[MaraDNS list] MaraDNS authoritative and recursive config issue
Domenico Rotondi
D.Rotondi at Computer.Org
Tue Aug 23 12:48:29 EDT 2011
Hi,
I'm trying to use MaraDNS-2-0-03 to solve the following problem:
on my intranet I want to manage the mapping of a few FQDN belonging to the
"example.org" domain to IP addresses on my intranet and, at the same time, assure
reolution for FQDN in other domains (including the intranet one).
My intranet has its how DNS servers, which also manages resolutions for Internet
domains.
I found an How-to blog (http://blog.mixu.net/2009/10/14/how-to-setup-a-lan-dns-
server-using-maradns-under-windows-7/) on how to set MaraDNS to act at the same
time as an authoritative DNS for example.org and as a recursive DNS server.
The instructions in that blog seems to refer to a previous version of MaraDNS;
anyway as a first attempt I followed that how-to and I performed the following
actions:
1) download the last Windows MaraDNS stable version
2) unzip the package into a suitable directory. So I got the MaraDNS-2-0-03 files and
the Deadwood subfolder
3) in the MaraDNS main folder I executed mkSecretTxt.exe so that I got the
secret.txt file
4) I edited the mararc file as follows:
#
# Bind MaraDNS to my laptop IP Address
#
# N.B.: this IP address has to be changed according to the IP address of the
machine on which MaraDNS is running
#
ipv4_bind_addresses = "127.0.0.1"
timestamp_type = 2
random_seed_file = "secret.txt"
#
# This section states where the data for the authoritative zone are held
#
csv2 = {}
csv2["example.org."] = "db.example.org.txt"
#
#
# This section instructs MaraDNS to redirect DNS queries for non-
authoritative zones to other DNS servers
#
# N.B.: the IP addresses in this section must be set according to the DNS
configuration of your local Net
#
upstream_servers = {}
upstream_servers["."] = "192.168.152.5, 192.168.152.8, 192.168.210.33"
The upstream_servers IP addresses are our intranet DNS servers through which we
also resolve Internet domains.
BTW: I'm using Windows 7 Enterprise Edition 64-bits
5) I open an Administrator Command window
6) execute run_maradns.bat
7) a new window opens and MaraDNS confirms it has loaded the example.org file
and it's ready to work.
>From another command window I start the askmara.exe program and submit requests
like:
* askmara Aexample.org.
obtaining the correct answer.
while if I submit the request:
* askmara Awww.google.com.
I get a "REFUSED" answer.
I've also tried to configure the Deadwood service (correctly installed and started as
Windows service) setting it in a way compatible with the MaraDNS service (e.g.
allocating it on my intranet IP address 192.168.152.67 while MaraDNS is allocated
on 127.0.0.1 so that they don't conmflict on the same UDP port), but with no useful
result.
This is my dwood3rc.txt config:
#
#
# This section instructs "Deadwood" to redirect DNS queries for non-
authoritative zones to other DNS servers
#
# N.B.: the IP addresses in this section must be set according to the DNS
configuration of your local Net
#
upstream_servers = {}
upstream_servers["."] = "192.168.152.5, 192.168.152.8, 192.168.210.33"
#
root_servers = {}
root_servers["example.org."] = "127.0.0.1"
#
# Bind "Deadwood" to my laptop TXT BA IP Address
#
# N.B.: this IP address has to be changed according to the IP address of the
machine on which "Deadwood" is installed
#
bind_address="192.168.152.67"
#
# The IPs allowed to connect and use the cache
# N.B.: this value must be updated as requested
recursive_acl = "192.168.152.0/24"
# The file containing a hard-to-guess secret
random_seed_file = "secret.txt"
# This is the file Deadwood uses to read the cache to and from disk
cache_file = "dw_cache_bin"
The 2 services starts and coexist, but I'm not able to resolve names in example.org
and other domains. Requests like:
* askmara Aexample.org. 192.168.152.67
provides the answer I'll get submitting the reques to a DNS server on Internet and not
the answer I was expecting.
I tried different configs (including removing the "upstream_servers" lines in mararc
file) for MaraDNS and Deadwood without any result.
Any suggestions?
Thanks in advance.
Regards
Domenico
More information about the list
mailing list