Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
pdnsd maintenance page by Paul Rombouts

About pdnsd

pdnsd FAQ

Documentation

Download Section

pdnsd maintenance page

by Paul Rombouts

Version 1.2.6-par has been released:
pdnsd's license has been upgraded to GPL version 3. A bug has been fixed which caused pdnsd to handle NXDOMAIN replies inefficiently when configured with neg_domain_pol=on. The code that implements the ping test has been fixed, which was broken for 64-bit systems. A new option randomize_servers can be used to give each server in a section of the configuration file an equal chance of being queried. The new options reject, reject_policy and reject_recursively make it possible to check for the presence of certain IP addresses in the replies of name servers and to avoid some types of unwanted replies. The pdnsd-ctl 'add a' and 'add aaaa' commands now allow multiple IP addresses to be specified for the same name. pdnsd's ability to resolve from root servers has been improved.

Version 1.2.5-par has been released:
This release introduces a new query method: udp_tcp. With this method a UDP query is tried first and, if the UDP answer is truncated, the query is repeated using TCP, which is the behaviour that seems to be recommended by the DNS standards. There is a new configuration option use_nss, which can be turned off to prevent lengthy timeouts and stalls in certain situations. Also a bug has been fixed which could cause pdnsd to crash when started in debug mode.

Version 1.2.4-par has been released:
A memory leak and a minor buffer-overflow problem have been fixed. There is now a fix for some situations that would previously cause pdnsd to exit prematurely (such as ACPI S3 sleep or trying to attach strace to pdnsd). Time intervals specified in the configuration file can now be expressed in minutes, hours, days and weeks as well as seconds. Support for Apple Mac OS X v10.4 Tiger has been improved. The "pdnsd-ctl status" command now also provides some information about the status of the running threads.

Version 1.2.3-par has been released:
With the pdnsd-ctl empty-cache command, it is now possible to specify a selection of names to delete instead of emptying the cache completely. pdnsd should now remain responsive while a pdnsd-ctl empty-cache command is running. pdnsd-ctl config or server commands should no longer be held up by ping or query uptests to unresponsive servers. If pdnsd is configured with query_method=tcp_udp, it will now also try a UDP query if a TCP query times out. It should now be possible to resolve the same names with query_method=tcp_udp as with query_method=udp_only, though perhaps with an occasional delay. A number of problems with resolving from root servers have been solved.

Version 1.2.2-par has been released:
This release has a number of portability improvements. A bug has been fixed that prevented from pdnsd from compiling successfully on some 64 bit architectures. There is now (experimental) support for the Darwin (Apple Mac OS X) platform. In addition, this release has enhanced debug facilities.

Version 1.2.1-par has been released:
This release has improved support for non-Linux platforms: support for the Cygwin platform has been added and some fixes have been included to address compilation problems that have been reported by FreeBSD users.

Version 1.2-par has been released: pdnsd is new and improved!
I plan to add more information to this page about the new features when I can find the time. For now, I'll refer you to README.par and the ChangeLog.
For the impatient, the download page is here. For a short history of recent releases have a look at this page.

Note: Due to incompatibilities between various implementations of the pthread library on Linux systems, problems can occur with signal handling in pdnsd. The usual symptom is failure by pdnsd to save the cache to disk, and /var/cache/pdnsd/pdnsd.cache remaining empty. If you experience this kind of trouble, try reconfiguring with different values for the new --with-thread-lib option which is available with version 1.1.8b1-par4 and later. The allowable values are described in the documentation. If you still experience problems, contact me at the email address listed at the end of README.par.

pdnsd, written by Thomas Moestl, is a proxy DNS server with permanent caching (the cache contents are written to hard disk on exit) that is designed to cope with unreachable or down DNS servers (for example in dial-in networking).
The official pdnsd homepage by the original author can be found at http://home.t-online.de/home/Moestl/, but unfortunately pdnsd is no longer being maintained by him. As far as I know I am presently the only one actively working on the code, so if you want the latest features and fixes, this is the place to get them.

I came to know about pdnsd after reading about it in the WWWOFFLE FAQ. pdnsd solves a frequently occurring problem with dial-up internet connections when the file /etc/resolv.conf changes after wwwoffled (a www proxy server) has been started up. (If you're interested in WWWOFFLE I also have patches available for it here.)

pdnsd allows you to configure one address as the DNS server for all your internet software. This can be localhost, but I personally use a separate machine that I've configured as a gateway to the internet for my home LAN. pdnsd can then be configured to contact your ISP's DNS servers when you make a dial-up connection.

