Consulting djbware Publications



walldns handles statelessly iterative PTR and A/AAAA queries for your domain responding with a generic answer and thus not disclosing information about your used IP name space. Any PTR queries will return IPv4 and IPv6 names from the domain or within the responses. walldns thus needs a delegation for your reverse zone from your superior name server. It is able to encrypt DNS queries and decrypt DNS responses using the DNSCurve format in the 'streamline' as well as in the 'txt' format. walldns however, does not support DNSSec. walldns can simultaneously bind to IPv4 and IPv6 network addresses and supports 'reverse IPv6-anycasting'.


System Setup

It is preferrable to install D.J. Bernsteins's daemontools or Bruce Guenter's daemontools-encore. Further alternatives are Gerrit Pape's runit though in principal systemd and any of its derivates or the s6 toolbox to manage Unix services will do.

Given the first two, walldns-conf can be successfully applied to setup walldns.

walldns runs chrooted under a particular user, typically walldns. while located usually at /etc/walldns.

The run script for walldns looks like:

#!/bin/sh exec 2>&1 exec envdir ./env sh -c ' exec envuidgid walldns /usr/local/bin/walldns '

Here, envdir is used to source walldns's ./env directory and populating the required environment variables.

walldns logs to STDOUT which shall be managed by multilog with a dedicated systems user and rotation capability.

A run script for multilog can be very generic:

#!/bin/sh exec setuidgid daemon multilog t s1677721 /var/log/walldns

It should be noted, that walldns writes condensed log lines without a timestamp while appending this to the current file. Thus, it is advisable to restrict the logfile size.

Service Configuration

walldns can run in two different security modes:

The main walldns settings are provided in the directory ./env. Here one defines in particular files:

Content Configuration

Though walldns comes with a ./root/ directory which is automatically raised by means of walldns-conf walldns does not require a particular setting of its DNS content. All DNS responses are generated automatically from the query.