No subject


Wed May 23 04:33:03 EDT 2007 

I have a NS delegation, and MaraDNS is doing strange things.
In the case of there being a NS delegation, MaraDNS handles recursive
queries and non-recursive DNS queries differently. Basically, unless
you use askmara with the -n option, dig with the +norecuse option, or
nslookup with the -norec option, MaraDNS will try to recursively
resolve the record that is delegated.

The thinking is this: A normal recursive DNS query is usually one
where one wants to know the final DNS output. So, if MaraDNS delegates
a given record to another DNS server, and gets a recursive request for
said query, MaraDNS will recursively resolve the query for you.

For example, let us suppose we have a mararc file that looks like this:

chroot_dir = "/etc/maradns"
ipv4_bind_addresses = "10.1.2.3"
chroot_dir = "/etc/maradns"
recursive_acl = "127.0.0.1/8, 10.0.0.0/8"
csv2 = {}
csv2["example.com."] = "db.example.com"

And a db.example.com file that looks like this:

www.example.com. 	10.1.2.3
joe.example.com. 	NS ns.joe.example.com.
ns.joe.example.com.	A 10.1.2.4

Next, you are trying to find out why www.joe.example.com is not
resolving. If you naively send a query to 10.1.2.3 for
www.joe.example.com as askmara Awww.joe.example.com. 10.1.2.3 or as
dig @10.1.2.3 www.joe.example.com. or as nslookup www.joe.example.com.
10.1.2.3, you will not get any information that will help you solve
the problem, since 10.1.2.3 will try to contact 10.1.2.4 to resolve
www.joe.example.com.

The solution is to run your DNS query client thusly:

    * Askmara would be run thusly:

      askmara -n Awww.joe.example.com. 10.1.2.3

    * Dig would be run thusly:

      dig +norecurse @10.1.2.3 www.joe.example.com

    * Nslookup would be run thusly:

      nslookup -norec www.joe.example.com 10.1.2.3

This will allow you to see that packets MaraDNS actually sends to a
recursive DNS server.

As an aside, this particular problem will not happen if MaraDNS is run
only as an authoritative nameserver.

For future reference, MaraDNS documentation is here:

http://www.maradns.org/notes.html

- Sam

- Sam

More information about the list mailing list