From m.ferlitsch at gmail.com Thu Jul 16 11:35:27 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Thu, 16 Jul 2009 17:35:27 +0200 Subject: maradns problem Message-ID: <1900c9640907160835h629a0520gf60a806b4bd2518@mail.gmail.com> Hi, I am using maradns as nameserver on my wrt54gl. I set up a zone file. When I start maradns and make a query via any Tool (http://network-tools.com/nslook) sometimes I get all data which I have defined in the zonefile. But sometimes it happens that one or two NS entries will be forgotten to be transmitted. here my zonefile: domain.com. +3600 SOA ns1.nameserver.com. postmaster at nameserver.com. 2009030601 10800 3600 604800 10800 domain.com. +3600 NS ns1.nameserver.com. domain.com. +3600 NS ns2.nameserver.com. domain.com. +3600 NS ns3.nameserver.com. domain.com. +3600 MX 10 mail.nameserver.com. domain.com. +3600 MX 20 mail2.nameserver.com. domain.com. TXT 'dns.' domain.com. +3600 A IP www.domain.com. +3600 A IP xx.domain.com. +3600 A *.domain.com. +3600 A IP If I run a dns-testtool to my domain sometime it happens that I ge t this failure: NS and ANY request disagree (because the entries from the ANY request are different than the entries from the NS request). But why maradns sometimes forgets to send all the data??? Regards, Markus. From m.ferlitsch at gmail.com Thu Jul 16 12:10:14 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Thu, 16 Jul 2009 18:10:14 +0200 Subject: maradns problem Message-ID: <1900c9640907160910g5c3dc055pbf5e32a242723b97@mail.gmail.com> If I send a ANY request, I should get all record back but why maradns (I use 1.2.07.2-1) sometime forgets some records??? From strenholme.usenet at gmail.com Fri Jul 17 12:57:38 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 17 Jul 2009 11:57:38 -0500 Subject: maradns problem In-Reply-To: <1900c9640907160835h629a0520gf60a806b4bd2518@mail.gmail.com> References: <1900c9640907160835h629a0520gf60a806b4bd2518@mail.gmail.com> Message-ID: <7bd685720907170957m5590404dw98ced67c43b327c4@mail.gmail.com> > When I start maradns and make a query via any Tool > (http://network-tools.com/nslook) sometimes I get all data which I > have defined in the zonefile. But sometimes it happens that one or two > NS entries will be forgotten to be transmitted. > I am unable to reproduce your problem with MaraDNS 1.2.12.10: $ askmara Ndomain.com. 127.0.0.4 # Querying the server with the IP 127.0.0.4 # Question: Ndomain.com. domain.com. +3600 ns ns1.nameserver.com. domain.com. +3600 ns ns3.nameserver.com. domain.com. +3600 ns ns2.nameserver.com. # NS replies: # AR replies: $ askmara Zdomain.com. 127.0.0.4 # Querying the server with the IP 127.0.0.4 # Question: Zdomain.com. domain.com. +3600 ns ns1.nameserver.com. domain.com. +3600 ns ns3.nameserver.com. domain.com. +3600 ns ns2.nameserver.com. domain.com. +3600 soa ns1.nameserver.com. postmaster at nameserver.com. 2009030601 10800 3600 604800 10800 domain.com. +3600 mx 10 mail.nameserver.com. domain.com. +3600 mx 20 mail2.nameserver.com. domain.com. +86400 txt 'dns.' domain.com. +3600 a 10.1.2.3 # NS replies: # AR replies: Here, the NS records in the NS ("N") and ANY ("Z") queries agree. Is the TXT record you supply really 'dns.'? If it's longer, we may be seeing an issue with the 512-byte limit of DNS packets. Please be sure you have updated to 1.2.12.10 if still using the 1.2 branch of MaraDNS. Note that the 1.2 branch is deprecated and will no longer be updated after December 21, 2010. - Sam Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. From hendry at iki.fi Sun Jul 19 07:22:35 2009 From: hendry at iki.fi (Kai Hendry) Date: Sun, 19 Jul 2009 12:22:35 +0100 Subject: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525188 Message-ID: If I understand ipv6 support in maradns correctly, I need recompile it (from the Debian packaged version) in order to host AAAA records don't I? From strenholme.usenet at gmail.com Sun Jul 19 11:20:25 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 19 Jul 2009 10:20:25 -0500 Subject: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525188 In-Reply-To: References: Message-ID: <7bd685720907190820n6df8f824n5df2749d63dbd8a2@mail.gmail.com> > If I understand ipv6 support in maradns correctly, I need recompile it > (from the Debian packaged version) in order to host AAAA records don't > I? > Correct: ./configure --authonly make - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support or if you send me a support concern via private email. This includes non-security bug reports. I do not have the time to maintain a bug tracker for MaraDNS nor handle bug reports sent via private email. Please send MaraDNS non-security bug reports to the MaraDNS mailing list. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. From strenholme.usenet at gmail.com Sun Jul 19 12:21:27 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sun, 19 Jul 2009 11:21:27 -0500 Subject: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525188 In-Reply-To: References: Message-ID: <7bd685720907190921l604731a1q9e4c9a0ed672f774@mail.gmail.com> Remco just wrote a message which got filtered for whatever reason; I'm reposting his message Remco wrote: 2009/7/19 Kai Hendry > If I understand ipv6 support in maradns correctly, I need recompile it > (from the Debian packaged version) in order to host AAAA records don't > I? > If I understand ipv6 support in maradns correctly, I need recompile it > (from the Debian packaged version) in order to host AAAA records don't > I? > Hi Kai, The debian version of maradns should be ok "as is" to host AAAA records. Only when you want to have maradns listen on an ipv6 address does maradns have to be recompiled as an auth-only version. I'm not sure on the behaviour as reported in the bug report :-( I hope Sam might be able to assist you there. Kind regards, Remco My comments: MaraDNS has no problem hosting AAAA records. To listen on an ipv6 address, MaraDNS needs to be recompiled with the "authonly" flag set ("./configure --authonly"). MaraDNS 1 does not support DNS recursion over ipv6; people will just have to wait for MaraDNS 2.0, which I am slowly but surely working on. Right now I'm trying to track down and fix some "crashes about once a day" stuff I'm seeing with the HEAD branch of MaraDNS 2.0. - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support or if you send me a support concern via private email. This includes non-security bug reports. I do not have the time to maintain a bug tracker for MaraDNS nor handle bug reports sent via private email. Please send MaraDNS non-security bug reports to the MaraDNS mailing list. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. (I just spent yesterday expanding the number of form replies I send out to people who ignore all of the above and bug me with MaraDNS support requests or bug reports via private email. I had one very annoying person who flamed me for my "show me the money to get MaraDNS email support" form email, so I now have, in addition to a form reply discussing rates for MaraDNS support, another form reply asking people to file bug reports on the MaraDNS mailing list, yet another form reply telling people they really do need to file their bug report on this MaraDNS mailing list if they didn't hear me the first time, a form reply telling people who flame me when I ask for money that they're being rude and to go away, and even form replies for things like support requests or bug reports for non-MaraDNS software I've written over the years [it's not supported but I'm open to finding maintainers] and support requests for AES crypto [I have a few AES pages, so get a lot of "help me with my class project" emails; the form reply says I don't supply that type of support and to either talk to your teacher and supplies a couple of AES references]). From m.ferlitsch at gmail.com Sun Jul 26 06:16:10 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sun, 26 Jul 2009 12:16:10 +0200 Subject: maradns problem In-Reply-To: <7bd685720907230836y266d96c1x9c67fbc9304125af@mail.gmail.com> References: <1900c9640907160835h629a0520gf60a806b4bd2518@mail.gmail.com> <7bd685720907170957m5590404dw98ced67c43b327c4@mail.gmail.com> <1900c9640907221347o723824a2m3f73b491a56e8a7f@mail.gmail.com> <7bd685720907230836y266d96c1x9c67fbc9304125af@mail.gmail.com> Message-ID: <1900c9640907260316n703e0ebahc5c5e93736a7f23c@mail.gmail.com> Hi, ok, thanks. I will try to update to a newer version. In the changelog I read that maradns 1.???? had problems with ANY requests. I use 1.2.07.2-1, maybe this was fixed later? 2009/7/23, Sam Trenholme : > I don't answer MaraDNS support requests in private email; please send your > question to the MaraDNS mailing list. > > - Sam > > 2009/7/22 Markus Ferlitsch > >> Hi, >> >> ok, thanks. I will try to update to a newer version. In the changelog >> I read that maradns 1.???? had problems with ANY requests. I use >> 1.2.07.2-1, maybe this was fixed later? >> >> 2009/7/17, Sam Trenholme : >> >> When I start maradns and make a query via any Tool >> >> (http://network-tools.com/nslook) sometimes I get all data which I >> >> have defined in the zonefile. But sometimes it happens that one or two >> >> NS entries will be forgotten to be transmitted. >> >> >> > >> > I am unable to reproduce your problem with MaraDNS 1.2.12.10: >> > >> > $ askmara Ndomain.com. 127.0.0.4 >> > # Querying the server with the IP 127.0.0.4 >> > # Question: Ndomain.com. >> > domain.com. +3600 ns ns1.nameserver.com. >> > domain.com. +3600 ns ns3.nameserver.com. >> > domain.com. +3600 ns ns2.nameserver.com. >> > # NS replies: >> > # AR replies: >> > >> > $ askmara Zdomain.com. 127.0.0.4 >> > # Querying the server with the IP 127.0.0.4 >> > # Question: Zdomain.com. >> > domain.com. +3600 ns ns1.nameserver.com. >> > domain.com. +3600 ns ns3.nameserver.com. >> > domain.com. +3600 ns ns2.nameserver.com. >> > domain.com. +3600 soa ns1.nameserver.com. postmaster at nameserver.com. >> > 2009030601 10800 3600 604800 10800 >> > domain.com. +3600 mx 10 mail.nameserver.com. >> > domain.com. +3600 mx 20 mail2.nameserver.com. >> > domain.com. +86400 txt 'dns.' >> > domain.com. +3600 a 10.1.2.3 >> > # NS replies: >> > # AR replies: >> > >> > Here, the NS records in the NS ("N") and ANY ("Z") queries agree. >> > >> > Is the TXT record you supply really 'dns.'