Patch Selection

Apart from making djbdns IPv6 capable with the patch from Felix von Leitner we only apply patches which are deemed to fix bugs or DNS security issues:

• 0001-dnscache-merge-similar-outgoing-queries.patch
• 0002-dnscache-cache-soa-records.patch
• compiler-temporary-filename.patch
• dnscache-strict-forwardonly.patch
• tinydns-alias-chain-truncation.patch
• tinydns-data-semantic-error.patch
• dnscache-cname-handling.patch
• 0003-djbdns-misformats-some-long-response-packets-patch-a.diff

Finally we changed the compile and link instructions to use diet libc

Notes:

• IPv6: Without any special reasons we took the patch from dbndns which is older than the one published by Felix von Leitern (test23 vs. test28).
• On purpose we do not include dnssec patches.
• At least the following sources have been considered:
  • https://jdebp.eu/FGA/djbdns-problems.html
  • http://www.your.org/dnscache/
  • https://www.ohse.de/uwe/patches.html
  • https://github.com/henryk/tinydnssec
  • http://www.tinydnssec.org/

Patch Application

Since the patches do not apply cumulatively we merged them by applying each one in a pristine darcs repository of djbdns-1.05 and then merged them together in a final darcs repository. The resulting conflicts were naively resolved by hand. The repository is published as djbdns on our server.