From rlima at servinfo.com.uy Sat Nov 7 08:57:57 2009 From: rlima at servinfo.com.uy (Ricardo Lima) Date: Sat, 7 Nov 2009 10:57:57 -0300 Subject: Using MaraDNS as a content filter Message-ID: <013901ca5fb2$53add8c0$fb098a40$@com.uy> Hi to all, I?m new of mailing list, sorry for any mistake!! I?m working with the OLPC (one laptop per child) project here in Uruguay. About 380.000 kids from public school have already a XO laptop and have internet connection in all the schools of the country. In the schools we are using Dansguardian and it?s working really nice, but when they are not at the school they can surf without limitations. We search to make a filter content in the laptop but we have hardware limitations. Then we contact OpenDNS but we can make modifications that we need because Spanish language and we don?t like the advertisement page when a domain is blocked (the page is fine but all the Google advertisement is not suitable). After surfing a lot we found Mara. It?s possible to do this with Mara??? As I see Mara can protect for malware and other stuff but our first problem is porn and child abuse. I can update the malware list with the list of urlblacklist.org ??? Thanks in advance Ricardo From msibley at crosswire.com Sat Nov 7 11:03:25 2009 From: msibley at crosswire.com (msibley at crosswire.com) Date: Sat, 07 Nov 2009 09:03:25 -0700 Subject: Multilevel wildcards Message-ID: <20091107090325.6999b2cf113030e199ee7c5f61206f2d.ccf533e7f2.wbe@email.secureserver.net> Howdy, I'm trying to use maraDNS handle wildcard redirection. I find that *.foo.% CNAME redirect.example.net. ~ works but, *.*.foo.% CNAME redirect.example.net. ~ doesn't work. Is this a feature or a bug? I have a ton regionally formatted hostnames like: router1.city.state.example.net and I would like to just wildcard all recursing namespace to redirect.example.net. (ultimately a cgi script that knows what hostname it was called as, and subsequently does cool things) Is there a way to wildcard deep namespaces that doesn't involve creating many zone files? (read as: without making automating zone creation difficult) Thanks in advance! Matt From strenholme.usenet at gmail.com Sat Nov 7 13:50:50 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 7 Nov 2009 12:50:50 -0600 Subject: Using MaraDNS as a content filter In-Reply-To: <013901ca5fb2$53add8c0$fb098a40$@com.uy> References: <013901ca5fb2$53add8c0$fb098a40$@com.uy> Message-ID: <7bd685720911071050u26e1cc90g23c0833d37404566@mail.gmail.com> > We search to make a filter content in the laptop but we have hardware > limitations. Then we contact OpenDNS but we can make modifications that we > need because Spanish language and we don?t like the advertisement page when > a domain is blocked (the page is fine but all the Google advertisement is > not suitable). After surfing a lot we found Mara. My opinion of OpenDNS: I sent them my resume. They never got back to me. Not exactly impressive. > It?s possible to do this with Mara??? I just added a FAQ entry yesterday: http://www.maradns.org/faq.html#phishing 46. Can MaraDNS offer protection from phishing and malicious sites? Yes. Here is a webpage that explains how its done: http://www.malwaredomains.com/?p=288 > I can update the malware list with the list of urlblacklist.org ??? Probably. Can you program in Perl? There's a ready-made script to do this with malwaredomains.org (see above=; it shouldn't be too difficult to modify it to work with other blacklists. Converting it is left as an exercise for the reader. :) - Samuel From strenholme.usenet at gmail.com Sat Nov 7 13:54:10 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 7 Nov 2009 12:54:10 -0600 Subject: Multilevel wildcards In-Reply-To: <20091107090325.6999b2cf113030e199ee7c5f61206f2d.ccf533e7f2.wbe@email.secureserver.net> References: <20091107090325.6999b2cf113030e199ee7c5f61206f2d.ccf533e7f2.wbe@email.secureserver.net> Message-ID: <7bd685720911071054s5e80def2x3b707431013e3162@mail.gmail.com> > *.*.foo.