? If it's longer, we may be >> > seeing an issue with the 512-byte limit of DNS packets. >> > >> > Please be sure you have updated to 1.2.12.10 if still using the 1.2 >> branch >> > of MaraDNS. Note that the 1.2 branch is deprecated and will no longer >> > be >> > updated after December 21, 2010. >> > >> > - Sam >> > >> > Note: I do not answer MaraDNS support requests sent by private email >> > without >> > being compensated for my time. I will discuss rates if you want this >> > kind >> > of >> > support. Thank you for your understanding. >> > >> > MaraDNS security vulnerability reports, however, will be dealt with >> without >> > charge and kept confidential. >> > >> > From strenholme.usenet at gmail.com Mon Jul 27 23:53:04 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 27 Jul 2009 22:53:04 -0500 Subject: maradns problem In-Reply-To: <1900c9640907260316n703e0ebahc5c5e93736a7f23c@mail.gmail.com> References: <1900c9640907160835h629a0520gf60a806b4bd2518@mail.gmail.com> <7bd685720907170957m5590404dw98ced67c43b327c4@mail.gmail.com> <1900c9640907221347o723824a2m3f73b491a56e8a7f@mail.gmail.com> <7bd685720907230836y266d96c1x9c67fbc9304125af@mail.gmail.com> <1900c9640907260316n703e0ebahc5c5e93736a7f23c@mail.gmail.com> Message-ID: <7bd685720907272053t2e9978c8re0e34c4470aa585e@mail.gmail.com> You know, I really need to work with Remmy to fix this list so messages to the list are sent with a "Reply-To: list at maradns.org" header. MaraDNS is no longer purely a charity project; the program is free to download and use (and modify and redistribute), support on the list is free, but private email support costs you money. ok, thanks. I will try to update to a newer version. In the changelog > I read that maradns 1.???? had problems with ANY requests. I use > 1.2.07.2-1, maybe this was fixed later? > The big 1.0 -> 1.2 change (from half a decade ago) was that ANY queries now return all queries attached to a given RR type. I made some subtle changes to make ANY slightly more RFC compliant, as I recall its relation to wildcard record. ANY should return all queries. If it doesn't, it means you have a packet too large to fit in 512 bytes (Your example doesn't do this, but the actual packet might). That's a limitation of DNS. There is a way of setting up DNS-over-TCP to minimize this issue with MaraDNS, but it's a bit of a pain to set up: http://www.maradns.org/tutorial/dnstcp.html - Sam From ibc at aliax.net Thu Jul 30 10:52:04 2009 From: ibc at aliax.net (=?UTF-8?Q?I=C3=B1aki_Baz_Castillo?=) Date: Thu, 30 Jul 2009 16:52:04 +0200 Subject: About IXFR zone transfer Message-ID: Hi, I've my own server with an authoritative DNS server managing some domains. Also, my hosting provider offers its DNS server as slave DNS server. For now I use mydns-ng. It worked fine and the AXFR transfer worked properly. But my hosting provider started using also IXFR (incremental zone transfer) and after it the transference fails. I upgraded to 1.1 version which implements IXFR but it also fails (so I have out of date SOA and entries in the secondary DNS server). Does MaraDNS implement IXFR zone transfer? My provider (OVH) suggests to use Bind so I assume they have tested IXFR with Bind. PS: Please let me do other short questions in the same mail: - Does MaraDNS support SRV and NAPTR reigsters? - Can MaraDNS server run on a port diffferent than 53 (for testing purposes). - Is there any web interface to manage MaraDNS? I think there is not, but asking is free :) -- I?aki Baz Castillo From strenholme.usenet at gmail.com Thu Jul 30 12:19:30 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 30 Jul 2009 11:19:30 -0500 Subject: About IXFR zone transfer In-Reply-To: References: Message-ID: <7bd685720907300919r2d1c2b4s317bdd459549e00@mail.gmail.com> RTFM. But, since you didn't, I'll help you. Does MaraDNS implement IXFR zone transfer? http://www.maradns.org/tutorial/man.zoneserver.html IXFR requests are incremental zone transfers, meaning that the DNS server should only display records changed since the last IXFR request. *zoneserver *, however, treats an IXFR as if it were an AXFR request, outputting all of the records for the zone in question. - Does MaraDNS support SRV and NAPTR reigsters? http://www.maradns.org/tutorial/man.csv2.html An SRV record stores a "service" definition. This record has four fields: Priority, weight, port, and target. For more information, please refer to RFC 2782. Example: _http._tcp.% SRV 0 0 80 a.% ~ NAPTR records have untested support in the testing release MaraDNS 1.3.13, and are supported via the RAW record in 1.3.07.09: The RAW record is a special meta-record that allows any otherwise unsupported record type to be stored in a csv2 zone file. - Can MaraDNS server run on a port diffferent than 53 (for testing > purposes). http://www.maradns.org/tutorial/man.mararc.html: dns_port This is the port that MaraDNS listens on. This is usually 53 (the default value), but certain unusual MaraDNS setups (such as when resolving dangling CNAME records on but a single IP) may need to have a different value for this. > - Is there any web interface to manage MaraDNS? I think there is not, but > asking is free :) > No. Asking may be free, but answers are only free on the MaraDNS mailing list. You will more quickly get other answers by RTFM. Please start here: http://www.maradns.org/tutorial/tutorial.html - Sam *Note:* I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From ibc at aliax.net Thu Jul 30 13:02:09 2009 From: ibc at aliax.net (=?UTF-8?Q?I=C3=B1aki_Baz_Castillo?