[MaraDNS list] Having trouble running maradns and deadwood on the same host

David Kowis dkowis at shlrm.org
Fri May 27 16:56:06 EDT 2011


I'm unable to run both the authoritative nameserver and the recursive
nameserver on the same box on separate interfaces.

Here's a paste of all the dig requests that I've tested with, then my
configuration follows. (vorador is a different host on my network)

Also, during my setup of this stuff, I found I had to specify the root
servers if I wanted to specify an authoritative server for a different
domain, which is different behaviour than I had before with maradns 1.4.
Not a show stopper, just was difficult to figure out.

Thanks in advance for your help.

=======================================================================
Ask the recursive DNS where google is... works
[root at vorador ~]# dig @10.10.220.235 www.google.com

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.235 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5020
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         47      IN      CNAME   www.l.google.com.
www.l.google.com.       47      IN      A       74.125.227.18
www.l.google.com.       47      IN      A       74.125.227.19
www.l.google.com.       47      IN      A       74.125.227.17
www.l.google.com.       47      IN      A       74.125.227.20
www.l.google.com.       47      IN      A       74.125.227.16

;; Query time: 0 msec
;; SERVER: 10.10.220.235#53(10.10.220.235)
;; WHEN: Fri May 27 15:44:52 2011
;; MSG SIZE  rcvd: 132


# ask recursive dns where my webserver is, should return a CNAME and
eventual ip of 10.10.220.205, instead it does nothing.
[root at vorador ~]# dig @10.10.220.235 www.shlrm.org

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.235 www.shlrm.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36173
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.shlrm.org.                 IN      A

;; AUTHORITY SECTION:
shlrm.org.              86400   IN      SOA     shlrm.org.
dkowis.shlrm.org. 169287225 7200 3600 604800 1800

;; Query time: 0 msec
;; SERVER: 10.10.220.235#53(10.10.220.235)
;; WHEN: Fri May 27 15:44:55 2011
;; MSG SIZE  rcvd: 74

# Ask the authoritative DNS server where www.shlrm.org is, works.
[root at vorador ~]# dig @10.10.220.232 www.shlrm.org

; <<>> DiG 9.7.3-RedHat-9.7.3-1.fc14 <<>> @10.10.220.232 www.shlrm.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44322
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.shlrm.org.                 IN      A

;; ANSWER SECTION:
www.shlrm.org.          86400   IN      CNAME   shlrm.org.
shlrm.org.              86400   IN      A       10.10.220.205

;; AUTHORITY SECTION:
shlrm.org.              86400   IN      NS      turel-a.shlrm.org.

;; ADDITIONAL SECTION:
turel-a.shlrm.org.      86400   IN      A       10.10.220.232

;; Query time: 2 msec
;; SERVER: 10.10.220.232#53(10.10.220.232)
;; WHEN: Fri May 27 15:52:49 2011
;; MSG SIZE  rcvd: 99



CONFIGURATIONS:
=======================================================================

I've got two interfaces on the host, configured with different IP
addresses, just to get that out of the way.

root at turel:/etc# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3E:3A:6E:C7
          inet addr:10.10.220.235  Bcast:10.10.220.255  Mask:255.255.255.0
          inet6 addr: 2001:1938:140:2:216:3eff:fe3a:6ec7/64 Scope:Global

eth1      Link encap:Ethernet  HWaddr 00:16:3E:DE:AD:00
          inet addr:10.10.220.232  Bcast:10.10.220.255  Mask:255.255.255.0
          inet6 addr: 2001:1938:140:2:216:3eff:fede:ad00/64 Scope:Global

I've deadwood configured to be a recursive nameserver, also to route
requests for my domain internally to the authoritative maradns.

the mararc is configured as follows:
=======================================================================
hide_disclaimer = "YES"
verbose_level = 10
csv2 = {}
csv2["shlrm.org."] = "db.shlrm.org"
ipv4_bind_addresses = "10.10.220.232"
chroot_dir = "/etc/maradns"
=======================================================================

dwood3rc is:
=======================================================================
ipv4_bind_addresses = "10.10.220.235"
chroot_dir = "/etc/maradns"
recursive_acl = "10.10.220.0/24"
verbose_level = 200
root_servers = {}
root_servers["shlrm.org."] = "10.10.220.232"
root_servers["220.10.10.in-addr.arpa."] = "10.10.220.232"
root_servers["."] = "198.41.0.4,"
root_servers["."] += "2001:503:BA3E::2:30,"
root_servers["."] += "192.228.79.201,"
root_servers["."] += "192.33.4.12,"
root_servers["."] += "128.8.10.90,"
root_servers["."] += "192.203.230.10,"
root_servers["."] += "192.5.5.241,"
root_servers["."] += "2001:500:2F::F,"
root_servers["."] += "192.112.36.4,"
root_servers["."] += "128.63.2.53,"
root_servers["."] += "2001:500:1::803F:235,"
root_servers["."] += "192.36.148.17,"
root_servers["."] += "2001:7FE::53,"
root_servers["."] += "192.58.128.30,"
root_servers["."] += "2001:503:C27::2:30,"
root_servers["."] += "193.0.14.129,"
root_servers["."] += "2001:7FD::1,"
root_servers["."] += "199.7.83.42,"
root_servers["."] += "2001:500:3::42,"
root_servers["."] += "202.12.27.33,"
root_servers["."] += "2001:DC3::35"
=======================================================================




More information about the list mailing list