Projects / djbdns


djbdns is a collection of Domain Name System tools. Security is one of the primary motivations for the development of djbdns. Every step of the design and implementation has been carefully evaluated from a security perspective. The djbdns package has been structured to minimize the complexity of security-critical code. dnscache is immune to cache poisoning. It is advisable to use the package as a secure alternative to BIND.


Recent releases

  •  12 Feb 2001 06:30

    Release Notes: This version responds differently to *-class queries, and to AXFR requests, to placate a few broken clients. The servers now log starting messages.

    •  22 Jan 2001 14:46

      Release Notes: tinydns now automatically returns a random set of 8 addresses from a cluster of any size. It also supports client differentiation. There's no longer any reason to use pickdns. dnstracesort prints glue information that reveals all sorts of interesting inconsistencies.

      •  16 Jan 2001 09:55

        Release Notes: Various internal changes and cleanups have been added. dnscache now returns the cached TTL by default, and can forward all queries to a specified set of forwarders.

        •  25 Sep 2000 05:13

          Release Notes: This release includes a workaround for bash mangling $UID when masquerading as sh, and dnscache-conf now uses /etc/dnsroots.{global|local} instead of /etc/dnscache/@ for its list of root servers.

          •  19 Sep 2000 10:26

            Release Notes: Services now use envdir to set up environment variables such as $IP and $CACHESIZE, so outside tools can read and edit the variables. dnscache discards non-recursive queries. There's a new dnsqr tool to send recursive queries to dnscache. dnscache works around the Linux O_NONBLOCK kernel bug.

            Recent comments

            26 Oct 2002 12:33 shaman

            Works great
            The software is stable, and dnscache works really well. However, like all DJB software, it's really very quirky to get running and installed.

            That said, it's working fantastic as a DNS cache for my network... I have two big DNS caches with 850MB of cache apiece (yes, you read that right) and the other machines all have 5MB of local dns cache. My network feels 3x snappier now without adding any egress bandwidth. Wow.

            If there's a better dns cache than the one in djbdns, let me know. :)

            As far as tinydns goes, it works flawlessly and is brutally quick at what it does, considering the way it does it. My only complaints with it are in the management tools.

            11 Oct 2002 05:21 samboy

            Re: DJBDNS will be dead in 2 years
            I agree that Dan has a less than ideal license for his solution. For example, I can not mirror all of the tools needed to make DjbDNS work on my web page because daemontools' license does not allow it to be anywhere except on And, the documentation is only available on and can not be legally mirrored.

            That said, Dan's software does not need constant revisions. Qmail does one thing and one thing well (though it has problems being an outgoing SMTP server due to an annoying intermittent 90-second delay); it does not need security updates because the code was written securely from the onset. Ditto with DjbDNS.

            I wrote MaraDNS so that the internet would have a simple bare-bones DNS server (with all of the essentials: Caching and authoritative serving) which is both fully open-source and uses no BIND code. It is, roughly speaking, the "Postfix" of DNS servers. There's also Posadis, which is not recurisve (caching) yet, and is more geared to people who want something more BIND-like than DjbDNS or MaraDNS.

            - Sam

            01 Sep 2002 03:06 luhan

            Re: DJBDNS will be dead in 2 years
            I have just build a DNS with djbdns,and i found it really nice(than bind).But after reading these articles above,i wonder if djbdns will die.

            06 Feb 2002 02:29 akukula

            Re: DJBDNS will be dead in 2 years
            I prefer to use 5-year old, or even 50-year old freeware djbdns than brand-new Open Sourced BIND full of shit and bugs...

            I can set up DNSCache in 10 minutes and I am sure that it will never go down... or more, that it will never bring my box to its knees.

            I can set up TinyDNS in 10 minutes, write 1000+ domains in one simple database and be sure that they will be serviced properly.

            Moreover, I have simple utilities like dnsname, dnsip, dnsq, dnsqr, dnstrace, all of them help me easily diagnose problems.

            19 Nov 2001 20:58 bryanhenderson

            Re: DJBDNS will be dead in 2 years
            I guess the license must have changed since this comment was made. I looked all around and found djbdns to be nothing but freeware. Freeware means you get it without having to give anything in return. The comment implies it is not freeware - that the user must give in exchange for the software a promise not to distribute modifications of it. I don't see that anywhere today. I don't even see the usual "you must indemnify me against damage done by my negligent coding" demand.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.