=) Date: Thu, 30 Jul 2009 19:02:09 +0200 Subject: About IXFR zone transfer In-Reply-To: <7bd685720907300919r2d1c2b4s317bdd459549e00@mail.gmail.com> References: <7bd685720907300919r2d1c2b4s317bdd459549e00@mail.gmail.com> Message-ID: 2009/7/30 Sam Trenholme : > RTFM. ?But, since you didn't, I'll help you. Thanks. The fact is that I did a search on the main documents appearing in the project page "Documentation" link: http://www.maradns.org/notes.html These are: http://www.maradns.org/tutorial/man.maradns.html http://www.maradns.org/tutorial/man.mararc.html NAPTR and IXFR words don't appear there. Also, NAPTR keyword doesn't appear in the PDF: http://www.maradns.org/download/manpage_reference.pdf And the turorial: http://www.maradns.org/tutorial/tutorial.html contains a lot of pages so it's not very feasibe to open each one and look for some words. Please, understand that I'm looking for a DNS server. I was doing a fast search reading the basic documentation of various DNS servers. It's however the first RTFM I receive in my life. I would suggest you a "Features" section in your web listing the supported features (a short description). IMHO it would be very useful when somebody is choosing a software and has various options. > Does MaraDNS implement IXFR zone transfer? > > http://www.maradns.org/tutorial/man.zoneserver.html > > IXFR requests are incremental zone transfers, meaning that the DNS server > should only display records changed since the last IXFR request. *zoneserver > *, however, treats an IXFR as if it were an AXFR request, outputting all of > the records for the zone in question. > > - Does MaraDNS support SRV and NAPTR reigsters? > > > http://www.maradns.org/tutorial/man.csv2.html > > An SRV record stores a "service" definition. This record has four fields: > Priority, weight, port, and target. For more information, please refer to > RFC 2782. Example: > > _http._tcp.% SRV 0 0 80 a.% ~ > > NAPTR records have untested support in the testing release MaraDNS 1.3.13, > and are supported via the RAW record in 1.3.07.09: > > The RAW record is a special meta-record that allows any otherwise > unsupported record type to be stored in a csv2 zone file. > > - Can MaraDNS server run on a port diffferent than 53 (for testing >> purposes). > > > http://www.maradns.org/tutorial/man.mararc.html: > > dns_port > > This is the port that MaraDNS listens on. This is usually 53 (the default > value), but certain unusual MaraDNS setups (such as when resolving dangling > CNAME records on but a single IP) may need to have a different value for > this. > Thanks a lot for all this useful help. >> - Is there any web interface to manage MaraDNS? I think there is not, but >> asking is free :) >> > > No. > > Asking may be free, but answers are only free on the MaraDNS mailing list. Don't worry, I'm really used to internet maillists, I don't send private mails to software authors asking for private free support. Best regards. -- I?aki Baz Castillo From strenholme.usenet at gmail.com Thu Jul 30 13:20:52 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 30 Jul 2009 12:20:52 -0500 Subject: About IXFR zone transfer In-Reply-To: References: <7bd685720907300919r2d1c2b4s317bdd459549e00@mail.gmail.com> Message-ID: <7bd685720907301020l6adedd2cs8509a96e6115fd89@mail.gmail.com> > The turorial: > http://www.maradns.org/tutorial/tutorial.html > contains a lot of pages so it's not very feasibe to open each one and > look for some words. > Google is your friend. For example, a Google query for "IXFR site: maradns.org" lets you know about MaraDNS' IXFR support. "NAPTR site: maradns.org" lets you know MaraDNS 1.3.08 added NAPTR support. And so on. There's other options to RTFM of course, such as downloading the MaraDNS source code tarball, going to the directory doc/en, then do something like: find . -type f | xargs grep IXFR Which lists all of the files with "IXFR" and the context where "IXFR" is found. Here is an extended form of the query, which only lets us see the files where IXFR is mentioned: $ find . -type f | xargs grep IXFR | cut -f1 -d: | sort -u ./changelog.txt ./man/zoneserver.8 ./misc/dns-record-types.txt ./source/changelog.embed ./source/old.changelog ./source/zoneserver.ej ./text/man.zoneserver.txt ./tutorial/man.zoneserver.html ./webpage/advocacy.embed ./webpage/advocacy.html ./webpage/changelog.html (list all files below the current directory, look for "IXFR" in those files, list only the filename of the file, make it a sorted list with no elements duplicated) It looks like it's time for me to add a "search this site" box to the left side of the MaraDNS web page, and use Google to process the results. - Sam *Note: *I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From strenholme.usenet at gmail.com Thu Jul 30 13:35:47 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 30 Jul 2009 12:35:47 -0500 Subject: About IXFR zone transfer In-Reply-To: <7bd685720907301020l6adedd2cs8509a96e6115fd89@mail.gmail.com> References: <7bd685720907300919r2d1c2b4s317bdd459549e00@mail.gmail.com> <7bd685720907301020l6adedd2cs8509a96e6115fd89@mail.gmail.com> Message-ID: <7bd685720907301035q5e13d7ahb4818a27cb42f600@mail.gmail.com> > It looks like it's time for me to add a "search this site" box to the left > side of the MaraDNS web page, and use Google to process the results. > Done. Because of the code Google provided, it makes more sense for me to place it at the bottom of the "Documentation" page. People going to http://www.maradns.org/notes.html now can see a "Search MaraDNS.org" toolbar at the bottom of the page. This will hopefully help minimize the amount of time users have to wait to get answers to their questions. - Sam From ibc at aliax.net Thu Jul 30 13:37:35 2009 From: ibc at aliax.net (=?UTF-8?Q?I=C3=B1aki_Baz_Castillo?