From duff0097 at gmail.com Thu Oct 1 14:27:23 2009 From: duff0097 at gmail.com (Bryan Duff) Date: Thu, 1 Oct 2009 13:27:23 -0500 Subject: problem zone transfer In-Reply-To: <7bd685720909281859l8436d6dl4f499f7b813a1170@mail.gmail.com> References: <200909241854243591806@mail.ru> <200909260049396403338@mail.ru> <200909260530167817623@mail.ru> <200909261516296406967@mail.ru> <7bd685720909260448j71b642d4m58d4cea69b5b8be2@mail.gmail.com> <7bd685720909281013k3e70263dgc85110d6d59aa6f5@mail.gmail.com> <7bd685720909281859l8436d6dl4f499f7b813a1170@mail.gmail.com> Message-ID: If we do go this route, it may be the January route - this issue just not that pressing at present. But that may change. Thank you. -Bryan On Mon, Sep 28, 2009 at 8:59 PM, Sam Trenholme wrote: > > As for your costs, give me a final number $200? $500? All I know is > I'll > > need a flat fee (there's no way I can do hours). > > OK, a MSDN subscription to buy any and all OSes Microsoft has made > will cost me $700. Add another $200 to fix this bug (and to cover > PayPal overhead) and I can do it for $900. As I understand it, this > MSDN subscription allows me to download and use any and all versions > of Windows > > http://msdn.microsoft.com/en-us/subscriptions/buy.aspx > > If you want to do it on the cheap, you'll have to wait until around > the new year for me to get the fix done. I can purchase Windows > Server 2003 from Newegg.com for $420 and pick it up around Christmas > time with I'm with my family for the holidays. Add $150 for my time > (since you'll be waiting so long for me to do it), and that gives you > a price of $570: > > > http://www.newegg.com/Product/Product.aspx?Item=N82E16832116435&nm_mc=OTC-Froogle&cm_mmc=OTC-Froogle-_-Software+-+Servers-_-Microsoft-_-32116435 > > So, those are your quotes: $900 now, or $570 if you can wait until January. > > Thanks for your interest in helping sponsor MaraDNS! > From strenholme.usenet at gmail.com Thu Oct 1 14:42:02 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 1 Oct 2009 13:42:02 -0500 Subject: problem zone transfer In-Reply-To: References: <200909241854243591806@mail.ru> <200909260049396403338@mail.ru> <200909260530167817623@mail.ru> <200909261516296406967@mail.ru> <7bd685720909260448j71b642d4m58d4cea69b5b8be2@mail.gmail.com> <7bd685720909281013k3e70263dgc85110d6d59aa6f5@mail.gmail.com> <7bd685720909281859l8436d6dl4f499f7b813a1170@mail.gmail.com> Message-ID: <7bd685720910011142m388eec31t364099eb674f49a5@mail.gmail.com> > If we do go this route, it may be the January route - this issue just not > that pressing at present. ?But that may change. You will have to let me know by early November; I need time for the Windows 2003 server CD and key to arrive after I order it. One less expensive solution is to write a program that will read a zone file from MaraDNS and make the zone a BIND-compatible zone file, and then use some scripts to automatically move the zones from one machine to another once a day. I'm willing to do this for $250, including the Windows service that moves the zones from one machine to another. I assume Microsoft DNS can, for the most part, read BIND zone files. Or you can use a Windows version of BIND load the zone files and serve your zones; if this program has problems, I'm willing to fix the bugs free of charge (since MaraDNS really needs to work with BIND, and since it doesn't cost me anything to run BIND). As an aside, I am looking to come back to the United States and work in the tech industry up there again. If you're interested in hiring me, a version of my resume is here: http://www.samiam.org/resume/ I would be especially interested in working in California or Georgia. - Sam Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From duff0097 at gmail.com Thu Oct 1 18:59:27 2009 From: duff0097 at gmail.com (Bryan Duff) Date: Thu, 1 Oct 2009 17:59:27 -0500 Subject: problem zone transfer In-Reply-To: <7bd685720910011142m388eec31t364099eb674f49a5@mail.gmail.com> References: <200909241854243591806@mail.ru> <200909260530167817623@mail.ru> <200909261516296406967@mail.ru> <7bd685720909260448j71b642d4m58d4cea69b5b8be2@mail.gmail.com> <7bd685720909281013k3e70263dgc85110d6d59aa6f5@mail.gmail.com> <7bd685720909281859l8436d6dl4f499f7b813a1170@mail.gmail.com> <7bd685720910011142m388eec31t364099eb674f49a5@mail.gmail.com> Message-ID: > You will have to let me know by early November; I need time for the > Windows 2003 server CD and key to arrive after I order it. > Ok. > > One less expensive solution is to write a program that will read a > zone file from MaraDNS and make the zone a BIND-compatible zone file, > and then use some scripts to automatically move the zones from one > machine to another once a day. I'm willing to do this for $250, > including the Windows service that moves the zones from one machine to > another. I assume Microsoft DNS can, for the most part, read BIND > zone files. > Microsoft DNS can read BIND. So that is a workaround - zone transfer from MaraDNS to BIND and then to Microsoft DNS. > > Or you can use a Windows version of BIND load the zone files and serve > your zones; if this program has problems, I'm willing to fix the bugs > free of charge (since MaraDNS really needs to work with BIND, and > since it doesn't cost me anything to run BIND). > > As an aside, I am looking to come back to the United States and work > in the tech industry up there again. If you're interested in hiring > me, a version of my resume is here: > > http://www.samiam.org/resume/ > > I would be especially interested in working in California or Georgia. > Unforunately, I'm located in Minnesota - Twin Cities (which is kind of like living in Moscow as far as weather). Nonetheless, I'll keep your interest in mind. > - Sam > > Note: I do not answer MaraDNS support requests sent by private email > without being compensated for my time. I will discuss rates if you > want this kind of support. Thank you for your understanding. > -Bryan From strenholme.usenet at gmail.com Thu Oct 1 19:32:40 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Thu, 1 Oct 2009 18:32:40 -0500 Subject: problem zone transfer In-Reply-To: References: <200909241854243591806@mail.ru> <200909261516296406967@mail.ru> <7bd685720909260448j71b642d4m58d4cea69b5b8be2@mail.gmail.com> <7bd685720909281013k3e70263dgc85110d6d59aa6f5@mail.gmail.com> <7bd685720909281859l8436d6dl4f499f7b813a1170@mail.gmail.com> <7bd685720910011142m388eec31t364099eb674f49a5@mail.gmail.com> Message-ID: <7bd685720910011632s16f4c5b6ne3ab5ded0a9f4a36@mail.gmail.com> > Microsoft DNS can read BIND. ?So that is a workaround - zone transfer from > MaraDNS to BIND and then to Microsoft DNS. Yes, and this workaround may work better for you. > Unforunately, I'm located in Minnesota - Twin Cities (which is kind of like > living in Moscow as far as weather). ?Nonetheless, I'll keep your interest > in mind. Thanks a lot for your consideration. To be honest, I would prefer sunny California (or Georgia, or Arizona) but I will seriously consider anywhere in the US, taking in to account what my salary will be, the cost of living in the area, and what my girlfriend thinks about the idea. I actually have some indirect family in that area; my stepdad is from Minnesota and a lot of his family is still up there. Very friendly people. - Sam From m.ferlitsch at gmail.com Fri Oct 2 06:35:56 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Fri, 2 Oct 2009 12:35:56 +0200 Subject: problem with CNAME record Message-ID: <1900c9640910020335p2c69e2b2gacf044ca2102c681@mail.gmail.com> Hi, I have following problem: this record works *.domain.com. +3600 