djbdnscurve6:

Section: Misc. Reference Manual Pages (walldns)
Updated: 8
Index Return to Main Contents

NAME

walldns - DNSCurve enabled reverse DNS wall server

DESCRIPTION

walldns is a reverse DNS wall. It accepts iterative DNS queries for in-addr.arpa and ip6.arpa domains from hosts around the Internet, and supplies generic responses that avoid revealing local host information. Encrypted DNS queries in the DNSCurve format are honored and replied encrypted als well, given, the name server's public key is generated by means of dnscurve-keygen and used as primary DNS name for walldns.

For example, walldns provides a PTR record for 4.3.2.1.in-addr.arpa showing 4.3.2.1.in-addr.arpa as the name of IP address 1.2.3.4, and a matching A record showing 1.2.3.4 as the IP address of 4.3.2.1.in-addr.arpa. IPv6 addresses are treated similarly, but now using ip6.arpa as reverse IPv6 address suffix.

CONFIGURATION

Normally walldns is set up by the walldns-conf program.

walldns runs chrooted in the directory specified by the $ROOT environment variable, under the uid and gid specified by the $UID and $GID environment variables.

walldns listens for incoming UDP packets addressed to port 53 of $IP. It does not listen for TCP queries. Specifying 0.0.0.0 or :: results in listing to all available IP addresses and interfaces (for IPv6) respectively. In case $IP is specified as the pseudo IP address :0, walldns will bind to all available IPv4 and IPv6 addresses simultaneously.

FURTHER DETAILS

walldns rejects inverse queries, non-Internet-class queries, truncated packets, packets that contain anything other than a single question, queries for domains outside in-addr.arpa and ip6.arpa and request types other than A, AAAA, PTR, and *.

walldns does not include NS or SOA records with its responses.

walldns uses TTLs slightly over one week.

REFERENCE

https://cr.yp.to/djbdns.html

This document was created by man2html, using the manual pages.
Time: 15:10:03 GMT, December 15, 2024