DNS software

Copy from:  http://maradns.samiam.org/dns_software.html

DNS software

The “big five”. The “CVE” links point to the National Vulnerability Database’s list of security issues for the program in question; I also have a comparison of DNS servers’ security history.

  • BIND is the swiss army knife of DNS servers. It has a lot of features and can do pretty much everything. It’s also a big binary and sometimes difficult to configure. CVE
  • Unbound and NSD make up a suite of DNS servers; they are both from NLnet Labs.Basically, one (NSD) puts your web page on the Internet; the other (Unbound) looks for web pages on the Internet. NSD CVE (None of those entries look to point to NSD; it appears to have no CVE entries) Unbound CVE
  • PowerDNS (which like Unbound/NSD, is two separate programs) has a lot of flexibility with connecting to databases or what not to resolve a DNS name. Used by Wikimedia, among others. CVE.
  • DjbDNS. Great tiny two-program DNS suite that sadly hasn’t been updated by DJB since 2001. Yes, it does have security problems (That’s a CVE link). Note that there are still people on the Internet who pretend DjbDNS 1.05 is magically perfectly secure. Sigh; there’s a lot of stupid out there on the ’net.For anyone who wants to use DjbDNS, use N-DjbDNS, which is patched against all known security holes (be sure to use a version with commit 16cb625e).
  • MaraDNS. I think it’s the best one, but my opinion is a little biased. It was once a single program, now two separate programs (like Unbound/BSD and PowerDNS) Easy-to-configure; tiny binary suitable for embedded systems. CVE

There are many many other DNS servers, both open source and non-open source.

Some other DNS servers:

Freely downloadable DNS servers

Caching DNS servers

  • DnsMasq is a non-recursive caching DNS server.
  • pdnsd is a recursive caching DNS server. Paul Rombouts is (was?) the current maintainer of this program.
  • Posadis is another DNS server project, similar to MaraDNS. This server is now both a resolving and an authoritative DNS server. Hasn’t been updated in a while.

Non-recursive DNS servers

  • Knot DNS has DNSSEC support.
  • MyDNS is an authoritative-only DNS server which uses MySQL as a database back end. The most currently updated version appears to be MyDNS-ng, the “next generation” version of MyDNS.
  • SDNS is a project written in the late 1990s by Sandia Labs. Like MaraDNS, this project was written with security in mind. Since this is a government project, the code is public domain. The program does not seem to be downloadable anywhere, so I am mirroring it here. I would like to thank Fred Cohen for informing me about this package.
  • The Pliant language/package comes with a DNS server. This DNS server can not recursively process DNS queries given a list of root servers.
  • Twisted includes a non-recursive DNS server.
  • DnsJAVA is an authoritative-only DNS server written in Java.
  • The Eddit project includes a DNS server
  • SheerDNS is a simple non-caching DNS server that stores all records as their own files.

Abandoned DNS server projects

These are DNS server projects which have not released any files for a significant period of time, and are not fully functioning DNS servers (either because the program did not have basic DNS functionality when abandoned, the program was not documented before being abandoned, or because the program was abandoned so long ago that it is not fully functional on today’s internet).

  • Oak DNS is a DNS server written completely in python. It is compatible (I think) with both BIND zone files and cache files. The file can be downloaded here, or here. The most recent alpha version can be downloaded here. The most recent file in this alpha is from February of 2003; the original website is now owned by a cyber-squatter. (Thanks, Michel Talon, for the update)
  • MooDNS is another DNS server project. A CVS checkout on January 21, 2003 shows that no files have been updated since July 20, 2002, except for a single readme file updated on August 1, 2002. This project is abandoned.I have made a tarball available for people who do not want to bother with a CVS checkout.
  • Dents is a DNS server that showed a lot of promise. Unfortunately, no files have been released since 1999.
  • Yaku-NS is a DNS server geared towards embedded systems. According to the changelog, no one has made any changes to this software since Feburary, 2001.
  • CustomDNS has not released any files since the summer of 2000.


Proprietary DNS solutions

No, I have not listed every single DNS server that exists here.