CNAME google.de. this one sucks :-( *.domain.com. +3600 CNAME example.com/index.php?from=test. Why the second record sucks? How must I enter it correctly? greetings, Markus From remco at webconquest.com Fri Oct 2 06:53:21 2009 From: remco at webconquest.com (Remco Rijnders) Date: Fri, 2 Oct 2009 12:53:21 +0200 (CEST) Subject: problem with CNAME record In-Reply-To: <1900c9640910020335p2c69e2b2gacf044ca2102c681@mail.gmail.com> References: <1900c9640910020335p2c69e2b2gacf044ca2102c681@mail.gmail.com> Message-ID: On Fri, October 2, 2009 12:35, Markus Ferlitsch wrote: > this record works > > *.domain.com. +3600 CNAME google.de. > > this one sucks :-( > > *.domain.com. +3600 CNAME example.com/index.php?from=test. > > Why the second record sucks? How must I enter it correctly? Hi Markus, maradns is a DNS server. The CNAME you have entered above is not a valid DNS record and neither maradns nor any other DNS server will be able to do what you're trying to do here (return an URL rather than an IP-address or hostname). You can get the desired result by configuring your webserver to respond differently based upon the hostname used (for example, load a different page for abc.example.com than for def.example.com). Read up on the documentation of your webserver on how to do this. HINT: If you run apache, look up the NameVirtualHost directive. I hope this helps. Kind regards, Remco From m.ferlitsch at gmail.com Fri Oct 2 08:05:27 2009 From: m.ferlitsch at gmail.com (Markus Ferlitsch) Date: Fri, 2 Oct 2009 14:05:27 +0200 Subject: problem with CNAME record In-Reply-To: References: <1900c9640910020335p2c69e2b2gacf044ca2102c681@mail.gmail.com> Message-ID: <1900c9640910020505i306f433axc60154160fc47750@mail.gmail.com> ok thanks, I thought maybe I don't need an http-server for url forwarding. 2009/10/2, Remco Rijnders : > On Fri, October 2, 2009 12:35, Markus Ferlitsch wrote: > >> this record works >> >> *.domain.com. +3600 CNAME google.de. >> >> this one sucks :-( >> >> *.domain.com. +3600 CNAME example.com/index.php?from=test. >> >> Why the second record sucks? How must I enter it correctly? > > Hi Markus, > > maradns is a DNS server. The CNAME you have entered above is not a valid > DNS record and neither maradns nor any other DNS server will be able to do > what you're trying to do here (return an URL rather than an IP-address or > hostname). > > You can get the desired result by configuring your webserver to respond > differently based upon the hostname used (for example, load a different > page for abc.example.com than for def.example.com). Read up on the > documentation of your webserver on how to do this. HINT: If you run > apache, look up the NameVirtualHost directive. > > I hope this helps. > > Kind regards, > > Remco > > From KenL at GraphixWizard.com Fri Oct 2 08:55:53 2009 From: KenL at GraphixWizard.com (Ken Lyons - Graphix Wizard/Data-Forms) Date: Fri, 02 Oct 2009 08:55:53 -0400 Subject: problem with CNAME record In-Reply-To: <2009-275-08-0-1254485137-005075@gwizfl.org> References: <1900c9640910020335p2c69e2b2gacf044ca2102c681@mail.gmail.com> <2009-275-08-0-1254485137-005075@gwizfl.org> Message-ID: <2009-275-08-5-1254487879-000974@gwizfl.org> RE: ok thanks, I thought maybe I don't need an http-server for url forwarding. DNS is just a phonebook: Name to a number (A record), Name to a Name (CNAME) and Number to a Name (PTR). URLs are all part of the HTTP system thus require a server. Based on request, you could do *.domain.com cname example.com. in dns..so example.com server would get the requests. The server would need to be setup with virtual hosting..since the request would still appear to before *.domain.com. I would normally setup a index.cgi script to redirect to where you want the user to go to, or use extra features proveded by the HTTP Server tp same end. Ken Lyons / e/Solutions / IT Services *GraphixWizard/Data-Forms* */Toll Free/* 800.447.3676 */Direct/* 407.656.9742 */Fax/* 407.656.3353 kenl at graphixwizard.com hosting.graphixwizard.com Markus Ferlitsch wrote: > ok thanks, I thought maybe I don't need an http-server for url forwarding. > > 2009/10/2, Remco Rijnders : > >> On Fri, October 2, 2009 12:35, Markus Ferlitsch wrote: >> >> >>> this record works >>> >>> *.domain.com. +3600 CNAME google.de. >>> >>> this one sucks :-( >>> >>> *.domain.com. +3600 CNAME example.com/index.php?from=test. >>> >>> Why the second record sucks? How must I enter it correctly? >>> >> Hi Markus, >> >> maradns is a DNS server. The CNAME you have entered above is not a valid >> DNS record and neither maradns nor any other DNS server will be able to do >> what you're trying to do here (return an URL rather than an IP-address or >> hostname). >> >> You can get the desired result by configuring your webserver to respond >> differently based upon the hostname used (for example, load a different >> page for abc.example.com than for def.example.com). Read up on the >> documentation of your webserver on how to do this. HINT: If you run >> apache, look up the NameVirtualHost directive. >> >> I hope this helps. >> >> Kind regards, >> >> Remco >> >> >> > > > > From jakob.blomer at cern.ch Wed Oct 21 08:19:14 2009 From: jakob.blomer at cern.ch (Jakob Blomer) Date: Wed, 21 Oct 2009 14:19:14 +0200 Subject: Delivery of non-cached replies Message-ID: <4ADEFC42.2050802@cern.ch> Hi, I currently try to include Deadwood as caching DNS server in the CernVM appliance. So Deadwood will in certain setups talk to the DNS servers of a virtual machine monitor's NAT layer. I had a particular problem with VMware Fusion and negative replies. Deadwood is not able to cache such answers with the error "Empty packet" and then drops the reply. I uploaded a small tcpdump file where I queried for an non-existing domain: https://jblomer.web.cern.ch/jblomer/dns-nxdomain.dump. The DNS chain is: 172.16.8.129 (virtual machine running Deadwood) --> 172.16.8.2 (VMware Fusion's NAT DNS) --> 137.138.16.5 (Cern DNS Server). While I didn't look into the particular problem, as a workaround it would be helpful to deliver a DNS response, even if it could not be added to the cache. Since this way all sorts of crap is possibly delivered, perhaps this behaviour can be added optionally (see patch below). Cheers, Jakob diff -u ../../deadwood-2.3.04/src/DwMararc.c ./DwMararc.c --- ../../deadwood-2.3.04/src/DwMararc.c 2009-05-21 23:02:20.000000000 +0200 +++ ./DwMararc.c 2009-10-21 13:41:30.000000000 +0200 @@ -28,7 +28,7 @@ /* Number of dictionary parameters in the mararc file */ #define KEY_D_COUNT 1 /* Number of numeric parameters in the mararc file */ -#define KEY_N_COUNT 15 +#define KEY_N_COUNT 16 dwm_fs fsm[DWM_MAX_STATES + 1]; /* Finite state machine */ dw_str *key_s[KEY_S_COUNT + 1]; /* All of the string dwood2rc parameters */ @@ -72,6 +72,7 @@ "num_retries", /* Number of times we try to connect to an upstream * server before giving up */ "verbose_level", /* How verbose our logging should be */ + "deliver_all", /* Deliver non-cachable replies */ 0 }; char *fsm_desc=dwm_machine; diff -u ../../deadwood-2.3.04/src/DwMararc.h ./DwMararc.h --- ../../deadwood-2.3.04/src/DwMararc.h 2009-05-21 23:02:20.000000000 +0200 +++ ./DwMararc.h 2009-10-21 13:40:34.000000000 +0200 @@ -45,6 +45,7 @@ #define DWM_N_resurrections 12 #define DWM_N_num_retries 13 #define DWM_N_verbose_level 14 +#define DWM_N_deliver_all 15 /* Various character classes used by the Mararc parser's finite state * machine */ diff -u ../../deadwood-2.3.04/src/DwSocket.c ./DwSocket.c --- ../../deadwood-2.3.04/src/DwSocket.c 2009-04-21 17:17:28.000000000 +0200 +++ ./DwSocket.c 2009-10-21 14:11:28.000000000 +0200 @@ -58,6 +58,7 @@ int32_t maradns_uid = 99; int32_t maradns_gid = 99; int num_retries = 1; +int deliver_all = 0; #ifdef MINGW u_long dont_block = 0; @@ -359,6 +360,7 @@ maradns_gid = get_key_n(DWM_N_maradns_gid,10,65535,99); resurrections = get_key_n(DWM_N_resurrections,0,1,1); num_retries = get_key_n(DWM_N_num_retries,0,8,1); + deliver_all = get_key_n(DWM_N_deliver_all,0,1,1); if((num_ports & (num_ports - 1)) != 0) { dw_fatal("num_ports must be a power of 2"); diff -u ../../deadwood-2.3.04/src/DwUdpSocket.c ./DwUdpSocket.c --- ../../deadwood-2.3.04/src/DwUdpSocket.c 2009-04-21 17:27:21.000000000 +0200 +++ ./DwUdpSocket.c 2009-10-21 14:01:29.000000000 +0200 @@ -49,6 +49,7 @@ extern int min_bind; extern int num_ports; extern int num_retries; +extern int deliver_all; #ifdef MINGW /* Needed for the Windows way of making a socket non-blocking */ @@ -600,7 +601,7 @@ if((a[2] & 0x02) == 0x00) { /* If not truncated */ fflush(stdout); #ifndef NOCACHE - if(cache_dns_reply(a,count) == -1) { + if((cache_dns_reply(a,count) == -1) && (deliver_all == 0)) { return; /* Bad reply */ } #endif /* NOCACHE */ From strenholme.usenet at gmail.com Wed Oct 21 09:52:01 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 21 Oct 2009 08:52:01 -0500 Subject: Delivery of non-cached replies In-Reply-To: <4ADEFC42.2050802@cern.ch> References: <4ADEFC42.2050802@cern.ch> Message-ID: <7bd685720910210652w771e35f3n126454842a114f21@mail.gmail.com> > I currently try to include Deadwood as caching DNS server in the CernVM > appliance. ?So Deadwood will in certain setups talk to the DNS servers > of a virtual machine monitor's NAT layer. First of all, I'm very happy to see my software being used by significant organizations such as the one that invented the world wide web (and, on the side, does some really cool physics that would impress even Sheldon from the American sitcom /The Big Bang Theory/). :) > I had a particular problem with VMware Fusion and negative replies. What happens exactly when you have the problem? I need to know what kind of issue your patch fixes so I can properly document it. I know that VMware messes around with DNS packets. In particular, I have been unable to use my virtual machine running VMware player to make DNS packets visible to the host (this is one reason Deadwood has full Windows support). Also, DNS packets received by the VMware player guess have their TTLs changed to always be five seconds. Deadwood does cache negative replies. An empty packet is a packet without any answers (in particular, a DNS packet without any data in the AN, NS, nor AR section of the reply). A DNS negative reply is one with an answer in the NS section of the reply. The thinking behind not sending packets without AN/NS/AR replies is that they might confuse stub resolvers; in my case these packets would cause my browser to have "we can not reach this website" error messages. > Deadwood is not able to cache such answers with the error "Empty packet" > and then drops the reply. ?I uploaded a small tcpdump file where I > queried for an non-existing domain: > https://jblomer.web.cern.ch/jblomer/dns-nxdomain.dump. I just looked at this file. It's a strange binary file (and isn't a raw DNS packet; I know what those look like) which I will need to install a special program to look at. Do you have handy tools that convert this to ASCII, so that you can post it to the list and we can look at it and discuss it on the list? > While I didn't look into the particular problem, as a workaround it > would be helpful to deliver a DNS response, even if it could not be > added to the cache. ?Since this way all sorts of crap is possibly > delivered, perhaps this behaviour can be added optionally (see patch below). I really appreciate this kind of bug report and contribution being made to MaraDNS' codebase. The reason why I check for "blank" replies is because I was having some real-world problems last summer where invalid DNS replies were being cached, making websites inaccessible until the bad entries were removed from the cache. Does this patch fix the problem for you? If you confirm that it does, I will document the new feature (RTFM isn't very helpful if the documentation is incomplete), apply your patch to the stable (2.3) branch of Deadwood, forward-port it to the development (2.4) branch of Deadwood, and should have time this afternoon to release new snapshots of the program. One note about the patch: When a new DwMararc variable is added, it's my coding style to have its inital value set in the function dwm_init_mararc() in the file DwMararc.c; this way we guarantee the parameter always has a default value. In addition, my documentation style is to always have the default value pointed out in the documentation. I haven't documented this particular bit of Deadwood coding style, but I really should do this. - Sam Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. From strenholme.usenet at gmail.com Wed Oct 21 12:27:59 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 21 Oct 2009 11:27:59 -0500 Subject: Delivery of non-cached replies In-Reply-To: <4ADEFC42.2050802@cern.ch> References: <4ADEFC42.2050802@cern.ch> Message-ID: <7bd685720910210927y32ca0938lafd48f5032562eb6@mail.gmail.com> > I had a particular problem with VMware Fusion and negative replies. OK, I've thought about this more. This issue isn't a bug with Deadwood where we need to hack the source to fix things. Deadwood caches negative replies just fine. The issue is that Deadwood will, by default, send "SERVER FAIL" DNS packets when it's unable to contact an upstream DNS server. Since upstream DNS servers sometimes temporarily (on the order of one or two minutes) don't reply to Deadwood requests, we need to tell Deadwood to generate these SERVER FAIL replies. To fix this, add the following line to your dwood2rc file: handle_noreply = 0 Another solution is to try increasing the timeout, or the number of times Deadwood tries contacting an upstream DNS server before giving up. For example: timeout_seconds = 5 num_retries = 3 I think, at this point, you're barking up the wrong tree. DNS negative replies do have a SOA record in the NS section of the answer, and Deadwood correctly caches and passes on these kinds of replies. Then again, the issue could be something else. Again, please let us know exactly what the problem you experience is, and whether your supplied patch resolves the issue. - Sam Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. I will discuss rates if you want this kind of support. Thank you for your understanding. The thinking behind this: People are less likely to be rude and demanding if their support request is made public. Also, I want MaraDNS use to be made public; it makes my resume look better. If you want to be treated like a customer, you must first become customer; telling people they don't get free support via email is akin to a restaurant owner telling people who hang out in the restaurant but don't order any food to leave. From jakob.blomer at cern.ch Wed Oct 21 13:39:18 2009 From: jakob.blomer at cern.ch (Jakob Blomer) Date: Wed, 21 Oct 2009 19:39:18 +0200 Subject: Delivery of non-cached replies In-Reply-To: <7bd685720910210652w771e35f3n126454842a114f21@mail.gmail.com> References: <4ADEFC42.2050802@cern.ch> <7bd685720910210652w771e35f3n126454842a114f21@mail.gmail.com> Message-ID: <4ADF4746.8080107@cern.ch> Hi, thanks for the fast reply. > First of all, I'm very happy to see my software being used by > significant organizations such as the one that invented the world wide > web (and, on the side, does some really cool physics that would > impress even Sheldon from the American sitcom /The Big Bang Theory/). > :) After all, Big Bang Theory is not too far from reality... > full Windows support). Also, DNS packets received by the VMware > player guess have their TTLs changed to always be five seconds. That's what I figured with Fusion on Mac, too, and I am still curious why it is tweaking TTLs. > I just looked at this file. It's a strange binary file (and isn't a > raw DNS packet; I know what those look like) which I will need to > install a special program to look at. Do you have handy tools that > convert this to ASCII, so that you can post it to the list and we can > look at it and discuss it on the list? I captured a couple of dig-requests with tcpdump. I captured only eth0, so the loopback traffic between dig and Deadwood is not shown. It is only the traffic between Deadwood and the upstream server. I use Wireshark to view those dump files. I also used it to created an ASCII version under http://jblomer.web.cern.ch/jblomer/dns-nxdomain.txt. > Does this patch fix the problem for you? If you confirm that it does, > I will document the new feature (RTFM isn't very helpful if the > documentation is incomplete), apply your patch to the stable (2.3) > branch of Deadwood, forward-port it to the development (2.4) branch of > Deadwood, and should have time this afternoon to release new snapshots > of the program. The patch fixes the problem for me. By "fix", I mean that I don't run into a timeout when having it enabled. The problem is that without the patch, Deadwood is apparently waiting some time and eventually answers with a SERVFAIL. To answer your second post, setting handle_noreply = 0 does not help, because then the application that tries to resolve the name runs into the timeout. I am not familiar enough with DNS to tell for sure, but I could imagine that the reply from the upstream DNS server is just broken enough not to be accepted by Deadwood. In principle, as you said, negative caching with other upstream DNS servers works fine. In fact, the last query-response of the tcp dump was with Cern DNS server as upstream without any problems. I attached another version of the path according to your coding style comments (but still without touching the documentation). The default value is not to change the current behaviour. Cheers, Jakob diff -u ../../deadwood-2.3.04/src/DwMararc.c ./DwMararc.c --- ../../deadwood-2.3.04/src/DwMararc.c 2009-05-21 23:02:20.000000000 +0200 +++ ./DwMararc.c 2009-10-21 19:27:28.000000000 +0200 @@ -28,7 +28,7 @@ /* Number of dictionary parameters in the mararc file */ #define KEY_D_COUNT 1 /* Number of numeric parameters in the mararc file */ -#define KEY_N_COUNT 15 +#define KEY_N_COUNT 16 dwm_fs fsm[DWM_MAX_STATES + 1]; /* Finite state machine */ dw_str *key_s[KEY_S_COUNT + 1]; /* All of the string dwood2rc parameters */ @@ -72,6 +72,7 @@ "num_retries", /* Number of times we try to connect to an upstream * server before giving up */ "verbose_level", /* How verbose our logging should be */ + "deliver_all", /* Deliver non-cachable replies */ 0 }; char *fsm_desc=dwm_machine; @@ -425,6 +426,7 @@ key_n[DWM_N_resurrections] = 1; key_n[DWM_N_num_retries] = 1; key_n[DWM_N_verbose_level] = 3; + key_n[DWM_N_deliver_all] = 0; } /* Look for a Mararc parameter; -1 if not found/error; 0-n if found diff -u ../../deadwood-2.3.04/src/DwMararc.h ./DwMararc.h --- ../../deadwood-2.3.04/src/DwMararc.h 2009-05-21 23:02:20.000000000 +0200 +++ ./DwMararc.h 2009-10-21 13:40:34.000000000 +0200 @@ -45,6 +45,7 @@ #define DWM_N_resurrections 12 #define DWM_N_num_retries 13 #define DWM_N_verbose_level 14 +#define DWM_N_deliver_all 15 /* Various character classes used by the Mararc parser's finite state * machine */ diff -u ../../deadwood-2.3.04/src/DwSocket.c ./DwSocket.c --- ../../deadwood-2.3.04/src/DwSocket.c 2009-04-21 17:17:28.000000000 +0200 +++ ./DwSocket.c 2009-10-21 14:11:28.000000000 +0200 @@ -58,6 +58,7 @@ int32_t maradns_uid = 99; int32_t maradns_gid = 99; int num_retries = 1; +int deliver_all = 0; #ifdef MINGW u_long dont_block = 0; @@ -359,6 +360,7 @@ maradns_gid = get_key_n(DWM_N_maradns_gid,10,65535,99); resurrections = get_key_n(DWM_N_resurrections,0,1,1); num_retries = get_key_n(DWM_N_num_retries,0,8,1); + deliver_all = get_key_n(DWM_N_deliver_all,0,1,1); if((num_ports & (num_ports - 1)) != 0) { dw_fatal("num_ports must be a power of 2"); diff -u ../../deadwood-2.3.04/src/DwUdpSocket.c ./DwUdpSocket.c --- ../../deadwood-2.3.04/src/DwUdpSocket.c 2009-04-21 17:27:21.000000000 +0200 +++ ./DwUdpSocket.c 2009-10-21 14:01:29.000000000 +0200 @@ -49,6 +49,7 @@ extern int min_bind; extern int num_ports; extern int num_retries; +extern int deliver_all; #ifdef MINGW /* Needed for the Windows way of making a socket non-blocking */ @@ -600,7 +601,7 @@ if((a[2] & 0x02) == 0x00) { /* If not truncated */ fflush(stdout); #ifndef NOCACHE - if(cache_dns_reply(a,count) == -1) { + if((cache_dns_reply(a,count) == -1) && (deliver_all == 0)) { return; /* Bad reply */ } #endif /* NOCACHE */ From strenholme.usenet at gmail.com Wed Oct 21 15:08:49 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 21 Oct 2009 14:08:49 -0500 Subject: Delivery of non-cached replies In-Reply-To: <4ADF4746.8080107@cern.ch> References: <4ADEFC42.2050802@cern.ch> <7bd685720910210652w771e35f3n126454842a114f21@mail.gmail.com> <4ADF4746.8080107@cern.ch> Message-ID: <7bd685720910211208redd7e56yb1652ec0e8f80538@mail.gmail.com> > I also used it to created an ASCII > version under http://jblomer.web.cern.ch/jblomer/dns-nxdomain.txt. Which has this in the information: Domain Name System (response) [Request In: 1] [Time: 0.026233000 seconds] Transaction ID: 0xb02c Flags: 0x8403 (Standard query response, No such name) 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .1.. .... .... = Authoritative: Server is an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...0 .... .... = Recursion desired: Don't do query recursively .... .... 0... .... = Recursion available: Server can't do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... .... 0011 = Reply code: No such name (3) Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 This is an unusual packet; usually, there's a SOA packet in the "Authority" (NS) section of the reply. > The patch fixes the problem for me. Excellent. I have applied the patch, and have a new snapshot of the stable version of Deadwood available here: > I am not familiar enough with DNS to tell for sure, but I could imagine > that the reply from the upstream DNS server is just broken enough not to > be accepted by Deadwood. Exactly. Negative answers should have a SOA in the NS part of the reply. A negative response without a NS in the reply is actually something I haven't seen before; the code has been updated to handle these better (thanks for the patch!). > I attached another version of the path according to your coding style > comments (but still without touching the documentation). ?The default > value is not to change the current behaviour. The current snapshot has the behavior enabled by default. I have also documented the parameter. To look at this code, go here: http://www.maradns.org/deadwood/snap/ And download the .tar.bz2 file with today's snapshot (20091021). As an aside, would it be OK for me to put on my resume that CERN uses MaraDNS? Next: Forward-port the patch to the "head" (2.4) branch of Deadwood. - Sam From jakob.blomer at cern.ch Wed Oct 21 17:35:34 2009 From: jakob.blomer at cern.ch (Jakob Blomer) Date: Wed, 21 Oct 2009 23:35:34 +0200 Subject: Delivery of non-cached replies In-Reply-To: <7bd685720910211208redd7e56yb1652ec0e8f80538@mail.gmail.com> References: <4ADEFC42.2050802@cern.ch> <7bd685720910210652w771e35f3n126454842a114f21@mail.gmail.com> <4ADF4746.8080107@cern.ch> <7bd685720910211208redd7e56yb1652ec0e8f80538@mail.gmail.com> Message-ID: <4ADF7EA6.3050203@cern.ch> Thanks a lot for the help! Regarding my usage plans with MaraDNS/Deadwood: We develop the CernVM as an appliance to simplify software delivery and development of the experiment analysis software (http://cernvm.cern.ch). My intention with the caching DNS is to make name resolution fast and reliable inside the virtual machine and, for computing sites having a number of CernVMs running, reduce load for the central DNS servers. I'm currently packaging everything up and I will upload it then as Conary package to rBuilder (CernVM is based on rPath Linux that comes with Conary packet manager). We regulary release development versions of CernVM to test if all the changes work for the users. Based on that, every 6 months or so we do then a stable release. I'll let you know as soon as Deadwood is available package in CernVM. Cheers, Jakob From wayne.kroncke at tiscali.co.uk Mon Oct 26 05:40:10 2009 From: wayne.kroncke at tiscali.co.uk (wayne at tiscali) Date: Mon, 26 Oct 2009 09:40:10 +0000 Subject: flushing dns cache Message-ID: <4AE56E7A.70305@tiscali.co.uk> have tried the release deadwood, seems to be working nicely, so i'm trying the latest snap build. my question is; how does one flush the dns cache? -- */Best Regards,/* Wayne Kroncke From juergen.daubert at t-online.de Mon Oct 26 06:23:35 2009 From: juergen.daubert at t-online.de (Juergen Daubert) Date: Mon, 26 Oct 2009 11:23:35 +0100 Subject: flushing dns cache In-Reply-To: <4AE56E7A.70305@tiscali.co.uk> References: <4AE56E7A.70305@tiscali.co.uk> Message-ID: <20091026102236.GB12124@jue.netz> On Mon, Oct 26, 2009 at 09:40:10AM +0000, wayne at tiscali wrote: > have tried the release deadwood, seems to be working nicely, so i'm > trying the latest snap build. > > my question is; how does one flush the dns cache? with signal USR1, see DwSys.c line 221. Something like: kill -s USR1 $(pidof DwMain) regards Juergen -- Juergen Daubert | mailto:jue at jue.li Korb, Germany | http://jue.li/crux From wayne.kroncke at tiscali.co.uk Mon Oct 26 06:45:28 2009 From: wayne.kroncke at tiscali.co.uk (wayne at tiscali) Date: Mon, 26 Oct 2009 10:45:28 +0000 Subject: flushing dns cache In-Reply-To: <20091026102236.GB12124@jue.netz> References: <4AE56E7A.70305@tiscali.co.uk> <20091026102236.GB12124@jue.netz> Message-ID: <4AE57DC8.7000800@tiscali.co.uk> thanks, i was looking for a command line argument for deadwood's executeable if there was one, as i'm not programming/compiling myself... am using windows (7 x86 at the moment) as my OS. i've tried the following batch file, seems to work: @echo off net stop deadwood net stop deadwoodtcp sleep 5 del "c:\program files\deadwood\dw_cache_bin" net start deadwood net start deadwoodtcp sleep 5 exit the sleep.exe (from the server 2003 resource kit) command delays the batch file long enough for me to see what it is doing ;) i've set up a similar start.bat and a stop.bat as well as a restart.bat to handle some of the functions... i have of course turned off win's dns client service so the more standard "ipconfig /flushdns" does not work ;) */Best Regards,/* Wayne Kroncke On 26/10/2009 10:23, Juergen Daubert wrote: > On Mon, Oct 26, 2009 at 09:40:10AM +0000, wayne at tiscali wrote: > >> have tried the release deadwood, seems to be working nicely, so i'm >> trying the latest snap build. >> >> my question is; how does one flush the dns cache? >> > with signal USR1, see DwSys.c line 221. Something like: > > kill -s USR1 $(pidof DwMain) > > > regards > Juergen > > From strenholme.usenet at gmail.com Mon Oct 26 12:01:54 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 26 Oct 2009 10:01:54 -0600 Subject: flushing dns cache In-Reply-To: <4AE56E7A.70305@tiscali.co.uk> References: <4AE56E7A.70305@tiscali.co.uk> Message-ID: <7bd685720910260901r2e90fb16p80c9c1e1cafa334@mail.gmail.com> > my question is; how does one flush the dns cache? OK, I should make a FAQ about this. If by "flush the cache" you mean "write the contents of the cache to disk", the way to do it is as follows: In Windows, with both the 2.3 and 2.4 branches of Deadwood: net stop Deadwood net start Deadwood In CentOS 5, using Duende to start Deadwood 2.3 [1]: kill -HUP $( ps auxw | grep DwMain | grep -v grep | awk '{print $2}' ) In CentOS 5, starting Deadwood 2.3 another way: kill -USR1 $( ps auxw | grep DwMain | grep -v grep | awk '{print $2}' ) In CentOS 5, using Duende to start Deadwood 2.4: kill -HUP $( ps auxw | grep Deadwood | grep -v grep | awk '{print $2}' ) In CentOS 5, starting Deadwood 2.4 another way: kill -USR1 $( ps auxw | grep Deadwood | grep -v grep | awk '{print $2}' ) If you wish to remove the cache altogether, you will need to erase the cache file before restarting Deadwood. This is done in Windows by entering the directory where Deadwood is installed and doing the following: net stop Deadwood del dw_cache_bin net start Deadwood (This assumes the location of the cache file has not been altered; make sure cache_file points to this file, which it should if you haven't changed in the dwood2rc.txt file) To erase the cache in CentOS 5, stop the Deadwood (DwMain in Deadwood 2.3) process, remove the file /etc/deadwood/dw_cache (this may be in a different location or have a different filename, depending on how chroot_dir and cache_file are set), and restart Deadwood. - Sam [1] Yes, I know about killall, and no, I don't use it because killall reboots the system in Solaris. Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. From wayne.kroncke at tiscali.co.uk Mon Oct 26 12:31:53 2009 From: wayne.kroncke at tiscali.co.uk (wayne at tiscali) Date: Mon, 26 Oct 2009 16:31:53 +0000 Subject: flushing dns cache In-Reply-To: <7bd685720910260901r2e90fb16p80c9c1e1cafa334@mail.gmail.com> References: <4AE56E7A.70305@tiscali.co.uk> <7bd685720910260901r2e90fb16p80c9c1e1cafa334@mail.gmail.com> Message-ID: <4AE5CEF9.3080700@tiscali.co.uk> thanks, sam. it confirms my batch file supposition. what i meant by 'flush' was the same as in flushing a porcelain throne, ie. empty it and start fresh with a clean one. or as in the windows command 'ipconfig /flushdns'. of course the older OS 'flush' command meant to write the hard disk buffers to disk so you would not lose any info when you shut down. windows doesn't need that one anymore :) windows vista and win7 seem to have a slight problem with it's cache that a quick cleanout (or flushing) sometimes cures. i gather it's from negative responses persisting in the cache too long. i suspect deadwood does not suffer from this. i was trying out some config parameters and had used a large number for maximum_cache_elements, then cut back to a more reasonable number. i did not see the file size go down, so wanted to flush it and start over with a zero file size. i guess the next time would have done it without my meddling. anyhow, i noted that when i deleted the cache file after stopping the service, the file was not re-created until it stopped the next time, i gather that is when it writes the cache to disk from it's memory, reading it in again at the next start. indeed the file was not created on the initial install and start-up, but appeared subsequently. */Best Regards,/* Wayne Kroncke On 26/10/2009 16:01, Sam Trenholme wrote: >> my question is; how does one flush the dns cache? >> > OK, I should make a FAQ about this. > > If by "flush the cache" you mean "write the contents