=) Date: Thu, 30 Jul 2009 19:37:35 +0200 Subject: About IXFR zone transfer In-Reply-To: <7bd685720907301035q5e13d7ahb4818a27cb42f600@mail.gmail.com> References: <7bd685720907300919r2d1c2b4s317bdd459549e00@mail.gmail.com> <7bd685720907301020l6adedd2cs8509a96e6115fd89@mail.gmail.com> <7bd685720907301035q5e13d7ahb4818a27cb42f600@mail.gmail.com> Message-ID: 2009/7/30 Sam Trenholme : >> It looks like it's time for me to add a "search this site" box to the left >> side of the MaraDNS web page, and use Google to process the results. >> > > Done. ?Because of the code Google provided, it makes more sense for me to > place it at the bottom of the "Documentation" page. ?People going to > http://www.maradns.org/notes.html now can see a "Search MaraDNS.org" toolbar > at the bottom of the page. > > This will hopefully help minimize the amount of time users have to wait to > get answers to their questions. Really a good addition to the page :) -- I?aki Baz Castillo From strenholme.usenet at gmail.com Thu Jul 30 13:50:51 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 30 Jul 2009 12:50:51 -0500 Subject: About IXFR zone transfer In-Reply-To: References: <7bd685720907300919r2d1c2b4s317bdd459549e00@mail.gmail.com> <7bd685720907301020l6adedd2cs8509a96e6115fd89@mail.gmail.com> <7bd685720907301035q5e13d7ahb4818a27cb42f600@mail.gmail.com> Message-ID: <7bd685720907301050r1d727d99i28fe995ccce35117@mail.gmail.com> > Really a good addition to the page :) > I appreciate the feedback. Just to let you know, I'm working on the next-generation recursive resolver of MaraDNS, which has the code name "Deadwood". Speaking of which, time to get off the list and continue working on resource record rotation with that code. http://maradns.blogspot.com/search/label/Deadwood - Sam From a.lepage at difuzer.com Fri Jul 31 15:57:05 2009 From: a.lepage at difuzer.com (Alexandre Lepage) Date: Fri, 31 Jul 2009 21:57:05 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) Message-ID: <7f6f740810edf1a6f7920f2b54507d5c@localhost> Hi, I have a problem with all my .fr DNS zone. You can see the failure there : http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en The problem is that the server is not even supposed to be recursive. I searched for this error in the ZoneCheck documentation (the software used to pass the test) and... nothing. So if someone could please explain me what this error means, would be really nice ! Thanks -- Alexandre Lepage Difuzer Enr. a.lepage at difuzer.com 418.554.0113 From m.ferlitsch at gmail.com Fri Jul 31 16:13:08 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Fri, 31 Jul 2009 22:13:08 +0200 Subject: maradns server on internet for my domains Message-ID: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> Hi, I want to run my own nameserver which should manage my domains/subdomain... I think I need an ony authoritive version of nameserver. Here my mararc: bind_address="public ip chroot_dir = "/etc/maradns" random_seed_file="/dev/urandom" #recursive_acl="0.0.0.0/0" #ipv4_alias = {} #ipv4_alias["icann"] = "198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90," #ipv4_alias["icann"] += "192.203.230.10, 192.5.5.241, 192.112.36.4," #ipv4_alias["icann"] += "128.63.2.53, 192.36.148.17, 192.58.128.30," #ipv4_alias["icann"] += "193.0.14.129, 199.7.83.42, 202.12.27.33" #maradns_uid=65535 #maradns_gid=65534 #maximum_cache_elements = 1024 #maradns_uid=65534 #default_rrany_set = 15 #timeout_seconds = 5 #max_chain = 15 #max_total = 50 #maxprocs = 20 csv2 = {} csv2["mydomain.com."] = "db.mydomain.com" tcp_convert_acl = "0.0.0.0/0" tcp_convert_server = "public ip" verbose_level = 3 and here my db.mydomain.com: mydomain.com. +3600 SOA ns1.mydns.com. postmaster at mydns.com. 2009030601 10800 3600 604800 10800 mydomain.com. +3600 NS ns1.mydns.com. mydomain.com. +3600 NS ns2.mydns.com. mydomain.com. +3600 MX 10 mail1.sprit.org. mydomain.com. +3600 MX 20 mail2.sprit.org. mail1.sprit.org. +43200 A 85.124.251.70 mail2.sprit.org. +43200 A 85.124.251.70 mydomain.com. TXT 'dns.' mydomain.com. +3600 A ip-webserver www.mydomain.com.. +3600 A ip-webserver xx.mydomain.com. +3600 A ip-webserver *.mydomain.com. +3600 A ip-webserver But when I let to test any web-zonetester (like http://www.zonecheck.fr) I always get errors. Could anyone send me an example of an mararc and a zone-file. I think my files are not complete!? I only want that my nameservers answers to domains which are in the zonefiles (also only authorative). ns1.mydomain.com and ns2.mydomain.com are two subdomains from