% CNAME redirect.example.net. ~ > > doesn't work. Is this a feature or a bug? *.foo.example.com. covers anything that ends in "foo.example.com", such as "a.foo.example.com", "a.b.foo.example.com.", "c.a.b.foo.example.com", etc. - Sam From strenholme.usenet at gmail.com Sat Nov 7 13:59:39 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Sat, 7 Nov 2009 12:59:39 -0600 Subject: Reminder for new subscribers Message-ID: <7bd685720911071059r30f78638m3b231bdce276d863@mail.gmail.com> As a reminder for new subscribers to the list: I do not answer MaraDNS support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. There's a reason there's a reply-to: list at maradns.org header in messages sent to the list. - Sam From msibley at crosswire.com Sat Nov 7 14:25:16 2009 From: msibley at crosswire.com (msibley at crosswire.com) Date: Sat, 07 Nov 2009 12:25:16 -0700 Subject: Multilevel wildcards Message-ID: <20091107122516.6999b2cf113030e199ee7c5f61206f2d.bab2eea48f.wbe@email.secureserver.net> -------- Original Message -------- Subject: Re: Multilevel wildcards From: Sam Trenholme Date: Sat, November 07, 2009 1:54 pm To: list at maradns.org > *.*.foo.% CNAME redirect.example.net. ~ > > doesn't work. Is this a feature or a bug? *.foo.example.com. covers anything that ends in "foo.example.com", such as "a.foo.example.com", "a.b.foo.example.com.", "c.a.b.foo.example.com", etc. - Sam Thanks Sam! I decided to use csv2_default_zone feature to fix this. It is a bit cleaner to configure. I'll just run a second instance of the daemon to handle recursion. (since csv2_default_zone precludes it) Thanks! Matt From kyler-keyword-maradns10.e74014 at lairds.com Tue Nov 17 22:04:18 2009 From: kyler-keyword-maradns10.e74014 at lairds.com (Kyler Laird) Date: Tue, 17 Nov 2009 21:04:18 -0600 Subject: WKS query handling for CSV2 star entries Message-ID: <20091118030418.GX24381@lairds.com> If I use csv2["*.ucmerced.edu."] = "star.ucmerced.edu.csv2" I get an error for WKS queries to matching domains. $ host -t wks eecs.ucmerced.edu engdns00.ucmerced.edu eecs.ucmerced.edu WKS record query refused by engdns00.ucmerced.edu Nov 18 02:48:24 engdns00 maradns.etc_maradns_mararc: Query from: 207.42.123.4 Ueecs.ucmerced.edu. Nov 18 02:48:24 engdns00 maradns.etc_maradns_mararc: Log: Bad query received: 9\027\001\000\000\001\000\000\000\000\000\000\004eecs\010ucmerced\003edu\000\000\013\000\001 If I add a record for just that domain csv2["eecs.ucmerced.edu."] = "star.ucmerced.edu.csv2" it works as expected. $ host -t wks eecs.ucmerced.edu engdns00.ucmerced.edu eecs.ucmerced.edu has no WKS record at engdns00.ucmerced.edu (Authoritative answer) It seems that sendmail uses WKS queries so mail to my domains from such systems has been failing due to DNS timeouts(?!). --kyler From remco at webconquest.com Tue Nov 17 22:48:11 2009 From: remco at webconquest.com (Remco Rijnders) Date: Wed, 18 Nov 2009 04:48:11 +0100 Subject: WKS query handling for CSV2 star entries In-Reply-To: <20091118030418.GX24381@lairds.com> References: <20091118030418.GX24381@lairds.com> Message-ID: <077713FF-768C-4DA2-8238-5113F8E5432C@webconquest.com> Op 18 nov 2009, om 04:04 heeft Kyler Laird het volgende geschreven: > If I use > csv2["*.ucmerced.edu."] = "star.ucmerced.edu.csv2" > I get an error for WKS queries to matching domains. > $ host -t wks eecs.ucmerced.edu engdns00.ucmerced.edu > eecs.ucmerced.edu WKS record query refused by engdns00.ucmerced.edu > > Nov 18 02:48:24 engdns00 maradns.etc_maradns_mararc: Query from: > 207.42.123.4 Ueecs.ucmerced.edu. > Nov 18 02:48:24 engdns00 maradns.etc_maradns_mararc: Log: Bad > query received: 9\027\001\000\000\001\000\000\000\000\000\000\004eecs > \010ucmerced\003edu\000\000\013\000\001 > > If I add a record for just that domain > csv2["eecs.ucmerced.edu."] = "star.ucmerced.edu.csv2" > it works as expected. > $ host -t wks eecs.ucmerced.edu engdns00.ucmerced.edu > eecs.ucmerced.edu has no WKS record at engdns00.ucmerced.edu > (Authoritative answer) > > It seems that sendmail uses WKS queries so mail to my domains from > such > systems has been failing due to DNS timeouts(?!). Hi Kyler, I'm not sure what exactly goes wrong here, but it seems odd to me that you are trying to create a seperate zone file for each host in your domain. I don't think a construct like csv2["*.ucmerced.edu."] is ever going to work. What you should do instead is create a single zone file for your domain, so: csv2["ucmerced.edu."] = "ucmerced.edu.csv2" And in that .csv2 file put all your domain records, like the WKS record for your domain. I don't know the format of WKS records, so I'll give an example A record for * instead from one of my .csv2 files: *.serenity-irc.net. +43200 a 66.252.28.126 I hope this helps. Kind regards, Remco