of the cache to > disk", the way to do it is as follows: > From strenholme.usenet at gmail.com Mon Oct 26 13:34:23 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Mon, 26 Oct 2009 11:34:23 -0600 Subject: flushing dns cache In-Reply-To: <4AE5CEF9.3080700@tiscali.co.uk> References: <4AE56E7A.70305@tiscali.co.uk> <7bd685720910260901r2e90fb16p80c9c1e1cafa334@mail.gmail.com> <4AE5CEF9.3080700@tiscali.co.uk> Message-ID: <7bd685720910261034uaa3f4dbhceb362be1f9a09a1@mail.gmail.com> > the older OS 'flush' command meant to write the hard disk buffers to disk so you > would not lose any info when you shut down. windows doesn't need that one anymore :) Not to make this an OS advocacy discussion, but I like Windows XP and CentOS 5 and don't like Ubuntu (too unstable). Too bad my touchpad is not compatible with CentOS 5 and my Wireless card has problems in CentOS 5. > anyhow, i noted that when i deleted the cache file after stopping the > service, the file was not re-created until it stopped the next time, i > gather that is when it writes the cache to disk from it's memory, reading it > in again at the next start. indeed the file was not created on the initial > install and start-up, but appeared subsequently. Exactly. Deadwood reads the cache file at startup and writes the cache file at shutdown (or with the USR1 signal in CentOS 5). Keeps things simple that way. From wayne.kroncke at tiscali.co.uk Mon Oct 26 14:08:00 2009 From: wayne.kroncke at tiscali.co.uk (wayne at tiscali) Date: Mon, 26 Oct 2009 18:08:00 +0000 Subject: flushing dns cache In-Reply-To: <7bd685720910261034uaa3f4dbhceb362be1f9a09a1@mail.gmail.com> References: <4AE56E7A.70305@tiscali.co.uk> <7bd685720910260901r2e90fb16p80c9c1e1cafa334@mail.gmail.com> <4AE5CEF9.3080700@tiscali.co.uk> <7bd685720910261034uaa3f4dbhceb362be1f9a09a1@mail.gmail.com> Message-ID: <4AE5E580.60401@tiscali.co.uk> yes, topic veer in progress: ======================= xp is good, they will have a hard time converting businesses to win7 & it's server flavour, but they have a good shot at it. beats vista hands down. XP has the advantage in that it works and does what businesses want. mostly. been reluctant to try linux flavours. i started my UK career in at&t/sco unix and zenix back in the late 80's, and had some exposure to x-windows, but microsoft cornered the market so i got out of the habit. last place i worked was a hosting centre where most of the servers were microsoft and a few linux, but the supervisory security and access was handled thru sun unix systems. i had full admin security rights over the active directory domains, but only limited admin in the sun domains, the sysops guarded rights there and to get them improved so we could set up servers and backups and run the supervisory systems at night shift when they were not around was like pulling teeth. anyhow. i may investigate centos, especially if it does x64, i'm experimenting on a dual core pc... edited: i see they do an x86_x64 version in 5.4, will d/l their live cd & have a look... we now return you to your regularly scheduled program: =============== end of topic veer zone */Best Regards,/* Wayne Kroncke On 26/10/2009 17:34, Sam Trenholme wrote: >> the older OS 'flush' command meant to write the hard disk buffers to disk so you >> would not lose any info when you shut down. windows doesn't need that one anymore :) >> > Not to make this an OS advocacy discussion, but I like Windows XP and > CentOS 5 and don't like Ubuntu (too unstable). Too bad my touchpad is > not compatible with CentOS 5 and my Wireless card has problems in > CentOS 5. > > >> anyhow, i noted that when i deleted the cache file after stopping the >> service, the file was not re-created until it stopped the next time, i >> gather that is when it writes the cache to disk from it's memory, reading it >> in again at the next start. indeed the file was not created on the initial >> install and start-up, but appeared subsequently. >> > Exactly. Deadwood reads the cache file at startup and writes the > cache file at shutdown (or with the USR1 signal in CentOS 5). Keeps > things simple that way. > From jan.hrdonka at t-mobile.cz Tue Oct 27 07:03:57 2009 From: jan.hrdonka at t-mobile.cz (Hrdonka Jan) Date: Tue, 27 Oct 2009 12:03:57 +0100 Subject: MaraDNS & pfizer.com Message-ID: Hello, would you please advice? I have an urgent problem with one domain (pfizer.com) I'm not able to solve. The DNS answer is sometimes OK, sometimes wrong, e.g. like this: root at ns1:/home/hrdonkaj# host -v www.pfizer.com. ns1 Server: ns1.t-mobile.cz Address: 62.141.0.1 Aliases: ns1 Query about www.pfizer.com. for record types A Trying www.pfizer.com ... Query done, 1 answer, status: no error The following answer is not authoritative: www.pfizer.com 1751 IN A 148.168.100.31 root at ns1:/home/hrdonkaj# host -v www.pfizer.com. ns2 Server: ns2.t-mobile.cz Address: 62.141.0.2 Query about www.pfizer.com. for record types A Trying www.pfizer.com ... Query failed, 0 answers, authoritative status: no error Authority information: www.pfizer.com 60 IN SOA . m.m.m ( 1 ;serial (version) 60 ;refresh period (1 minute) 60 ;retry interval (1 minute) 60 ;expire time (1 minute) 60 ;default ttl (1 minute) ) www.pfizer.com has no A record at ns2.t-mobile.cz (Authoritative answer) root at ns1:/home/hrdonkaj# I though server restart should solve it but it didn't, there's something wrong. I've discovered that ns3.pfizer.com nameserver doesn't respond and ns4.pfizer.com is stealth nameserver but I guess none of those should cause problems above. Anything related to negative cache? I really don't know. Any help or idea will be appreciated. Regards, H. -- Jan Hrdonka From strenholme.usenet at gmail.com Tue Oct 27 10:33:38 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 27 Oct 2009 08:33:38 -0600 Subject: MaraDNS & pfizer.com In-Reply-To: References: Message-ID: <7bd685720910270733v61092270o1804ce17a6d57098@mail.gmail.com> > would you please advice? I have an urgent problem with one domain (pfizer.com) > I'm not able to solve. The DNS answer is sometimes OK, sometimes wrong, e.g. like this: Is the problem urgent enough that you're willing to pay me to fix it more quickly? Or, for that matter, are you willing to supply a patch to fix the problem? As a general rule, this is my policy for "MaraDNS won't resolve this particular domain" bugs: http://woodlane.webconquest.com/pipermail/list/2009-August/000402.html Note that I no longer plan to release MaraDNS 2.0 (Deadwood 3.0) before the end of the year. If the problem is urgent enough you can't wait until I get around to finishing up Deadwood 3.0, let's talk money. If you want to be treated like a customer, you must first become a customer, and that means money changing hands. - Sam From strenholme.usenet at gmail.com Tue Oct 27 10:37:15 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 27 Oct 2009 08:37:15 -0600 Subject: MaraDNS & pfizer.com In-Reply-To: References: Message-ID: <7bd685720910270737m322daa67q33d82b8a5e7133f@mail.gmail.com> I forgot to add my standard disclaimer: Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. In other words: Reply to the list; don't send me private email. From strenholme.usenet at gmail.com Tue Oct 27 11:43:42 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 27 Oct 2009 09:43:42 -0600 Subject: MaraDNS & pfizer.com In-Reply-To: References: Message-ID: <7bd685720910270843n1fb9a162m8730445f0037880d@mail.gmail.com> > I have an urgent problem with one domain (pfizer.com) One final point: pfizer.com has an Alexa rating of 42,035: http://www.alexa.com/siteinfo/pfizer.com I only will fix without