Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.)

Markus Ferlitsch m.ferlitsch at gmail.com
Sun Aug 2 12:35:55 EDT 2009 

Hi,

so I tried the new version from 02.08.2009.

I compiled it with ./configure; make

here is my mararc:

bind_address="ip of ns3"
chroot_dir = "/etc/maradns"
default_rrany_set = 3
csv2 = {}
csv2["mydomain.com."] = "db.mydomain.com"
tcp_convert_acl = "0.0.0.0/0"
tcp_convert_server = "ip of ns3"
verbose_level = 3

But the error from zonecheck still exists:

[TEST check if server is really recursive]: answer refused from server
(IN/SOA: net.)

    * ns2.mydomain.com./ip ns2
    * ns3.mydomain.com./ip ns3
    * ns1.mydomain.com./ip ns1

If I try a NsLookup (http://network-tools.com/nslook/Default.asp) I
only get answers for domains my dns server manage. If I try to ask
data for google.com I get a Query refused, which signs that RA is
really disabled!

Do you have any other idea?

What else did  Alexandre change? Is this your latest mararc?
http://su2.difuzer.com/alex/mararc.txt


2009/8/2, Sam Trenholme <strenholme.usenet at gmail.com>:
>>
>> ok, I recompiled the last patched version
>> (maradns-Q.20090801.1.tar.bz2) and I disabled RA
>> (#recursive_acl="0.0.0.0/0") but the error still exists ([TEST check
>> if server is really recursive]: answer refused from server (IN/SOA:
>> net.))
>>
>
> Markus,
>
> I just released a new MaraDNS snapshot which should fix your issue.  There
> is a bug in MaraDNS with how RA is set which I'm working on fixing so French
> users can register with the AFNIC using MaraDNS as a server.
>
> To download:
>
> http://www.maradns.org/download/1.3/snap/200908/maradns-Q.20090802.1.tar.bz2
>
> Expand the tarball ("tar -xjf maradns-Q.20090802.1.tar.bz2"), enter the
> maradns-Q-20090802.1 directory, then type in "./configure ; make".  Take the
> resulting "maradns" binary located at maradns-Q-20090802.1/server/maradns
> and replace the copy of MaraDNS on your server with this new binary.
>
> Next, make sure recursion is disabled ("recursive_acl" is not set in your
> mararc file), and run this version of MaraDNS.  At this point, you should be
> able to register your domain with AFNIC without any issues stopping the
> registration.
>
> Now that I've helped you, I would like to get some help.
>
> I would like help with making a FAQ entry for people who will have this
> AFNIC issue in the future before I release MaraDNS 1.3.14 later on this
> week.  Is there anything besides the "you have recursion enabled but we
> can't recurse with your DNS server" issue that stops people using MaraDNS
> from registering their .fr domain?
>
> I will add a pointer to http://www.maradns.org/faq.html#rdns because that's
> another issue people have reported here.
>
> OK, here's my plan to release MaraDNS 1.3.14:
>
> * If there's anyone here with a Solaris box handy or an account on a Solaris
> machine, please let me know if the maradns-Q-20090802.1 snapshot (download
> instructions above) compiles on Solaris.  While I don't actively support
> Solaris, I do want my program to be cross-platform enough to compile on
> various OSes for people willing to get things to work without people holding
> their hand.
>
> * I need to set up some automated tests to make sure RA has reasonable
> values.  It should be 0 if MaraDNS doesn't have recursion enabled for people
> who have to deal with AFNIC's nonsense; it should be 1 for recursive replies
> for people who have to deal with brain-dead DNS servers that won't accept
> recursive replies if RA isn't 1.
>
> * Add a FAQ entry for people having to deal with AFNIC's nonsense.  People
> dealing with AFNIC can help me here; just let me know what you had to do to
> get your domain to be happy with AFNIC.  I think the only blocker is the RA
> issue.
>
> At the same time, I will continue working on MaraDNS 2.0.  Deadwood (the
> name for MaraDNS 2.0's recursive resolver) right now has RR rotation work; I
> will get TTL aging to work, then will update the automated tests to handle
> RR rotation/TTL aging, make it possible to disable RR rotation and TTL
> aging, and release Deadwood 2.4.05.
>
> - Sam
>
> Note: I do not answer MaraDNS support requests sent by private email without
> being compensated for my time. I will discuss rates if you want this kind of
> support. Thank you for your understanding.
>

More information about the list mailing list