@ska

An additional fun factor is that wildcards in #djbdns by design don't work like wildcards in BIND. The difference was much discussed a quarter of a century ago.

So any bug reports that assume that wildcards in djbdns databases are supposed to behave like they do in BIND's 'zone' files need to be checked for proper foundation.

And with RFC 4592 an even greater divergence then happened.

#djbwares #DNS #shibari

@ska

I hope not, if working like #djbdns is the goal.

RFC4592 has a tree-structure model of domain name existence that prevents wildcards from working in some cases in a way that the djbdns table-structure model does not prevent.

Using the RFC4592 example:

When one does an MX lookup for _telnet._tcp.example. or ghost.*.example. it returns a non-empty record set because of the @ wildcard at *.example. .

In the RFC4592 model, the *.example. wildcard does not get applied.

#DomainNameSystem

@JdeBP Real talk: shibari working like #djbdns is not the goal. It has never been the goal. It will never be the goal. And I am getting increasingly annoyed at the djbware community who tends to believe that the original djbware is the be-all end-all of software design. djbware was excellent 30 years ago and is sometimes still serviceable; this does not mean it cannot be improved upon. Pretending otherwise is being in a cult.

In fact, the reason why I wrote shibari was twofold:

• axfrdns is not RFC-compliant, and at some point BIND became more conservative in what it accepted, so one of my secondaries stopped working.
• djbdns does not implement dns-0x20, so at some point some resolvers stopped working and my site became inaccessible.

(Also, of course, IPv6, but this was not the deciding factor.)

Did I try patching djbdns in order to solve my issues? Yes, I did. And it soon became apparent that although the djbdns design is stellar, the code is less than, and finding out where and how to patch it in order to change what I wanted was seriously threatening the few hairs I have left. I found it easier to write an entirely different DNS server from the ground up than to actually patch djbdns. That's how unmaintainable the code is.

So no, shibari's goal isn't to work like djbdns. It is to be a replacement that is, you know, actually compliant with the specifications, because that is what most people expect from their software. And also, a replacement that is actually maintainable and maintained, as proven by the fact that it only took me a few hours to fix the wildcard bug in shibari and make it RFC-compliant, whereas you seem to be saying it would be more or less impossible with djbdns - which I'm fully willing to believe.

@ska

It probably would be possible, but it was genuinely a design decision by Bernstein to make wildcards work that way. There were several mailing list discussions.

https://marc.info/?l=djbdns&m=104636747625737&w=2

In this case, working like #djbdns means taking unmodified cdb files and providing the same responses from those data; which is what your WWW page currently says is the #shibari goal.

If taking unmodified data files and giving non-tinydns behaviour instead is the goal, then that WWW page misleads.