hostname to the nearest mirrors (as defined by geography; on the
country / continent level).
It is used for search.cpan.org/cpansearch.perl.org and for
ftp.perl.org/ftp.cpan.org; to provide nearby-ish
servers for the NTP Pool; and to balance svn.apache.org to
svn.us.apache.org and svn.eu.apache.org.
WWW: http://geo.bitnames.com/
traffic. It normally produces binary data in pcap(3) format, either
on standard output or in successive dump files (based on the -w
command line option.) This utility is similar to tcpdump(1), but
has finer grained packet recognition tailored to DNS transactions
and protocol options. dnscap is expected to be used for gathering
continuous research or audit traces.
WWW: https://www.dns-oarc.net/tools/dnscap
PR: ports/127433
Submitted by: Edwin Groothuis <edwin@mavetju.org>
ZKT is a tool to manage keys and signatures for DNSSEC-zones.
The Zone Key Tool consists of two commands:
- dnssec-zkt to create and list dnssec zone keys and
- dnssec-signer to sign a zone and manage the lifetime of
the zone signing keys
See: http://www.hznet.de/dns/zkt/
PR: ports/126296
Submitted by: Frank Behrens <frank+ports@ilse.behrens.de>
DNS Server Cache. By sending many queries to a DNS server along with fake
replies, an attacker can successfuly writes a fake new entry in the DNS
cache.
WWW: http://www.securebits.org/dnsmre.html
PR: ports/126189
Submitted by: Tomoyuki Sakurai <cherry at trombik.org>
Unbound is designed as a set of modular components, so that also
DNSSEC (secure DNS) validation and stub-resolvers (that do not run as
a server, but are linked into an application) are easily possible.
Goals:
* A validating recursive DNS resolver.
* Code diversity in the DNS resolver monoculture.
* Drop-in replacement for BIND apart from config.
* DNSSEC support.
* Fully RFC compliant.
* High performance
o even with validation.
* Used as
o stub resolver.
o full caching name server.
o resolver library.
* Elegant design of validator, resolver, cache modules.
o provide the ability to pick and choose modules.
* Robust.
* In C, open source: The BSD license.
* Smallest as possible component that does the job.
* Stub-zones can be configured (local data or AS112 zones).
Non-goals:
* An authoritative name server.
* Too many Features.
WWW: http://unbound.net
responses.
It is designed to be used in conjunction with an existing recursive DNS resolver
in order to protect networks against DNS rebinding attacks.
interrogation success for a list of IP addresses against a list of DNSBL's.
The module is used to implement the reproting script dnsblstat.
WWW: http://search.cpan.org/dist/Net-DNSBL-Statistics/
PR: ports/119424
Submitted by: Jin-Shan Tseng <tjs at cdpa.nsysu.edu.tw>
http://www.isc.org/index.pl?/sw/bind/bind8-eol.php
Therefore, per the previous announcement, remove the ports for BIND 8.
This includes the chinese/bind8 slave port, and mail/smc-milter which
has a dependency on libbind_r.a from BIND 8.x. The latter has been
unmaintained since 2005, and is 3 versions behind.
Approved by: portmgr (linimon)
daemon.
multi_dnsbl is a DNS emulator daemon that increases the efficacy of DNSBL
look-ups in a mail system. multi_dnsbl may be used as a stand-alone DNSBL or as
a plug-in for a standard BIND 9 installation. multi_dnsbl shares a common
configuration file format with the Mail::SpamCannibal sc_BLcheck.pl script so
that DNSBL's can be maintained in a common configuration file for an entire
mail installation.
Because DNSBL usefulness is dependent on the nature and source of spam sent to
a specific site and because sometimes DNSBL's may provide intermittant service,
multi_dnsbl interrogates them sorted in the order of greatest successful hits.
DNSBL's that do not respond within the configured timeout period are not
interrogated at all after 6 consecutive failures, and thereafter will be
retried not more often than once every hour until they come back online. This
eliminates the need to place DNSBL's in a particular order in your MTA's config
file or periodically monitor the DNSBL statistics and/or update the MTA config
file.
WWW: http://search.cpan.org/~miker/Net-DNSBL-MultiDaemon-0.18/MultiDaemon.pm
PR: ports/115639
Submitted by: Andrew Greenwood <greenwood.andy at gmail.com>
Supports adding, removing, and modifying enteries.
The attributes it can handle are TTL, A record, C name, AAAA
record, and MX record. Outside of TTL, multiple attributes
for each type record.
WWW: http://vvelox.net/projects/ldnsm/
PR: ports/112191
Submitted by: Zane C. Bowers
cap is a network capture utility designed specifically for DNS
traffic. It produces binary data in pcap(3) format, either on
standard output (by default) or in successive dump files (if the d
command line option is given.) This utility is similar to tcpdump(1),
but has finer grained packet recognition tailored to DNS transactions
and protocol options. dnscap is expected to be used for gathering
continuous research or audit traces.
SYNOPSIS
dnscap [-avf6] [-i if ...] [-l vlan ...] [-p port] [-m [quire]] [-h [ir]]
[-q host ...] [-r host ...] [-d base [-k cmd]] [-t lim] [-c lim]
WWW: http://public.oarci.net/tools/dnscap
It uses POE::Component::Client::DNS to handle resolving when configured as
'forward_only' and Net::DNS::Resolver::Recurse wrapped by
POE::Component::Generic to perform recursion.
One may add handlers to massage and manipulate responses to particular queries
which is vaguely modelled after Net::DNS::Nameserver.
WWW: http://search.cpan.org/dist/POE-Component-Server-DNS/
PR: ports/109449
Submitted by: Jin-Shan Tseng <tjs at cdpa.nsysu.edu.tw>
Approved by: erwin (mentor, implicit)
descendant class that allows a virtual DNS to be emulated
instead of querying the real DNS. A set of static DNS
records may be supplied, or arbitrary code may be specified
as a means for retrieving DNS records, or even generating
them on the fly.
WWW: http://search.cpan.org/dist/Net-DNS-Resolver-Programmable/
- Koen Martens
gmc@sonologic.nl
PR: ports/108997
Submitted by: Koen Martens <gmc at sonologic.nl>
single one-ip-address domain. It can handle SOA, NS, MX, A, and PTR
requests. The 1.1.0 version includes a nice X windows GUI for management.
WWW: http://www.fourcalorieservers.com/
PR: ports/107624
Submitted by: Ron Scheckelhoff <rscheckelhoff at fourcalorieservers.com>
for small gateway machines, like a Soekris box. Its main feature
is that it does not require any Perl or Python interpreter.
It supports HTTPS, can send a mail report, and can run as daemon.
It is also very easy to deploy.
WWW: http://www.bsdmon.com/wakka/OpenDD
PR: ports/105434
Submitted by: Alexander Logvinov <ports at logvinov.com>
Ldns is a library to simplify implementaition of recent DNS
RFCs. The goal is to allow depelopers to easily create
software conforming to current RFCs and experimental software
for current Internet drafts. Because ldns is written in C
it should be a lot faster than Perl or other scripting
languages.
WWW: http://www.nlnetlabs.nl/ldns/
PR: ports/91042
Submitted by: Konstantin Saurbier <saurbier@math.uni-bielefeld.de> <saurbier@math.uni-bielefeld.de>
