Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.)

Sun Aug 2 12:58:10 EDT 2009

Tests performed by ZoneCheck sucks a lot, so the error may be coming from
another one. Do you have other errors/warnings ? Show us your mararc file
and the zone concerned.

On Sun, 2 Aug 2009 18:35:55 +0200, Markus Ferlitsch <m.ferlitsch at gmail.com>
wrote:
> Hi,
> 
> so I tried the new version from 02.08.2009.
> 
> I compiled it with ./configure; make
> 
> here is my mararc:
> 
> bind_address="ip of ns3"
> chroot_dir = "/etc/maradns"
> default_rrany_set = 3
> csv2 = {}
> csv2["mydomain.com."] = "db.mydomain.com"
> tcp_convert_acl = "0.0.0.0/0"
> tcp_convert_server = "ip of ns3"
> verbose_level = 3
> 
> But the error from zonecheck still exists:
> 
> [TEST check if server is really recursive]: answer refused from server
> (IN/SOA: net.)
> 
>     * ns2.mydomain.com./ip ns2
>     * ns3.mydomain.com./ip ns3
>     * ns1.mydomain.com./ip ns1
> 
> If I try a NsLookup (http://network-tools.com/nslook/Default.asp) I
> only get answers for domains my dns server manage. If I try to ask
> data for google.com I get a Query refused, which signs that RA is
> really disabled!
> 
> Do you have any other idea?
> 
> What else did  Alexandre change? Is this your latest mararc?
> http://su2.difuzer.com/alex/mararc.txt
> 
> 
> 2009/8/2, Sam Trenholme <strenholme.usenet at gmail.com>:
>>>
>>> ok, I recompiled the last patched version
>>> (maradns-Q.20090801.1.tar.bz2) and I disabled RA
>>> (#recursive_acl="0.0.0.0/0") but the error still exists ([TEST check
>>> if server is really recursive]: answer refused from server (IN/SOA:
>>> net.))
>>>
>>
>> Markus,
>>
>> I just released a new MaraDNS snapshot which should fix your issue. 
>> There
>> is a bug in MaraDNS with how RA is set which I'm working on fixing so
>> French
>> users can register with the AFNIC using MaraDNS as a server.
>>
>> To download:
>>
>>
http://www.maradns.org/download/1.3/snap/200908/maradns-Q.20090802.1.tar.bz2
>>
>> Expand the tarball ("tar -xjf maradns-Q.20090802.1.tar.bz2"), enter the
>> maradns-Q-20090802.1 directory, then type in "./configure ; make".  Take
>> the
>> resulting "maradns" binary located at
maradns-Q-20090802.1/server/maradns
>> and replace the copy of MaraDNS on your server with this new binary.
>>
>> Next, make sure recursion is disabled ("recursive_acl" is not set in
your
>> mararc file), and run this version of MaraDNS.  At this point, you
should
>> be
>> able to register your domain with AFNIC without any issues stopping the
>> registration.
>>
>> Now that I've helped you, I would like to get some help.
>>
>> I would like help with making a FAQ entry for people who will have this
>> AFNIC issue in the future before I release MaraDNS 1.3.14 later on this
>> week.  Is there anything besides the "you have recursion enabled but we
>> can't recurse with your DNS server" issue that stops people using
MaraDNS
>> from registering their .fr domain?
>>
>> I will add a pointer to http://www.maradns.org/faq.html#rdns because
>> that's
>> another issue people have reported here.
>>
>> OK, here's my plan to release MaraDNS 1.3.14:
>>
>> * If there's anyone here with a Solaris box handy or an account on a
>> Solaris
>> machine, please let me know if the maradns-Q-20090802.1 snapshot
>> (download
>> instructions above) compiles on Solaris.  While I don't actively support
>> Solaris, I do want my program to be cross-platform enough to compile on
>> various OSes for people willing to get things to work without people
>> holding
>> their hand.
>>
>> * I need to set up some automated tests to make sure RA has reasonable
>> values.  It should be 0 if MaraDNS doesn't have recursion enabled for
>> people
>> who have to deal with AFNIC's nonsense; it should be 1 for recursive
>> replies
>> for people who have to deal with brain-dead DNS servers that won't
accept
>> recursive replies if RA isn't 1.
>>
>> * Add a FAQ entry for people having to deal with AFNIC's nonsense. 
>> People
>> dealing with AFNIC can help me here; just let me know what you had to do
>> to
>> get your domain to be happy with AFNIC.  I think the only blocker is the
>> RA
>> issue.
>>
>> At the same time, I will continue working on MaraDNS 2.0.  Deadwood (the
>> name for MaraDNS 2.0's recursive resolver) right now has RR rotation
>> work; I
>> will get TTL aging to work, then will update the automated tests to
>> handle
>> RR rotation/TTL aging, make it possible to disable RR rotation and TTL
>> aging, and release Deadwood 2.4.05.
>>
>> - Sam
>>
>> Note: I do not answer MaraDNS support requests sent by private email
>> without
>> being compensated for my time. I will discuss rates if you want this
kind
>> of
>> support. Thank you for your understanding.
>>

-- 
Cordialement,
Alexandre Lepage
Difuzer Enr.
a.lepage at difuzer.com
418.554.0113