I've found pdnsd to be very useful, but I found it lacked an important feature to be truly maintenance free. The problem is that the ISPs I use do not specify fixed DNS server addresses, but expect their clients to use dynamic DNS configuration (DHCP in the case of the cable connection, RFC1877 in case of isdn). The DNS server addresses do not change frequently, but it does occasionally happen.

To solve this problem I've written a perl script to update the pdnsd configuration file automatically and I've added a new feature that enables you to change the name server addresses that pdnsd uses at run-time using pdnsd-ctl, the pdnsd control utility.

Out of respect for the free-software community, I'm making the modifications I've made available via this webpage as a pre-patched tar ball pdnsd-1.2.6-par.tar.gz. Earlier versions are available here. I also have a revised version of the documentation available here.

If you prefer using RPM packages instead of compiling and installing from source, have a look at the selection of packages at the end of this page. There are also Debian and Gentoo packages based on my version of the code, but these are not maintained by me, so if you have a problem with these don't contact me, but the respective package maintainers.

To use a patch file, first untar a fresh copy of the original pdnsd version 1.1.7a source (available from Thomas Moestl's download page) and cd into the source directory pdnsd-1.1.7a. Apply the patch using the command

gzip -cd <path_to_patch>/pdnsd-1.1.11a-par.diff.gz | patch -p2 -N -Z

Then ./configure, make and make install just as you would with the original source code. See the documentation that comes with the source or look here for details.
Note: I am no longer distributing new patch files w.r.t. Thomas Moestl's release because the patch files are barely smaller than the tar archive.
Note: I have used GNU extensions so there may be some portability issues. I have supplied alternatives for some of the less portable functions. There should be no problem with most Linux distributions.

A slightly more technical description of the modifications I've made (including some of the bugs I've fixed) can be found in the files README.par and README.par.old in the source directory (if you've installed one of the RPMs this file can be found in the directory /usr/share/doc/pdnsd-1.2). Some of the more recent bug-fixes are listed in the ChangeLog.

On this page I'll give a summary of the modifications from a user's perspective:

I've extended the way pdnsd can be configured by allowing multiple IP addresses per server section in the configuration file. So for instance, if an ISP has three DNS servers, say, 123.456.789.001,123.456.789.002 and 123.456.789.003, instead having three server sections labeled "myisp" each with a different IP address, I can have one section labeled "myisp" with the lines

ip = 123.456.789.001; ip = 123.456.789.002; ip = 123.456.789.003;

or

ip = 123.456.789.001, 123.456.789.002, 123.456.789.003;

This allows for a much more compact configuration file (3 server sections instead of 7 in my case), because most configuration options are identical for servers belonging to the same ISP. It also makes the output of "pdnsd-ctl status" more compact. And it was necessary for enabling a satisfactory implementation of the following features.
I've written a small perl script I called change_pdnsd_server_ip.pl (which can be found in the source directory contrib, or in /usr/share/doc/pdnsd-1.2/contrib after installing an rpm). This can be used to automatically update the configuration file if the DNS server configuration has changed. For instance, on my system I have the following lines in the script /sbin/ifup-local
```
source /etc/dhcpcd/dhcpcd-eth0.info
if [ "$DNS" ]; then
    /usr/local/sbin/change_pdnsd_server_ip.pl athome "$DNS" /etc/pdnsd.conf
fi
```
where athome is the label for my ISP and $DNS contains the addresses (separated by commas) of the DNS servers obtained by DHCP negotiation. (The file /etc/dhcpcd/dhcpcd-eth0.info is only applicable if you use dhcpcd as your DHCP client, otherwise you'll have get the DNS info somewhere else.) The perl script only overwrites /etc/pdnsd.conf if the DNS configuration has actually changed.

Versions 1.2 and later can also read DNS server configuration from a resolv.conf type file, making the perl script unnecessary in some cases. see the file= configuration option for the server section in the documentation.
change_pdnsd_server_ip.pl solves the problem of updating the DNS server configuration before pdnsd has started up, but for the case that pdnsd is already running, a different solution is needed. I have implemented one that uses pdnsd-ctl, the pdnsd control utility. Since version 1.2, pdnsd can be made to reload its configuration file at runtime using the "pdnsd-ctl config" command.

There is another solution that doesn't involve changing the configuration file. I've extended the options that can be given with the server command to pdnsd-ctl, to allow IP addresses to be specified as an additional argument after "up|down|retest". This allows me to put something like this in my ifup-local script (this should be /etc/ppp/ip-up.local in the case of a ppp connection):
```
if [ -f /var/lock/subsys/pdnsd ]; then
    # pdnsd is running...
    pdnsd-ctl server athome up "$DNS"
fi
```
Here $DNS again should contain the addresses of the DNS servers.