payment recursive resolutions of names in the Alexa top 500 with MaraDNS 1.x: http://maradns.blogspot.com/2009/05/alexa-top-500-list.html - Sam Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. From strenholme.usenet at gmail.com Tue Oct 27 14:29:10 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Tue, 27 Oct 2009 12:29:10 -0600 Subject: flushing dns cache In-Reply-To: <4AE5E580.60401@tiscali.co.uk> References: <4AE56E7A.70305@tiscali.co.uk> <7bd685720910260901r2e90fb16p80c9c1e1cafa334@mail.gmail.com> <4AE5CEF9.3080700@tiscali.co.uk> <7bd685720910261034uaa3f4dbhceb362be1f9a09a1@mail.gmail.com> <4AE5E580.60401@tiscali.co.uk> Message-ID: <7bd685720910271129l30b8ab29h365d98cdfd96074b@mail.gmail.com> > been reluctant to try linux flavours. To minimize your commitment, you can try Linux in a VMware virtual machine or in a "Virtual Box" from Sun microsystems. Both are free (beer) downloads: http://www.vmware.com/products/player/ http://www.virtualbox.org/wiki/Downloads > but only limited admin in the sun domains Sun's arrogance is what killed them. They thought the dot-com party would never end; when it did and people quickly looked at Linux or *BSD for more inexpensive solutions, Sun did not catch up (I think they were the last *NIX vendor to embrace Linux) and never recovered. Now they've been bought by Oracle and very little is left of them. In terms of MaraDNS support for Solaris, there was a recent thread about compiling MaraDNS on Solaris: http://woodlane.webconquest.com/pipermail/list/2009-June/000323.html I am perfectly willing to integrate whatever patches users contribute to make MaraDNS compile on Solaris, *BSD, QNX, whatever. But, I won't fix MaraDNS on any of these platforms myself unless money exchanges hands. Support for these platforms is on a "pay up or submit your patch" basis. My favorite version of Linux is actually RedHat Linux 4.2 (their 1997 release). This was a very solid, stable server and client OS. RedHat releases postdating RedHat Linux had a lot of stability issues that didn't settle down until 2000 and their release of RedHat 6.2; thankfully RedHat backported critical security patches for years until newer versions were stable enough for people to transition to. It was the first version of Linux where the distribution maker fully supported the product, allowing people to easily make security fixes without needed to upgrade the entire OS. I actually have somewhere in storage CD-ROMs of RH 4.2 along with all of the powertools compiled for this version of Linux; it can also be looked at here: http://en.wikipedia.org/wiki/Red_Hat_Linux CentOS 5 (or Scientific Linux 5 if you don't like the organizational issues CentOS has had) is the latest version of a rock-solid stable Linux release from RedHat that can be freely downloaded and used. Anyway, enough of the topic drift. I'm working on learning C++ so my skills are relevant when the job market thaws again. From bdantzig at medline.com Wed Oct 28 11:23:47 2009 From: bdantzig at medline.com (Dantzig, Brian) Date: Wed, 28 Oct 2009 10:23:47 -0500 Subject: AAAA requests are case sensative causing nxdoamin Message-ID: <1F26704905C4804AAF98B0AE6BE0295101E87E56@MUNEXBE1.medline.com> I am running MaraDNS 1.2.12.08 as an authoratative name server and have had problems with some customers sending me e-mail. I have done packet captures that show the customer doing a AAAA request for MEDLINE.COM which is answered with RCODE 03 (NXDOMAIN). I do not have IPv4 addresses and the remote system also does a query for an MX record but the AAAA query comes first. The remote mail system fails once it gets the NXDOMAIN response. I have a zone file for my domain "medline.com" which has an A record like % A 205.233.244.135 When I test with: dig @ns1.medline.net medline.com AAAA I get the expected NOERROR with no resource returned. When I use all caps: dig @ns1.medline.net MEDLINE.COM AAAA I get NXDOMAIN I have tested with maradns 1.3.07.09 and it has not exibited this behavior. I have sent this mail to the list for two reasons. 1. To bring this to the attention of others who may run across this. 2. To see if anyone has a suggested workaround. I am planning on upgrading to v1.3.07.09 in the next couple of months so I think I can live with this for now. PS I want to thank Sam for all of the work he has done to create and maintain this fine software. It is unfortunate that many people have to deal with organizations where it is easier to spend thousands of dollars for software and pay hundreds or thousands per year for lousy support than to cut a check to the developer to get something fixed or added. Nobody said the world makes sense. Sam, I hope your customers/employeers can see that you don't just have the right tools and skills, you have the Right Stuff! From: Brian Dantzig Senior Network Engineer Medline Industries From KenL at GraphixWizard.com Wed Oct 28 12:01:48 2009 From: KenL at GraphixWizard.com (Ken Lyons - Graphix Wizard/Data-Forms) Date: Wed, 28 Oct 2009 12:01:48 -0400 Subject: AAAA requests are case sensative causing nxdoamin In-Reply-To: <2009-301-11-2-1256743455-019581@gwizfl.org> References: <2009-301-11-2-1256743455-019581@gwizfl.org> Message-ID: <2009-301-11-5-1256745347-011845@gwizfl.org> > When I test with: > dig @ns1.medline.net medline.com AAAA > I get the expected NOERROR with no resource returned. > > When I use all caps: > dig @ns1.medline.net MEDLINE.COM AAAA > I get NXDOMAIN > > Here are my results... both identical. Maybe it's just your local dig program? dig @ns1.medline.net medline.com AAAA ; <<>> DiG 9.5.1-P2 <<>> @ns1.medline.net medline.com AAAA ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37516 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;medline.com. IN AAAA ;; AUTHORITY SECTION: medline.com. 1800 IN SOA ns1.medline.net. networkteam.medline.com. 2009102800 900 400 604800 800 ;; Query time: 188 msec ;; SERVER: 205.233.244.185#53(205.233.244.185) ;; WHEN: Wed Oct 28 11:52:58 2009 ;; MSG SIZE rcvd: 92 dig @ns1.medline.net MEDLINE.COM AAAA ; <<>> DiG 9.5.1-P2 <<>> @ns1.medline.net MEDLINE.COM AAAA ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32592 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;MEDLINE.COM. IN AAAA ;; AUTHORITY SECTION: medline.com. 1800 IN SOA ns1.medline.net. networkteam.medline.com. 2009102800 900 400 604800 800 ;; Query time: 92 msec ;; SERVER: 205.233.244.185#53(205.233.244.185) ;; WHEN: Wed Oct 28 11:53:03 2009 ;; MSG SIZE rcvd: 103 root at vpnc0909:/tmp# From bdantzig at medline.com Wed Oct 28 12:16:28 2009 From: bdantzig at medline.com (Dantzig, Brian) Date: Wed, 28 Oct 2009 11:16:28 -0500 Subject: AAAA requests are case sensative causing nxdoamin In-Reply-To: <4AE86AEC.9060604@GraphixWizard.com> References: <2009-301-11-2-1256743455-019581@gwizfl.org> <4AE86AEC.9060604@GraphixWizard.com> Message-ID: <1F26704905C4804AAF98B0AE6BE0295101E88166@MUNEXBE1.medline.com> The example you included has the problem. Look at the "Status:" on the HEADER line. They are not identical. The first has NOERROR the second has NXDOMAIN. -------- ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37516 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32592 -------- I also have packet captures of the external system doing lookups for their mail system. The results are the same. From: Brian Dantzig Senior Network Engineer Medline Industries Office: 847.837.2795 Mobile: 847.276.7169 bdantzig at medline.com -----Original Message----- From: list-bounces at maradns.org [mailto:list-bounces at maradns.org] On Behalf Of Ken Lyons - Graphix Wizard/Data-Forms Sent: Wednesday, October 