MaraDNS - a small open-source DNS server

MaraDNS

A small open-source DNS server

Erre con erre cigarro
Erre con erre barril
Rápido ruedan los carros
En el ferrocarril

Main Download Changelog Documentation Search Blog Security

Why use MaraDNS?

MaraDNS is a good solution where you need a currently supported cross-platform recursive DNS server with a small binary footprint (under 64k!) and a relatively small memory footprint (about 2-4 megs with the default settings). As an authoritative server, MaraDNS is a good solution if you have relatively few reasonably static domains (IPs don't change very often) and need a DNS server that very quickly fetches records from memory.

MaraDNS makes a lot of sense on low-end low-cost servers (where any file open or fork() is dog-slow) and on systems where the DNS server is best small. MaraDNS also can make sense for embedded systems (OpenWRT, etc.), but keep in mind that its constant malloc()s and free()s of memory is not ideal with some low-end embedded toolkits.

MaraDNS as an authoritative server is a mature product with over a decade of real-world use. Deadwood, the newer recursive server, is younger: It has existed in some form for five years but has only been fully recursive for two; it has had a fair amount of testing in that time frame.

MaraDNS doesn't make sense if you need DNSSEC, full zone transfers, EDNS, or other newer DNS features. MaraDNS doesn't make sense if you need a server that developers are still adding features to: It is a mature and, barring a large inflow of cash or another open-source developer willing to step up to plate, a finished product.

MaraDNS in the press

MaraDNS has been praised in the press. Here are some examples of books, articles, and papers which discuss MaraDNS:

Mens, Jan-Piet (2008). Alternative DNS Servers: Choice and Deployment, and Optional SQL/LDAP Back-Ends (Paperback). UIT Cambridge Ltd. ISBN 0954452992.
This book devotes an entire chapter to MaraDNS
Danchev, Dancho. How OpenDNS, PowerDNS and MaraDNS remained unaffected by the DNS cache poisoning vulnerability ZDNet.
This article affirms MaraDNS' excellent security design, pointing out that MaraDNS was never vulnerable to the 2008 cache poisoning attacks.
Schroder, Carla (2007). Linux Networking Cookbook (Paperback). O'Reilly. ISBN 0596102488.
This book, on page 545, endorses MaraDNS, stating that "My recommended combination is [...] MaraDNS for a public authoritative server"
João Antunes; Nuno Ferreira Neves; Paulo Veríssimo (2007), Finding Local Resource Exhaustion Vulnerabilities, 18th IEEE International Symposium on Software Reliability Engineering, Trollhättan, Sweden http://homepages.di.fc.ul.pt/~nuno/pubs.html
This article discussion MaraDNS' denial-of-service resistance, pointing out that "Figure 2, for instance, shows that the BIND server performs worse than MaraDNS under the same attack, which means that the later is able to sustain a larger number of attacks than the first"
Rutherford, Matthew J. (2006), Adequate System-Level Testing of Distributed Systems, Department of Computer Science, Boulder, CO, http://mjrutherford.org/node/11
This PhD thesis mentions MaraDNS several times.

MaraDNS is used by a number of ISPs to serve thousands of domains. MaraDNS is used by Boeing. MaraDNS is ready to be used by your business or enterprise.