ipv6 support can be compiled in if desired
8
+<li>IPv6 support can be compiled in if desired
10
<li>Both DNS-over-UDP and DNS-over-TCP are handled by the same daemon
14
<h1>ip/mask format of IPs</h1>
15
Deadwood uses a standard ip/netmask formats to specify IPs.
16
-An ip is in dotted-decimal format, e.g. "10.1.2.3" (or in ipv6
17
-format when ipv6 support is compiled in).
18
+An ip is in dotted-decimal format, e.g. "10.1.2.3" (or in IPv6
19
+format when IPv6 support is compiled in).
22
The netmask is used to specify a range of IPs.
23
The netmask is a single number between
24
-1 and 32 (128 when ipv6 support is compiled in), which indicates the
25
+1 and 32 (128 when IPv6 support is compiled in), which indicates the
26
number of leading "1" bits in the netmask.
30
a single IP will match.
33
+DNS-over-TCP needs to be explicitly enabled by setting tcp_listen to 1.
37
+Deadwood extracts useful information from UDP DNS packets marked truncated
38
+which almost always removes the need to have DNS-over-TCP. However,
39
+Deadwood does not cache DNS packets larger than 512 bytes in size that
40
+need to be sent using TCP. In addition, DNS-over-TCP packets which are
41
+"incomplete" DNS replies (replies which a stub resolver can not use,
42
+which can be either a NS referral or an incomplete CNAME reply) are not
43
+handled correctly by Deadwood.
47
Deadwood has support for both DNS-over-UDP and DNS-over-TCP; the same
48
-daemon listens on both the UDP and TCP DNS port. DNS-over-TCP must
49
-be explicitly enabled by setting tcp_listen to 1.
50
+daemon listens on both the UDP and TCP DNS port.
53
Only UDP DNS queries are cached. Deadwood does not support caching
54
-over TCP; it handles TCP to resolve the occasional truncated reply or
55
-handle the occasional non-RFC-compliant TCP-only DNS resolver.
56
+over TCP; it handles TCP to resolve the rare truncated reply without any
57
+useful information or to work with very uncommon non-RFC-compliant TCP-only
58
+DNS resolvers. In the real world, DNS-over-TCP is almost never used.
60
<h1>Parsing other files</h1>
64
This server can also be optionally compiled to have IPv6 support. In order
65
to enable IPv6 support, add '-DIPV6' to the compile-time flags. For
66
-example, to compile this to make a small binary, and to have ipv6 support:
67
+example, to compile this to make a small binary, and to have IPv6 support:
70
export FLAGS='-Os -DIPV6'
75
-DNS-over-TCP needs to be explicitly enabled. Note that DNS-over-TCP is
76
-almost never used. Also,
77
-Deadwood does not cache DNS packets larger than 512 bytes in size that
78
-need to be sent using TCP. In addition, DNS-over-TCP packets which
79
-are "incomplete" DNS replies (replies which a stub resolver can not use,
80
-namely either a NS referral or an incomplete CNAME reply) are not
81
-handled correctly by Deadwood. Again, DNS-over-TCP is very rare.
83
+Deadwood does not follow RFC2181's advice to ignore DNS responses with the TC
84
+(truncated) bit set, but instead extracts the first RR. If this is not
85
+desired, set the undocumented parameter truncation_hack to 0 (but
86
+read the DNS over TCP section of this man page).
89
Deadwood can not process DNS resource record types with numbers between
90
65392 and 65407. These RR types are marked by the IANA for "private use";
91
Deadwood reserves these record types for internal use. This is only 16
94
Sam Trenholme (<A href=http://www.samiam.org/>http://www.samiam.org</a>) is
95
responsible for this program and man page. He appreciates all of
96
-Jean-Jacques Sarton's help giving this program Ipv6 support.
97
+Jean-Jacques Sarton's help giving this program IPv6 support.