28, 2009 11:02 AM To: list at maradns.org Subject: Re: AAAA requests are case sensative causing nxdoamin > When I test with: > dig @ns1.medline.net medline.com AAAA > I get the expected NOERROR with no resource returned. > > When I use all caps: > dig @ns1.medline.net MEDLINE.COM AAAA > I get NXDOMAIN > > Here are my results... both identical. Maybe it's just your local dig program? dig @ns1.medline.net medline.com AAAA ; <<>> DiG 9.5.1-P2 <<>> @ns1.medline.net medline.com AAAA ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37516 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;medline.com. IN AAAA ;; AUTHORITY SECTION: medline.com. 1800 IN SOA ns1.medline.net. networkteam.medline.com. 2009102800 900 400 604800 800 ;; Query time: 188 msec ;; SERVER: 205.233.244.185#53(205.233.244.185) ;; WHEN: Wed Oct 28 11:52:58 2009 ;; MSG SIZE rcvd: 92 dig @ns1.medline.net MEDLINE.COM AAAA ; <<>> DiG 9.5.1-P2 <<>> @ns1.medline.net MEDLINE.COM AAAA ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32592 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;MEDLINE.COM. IN AAAA ;; AUTHORITY SECTION: medline.com. 1800 IN SOA ns1.medline.net. networkteam.medline.com. 2009102800 900 400 604800 800 ;; Query time: 92 msec ;; SERVER: 205.233.244.185#53(205.233.244.185) ;; WHEN: Wed Oct 28 11:53:03 2009 ;; MSG SIZE rcvd: 103 root at vpnc0909:/tmp# From strenholme.usenet at gmail.com Wed Oct 28 14:11:15 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 28 Oct 2009 12:11:15 -0600 Subject: AAAA requests are case sensative causing nxdoamin In-Reply-To: <1F26704905C4804AAF98B0AE6BE0295101E88166@MUNEXBE1.medline.com> References: <2009-301-11-2-1256743455-019581@gwizfl.org> <4AE86AEC.9060604@GraphixWizard.com> <1F26704905C4804AAF98B0AE6BE0295101E88166@MUNEXBE1.medline.com> Message-ID: <7bd685720910281111q55d6880cq56d3e5e15cd70827@mail.gmail.com> [medline.com] > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37516 [MEDLINE.COM] > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32592 Brain, It's important to use the most recent version of MaraDNS. Neither MaraDNS 1.3.07.09 nor MaraDNS 1.3.14 have this problem. Which version of MaraDNS are you using? - Sam From strenholme.usenet at gmail.com Wed Oct 28 14:25:58 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 28 Oct 2009 12:25:58 -0600 Subject: AAAA requests are case sensative causing nxdoamin In-Reply-To: <7bd685720910281111q55d6880cq56d3e5e15cd70827@mail.gmail.com> References: <2009-301-11-2-1256743455-019581@gwizfl.org> <4AE86AEC.9060604@GraphixWizard.com> <1F26704905C4804AAF98B0AE6BE0295101E88166@MUNEXBE1.medline.com> <7bd685720910281111q55d6880cq56d3e5e15cd70827@mail.gmail.com> Message-ID: <7bd685720910281125o744971a1g318edf3fb897e2e3@mail.gmail.com> >?Neither MaraDNS 1.3.07.09 nor MaraDNS 1.3.14 have this problem. But MaraDNS 1.2.12.10 does have this problem. OK, this is a legacy release; I'm not going to patch this particular bug free of charge. Brain: Please upgrade to MaraDNS 1.3.07.09. If you have any issues upgrading MaraDNS, please share them with the list. I can also fix the issue for the 1.2 branch of MaraDNS for $100 (assuming I can share the fix with the world; if you want me to make changes to MaraDNS that are private, please hire me with a living wage) As an aside, I am looking for a job in the US: http://samiam.org/resume/ (I apologize for putting this on the list, but in this economy it's really tough to find a new job) I will add a FAQ entry telling people having issues with this particular bug to upgrade to 1.3. I will close this bug once I add the FAQ entry. - Sam Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. From bdantzig at medline.com Wed Oct 28 16:20:53 2009 From: bdantzig at medline.com (Dantzig, Brian) Date: Wed, 28 Oct 2009 15:20:53 -0500 Subject: AAAA requests are case sensative causing nxdoamin In-Reply-To: <7bd685720910281125o744971a1g318edf3fb897e2e3@mail.gmail.com> References: <2009-301-11-2-1256743455-019581@gwizfl.org><4AE86AEC.9060604@GraphixWizard.com><1F26704905C4804AAF98B0AE6BE0295101E88166@MUNEXBE1.medline.com><7bd685720910281111q55d6880cq56d3e5e15cd70827@mail.gmail.com> <7bd685720910281125o744971a1g318edf3fb897e2e3@mail.gmail.com> Message-ID: <1F26704905C4804AAF98B0AE6BE0295101E884DA@MUNEXBE1.medline.com> Thank you for updating the FAQ. I was already in the process of upgrading to 1.3.07.09 when I ran into this bug. From: Brian Dantzig Senior Network Engineer Medline Industries Office: 847.837.2795 Mobile: 847.276.7169 bdantzig at medline.com -----Original Message----- From: list-bounces at maradns.org [mailto:list-bounces at maradns.org] On Behalf Of Sam Trenholme Sent: Wednesday, October 28, 2009 1:26 PM To: list at maradns.org Subject: Re: AAAA requests are case sensative causing nxdoamin >?Neither MaraDNS 1.3.07.09 nor MaraDNS 1.3.14 have this problem. But MaraDNS 1.2.12.10 does have this problem. OK, this is a legacy release; I'm not going to patch this particular bug free of charge. Brain: Please upgrade to MaraDNS 1.3.07.09. If you have any issues upgrading MaraDNS, please share them with the list. I can also fix the issue for the 1.2 branch of MaraDNS for $100 (assuming I can share the fix with the world; if you want me to make changes to MaraDNS that are private, please hire me with a living wage) As an aside, I am looking for a job in the US: http://samiam.org/resume/ (I apologize for putting this on the list, but in this economy it's really tough to find a new job) I will add a FAQ entry telling people having issues with this particular bug to upgrade to 1.3. I will close this bug once I add the FAQ entry. - Sam Note: I do not answer MaraDNS support requests sent by private email without being compensated for my time. A MaraDNS support request is any and all discussion you may wish to have about MaraDNS in private email; if you want to email me to talk about MaraDNS then, yes, that is a support request. I will discuss rates if you want this kind of support. Thank you for your understanding. MaraDNS security vulnerability reports, however, will be dealt with without charge and kept confidential. If you don't know what Bugtraq is, then, no, your email is not a security report. From strenholme.usenet at gmail.com Wed Oct 28 17:06:24 2009 From: strenholme.usenet at gmail.com (Sam Trenholme) Date: Wed, 28 Oct 2009 15:06:24 -0600 Subject: AAAA requests are case sensative causing nxdoamin In-Reply-To: <1F26704905C4804AAF98B0AE6BE0295101E884DA@MUNEXBE1.medline.com> References: <2009-301-11-2-1256743455-019581@gwizfl.org> <4AE86AEC.9060604@GraphixWizard.com> <1F26704905C4804AAF98B0AE6BE0295101E88166@MUNEXBE1.medline.com> <7bd685720910281111q55d6880cq56d3e5e15cd70827@mail.gmail.com> <7bd685720910281125o744971a1g318edf3fb897e2e3@mail.gmail.com> <1F26704905C4804AAF98B0AE6BE0295101E884DA@MUNEXBE1.medline.com> Message-ID: <7bd685720910281406v35d9dff9j277c8b528ddfd910@mail.gmail.com> > Thank you for updating the FAQ. Yep: http://www.maradns.org/faq.html#nxdomain2 (Speaking of the faq, it looks like the issue in question 43 can be resolved by adding "recurse_delegation = 1" to one's mararc file.) > I was already in the process of upgrading to 1.3.07.09 when I ran into this bug. Let us know if you have any issues. There are a few very unusual cases that would cause problems (I went to a lot of work to minimize these issues), but usually all you have to do is just update the binary. I have documented all changes: http://www.maradns.org/tutorial/update.html#1.2.12 Thank you very much for using MaraDNS; it makes my resume look more impressive when notable places like Medline use MaraDNS. - Sam