mydomain.com which points to two ip adresses, where my two nameserver are running. Is this all I must do? greetings, Markus From m.ferlitsch at gmail.com Fri Jul 31 16:14:06 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Fri, 31 Jul 2009 22:14:06 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7f6f740810edf1a6f7920f2b54507d5c@localhost> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> Message-ID: <1900c9640907311314webdd40fkdbf9829f9c27684c@mail.gmail.com> I have go the same problem :) 2009/7/31, Alexandre Lepage : > > Hi, > > I have a problem with all my .fr DNS zone. You can see the failure there : > > http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en > > The problem is that the server is not even supposed to be recursive. I > searched for this error in the ZoneCheck documentation (the software used > to pass the test) and... nothing. > > So if someone could please explain me what this error means, would be > really nice ! > > Thanks > > -- > Alexandre Lepage > Difuzer Enr. > a.lepage at difuzer.com > 418.554.0113 > From strenholme.usenet at gmail.com Fri Jul 31 17:16:20 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 31 Jul 2009 16:16:20 -0500 Subject: maradns server on internet for my domains In-Reply-To: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> References: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> Message-ID: <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> > But when I let to test any web-zonetester (like > http://www.zonecheck.fr) I always get errors. > I can't help you unless you let us know what errors you're getting. As for the request for the example zone file and what not, RTFM; they have examples: http://www.maradns.org/tutorial/authoritative.html A full example mararc file is at the end of this document: http://www.maradns.org/tutorial/man.mararc.html And a full example zone file is in this document: http://www.maradns.org/tutorial/man.csv2.html If you want to find information in MaraDNS' documentation, put in your query at the bottom of this page: http://www.maradns.org/notes.html "Example zone file" for example, gives you the CSV2 man page as its second hit. - Sam* *I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From strenholme.usenet at gmail.com Fri Jul 31 17:20:59 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 31 Jul 2009 16:20:59 -0500 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7f6f740810edf1a6f7920f2b54507d5c@localhost> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> Message-ID: <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> 2009/7/31 Alexandre Lepage > > Hi, > > I have a problem with all my .fr DNS zone. You can see the failure there : > > http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en > Reverse for the nameserver IP address doesn't match - ns2.difuzer.com./213.251.161.162 - ns1.difuzer.com./91.121.92.210 RTFM: http://www.maradns.org/faq.html#rdns --- [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) - ns2.difuzer.com./213.251.161.162 The test is broken. MaraDNS will refuse recursive queries by default for security reasons. Some people have this foolish people that all DNS servers should be recursive. This is a really bad idea from a security standpoint; we're not in the 1980s anymore and it hasn't been feasible to be that open on the internet for a while. Tell the person who made this test to fix it. > > The problem is that the server is not even supposed to be recursive. I > searched for this error in the ZoneCheck documentation (the software used > to pass the test) and... nothing. > Tell the Zonecheck people to write decent documentation for their test suite. If you want to enable recursion: http://www.maradns.org/tutorial/recursive.html - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From m.ferlitsch at gmail.com Fri Jul 31 17:40:58 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Fri, 31 Jul 2009 23:40:58 +0200 Subject: maradns server on internet for my domains In-Reply-To: <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> References: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> Message-ID: <1900c9640907311440t335f5ea8ndee68a5818148303@mail.gmail.com> Hi, the tutorials I have read but it didn't help me :-( Here the errors from zonecheck: w: [TEST nameserver IP reverse]: answer refused from server (IN/PTR: 13.227.109.80.in-addr.arpa.) * ns2.mydns.com./ip2 w: [TEST nameserver IP reverse matching nameserver name]: answer refused from server (IN/PTR: 13.227.109.80.in-addr.arpa.) * ns2.mydns.com./ip2 w: [TEST nameserver IP reverse]: answer refused from server (IN/PTR: 4.73.125.85.in-addr.arpa.) * ns3.mydns.com./ip3 w: [TEST nameserver IP reverse]: answer refused from server (IN/PTR: 130.144.124.85.in-addr.arpa.) * ns1.mydns.com./ip1 w: [TEST nameserver IP reverse matching nameserver name]: answer refused from server (IN/PTR: 4.73.125.85.in-addr.arpa.) * ns3.mydns.com./ip3 w: [TEST nameserver IP reverse matching nameserver name]: answer refused from server (IN/PTR: 130.144.124.85.in-addr.arpa.) * ns1.mydns.com./ip1 ---- fatal ---- f: [TEST check if server is really recursive]: answer refused from server (IN/SOA: net.) * ns2.mydns.com./ip2 * ns3.mydns.com./ip3 * ns1.mydns.com./ip1 What must I add to mararc that the errors disappear? What means the fatal error? 