Iptables 指南 1.1.19




NAT – Network Address Translation

Quick HOWTO : Ch14 : Linux Firewalls Using iptables


Build openjdk 7 on ubuntu 10.10

sudo apt-get install git mercurial zip bzip2 unzip tar gawk
sudo apt-get install ccache make gcc g++ ca-certificates ca-certificates-java
sudo apt-get install libX11-dev libxext-dev libxrender-dev libxtst-dev
sudo apt-get install libasound2-dev libcups2-dev libfreetype6-dev
sudo apt-get install build-essential ruby-dev pkg-config
sudo apt-get install openjdk-6-jdk
sudo apt-get install fpm

mkdir /build/openjdk
cd /build/openjdk
git clone https://github.com/hgomez/obuildfactory.git

XBUILD=true ./obuildfactory/openjdk7/linux/standalone-job.sh

# List output file
ls OBF_DROP_DIR/openjdk7/


# Install to /opt/openjdk7
sudo mkdir /opt/openjdk7
cd /opt/openjdk7
sudo tar xvfj /build/openjdk/OBF_DROP_DIR/openjdk7/j2sdk-image-x86_64-u80-b05-20150127.tar.bz2

Config OpenWrt on WNDR3700v4

Http proxy for opkg:
Add following line in OPKG-Configuration via LuCI Web
option http_proxy

Enable USB Storage
Install kmod-usb-storage
Install kmod-fs-ext4
Install kmod-fs-msdos
Install kmod-nls-utf8
Install block-mount

Install openwrt onto WNDR3700v4 from factory image

Download openwrt image

Install with update feature from web interface


Issue of of 2014.10.2 version

Unable to use the 128MB flash space.


Status of 2014.10.2 version

Hostname OpenWrt
Model NETGEAR WNDR3700v4
Firmware Version OpenWrt Barrier Breaker 14.07 / LuCI Trunk (0.12+svn-r10530)
Kernel Version 3.10.49

uninstal DD-WRT from WNDR3700 v4

Download factory image WNDR3700v4-V1.0.1.32 from netgear web site
Flash back via TFTP method


– plug the PC into LAN port 1
– set the pc to a static IP of
– power on the router
– press and hold the RESET button as soon as the switch LEDs light up.
– keep holding RESET until the power LED begins to flash orange and then green.
– only the power LED is flashing green (and of course port 1), release RESET and than
-tftp -i -v PUT <filename>

Install dd-wrt onto wndr3700 v4

Hardware:                       2.4G/5G Wifi,  USB,  128MB RAM/128B NAND

Version Installed:             DD-WRT v24-sp2 (01/04/15) std – build 25760

Feature Integrated:

FreeRadius,                   PPPoE Server / Relay
PPTP Server / Client,     OpenVPN Server / Client
USB:                               Printer,  Storage,     USB Over IP
FTP Server,                    DLNA Server,          Samba Server
SIP Proxy,                       Http Server (Lighttpd)
Mikrotik MAC Telnet,      IP over DNS Tunneling (nstx)
SNMP,                            VNC Repeat,          Zabbix client


Add 32G USB key with following partition setting:

Part1 LABEL=”EXEC”   SIZE=2G   TYPE=”ext4″ With Journal

Part2  LABEL=”DATA”   SIZE=30G  TYPE=”ext4″ Without Journal


SSH into the route and execute:

umount /dev/sda1
umount /dev/sda2
mkdir /mnt/exec
mkdir /mnt/data
mount /dev/sda1 /mnt/exec
mount /dev/sda2 /mnt/data
cp -r -p  /opt /mnt/exec/
cp -r -p  /etc /mnt/exec/
cp -r -p /www /mnt/exec/
cp -r -p /jffs /mnt/exec/

Startup Script:
umount /dev/sda1
umount /dev/sda2
cp -r -p /tmp /tmp/mnt
mkdir /mnt/exec
mkdir /mnt/data
mount /dev/sda1 /mnt/exec
mount /dev/sda2 /mnt/data
mount –bind /mnt/exec/www /www
mount –bind /mnt/exec/opt /opt
mount –bind /mnt/exec/etc /etc
mount –bind /mnt/exec/jffs /jffs
mv /tmp/mnt/tmp /mnt/exec/
mount –bind /mnt/exec/tmp /tmp











Open Source OS



Not open source