New in 1.1.8b1-par7: at the suggestion of Greg Norris, the configuration file may contain server sections that do not specify any IP addresses. Such a server section will remain inactive until one or more IP addresses are assigned to it with pdnsd-ctl.
Furthermore, for increased flexibility the addresses in last argument of the pdnsd-ctl server command may now be separated by spaces as well as commas (you made need to quote the list if you use spaces). Spurious spaces and commas are ignored, so it's safe to use something like $DNS1,$DNS2 in a shell script, even though only one of the variables is actually set. The last argument may even be an empty string, which will cause all the addresses of the corresponding server section to be removed. This can be used to inactivate a server section.
New in 1.1.8b1-par4: I've extended the configuration options for policies of inclusion/exclusion lists in server sections. The new policies options are simple_only and fqdn_only. Setting policy=simple_only will cause the server to used only for simple hostnames if no other rule matches. On the other hand, setting policy=fqdn_only will cause the server to be used only for fully qualified domain names (i.e. the name has at least one dot in-between). I find these options useful for controlling which name servers (if any) will be queried by pdnsd for simple host names.
New in 1.1.8b1-par8: A "delagation-only" feature has been added, which may be useful for blocking Verisign's Sitefinder Service. More details can be found here.
New in 1.1.8b1-par8: To make pdnsd a little more user-friendly, it is no longer necessary that domain names in the configuaration file end in a dot.
New in 1.1.10-par: It is no longer necessary to surround strings with quotes in the configuration file, unless a string contains a special character such as whitespace, a token that normally starts a comment, or one of the characters ",;{}". These special characters are illegal in domain names anyway.

New in 1.1.11-par: I've introduced a slight change in the way pdnsd does parallel queries. For example, if we have a list server1, server2, server3, etc. of available servers and par_queries=2, then pdnsd will first send queries to server1 and server2, and listen for responses from these servers.
If these servers do not send a reply within their timeout period, pdnsd will send additional queries to server3 and server4, and listen for responses from server1, server2, server3 and server4, and so on until a useful reply is received or the list is exhausted.
Previously, pdnsd would cancel queries to server1 and server2, before querying server3 and server4. The new method has the slight risk that it will waste more resources, but on the other hand, if we are going to wait longer anyway, why not continue to listen for responses from the first servers in the list.

I've also introduced a global timeout parameter. This is the minimum period of time pdnsd will wait after sending the first query to a remote server before giving up without having received a reply. The timeout options in the configuration file are now only minimum timeout intervals. Setting the global timeout option makes it possible to specify quite short timeout intervals in the server sections. This will have the effect that pdnsd will start querying additional servers fairly quickly if the first servers are slow to respond.

For example, suppose you set timeout=10 and par_queries=2 in the global section of the config file, and timeout=3 in all the server sections. Suppose there are 6 servers in the list of available name servers. In the extreme case that they are all unresponsive, pdnsd will query them as follows:

Query start	Send queries to servers 1,2	Listen for servers 1,2
After 3 seconds	Send queries to servers 3,4	Listen for servers 1,2,3,4
After 6 seconds	Send queries to servers 5,6	Listen for servers 1,2,3,4,5,6
After 10 seconds	Cancel all queries and return failure code

More information about the changes I've made (particularly new features in the 1.2.x releases) can be found in the README.par file in the source directory (or in the directory /usr/share/doc/pdnsd-1.2 if you're using an rpm). At the end of this file you can also find my email address should you wish to contact me.

I've also built some RPMs in the hope that it will make it more convenient for some people to try out my version of pdnsd.

First here's the source RPM pdnsd-1.2.6-par.src.rpm (449kB) in case none of the binary packages suits you. It's also possible to build an RPM directly from the tarball as follows:

rpmbuild -tb pdnsd-1.2.6-par.tar.gz

There are several options available when building RPMs (e.g. for adding ipv6 support) that are described in the documentation.

These are the latest packages. Older packages can be found here.

Package Name	Size	Description
pdnsd-1.2.6-par_sl4.i386.rpm	305kB	i386 binary built on a Scientific Linux 4 system (compatible with Red Hat EL 4).
pdnsd-1.2.6-par_sl5.x86_64.rpm	321kB	x86_64 binary built on a Scientific Linux 5 system (compatible with Red Hat EL 5).

These binaries were built without ipv6 support.

Note: For increased security, in the newer RPMs pdnsd runs as "pdnsd" instead of "nobody". If all goes well the new user ID "pdnsd" will be added automatically. Otherwise you will have create a new user "pdnsd" and change the ownership of the directory /var/cache/pdnsd and its contents by hand.

Have fun.

Paul Rombouts.

Please sign the petition for a Software Patent Free Europe