2009/7/31, Sam Trenholme : >> But when I let to test any web-zonetester (like >> http://www.zonecheck.fr) I always get errors. >> > > I can't help you unless you let us know what errors you're getting. > > As for the request for the example zone file and what not, RTFM; they have > examples: > > http://www.maradns.org/tutorial/authoritative.html > > A full example mararc file is at the end of this document: > > http://www.maradns.org/tutorial/man.mararc.html > > And a full example zone file is in this document: > > http://www.maradns.org/tutorial/man.csv2.html > > If you want to find information in MaraDNS' documentation, put in your query > at the bottom of this page: > > http://www.maradns.org/notes.html > > "Example zone file" for example, gives you the CSV2 man page as its second > hit. > > - Sam* > > *I do not answer MaraDNS support requests sent by private email without > being compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. > From strenholme.usenet at gmail.com Fri Jul 31 17:49:04 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Fri, 31 Jul 2009 16:49:04 -0500 Subject: maradns server on internet for my domains In-Reply-To: <1900c9640907311440t335f5ea8ndee68a5818148303@mail.gmail.com> References: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> <1900c9640907311440t335f5ea8ndee68a5818148303@mail.gmail.com> Message-ID: <7bd685720907311449n45fdbc1cm675779c2e0b1bf9f@mail.gmail.com> > the tutorials I have read but it didn't help me :-( > Hopefully someone else will chime in and explain it in a way you can understand. To server example.com, this is your mararc: ipv4_bind_addresses = "10.3.28.79" chroot_dir = "/etc/maradns" csv2 = {} csv2["example.com."] = "db.example.com" Change "10.3.28.79" in to the IP of your DNS server; change example.com to the name of your domain. This is db.example.com: example.com. 10.10.10.12 ~ www.example.com. 10.10.10.12 ~ Can you see where you need to change the names and IPs? The ~ at the end of lines is optional, but if you have it after one record (line) have it after all records. > Here the errors from zonecheck: > Same errors as the email I just answered. Please read the answer I just posted: http://woodlane.webconquest.com/pipermail/list/2009-July/000347.html I'm not going to give you fish; I'm going to teach you how to fish. If I give you a fish, I feed you for one day. If I teach you how to fish, I feed you for life. Everyone else: I just got resource rotation to work with the code that will become MaraDNS' 2.0 recursive resolver: http://maradns.blogspot.com My next task is TTL aging. - Sam I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From m.ferlitsch at gmail.com Fri Jul 31 17:54:21 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Fri, 31 Jul 2009 23:54:21 +0200 Subject: maradns server on internet for my domains In-Reply-To: <7bd685720907311449n45fdbc1cm675779c2e0b1bf9f@mail.gmail.com> References: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> <1900c9640907311440t335f5ea8ndee68a5818148303@mail.gmail.com> <7bd685720907311449n45fdbc1cm675779c2e0b1bf9f@mail.gmail.com> Message-ID: <1900c9640907311454i1abcf8c3l2c4d059d0181b678@mail.gmail.com> ok thanks. Now my server runs But a other problem is that the reverse lookup from ip3 to ns3.mydomain.com doesn't exists. Or is this not important for running a dns server? Should I let set the reverse entry at my provider? 2009/7/31, Sam Trenholme : >> the tutorials I have read but it didn't help me :-( >> > > Hopefully someone else will chime in and explain it in a way you can > understand. > > To server example.com, this is your mararc: > > ipv4_bind_addresses = "10.3.28.79" > chroot_dir = "/etc/maradns" > csv2 = {} > csv2["example.com."] = "db.example.com" > > Change "10.3.28.79" in to the IP of your DNS server; change example.com to > the name of your domain. > > This is db.example.com: > > example.com. 10.10.10.12 ~ > www.example.com. 10.10.10.12 ~ > > Can you see where you need to change the names and IPs? The ~ at the end > of lines is optional, but if you have it after one record (line) have > it after all records. > > >> Here the errors from zonecheck: >> > > Same errors as the email I just answered. Please read the answer I just > posted: > > http://woodlane.webconquest.com/pipermail/list/2009-July/000347.html > > I'm not going to give you fish; I'm going to teach you how to fish. If I > give you a fish, I feed you for one day. If I teach you how to fish, I feed > you for life. > > Everyone else: I just got resource rotation to work with the code that will > become MaraDNS' 2.0 recursive resolver: > > http://maradns.blogspot.com > > My next task is TTL aging. > > - Sam > > I do not answer MaraDNS support requests sent by private email without being > compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. > From a.lepage at difuzer.com Fri Jul 31 17:54:08 2009 From: a.lepage at difuzer.com (Alexandre Lepage) Date: Fri, 31 Jul 2009 23:54:08 +0200 Subject: Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.) In-Reply-To: <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> References: <7f6f740810edf1a6f7920f2b54507d5c@localhost> <7bd685720907311420j4313256fg8295b3ce4f94ffd@mail.gmail.com> Message-ID: <7148005cef82688113991db74810ab47@localhost> Thanks for your answer Sam, I appreciate your help. Actually I wasn't asking help for the two warnings about PTR records, so no need for a "RTFM" ^^ But I will fix it in order to maximize my chances to fix the other error. And about the reverse question... ZoneCheck is te software used by the AFNIC (the association in charge of .fr registration) and I'm pretty sure I'm doing something wrong, because I just get the error since they announced security increasement at the AFNIC. Maybe it's also an incoherence in my zonefile, I must admit I'm not an expert. Here it is : % SOA ns1.difuzer.com. alexbad at videotron.ca. 2009060701 7200 3600 604800 1800 % +60 NS ns1.difuzer.com. % +60 NS ns2.difuzer.com. % +60 91.121.92.210 *.% +60 91.121.92.210 *.% +60 CNAME % % mx 10 % mail.% +86400 IN A 91.121.92.210 % txt 'v=spf1 mx ip4:91.121.92.210 ip4:213.251.161.162 -all' Thanks again On Fri, 31 Jul 2009 16:20:59 -0500, Sam Trenholme wrote: > 2009/7/31 Alexandre Lepage > >> >> Hi, >> >> I have a problem with all my .fr DNS zone. You can see the failure there >> : >> >> http://www.afnic.fr/outils/zonecheck/zc.cgi?zone=difuzer.fr&lang=en >> > > > Reverse for the nameserver IP address doesn't match > > - ns2.difuzer.com./213.251.161.162 > - ns1.difuzer.com./91.121.92.210 > > RTFM: > > http://www.maradns.org/faq.html#rdns > > --- > > [TEST check if server is really recursive]: answer refused from server > (IN/SOA: fr.) > > - ns2.difuzer.com./213.251.161.162 > > The test is broken. MaraDNS will refuse recursive queries by default for > security reasons. Some people have this foolish people that all DNS > servers > should be recursive. This is a really bad idea from a security standpoint; > we're not in the 1980s anymore and it hasn't been feasible to be that open > on the internet for a while. > > Tell the person who made this test to fix it. > > >> >> The problem is that the server is not even supposed to be recursive. I >> searched for this error in the ZoneCheck documentation (the software used >> to pass the test) and... nothing. >> > > Tell the Zonecheck people to write decent documentation for their test > suite. > > If you want to enable recursion: > > http://www.maradns.org/tutorial/recursive.html > > - Sam > > I do not answer MaraDNS support requests sent by private email without > being > compensated for my time. I will discuss rates if you want this kind of > support. Thank you for your understanding. -- Cordialement, Alexandre Lepage Difuzer Enr. a.lepage at difuzer.com 418.554.0113 From m.ferlitsch at gmail.com Fri Jul 31 18:16:07 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Sat, 1 Aug 2009 00:16:07 +0200 Subject: maradns server on internet for my domains In-Reply-To: <1900c9640907311454i1abcf8c3l2c4d059d0181b678@mail.gmail.com> References: <1900c9640907311313l140b95adg85360dc2f4b9556e@mail.gmail.com> <7bd685720907311416t3caee4fam6d690d1cfc203395@mail.gmail.com> <1900c9640907311440t335f5ea8ndee68a5818148303@mail.gmail.com> <7bd685720907311449n45fdbc1cm675779c2e0b1bf9f@mail.gmail.com> <1900c9640907311454i1abcf8c3l2c4d059d0181b678@mail.gmail.com> Message-ID: <1900c9640907311516w4b32d83ahec93c887964ee91d@mail.gmail.com> Hi, now I only have one more error: f: Loopback is not resolvable * ns3.mydomain.com./ip3 * ns1.mydomain.com./ip1 But ns1, ns2 and ns3 have the same config. 2009/7/31, Markus Ferlitsch : > ok thanks. Now my server runs > > But a other problem is that the reverse lookup from ip3 to > ns3.mydomain.com doesn't exists. > > Or is this not important for running a dns server? Should I let set > the reverse entry at my provider? > > 2009/7/31, Sam Trenholme : >>> the tutorials I have read but it didn't help me :-( >>> >> >> Hopefully someone else will chime in and explain it in a way you can >> understand. >> >> To server example.com, this is your mararc: >> >> ipv4_bind_addresses = "10.3.28.79" >> chroot_dir = "/etc/maradns" >> csv2 = {} >> csv2["example.com."] = "db.example.com" >> >> Change "10.3.28.79" in to the IP of your DNS server; change example.com >> to >> the name of your domain. >> >> This is db.example.com: >> >> example.com. 10.10.10.12 ~ >> www.example.com. 10.10.10.12 ~ >> >> Can you see where you need to change the names and IPs? The ~ at the end >> of lines is optional, but if you have it after one record (line) have >> it after all records. >> >> >>> Here the errors from zonecheck: >>> >> >> Same errors as the email I just answered. Please read the answer I just >> posted: >> >> http://woodlane.webconquest.com/pipermail/list/2009-July/000347.html >> >> I'm not going to give you fish; I'm going to teach you how to fish. If I >> give you a fish, I feed you for one day. If I teach you how to fish, I >> feed >> you for life. >> >> Everyone else: I just got resource rotation to work with the code that >> will >> become MaraDNS' 2.0 recursive resolver: >> >> http://maradns.blogspot.com >> >> My next task is TTL aging. >> >> - Sam >> >> I do not answer MaraDNS support requests sent by private email without >> being >> compensated for my time. I will discuss rates if you want this kind of >> support. Thank you for your understanding. >> >