1
--- deadwood-2.9.05/doc/Deadwood.ej 2010-08-13 01:48:00.000000000 -0700
2
+++ deadwood-2.9.06/doc/Deadwood.ej 2010-08-31 11:47:34.000000000 -0700
7
-Deadwood - A non-recursive caching DNS resolver
8
+Deadwood - A fully recursive caching DNS resolver
11
-Deadwood is a working DNS forwarding cache. This is a DNS server with
12
+Deadwood is a fully recursive DNS cache. This is a DNS server with
13
the following features:
17
+<li>Full support for both DNS recursion and DNS forwarding caching
19
<li>Small size and memory footprint suitable for embedded systems
21
<li>Simple and clean codebase
23
In addition to use a buffer-overflow resistant string library and a coding
24
style and SQA process that checks for buffer overflows and memory leaks,
25
Deadwood uses a strong pseudo-random number generator (The 32-bit version
26
-of Radio Gatun) to generate both the query ID and source port. For the
27
+of RadioGatun) to generate both the query ID and source port. For the
28
random number generator to be secure, Deadwood needs a good source of
29
entropy; by default Deadwood will use /dev/urandom to get this entropy.
30
If you are on a system without /dev/urandom support, it is important
35
+The Windows port of Deadwood includes a program called
36
+"mkSecretTxt.exe" that creates a 64-byte (512 bit) random file called
37
+"secret.txt" that can be used by Deadwood (via the "random_seed_file"
38
+parameter); Deadwood also gets entropy from the timestamp
39
+when Deadwood is started and Deadwood's process ID number, so it is
40
+same to use the same static secret.txt file as the random_seed_file
41
+for multiple invocations of Deadwood.
45
Note that Deadwood is not protected from someone on the same network viewing
46
packets sent by Deadwood and sending forged packets as a reply.
49
On systems without direct /dev/urandom support, it is suggested to see if
50
there is a possible way to give the system a working /dev/urandom. This
51
way, when Deadwood is compiled, the hash magic number will be suitably
58
chroot_dir = "/etc/deadwood"
60
# The following upstream DNS servers are Google's
61
-# newly-announced (as of December 2009) public DNS
62
-# servers. For more information, see the page at
63
+# (as of December 2009) public DNS servers. For
64
+# more information, see the page at
65
# http://code.google.com/speed/public-dns/
67
-# These IPs can be changed to the IPs of any recursive
68
-# DNS servers that can be reached from the computer
69
-# running Deadwood, such as your ISP's DNS servers.
70
-upstream_servers = {}
71
-upstream_servers["."]="8.8.8.8, 8.8.4.4"
72
+# If neither root_servers nor upstream_servers are set,
73
+# Deadwood will use the default ICANN root servers.
74
+#upstream_servers = {}
75
+#upstream_servers["."]="8.8.8.8, 8.8.4.4"
77
# Who is allowed to use the cache. This line
78
# allows anyone with "127.0" as the first two
80
# If you want to read and write the cache from disk,
81
# make sure chroot_dir above is readable and writable
82
# by the maradns_uid/gid above, and uncomment the
85
#cache_file = "dw_cache"
87
# If your upstream DNS server converts "not there" DNS replies