JDNSS: An authoritative-only Java DNS Server

News: I have JDNSS parsing all the DNSSEC resource records; I'm now working on parsing all the requests. Email me if you're interested in being a beta tester. Thanks!

JDNSS is a small DNS server written in Java. It was written to be both more portable and more secure due to its implementation in Java. It is currently intended for use as a "leaf" server as it does not do iterative or recursive lookups for clients, nor does it do any cacheing. It reads zone files listed on the command line. The other command line arguments are as follows:

--port=# listen to UDP and TCP at port number instead of 53.
--threads=# the maximum number of threads to allow (default: 10).
--IPaddress=# listen to IP address number instead of the default for the machine.
--TCP=(true|false) listen to the TCP port (default: true).
--UDP=(true|false) listen to the UDP port (default: true).
--MC=(true|false) listen to the multicast port (default: false).
--MCPort=# multicast port number (default: 5353).
--MCAddress=# multicast address (default:
--MCAddress=# multicast address (default:
--DBClass=(string) The Java driver class for the database (e.g.: com.mysql.jdbc.Driver).
--DBURL=(string) The URL of the database (e.g.: jdbc:mysql://localhost/JDNSS).
--DBUser=(string) The database user name
--DBPass=(string) The database user name
--LogHandler=(Syslogd|CLI|UNIXDomain|Console) specify where log messages will go: a syslog daemon listening on localhost port 514, the command line interface command "logger", the UNIX domain socket, or the console. The default handler sends log messages to syslogd. If you choose Syslogd, make sure you have a syslogd process listening; in FC8 for example one needs a "-r514" in /etc/sysconfig/rsyslog or /etc/default/syslogd.
--SyslogdHost=hostname default: "localhost".
--SyslogdPort=# default: 514.
--RFC2671=(true|false) default: false. Whether or not JDNSS sends back an NOTIMPL message when an EDNS query is sent (e.g. for DNSSEC). Most servers choose to silently ignore these and send back the answer, which is JDNSS's approach too. If you want to send back a NOTIMPL, set this to true. Here is the relevant passage from RFC2671.
Responders who do not understand these protocol extensions are expected to send a response with RCODE NOTIMPL, FORMERR, or SERVFAIL. Therefore use of extensions should be "probed" such that a responder who isn't known to support them be allowed a retry with no extensions if it responds with such an RCODE.
--version display the JDNSS version number and exit.

You can run it via "java -jar JDNSS-1.4.7.jar zone1 zone2" if zone1 and zone2 are two zone files you want to serve. There are also self-extracting executables available for Windows and UNIX. All files are available at: http://sourceforge.net/projects/jdnss/

For a quick test, download and save the test.com then run JDNSS with the following optinso: --port=5300 test/test.com. You should be able to run the following queries (from a different window):

nslookup -port=5300 test.com localhost
nslookup -port=5300 www.test.com localhost
nslookup -port=5300 -type=SOA test.com localhost
nslookup -port=5300 -type=NS test.com localhost
nslookup -port=5300 -type=MX test.com localhost
nslookup -port=5300 -type=AAAA www.test.com localhost
nslookup -port=5300 -type=TXT one.test.com localhost

There is a script for /etc/init.d for UNIX in the jar file; extract it via "jar xf JDNSS-2.0.0.jar etc/jdnss".

There are a lot of tests in the test directory; Test is a shell script that runs them all and checks the output.

Todo: QU/QM, A6